Build [v1.9.1] (CORS Dynamic IP Resolution Fix)

This commit is contained in:
Daniel Bedeleanu
2026-04-13 20:52:29 +03:00
parent 65cc0c7b6d
commit 07b15c8e01
3 changed files with 36 additions and 9 deletions

View File

@@ -19,14 +19,38 @@ log.info("Database tables verified.")
app = FastAPI(title="TFM aInventory API", version="1.1.0")
log.info("TFM aInventory API process started.")
# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True is invalid per spec.
# Allowed origins are configured via ALLOWED_ORIGINS environment variable (comma-separated).
# Secure fallback: localhost only for development.
_raw_origins = os.environ.get(
"ALLOWED_ORIGINS",
"http://localhost:8907,https://localhost:8909"
)
# [SECURITY FIX M-01] CORS Configuration
# We dynamically build allowed origins from environment variables to simplify deployment.
_raw_origins = os.environ.get("ALLOWED_ORIGINS", "")
ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()]
# Automatically add origins based on network_config.env variables if present
server_ip = os.environ.get("SERVER_IP")
front_port = os.environ.get("FRONTEND_PORT", "8907")
front_ssl_port = os.environ.get("FRONTEND_SSL_PORT", "8909")
back_ssl_port = os.environ.get("BACKEND_SSL_PORT", "8908")
# Always allow localhost
defaults = [
f"http://localhost:{front_port}",
f"https://localhost:{front_ssl_port}",
f"https://localhost:{back_ssl_port}",
]
for d in defaults:
if d not in ALLOWED_ORIGINS:
ALLOWED_ORIGINS.append(d)
# Add IP-based origins if SERVER_IP is set
if server_ip and server_ip != "localhost":
ip_origins = [
f"http://{server_ip}:{front_port}",
f"https://{server_ip}:{front_ssl_port}",
f"https://{server_ip}:{back_ssl_port}",
]
for ip_o in ip_origins:
if ip_o not in ALLOWED_ORIGINS:
ALLOWED_ORIGINS.append(ip_o)
log.info(f"CORS allowed origins: {ALLOWED_ORIGINS}")
# Add CORS middleware FIRST (before rate limiter)

View File

@@ -16,7 +16,10 @@ services:
environment:
- DATA_DIR=/app/data
- LOGS_DIR=/app/logs
- ALLOWED_ORIGINS=http://localhost:${FRONTEND_PORT:-3001},https://localhost:${FRONTEND_SSL_PORT:-3003},http://${SERVER_IP:-localhost}:${FRONTEND_PORT:-3001},https://${SERVER_IP:-localhost}:${FRONTEND_SSL_PORT:-3003},https://localhost:${BACKEND_SSL_PORT:-3002},https://${SERVER_IP:-localhost}:${BACKEND_SSL_PORT:-3002}
- SERVER_IP=${SERVER_IP}
- FRONTEND_PORT=${FRONTEND_PORT}
- FRONTEND_SSL_PORT=${FRONTEND_SSL_PORT}
- BACKEND_SSL_PORT=${BACKEND_SSL_PORT}
# [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION!
- JWT_SECRET_KEY=${JWT_SECRET_KEY:-change_me_in_production}
restart: unless-stopped

View File

@@ -1 +1 @@
{"version": "1.9.0", "last_build": "2026-04-13-2040", "codename": "Stability", "commit": "f137ded5"}
{"version": "1.9.1", "last_build": "2026-04-13-2052", "codename": "NetworkFix", "commit": "65cc0c7b"}