feat(07-02): update main.py to use new YAML config loader

- Replace os.environ calls with get_config()
- Use configuration for CORS and network settings
- Remove direct dotenv/inventory.env references
This commit is contained in:
2026-04-23 12:46:49 +03:00
parent ce79c919e6
commit 938fd2daf8

View File

@@ -1,6 +1,6 @@
import os
from ipaddress import ip_address, ip_network, AddressValueError
from . import config_loader # This triggers the automatic environment loading
from .config_loader import get_config
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from fastapi.staticfiles import StaticFiles
@@ -25,18 +25,20 @@ app = FastAPI(title="TFM aInventory API", version="1.1.0")
log.info("TFM aInventory API process started.")
# [SECURITY FIX M-01] CORS Configuration with Subnet Support
# We dynamically build allowed origins from environment variables to simplify deployment.
_raw_origins = os.environ.get("ALLOWED_ORIGINS", "")
# We dynamically build allowed origins from configuration to simplify deployment.
config = get_config()
app_config = config.get("application", {})
_raw_origins = app_config.get("cors_origins", "")
ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()]
# Allowed subnets for subnet-based CORS validation (e.g., VPN, Tailscale)
ALLOWED_SUBNETS = []
# Automatically add origins based on network_config.env variables if present
server_ip = os.environ.get("SERVER_IP")
front_port = os.environ.get("FRONTEND_PORT", "8917")
front_ssl_port = os.environ.get("FRONTEND_SSL_PORT", "8919")
back_ssl_port = os.environ.get("BACKEND_SSL_PORT", "8918")
# Automatically add origins based on network config if present
server_ip = app_config.get("server_ip")
front_port = app_config.get("frontend_port", "8917")
front_ssl_port = app_config.get("frontend_ssl_port", "8919")
back_ssl_port = app_config.get("backend_ssl_port", "8918")
# Always allow localhost
defaults = [
@@ -60,7 +62,7 @@ if server_ip and server_ip != "localhost":
ALLOWED_ORIGINS.append(ip_o)
# [NEW] Add Extra Allowed Origins (Tailscale, VPN, etc.) with Subnet Support
extra_origins_raw = os.environ.get("EXTRA_ALLOWED_ORIGINS", "")
extra_origins_raw = app_config.get("cors_origins", "")
if extra_origins_raw:
for extra_item in [o.strip() for o in extra_origins_raw.split(",") if o.strip()]:
# Check if it's a subnet (contains /) or individual IP