From 07b15c8e019c5f4a981247f940df3f99e9457f6d Mon Sep 17 00:00:00 2001 From: Daniel Bedeleanu Date: Mon, 13 Apr 2026 20:52:29 +0300 Subject: [PATCH] Build [v1.9.1] (CORS Dynamic IP Resolution Fix) --- backend/main.py | 38 +++++++++++++++++++++++++++++++------- docker-compose.yml | 5 ++++- frontend/VERSION.json | 2 +- 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/backend/main.py b/backend/main.py index 024245de..e83caa64 100644 --- a/backend/main.py +++ b/backend/main.py @@ -19,14 +19,38 @@ log.info("Database tables verified.") app = FastAPI(title="TFM aInventory API", version="1.1.0") log.info("TFM aInventory API process started.") -# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True is invalid per spec. -# Allowed origins are configured via ALLOWED_ORIGINS environment variable (comma-separated). -# Secure fallback: localhost only for development. -_raw_origins = os.environ.get( - "ALLOWED_ORIGINS", - "http://localhost:8907,https://localhost:8909" -) +# [SECURITY FIX M-01] CORS Configuration +# We dynamically build allowed origins from environment variables to simplify deployment. +_raw_origins = os.environ.get("ALLOWED_ORIGINS", "") ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()] + +# Automatically add origins based on network_config.env variables if present +server_ip = os.environ.get("SERVER_IP") +front_port = os.environ.get("FRONTEND_PORT", "8907") +front_ssl_port = os.environ.get("FRONTEND_SSL_PORT", "8909") +back_ssl_port = os.environ.get("BACKEND_SSL_PORT", "8908") + +# Always allow localhost +defaults = [ + f"http://localhost:{front_port}", + f"https://localhost:{front_ssl_port}", + f"https://localhost:{back_ssl_port}", +] +for d in defaults: + if d not in ALLOWED_ORIGINS: + ALLOWED_ORIGINS.append(d) + +# Add IP-based origins if SERVER_IP is set +if server_ip and server_ip != "localhost": + ip_origins = [ + f"http://{server_ip}:{front_port}", + f"https://{server_ip}:{front_ssl_port}", + f"https://{server_ip}:{back_ssl_port}", + ] + for ip_o in ip_origins: + if ip_o not in ALLOWED_ORIGINS: + ALLOWED_ORIGINS.append(ip_o) + log.info(f"CORS allowed origins: {ALLOWED_ORIGINS}") # Add CORS middleware FIRST (before rate limiter) diff --git a/docker-compose.yml b/docker-compose.yml index 55b80718..d039cafa 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,7 +16,10 @@ services: environment: - DATA_DIR=/app/data - LOGS_DIR=/app/logs - - ALLOWED_ORIGINS=http://localhost:${FRONTEND_PORT:-3001},https://localhost:${FRONTEND_SSL_PORT:-3003},http://${SERVER_IP:-localhost}:${FRONTEND_PORT:-3001},https://${SERVER_IP:-localhost}:${FRONTEND_SSL_PORT:-3003},https://localhost:${BACKEND_SSL_PORT:-3002},https://${SERVER_IP:-localhost}:${BACKEND_SSL_PORT:-3002} + - SERVER_IP=${SERVER_IP} + - FRONTEND_PORT=${FRONTEND_PORT} + - FRONTEND_SSL_PORT=${FRONTEND_SSL_PORT} + - BACKEND_SSL_PORT=${BACKEND_SSL_PORT} # [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION! - JWT_SECRET_KEY=${JWT_SECRET_KEY:-change_me_in_production} restart: unless-stopped diff --git a/frontend/VERSION.json b/frontend/VERSION.json index d69eeacf..2819c9f5 100644 --- a/frontend/VERSION.json +++ b/frontend/VERSION.json @@ -1 +1 @@ -{"version": "1.9.0", "last_build": "2026-04-13-2040", "codename": "Stability", "commit": "f137ded5"} +{"version": "1.9.1", "last_build": "2026-04-13-2052", "codename": "NetworkFix", "commit": "65cc0c7b"}