feat: configurable trusted origins
This commit is contained in:
parent
2bb11b0d33
commit
185ce22ce9
4 changed files with 11 additions and 4 deletions
|
|
@ -80,9 +80,10 @@ Zerobyte can be customized using environment variables. Below are the available
|
|||
| :-------------------- | :----------------------------------------------------------------------------------------------------------------- | :--------- |
|
||||
| `PORT` | The port the web interface and API will listen on. | `4096` |
|
||||
| `RESTIC_HOSTNAME` | The hostname used by Restic when creating snapshots. Automatically detected if a custom hostname is set in Docker. | `zerobyte` |
|
||||
| `TZ` | Timezone for the container (e.g., `Europe/Paris`). **Crucial for accurate backup scheduling.** | `UTC` |
|
||||
| `TRUSTED_ORIGINS` | Comma-separated list of trusted origins for CORS (e.g., `http://localhost:3000,http://example.com`). | (none) |
|
||||
| `LOG_LEVEL` | Logging verbosity. Options: `debug`, `info`, `warn`, `error`. | `info` |
|
||||
| `SERVER_IDLE_TIMEOUT` | Idle timeout for the server in seconds. | `60` |
|
||||
| `TZ` | Timezone for the container (e.g., `Europe/Paris`). **Crucial for accurate backup scheduling.** | `UTC` |
|
||||
|
||||
### Secret References
|
||||
|
||||
|
|
|
|||
|
|
@ -11,12 +11,14 @@ import { convertLegacyUserOnFirstLogin } from "./auth-middlewares/convert-legacy
|
|||
import { cryptoUtils } from "~/server/utils/crypto";
|
||||
import { db } from "~/server/db/db";
|
||||
import { ensureOnlyOneUser } from "./auth-middlewares/only-one-user";
|
||||
import { config } from "~/server/core/config";
|
||||
|
||||
export type AuthMiddlewareContext = MiddlewareContext<MiddlewareOptions, AuthContext<BetterAuthOptions>>;
|
||||
|
||||
const createBetterAuth = (secret: string) =>
|
||||
betterAuth({
|
||||
secret,
|
||||
trustedOrigins: config.trustedOrigins ?? ["*"],
|
||||
hooks: {
|
||||
before: createAuthMiddleware(async (ctx) => {
|
||||
await ensureOnlyOneUser(ctx);
|
||||
|
|
@ -55,9 +57,6 @@ const createBetterAuth = (secret: string) =>
|
|||
},
|
||||
}),
|
||||
],
|
||||
advanced: {
|
||||
disableOriginCheck: true,
|
||||
},
|
||||
});
|
||||
|
||||
type Auth = ReturnType<typeof createBetterAuth>;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
import { Scalar } from "@scalar/hono-api-reference";
|
||||
import { Hono } from "hono";
|
||||
import { cors } from "hono/cors";
|
||||
import { logger as honoLogger } from "hono/logger";
|
||||
import { secureHeaders } from "hono/secure-headers";
|
||||
import { rateLimiter } from "hono-rate-limiter";
|
||||
|
|
@ -38,6 +39,10 @@ export const scalarDescriptor = Scalar({
|
|||
export const createApp = () => {
|
||||
const app = new Hono();
|
||||
|
||||
if (config.trustedOrigins) {
|
||||
app.use(cors({ origin: config.trustedOrigins }));
|
||||
}
|
||||
|
||||
if (config.environment !== "test") {
|
||||
app.use(honoLogger());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ const envSchema = type({
|
|||
PORT: 'string.integer.parse = "4096"',
|
||||
MIGRATIONS_PATH: "string?",
|
||||
APP_VERSION: "string = 'dev'",
|
||||
TRUSTED_ORIGINS: "string?",
|
||||
}).pipe((s) => ({
|
||||
__prod__: s.NODE_ENV === "production",
|
||||
environment: s.NODE_ENV,
|
||||
|
|
@ -41,6 +42,7 @@ const envSchema = type({
|
|||
port: s.PORT,
|
||||
migrationsPath: s.MIGRATIONS_PATH,
|
||||
appVersion: s.APP_VERSION,
|
||||
trustedOrigins: s.TRUSTED_ORIGINS?.split(",").map((origin) => origin.trim()),
|
||||
}));
|
||||
|
||||
const parseConfig = (env: unknown) => {
|
||||
|
|
|
|||
Loading…
Reference in a new issue