From d8f8afb2c673d26f072af4a583ccd70c5a7a1c2d Mon Sep 17 00:00:00 2001 From: d34dscene Date: Wed, 18 Jun 2025 17:23:41 +0200 Subject: [PATCH] fix cors --- internal/api/middlewares/auth.go | 2 +- internal/api/middlewares/cors.go | 11 ++++++----- internal/api/server/server.go | 12 +++++------- internal/api/service/user.go | 4 ++-- internal/util/jwt.go | 8 ++++---- 5 files changed, 18 insertions(+), 19 deletions(-) diff --git a/internal/api/middlewares/auth.go b/internal/api/middlewares/auth.go index 60e3bf7..382b94d 100644 --- a/internal/api/middlewares/auth.go +++ b/internal/api/middlewares/auth.go @@ -106,7 +106,7 @@ func Authentication(app *config.App) connect.UnaryInterceptorFunc { } // Add claims to context - ctx = context.WithValue(ctx, AuthUserIDKey, claims.ID) + ctx = context.WithValue(ctx, AuthUserIDKey, claims.UserID) return next(ctx, req) } }) diff --git a/internal/api/middlewares/cors.go b/internal/api/middlewares/cors.go index 8c74e43..2ec6816 100644 --- a/internal/api/middlewares/cors.go +++ b/internal/api/middlewares/cors.go @@ -2,6 +2,7 @@ package middlewares import ( "net/http" + "time" connectcors "connectrpc.com/cors" "github.com/mizuchilabs/mantrae/internal/config" @@ -25,10 +26,10 @@ func WithCORS(h http.Handler, app *config.App, port string) http.Handler { } return cors.New(cors.Options{ - AllowedOrigins: allowedOrigins, - AllowedMethods: connectcors.AllowedMethods(), - AllowedHeaders: connectcors.AllowedHeaders(), - ExposedHeaders: connectcors.ExposedHeaders(), - AllowCredentials: true, + AllowedOrigins: allowedOrigins, + AllowedMethods: connectcors.AllowedMethods(), + AllowedHeaders: connectcors.AllowedHeaders(), + ExposedHeaders: connectcors.ExposedHeaders(), + MaxAge: int(2 * time.Hour / time.Second), }).Handler(h) } diff --git a/internal/api/server/server.go b/internal/api/server/server.go index 9ab2bcf..a735526 100644 --- a/internal/api/server/server.go +++ b/internal/api/server/server.go @@ -3,7 +3,6 @@ package server import ( "context" "fmt" - "io/fs" "log" "log/slog" "net/http" @@ -19,7 +18,6 @@ import ( "github.com/mizuchilabs/mantrae/internal/api/service" "github.com/mizuchilabs/mantrae/internal/config" "github.com/mizuchilabs/mantrae/proto/gen/mantrae/v1/mantraev1connect" - "github.com/mizuchilabs/mantrae/web" ) const elementsHTML = ` @@ -127,11 +125,11 @@ func (s *Server) registerServices() { } // Static files - staticContent, err := fs.Sub(web.StaticFS, "build") - if err != nil { - log.Fatal(err) - } - s.mux.Handle("/", http.FileServer(http.FS(staticContent))) + // staticContent, err := fs.Sub(web.StaticFS, "build") + // if err != nil { + // log.Fatal(err) + // } + // s.mux.Handle("/", http.FileServer(http.FS(staticContent))) serviceNames := []string{ mantraev1connect.ProfileServiceName, diff --git a/internal/api/service/user.go b/internal/api/service/user.go index 572532a..9670c52 100644 --- a/internal/api/service/user.go +++ b/internal/api/service/user.go @@ -51,7 +51,7 @@ func (s *UserService) LoginUser( if req.Msg.Remember { expirationTime = time.Now().Add(30 * 24 * time.Hour) } - token, err := util.EncodeUserJWT(user.Username, s.app.Secret, expirationTime) + token, err := util.EncodeUserJWT(user.ID, s.app.Secret, expirationTime) if err != nil { return nil, connect.NewError(connect.CodeInternal, err) } @@ -109,7 +109,7 @@ func (s *UserService) VerifyOTP( } expirationTime := time.Now().Add(1 * time.Hour) - token, err := util.EncodeUserJWT(user.Username, s.app.Secret, expirationTime) + token, err := util.EncodeUserJWT(user.ID, s.app.Secret, expirationTime) if err != nil { return nil, connect.NewError(connect.CodeInternal, err) } diff --git a/internal/util/jwt.go b/internal/util/jwt.go index 914cce1..2d6611a 100644 --- a/internal/util/jwt.go +++ b/internal/util/jwt.go @@ -10,20 +10,20 @@ import ( const CookieName = "auth_token" type UserClaims struct { - Username string `json:"username,omitempty"` + UserID string `json:"user_id,omitempty"` jwt.RegisteredClaims } // EncodeUserJWT generates a JWT for user login -func EncodeUserJWT(username, secret string, expirationTime time.Time) (string, error) { - if username == "" { +func EncodeUserJWT(userID, secret string, expirationTime time.Time) (string, error) { + if userID == "" { return "", errors.New("username cannot be empty") } if expirationTime.IsZero() { expirationTime = time.Now().Add(24 * time.Hour) } claims := &UserClaims{ - Username: username, + UserID: userID, RegisteredClaims: jwt.RegisteredClaims{ ExpiresAt: jwt.NewNumericDate(expirationTime), IssuedAt: jwt.NewNumericDate(time.Now()),