fix cors

internal/api/middlewares/auth.go

@@ -106,7 +106,7 @@ func Authentication(app *config.App) connect.UnaryInterceptorFunc {
 			}
 
 			// Add claims to context
-			ctx = context.WithValue(ctx, AuthUserIDKey, claims.ID)
+			ctx = context.WithValue(ctx, AuthUserIDKey, claims.UserID)
 			return next(ctx, req)
 		}
 	})

internal/api/middlewares/cors.go

@@ -2,6 +2,7 @@ package middlewares
 
 import (
 	"net/http"
+	"time"
 
 	connectcors "connectrpc.com/cors"
 	"github.com/mizuchilabs/mantrae/internal/config"
@@ -25,10 +26,10 @@ func WithCORS(h http.Handler, app *config.App, port string) http.Handler {
 	}
 
 	return cors.New(cors.Options{
-		AllowedOrigins:   allowedOrigins,
-		AllowedMethods:   connectcors.AllowedMethods(),
-		AllowedHeaders:   connectcors.AllowedHeaders(),
-		ExposedHeaders:   connectcors.ExposedHeaders(),
-		AllowCredentials: true,
+		AllowedOrigins: allowedOrigins,
+		AllowedMethods: connectcors.AllowedMethods(),
+		AllowedHeaders: connectcors.AllowedHeaders(),
+		ExposedHeaders: connectcors.ExposedHeaders(),
+		MaxAge:         int(2 * time.Hour / time.Second),
 	}).Handler(h)
 }

internal/api/server/server.go

@@ -3,7 +3,6 @@ package server
 import (
 	"context"
 	"fmt"
-	"io/fs"
 	"log"
 	"log/slog"
 	"net/http"
@@ -19,7 +18,6 @@ import (
 	"github.com/mizuchilabs/mantrae/internal/api/service"
 	"github.com/mizuchilabs/mantrae/internal/config"
 	"github.com/mizuchilabs/mantrae/proto/gen/mantrae/v1/mantraev1connect"
-	"github.com/mizuchilabs/mantrae/web"
 )
 
 const elementsHTML = `<!DOCTYPE html>
@@ -127,11 +125,11 @@ func (s *Server) registerServices() {
 	}
 
 	// Static files
-	staticContent, err := fs.Sub(web.StaticFS, "build")
-	if err != nil {
-		log.Fatal(err)
-	}
-	s.mux.Handle("/", http.FileServer(http.FS(staticContent)))
+	// staticContent, err := fs.Sub(web.StaticFS, "build")
+	// if err != nil {
+	// 	log.Fatal(err)
+	// }
+	// s.mux.Handle("/", http.FileServer(http.FS(staticContent)))
 
 	serviceNames := []string{
 		mantraev1connect.ProfileServiceName,

internal/api/service/user.go

@@ -51,7 +51,7 @@ func (s *UserService) LoginUser(
 	if req.Msg.Remember {
 		expirationTime = time.Now().Add(30 * 24 * time.Hour)
 	}
-	token, err := util.EncodeUserJWT(user.Username, s.app.Secret, expirationTime)
+	token, err := util.EncodeUserJWT(user.ID, s.app.Secret, expirationTime)
 	if err != nil {
 		return nil, connect.NewError(connect.CodeInternal, err)
 	}
@@ -109,7 +109,7 @@ func (s *UserService) VerifyOTP(
 	}
 
 	expirationTime := time.Now().Add(1 * time.Hour)
-	token, err := util.EncodeUserJWT(user.Username, s.app.Secret, expirationTime)
+	token, err := util.EncodeUserJWT(user.ID, s.app.Secret, expirationTime)
 	if err != nil {
 		return nil, connect.NewError(connect.CodeInternal, err)
 	}

internal/util/jwt.go

@@ -10,20 +10,20 @@ import (
 const CookieName = "auth_token"
 
 type UserClaims struct {
-	Username string `json:"username,omitempty"`
+	UserID string `json:"user_id,omitempty"`
 	jwt.RegisteredClaims
 }
 
 // EncodeUserJWT generates a JWT for user login
-func EncodeUserJWT(username, secret string, expirationTime time.Time) (string, error) {
-	if username == "" {
+func EncodeUserJWT(userID, secret string, expirationTime time.Time) (string, error) {
+	if userID == "" {
 		return "", errors.New("username cannot be empty")
 	}
 	if expirationTime.IsZero() {
 		expirationTime = time.Now().Add(24 * time.Hour)
 	}
 	claims := &UserClaims{
-		Username: username,
+		UserID: userID,
 		RegisteredClaims: jwt.RegisteredClaims{
 			ExpiresAt: jwt.NewNumericDate(expirationTime),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),