import os from fastapi import FastAPI from fastapi.middleware.cors import CORSMiddleware from . import models from .database import engine from .routers import items, operations, users, categories from .logger import log # Create the database tables models.Base.metadata.create_all(bind=engine) log.info("Database tables verified.") app = FastAPI(title="TFM aInventory API", version="1.1.0") log.info("TFM aInventory API process started.") # [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True este invalid per spec. # Originile permise se configurează via variabila de mediu ALLOWED_ORIGINS (comma-separated). # Fallback sigur: doar localhost pentru development. _raw_origins = os.environ.get("ALLOWED_ORIGINS", "http://localhost:3000,http://localhost:3002") ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()] app.add_middleware( CORSMiddleware, allow_origins=ALLOWED_ORIGINS, allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) app.include_router(items.router) app.include_router(operations.router) app.include_router(users.router) app.include_router(categories.router) @app.get("/") def read_root(): return {"message": "Inventory API is running"}