From 3e3b9eb03089065a8904b2363e7aa894c2483b2c Mon Sep 17 00:00:00 2001 From: Noloquideus Date: Wed, 15 Apr 2026 15:13:08 +0300 Subject: [PATCH] fix: delete origins --- src/infrastructure/config/settings.py | 9 ++------- src/main.py | 4 ++-- src/presentation/routing/auth.py | 12 ++++++------ src/presentation/routing/jwt.py | 4 ++-- 4 files changed, 12 insertions(+), 17 deletions(-) diff --git a/src/infrastructure/config/settings.py b/src/infrastructure/config/settings.py index 96c9748..01a2495 100644 --- a/src/infrastructure/config/settings.py +++ b/src/infrastructure/config/settings.py @@ -57,6 +57,8 @@ class Settings(BaseSettings): CSRF_COOKIE_PATH: str = '/' CSRF_COOKIE_DOMAIN: str | None = None + AUTH_COOKIE_SECURE: bool = False + DOCS_USERNAME: str = 'admin' DOCS_PASSWORD: str = 'admin' @@ -81,9 +83,6 @@ class Settings(BaseSettings): RABBIT_CONNECT_TIMEOUT: int = 5 RABBIT_EMAIL_CODE_QUEUE: str = 'email.verification_code' - CORS_ORIGINS: str = 'http://localhost:3000' - CORS_ALLOW_CREDENTIALS: bool = True - RATE_LIMIT_REQUESTS: int = 60 RATE_LIMIT_WINDOW: int = 60 @@ -245,10 +244,6 @@ class Settings(BaseSettings): return data - def cors_origins_list(self) -> List[str]: - return [o.strip() for o in self.CORS_ORIGINS.split(',') if o.strip()] - - @property def DATABASE_URL(self) -> str: return ( diff --git a/src/main.py b/src/main.py index 1cc40a9..c51f260 100644 --- a/src/main.py +++ b/src/main.py @@ -117,8 +117,8 @@ app.add_middleware( app.add_middleware( CORSMiddleware, - allow_origins=settings.cors_origins_list(), - allow_credentials=settings.CORS_ALLOW_CREDENTIALS, + allow_origin_regex=r'https?://.+', + allow_credentials=True, allow_methods=['*'], allow_headers=['*'], ) diff --git a/src/presentation/routing/auth.py b/src/presentation/routing/auth.py index 4e28f32..01c8897 100644 --- a/src/presentation/routing/auth.py +++ b/src/presentation/routing/auth.py @@ -76,7 +76,7 @@ async def registration( key='device_id', value=device_id, httponly=True, - secure=True, + secure=settings.AUTH_COOKIE_SECURE, samesite='lax', path='/', max_age=60 * 60 * 24 * 365 * 5 @@ -86,7 +86,7 @@ async def registration( key='access_token', value=created.access_token, httponly=True, - secure=True, + secure=settings.AUTH_COOKIE_SECURE, samesite='lax', path='/', max_age=int(settings.JWT_ACCESS_TTL_SECONDS), @@ -95,7 +95,7 @@ async def registration( key='refresh_token', value=created.refresh_token, httponly=True, - secure=True, + secure=settings.AUTH_COOKIE_SECURE, samesite='lax', path='/', max_age=int(settings.JWT_REFRESH_TTL_SECONDS), @@ -167,7 +167,7 @@ async def login( key='device_id', value=device_id, httponly=True, - secure=True, + secure=settings.AUTH_COOKIE_SECURE, samesite='lax', path='/', max_age=60 * 60 * 24 * 365 * 5 @@ -177,7 +177,7 @@ async def login( key='access_token', value=dto.access_token, httponly=True, - secure=True, + secure=settings.AUTH_COOKIE_SECURE, samesite='lax', path='/', max_age=int(settings.JWT_ACCESS_TTL_SECONDS), @@ -187,7 +187,7 @@ async def login( key='refresh_token', value=dto.refresh_token, httponly=True, - secure=True, + secure=settings.AUTH_COOKIE_SECURE, samesite='lax', path='/', max_age=int(settings.JWT_REFRESH_TTL_SECONDS), diff --git a/src/presentation/routing/jwt.py b/src/presentation/routing/jwt.py index 4f93d7f..b140d58 100644 --- a/src/presentation/routing/jwt.py +++ b/src/presentation/routing/jwt.py @@ -42,7 +42,7 @@ async def refresh_tokens( key='access_token', value=access, httponly=True, - secure=True, + secure=settings.AUTH_COOKIE_SECURE, samesite='lax', path='/', max_age=int(settings.JWT_ACCESS_TTL_SECONDS), @@ -51,7 +51,7 @@ async def refresh_tokens( key='refresh_token', value=refresh, httponly=True, - secure=True, + secure=settings.AUTH_COOKIE_SECURE, samesite='lax', path='/', max_age=int(settings.JWT_REFRESH_TTL_SECONDS),