Cors layer added

header, origin and method limitations
2026-04-25 14:32:22 +02:00
parent 834a0b7aa4
commit 6c1c13e088
4 changed files with 41 additions and 3 deletions
--- a/backend/Cargo.lock
+++ b/backend/Cargo.lock
@@ -150,6 +150,8 @@ dependencies = [
 "sqlx",
 "time",
 "tokio",
+ "tower",
+ "tower-http",
 ]

 [[package]]
@@ -2243,6 +2245,20 @@ dependencies = [
 "tracing",
 ]

+[[package]]
+name = "tower-http"
+version = "0.6.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8"
+dependencies = [
+ "bitflags",
+ "bytes",
+ "http",
+ "pin-project-lite",
+ "tower-layer",
+ "tower-service",
+]
+
 [[package]]
 name = "tower-layer"
 version = "0.3.3"
--- a/backend/Cargo.toml
+++ b/backend/Cargo.toml
@@ -15,3 +15,5 @@ chrono = { version = "0.4.44", features = ["serde"] }
 jsonwebtoken = { version = "10.3.0", features = ["rust_crypto"] }
 argon2 = "0.5.3"
 time = "0.3.47"
+tower = "0.5.3"
+tower-http = { version = "0.6.8", features = ["cors"] }
--- a/backend/src/env.rs
+++ b/backend/src/env.rs
@@ -2,15 +2,18 @@
 pub struct Env {
    pub db_url: String,
    pub token_secret: String,
+    pub origin: String
 }

 impl Env {
    pub fn load() -> Env {
        let db_url = std::env::var("DATABASE_URL").expect("DATABASE_URL must be set");
        let token_secret = std::env::var("TOKEN_SECRET").expect("TOKEN_SECRET must be set");
+        let origin = std::env::var("ORIGIN").expect("ORIGIN must be set")
        Env {
            db_url,
            token_secret,
+            origin
        }
    }
 }
--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@@ -6,12 +6,20 @@ mod models;
 mod router;
 use std::sync::Arc;

-use axum::{Router, routing};
+use axum::{
+    Router,
+    http::{
+        HeaderValue, Method,
+        header::{ACCEPT, AUTHORIZATION, CONTENT_TYPE},
+    },
+    routing,
+};
 use dotenv::dotenv;
 use models::*;
 use router::create_router;
 use serde::{Deserialize, Serialize};
 use sqlx::{PgPool, postgres::PgPoolOptions};
+use tower_http::cors::CorsLayer;

 use crate::env::Env;

@@ -24,7 +32,7 @@ pub struct AppState {
 async fn main() {
    dotenv().ok();
    let env = Env::load();
-    let database_url = std::env::var("DATABASE_URL").expect("DATABASE_URL variable not set");
+    let database_url = &env.db_url;
    let pool = match PgPoolOptions::new().connect(&database_url).await {
        Ok(pool) => {
            println!("Database connection successful");
@@ -35,10 +43,19 @@ async fn main() {
            std::process::exit(1);
        }
    };
+
+    let cors = CorsLayer::new()
+        .allow_origin(env.origin.parse::<HeaderValue>().unwrap())
+        .allow_methods([Method::GET, Method::POST, Method::PATCH, Method::DELETE])
+        .allow_credentials(true)
+        .allow_headers([AUTHORIZATION, ACCEPT, CONTENT_TYPE]);
+
    let app = create_router(Arc::new(AppState {
        db: pool.clone(),
        env: env.clone(),
-    }));
+    }))
+    .layer(cors);
+
    let listener = tokio::net::TcpListener::bind("0.0.0.0:8001").await.unwrap();
    axum::serve(listener, app).await;
 }