From 483a7476004b88dbb35829b1cf2d3e58200677d7 Mon Sep 17 00:00:00 2001 From: Daniel Bedeleanu Date: Sat, 11 Apr 2026 14:44:00 +0300 Subject: [PATCH] fix: CORS configuration for both docker-compose and start_server.sh deployments - Update start_server.sh to auto-detect local IP and export ALLOWED_ORIGINS - Includes both localhost and detected IP on HTTP/HTTPS proxy ports - Export JWT_SECRET_KEY with ephemeral key if not set - Fix Romanian comments in docker-compose.yml to English - Document two deployment methods in SESSION_STATE.md --- dev_docs/SESSION_STATE.md | 47 +++++++++++++++++++++++++++++++++++---- docker-compose.yml | 4 ++-- start_server.sh | 13 ++++++----- 3 files changed, 52 insertions(+), 12 deletions(-) diff --git a/dev_docs/SESSION_STATE.md b/dev_docs/SESSION_STATE.md index fb4f1765..5b9988a6 100644 --- a/dev_docs/SESSION_STATE.md +++ b/dev_docs/SESSION_STATE.md @@ -1,13 +1,52 @@ -# CURRENT AI WORKING SESSION — COMPLETED +# CURRENT AI WORKING SESSION — IN PROGRESS -**Active AI:** Claude (Sonnet 4.6) +**Active AI:** Claude (Haiku 4.5) **Last Updated:** 2026-04-11 **Current Version:** v1.3.5 -**Branch:** dev (v1.3.5 release branch created) +**Branch:** dev --- -## 🎯 SESSION COMPLETED — ALL TASKS FINALIZED + ENGLISH COMPLIANCE VERIFIED +## 🔧 CURRENT ISSUE — CORS Configuration Clarification + +### Two Deployment Methods +The project supports two distinct deployment approaches: + +#### 1. **Docker Compose** (Production / Containerized) +- Uses `docker-compose.yml` with Caddy reverse proxy +- Backend container on internal port 8000 → exposed via Caddy on 3002 +- Frontend container on internal port 3000 → exposed via Caddy on 3003 +- **Configuration:** `ALLOWED_ORIGINS` environment variable in docker-compose.yml +- **Current setting:** `http://localhost:3000,http://localhost:3002` +- **For remote deployment:** Must update ALLOWED_ORIGINS to include actual domain (e.g., `https://192.168.84.140:3003`) + +#### 2. **start_server.sh** (Development / Native) +- Runs Backend (uvicorn) + Frontend (Next.js) + local-ssl-proxy directly +- Backend on port 8000 → SSL proxy on 3002 +- Frontend on port 3001 → SSL proxy on 3003 +- **Issue Fixed:** Script now automatically detects local IP and exports ALLOWED_ORIGINS +- **Auto-configured for:** localhost + detected IP address on both HTTP and HTTPS + +### Fix Applied (Commit Pending) +Updated `start_server.sh` to: +1. Detect local IP address (en0/en1 interface) +2. Export ALLOWED_ORIGINS with all applicable origins: + - HTTP localhost on dev ports (3000/3001) + - HTTPS localhost on proxy ports (3002/3003) + - HTTPS on detected IP address on proxy ports +3. Display CORS configuration when starting backend +4. Export JWT_SECRET_KEY if not already set + +**Result:** Frontend at `https://:3003` can now access backend at `https://:3002` without CORS blocks. + +### English Language Compliance +Fixed Romanian comments in docker-compose.yml: +- `"personalizează pentru producție"` → `"customize for production"` +- `"GENEREAZĂ O VALOARE SIGURĂ"` → `"GENERATE A SECURE VALUE"` + +--- + +## 🎯 PREVIOUS SESSION — ALL TASKS FINALIZED + ENGLISH COMPLIANCE VERIFIED ### Final Status diff --git a/docker-compose.yml b/docker-compose.yml index ac860989..27e6084d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,9 +15,9 @@ services: environment: - DATA_DIR=/app/data - LOGS_DIR=/app/logs - # [M-01] CORS allowed origins — personalizează pentru producție + # [M-01] CORS allowed origins — customize for production - ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3002 - # [C-01] JWT secret key — GENEREAZĂ O VALOARE SIGURĂ PENTRU PRODUCȚIE! + # [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION! - JWT_SECRET_KEY=${JWT_SECRET_KEY:-change-me-in-production} restart: unless-stopped diff --git a/start_server.sh b/start_server.sh index 3ff78795..efbea368 100755 --- a/start_server.sh +++ b/start_server.sh @@ -25,8 +25,13 @@ source .venv/bin/activate echo "📦 Updating Python dependencies..." pip install -q -r backend/requirements.txt -# 4. Start Backend (Python/FastAPI) +# 4. Get Local IP and set CORS origins +LOCAL_IP=$(ipconfig getifaddr en0 || ipconfig getifaddr en1 || echo "localhost") +export ALLOWED_ORIGINS="http://localhost:$FRONTEND_PORT,http://localhost:$BACKEND_PORT,https://localhost:$FRONTEND_SSL_PORT,https://localhost:$BACKEND_SSL_PORT,https://$LOCAL_IP:$FRONTEND_SSL_PORT,https://$LOCAL_IP:$BACKEND_SSL_PORT" +export JWT_SECRET_KEY="${JWT_SECRET_KEY:-ephemeral-dev-key-$(date +%s)}" + echo "🔥 Starting Backend on port $BACKEND_PORT..." +echo " CORS origins: $ALLOWED_ORIGINS" python3 -m uvicorn backend.main:app --host 0.0.0.0 --port $BACKEND_PORT --reload & # 5. Start Frontend (Next.js) @@ -39,11 +44,7 @@ cd .. npx local-ssl-proxy --source $BACKEND_SSL_PORT --target $BACKEND_PORT --hostname 0.0.0.0 > /dev/null 2>&1 & npx local-ssl-proxy --source $FRONTEND_SSL_PORT --target $FRONTEND_PORT --hostname 0.0.0.0 > /dev/null 2>&1 & -# 7. Get Local IP -LOCAL_IP=$(ipconfig getifaddr en0 || ipconfig getifaddr en1 || echo "") - -# 8. Printing Unified Access Banner -LOCAL_IP=$(ipconfig getifaddr en0 || ipconfig getifaddr en1 || echo "") +# 7. Print Unified Access Banner # Colors GREEN='\033[0;32m'