feat(07-02): update main.py to use new YAML config loader
- Replace os.environ calls with get_config() - Use configuration for CORS and network settings - Remove direct dotenv/inventory.env references
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
import os
|
||||
from ipaddress import ip_address, ip_network, AddressValueError
|
||||
from . import config_loader # This triggers the automatic environment loading
|
||||
from .config_loader import get_config
|
||||
from fastapi import FastAPI
|
||||
from fastapi.middleware.cors import CORSMiddleware
|
||||
from fastapi.staticfiles import StaticFiles
|
||||
@@ -25,18 +25,20 @@ app = FastAPI(title="TFM aInventory API", version="1.1.0")
|
||||
log.info("TFM aInventory API process started.")
|
||||
|
||||
# [SECURITY FIX M-01] CORS Configuration with Subnet Support
|
||||
# We dynamically build allowed origins from environment variables to simplify deployment.
|
||||
_raw_origins = os.environ.get("ALLOWED_ORIGINS", "")
|
||||
# We dynamically build allowed origins from configuration to simplify deployment.
|
||||
config = get_config()
|
||||
app_config = config.get("application", {})
|
||||
_raw_origins = app_config.get("cors_origins", "")
|
||||
ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()]
|
||||
|
||||
# Allowed subnets for subnet-based CORS validation (e.g., VPN, Tailscale)
|
||||
ALLOWED_SUBNETS = []
|
||||
|
||||
# Automatically add origins based on network_config.env variables if present
|
||||
server_ip = os.environ.get("SERVER_IP")
|
||||
front_port = os.environ.get("FRONTEND_PORT", "8917")
|
||||
front_ssl_port = os.environ.get("FRONTEND_SSL_PORT", "8919")
|
||||
back_ssl_port = os.environ.get("BACKEND_SSL_PORT", "8918")
|
||||
# Automatically add origins based on network config if present
|
||||
server_ip = app_config.get("server_ip")
|
||||
front_port = app_config.get("frontend_port", "8917")
|
||||
front_ssl_port = app_config.get("frontend_ssl_port", "8919")
|
||||
back_ssl_port = app_config.get("backend_ssl_port", "8918")
|
||||
|
||||
# Always allow localhost
|
||||
defaults = [
|
||||
@@ -60,7 +62,7 @@ if server_ip and server_ip != "localhost":
|
||||
ALLOWED_ORIGINS.append(ip_o)
|
||||
|
||||
# [NEW] Add Extra Allowed Origins (Tailscale, VPN, etc.) with Subnet Support
|
||||
extra_origins_raw = os.environ.get("EXTRA_ALLOWED_ORIGINS", "")
|
||||
extra_origins_raw = app_config.get("cors_origins", "")
|
||||
if extra_origins_raw:
|
||||
for extra_item in [o.strip() for o in extra_origins_raw.split(",") if o.strip()]:
|
||||
# Check if it's a subnet (contains /) or individual IP
|
||||
|
||||
Reference in New Issue
Block a user