Cors layer added

header, origin and method limitations

backend/src/main.rs

@@ -6,12 +6,20 @@ mod models;
 mod router;
 use std::sync::Arc;
 
-use axum::{Router, routing};
+use axum::{
+    Router,
+    http::{
+        HeaderValue, Method,
+        header::{ACCEPT, AUTHORIZATION, CONTENT_TYPE},
+    },
+    routing,
+};
 use dotenv::dotenv;
 use models::*;
 use router::create_router;
 use serde::{Deserialize, Serialize};
 use sqlx::{PgPool, postgres::PgPoolOptions};
+use tower_http::cors::CorsLayer;
 
 use crate::env::Env;
 
@@ -24,7 +32,7 @@ pub struct AppState {
 async fn main() {
     dotenv().ok();
     let env = Env::load();
-    let database_url = std::env::var("DATABASE_URL").expect("DATABASE_URL variable not set");
+    let database_url = &env.db_url;
     let pool = match PgPoolOptions::new().connect(&database_url).await {
         Ok(pool) => {
             println!("Database connection successful");
@@ -35,10 +43,19 @@ async fn main() {
             std::process::exit(1);
         }
     };
+
+    let cors = CorsLayer::new()
+        .allow_origin(env.origin.parse::<HeaderValue>().unwrap())
+        .allow_methods([Method::GET, Method::POST, Method::PATCH, Method::DELETE])
+        .allow_credentials(true)
+        .allow_headers([AUTHORIZATION, ACCEPT, CONTENT_TYPE]);
+
     let app = create_router(Arc::new(AppState {
         db: pool.clone(),
         env: env.clone(),
-    }));
+    }))
+    .layer(cors);
+
     let listener = tokio::net::TcpListener::bind("0.0.0.0:8001").await.unwrap();
     axum::serve(listener, app).await;
 }