diff --git a/backend/main.py b/backend/main.py index d25b27e7..df0e42e8 100644 --- a/backend/main.py +++ b/backend/main.py @@ -1,6 +1,6 @@ import os from ipaddress import ip_address, ip_network, AddressValueError -from . import config_loader # This triggers the automatic environment loading +from .config_loader import get_config from fastapi import FastAPI from fastapi.middleware.cors import CORSMiddleware from fastapi.staticfiles import StaticFiles @@ -25,18 +25,20 @@ app = FastAPI(title="TFM aInventory API", version="1.1.0") log.info("TFM aInventory API process started.") # [SECURITY FIX M-01] CORS Configuration with Subnet Support -# We dynamically build allowed origins from environment variables to simplify deployment. -_raw_origins = os.environ.get("ALLOWED_ORIGINS", "") +# We dynamically build allowed origins from configuration to simplify deployment. +config = get_config() +app_config = config.get("application", {}) +_raw_origins = app_config.get("cors_origins", "") ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()] # Allowed subnets for subnet-based CORS validation (e.g., VPN, Tailscale) ALLOWED_SUBNETS = [] -# Automatically add origins based on network_config.env variables if present -server_ip = os.environ.get("SERVER_IP") -front_port = os.environ.get("FRONTEND_PORT", "8917") -front_ssl_port = os.environ.get("FRONTEND_SSL_PORT", "8919") -back_ssl_port = os.environ.get("BACKEND_SSL_PORT", "8918") +# Automatically add origins based on network config if present +server_ip = app_config.get("server_ip") +front_port = app_config.get("frontend_port", "8917") +front_ssl_port = app_config.get("frontend_ssl_port", "8919") +back_ssl_port = app_config.get("backend_ssl_port", "8918") # Always allow localhost defaults = [ @@ -60,7 +62,7 @@ if server_ip and server_ip != "localhost": ALLOWED_ORIGINS.append(ip_o) # [NEW] Add Extra Allowed Origins (Tailscale, VPN, etc.) with Subnet Support -extra_origins_raw = os.environ.get("EXTRA_ALLOWED_ORIGINS", "") +extra_origins_raw = app_config.get("cors_origins", "") if extra_origins_raw: for extra_item in [o.strip() for o in extra_origins_raw.split(",") if o.strip()]: # Check if it's a subnet (contains /) or individual IP