From 5f76de0a9a6804e2a916be01bf0d0b5018e8b6fb Mon Sep 17 00:00:00 2001
From: Hamcha <hamcha@crunchy.rocks>
Date: Tue, 11 Jul 2023 11:28:17 +0200
Subject: [PATCH] all the cors!

---
 Cargo.lock   |  7 +++++++
 Cargo.toml   |  1 +
 src/main.rs  | 15 ++++++---------
 src/state.rs |  2 --
 4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index fb7298b..9cdaa82 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -349,6 +349,12 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "dotenv_rs"
+version = "0.16.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "828401259441c2fefb04b5af2a5762cac529e17f76b87e8034b9987e541d4397"
+
 [[package]]
 name = "dotenvy"
 version = "0.15.7"
@@ -778,6 +784,7 @@ dependencies = [
  "axum-macros",
  "chrono",
  "cookie",
+ "dotenv_rs",
  "figment",
  "serde",
  "serde_json",
diff --git a/Cargo.toml b/Cargo.toml
index 0a2f216..f2e4696 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,6 +23,7 @@ url = "2.4"
 thiserror = "1.0"
 async-trait = "0.1"
 tower-http = { version = "0.4", features = ["cors"] }
+dotenv_rs = "0.16"
 
 [profile.dev.package.sqlx-macros]
 opt-level = 3
\ No newline at end of file
diff --git a/src/main.rs b/src/main.rs
index eda763a..ef0a101 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -15,6 +15,7 @@ use axum::{
     },
     middleware, Server,
 };
+use dotenv_rs::dotenv;
 use figment::{
     providers::{Env, Format, Serialized, Toml},
     Figment,
@@ -22,10 +23,12 @@ use figment::{
 use sqlx::postgres::PgPoolOptions;
 use state::AppState;
 use std::{net::SocketAddr, sync::Arc};
-use tower_http::cors::CorsLayer;
+use tower_http::cors::{AllowOrigin, CorsLayer};
 
 #[tokio::main]
 async fn main() -> Result<()> {
+    dotenv().ok();
+
     tracing_subscriber::fmt::init();
 
     let config: Config = Figment::from(Serialized::defaults(Config::default()))
@@ -34,13 +37,7 @@ async fn main() -> Result<()> {
         .extract()?;
     let addr: SocketAddr = config.bind.parse()?;
 
-    let origins = config
-        .cors_domains
-        .split(',')
-        .map(|x| x.to_string().parse().unwrap())
-        .collect::<Vec<_>>();
-    println!("{:?}", origins);
-    let cors = CorsLayer::permissive()
+    let cors = CorsLayer::new()
         .allow_methods([
             Method::GET,
             Method::POST,
@@ -48,7 +45,7 @@ async fn main() -> Result<()> {
             Method::DELETE,
             Method::OPTIONS,
         ])
-        .allow_origin(origins)
+        .allow_origin(AllowOrigin::mirror_request())
         .allow_credentials(true)
         .allow_headers([AUTHORIZATION, ACCEPT, CONTENT_TYPE])
         .expose_headers([CONTENT_ENCODING]);
diff --git a/src/state.rs b/src/state.rs
index 721c125..a1b690b 100644
--- a/src/state.rs
+++ b/src/state.rs
@@ -9,7 +9,6 @@ pub struct Config {
     pub session_duration: i64, // in seconds
     pub prune_interval: u64,   // in seconds
     pub base_url: String,
-    pub cors_domains: String, // CORS-allowed domains, separated by comma
 }
 
 impl Config {
@@ -47,7 +46,6 @@ impl Default for Config {
             session_duration: 3600, // 60min
             prune_interval: 3600,   // 60min
             base_url: "http://localhost".into(),
-            cors_domains: "http://localhost:3000".into(),
         }
     }
 }