From 6c1c13e088b0408495f8556a4b582047ceb67a5e Mon Sep 17 00:00:00 2001 From: schn33fuchs Date: Sat, 25 Apr 2026 14:32:22 +0200 Subject: [PATCH] Cors layer added header, origin and method limitations --- backend/Cargo.lock | 16 ++++++++++++++++ backend/Cargo.toml | 2 ++ backend/src/env.rs | 3 +++ backend/src/main.rs | 23 ++++++++++++++++++++--- 4 files changed, 41 insertions(+), 3 deletions(-) diff --git a/backend/Cargo.lock b/backend/Cargo.lock index b072c40..fb2972d 100644 --- a/backend/Cargo.lock +++ b/backend/Cargo.lock @@ -150,6 +150,8 @@ dependencies = [ "sqlx", "time", "tokio", + "tower", + "tower-http", ] [[package]] @@ -2243,6 +2245,20 @@ dependencies = [ "tracing", ] +[[package]] +name = "tower-http" +version = "0.6.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" +dependencies = [ + "bitflags", + "bytes", + "http", + "pin-project-lite", + "tower-layer", + "tower-service", +] + [[package]] name = "tower-layer" version = "0.3.3" diff --git a/backend/Cargo.toml b/backend/Cargo.toml index 5a6341b..66b9de7 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -15,3 +15,5 @@ chrono = { version = "0.4.44", features = ["serde"] } jsonwebtoken = { version = "10.3.0", features = ["rust_crypto"] } argon2 = "0.5.3" time = "0.3.47" +tower = "0.5.3" +tower-http = { version = "0.6.8", features = ["cors"] } diff --git a/backend/src/env.rs b/backend/src/env.rs index 1de565e..ae52252 100644 --- a/backend/src/env.rs +++ b/backend/src/env.rs @@ -2,15 +2,18 @@ pub struct Env { pub db_url: String, pub token_secret: String, + pub origin: String } impl Env { pub fn load() -> Env { let db_url = std::env::var("DATABASE_URL").expect("DATABASE_URL must be set"); let token_secret = std::env::var("TOKEN_SECRET").expect("TOKEN_SECRET must be set"); + let origin = std::env::var("ORIGIN").expect("ORIGIN must be set") Env { db_url, token_secret, + origin } } } diff --git a/backend/src/main.rs b/backend/src/main.rs index abab5e1..4403abd 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -6,12 +6,20 @@ mod models; mod router; use std::sync::Arc; -use axum::{Router, routing}; +use axum::{ + Router, + http::{ + HeaderValue, Method, + header::{ACCEPT, AUTHORIZATION, CONTENT_TYPE}, + }, + routing, +}; use dotenv::dotenv; use models::*; use router::create_router; use serde::{Deserialize, Serialize}; use sqlx::{PgPool, postgres::PgPoolOptions}; +use tower_http::cors::CorsLayer; use crate::env::Env; @@ -24,7 +32,7 @@ pub struct AppState { async fn main() { dotenv().ok(); let env = Env::load(); - let database_url = std::env::var("DATABASE_URL").expect("DATABASE_URL variable not set"); + let database_url = &env.db_url; let pool = match PgPoolOptions::new().connect(&database_url).await { Ok(pool) => { println!("Database connection successful"); @@ -35,10 +43,19 @@ async fn main() { std::process::exit(1); } }; + + let cors = CorsLayer::new() + .allow_origin(env.origin.parse::().unwrap()) + .allow_methods([Method::GET, Method::POST, Method::PATCH, Method::DELETE]) + .allow_credentials(true) + .allow_headers([AUTHORIZATION, ACCEPT, CONTENT_TYPE]); + let app = create_router(Arc::new(AppState { db: pool.clone(), env: env.clone(), - })); + })) + .layer(cors); + let listener = tokio::net::TcpListener::bind("0.0.0.0:8001").await.unwrap(); axum::serve(listener, app).await; }