fix: add UAT/dev domains to cors_origins

Add dev.cartsnitch.com and uat.cartsnitch.com to the CORS origins list
to match the infra HTTPRoute domains and fix auth blocking on UAT.

Refs: CAR-992
Co-Authored-By: Paperclip <noreply@paperclip.ing>

src/cartsnitch_api/config.py

@@ -23,7 +23,12 @@ class Settings(BaseSettings):
 
     auth_service_url: str = "http://auth:3001"
 
-    cors_origins: list[str] = ["http://localhost:3000", "https://cartsnitch.com"]
+    cors_origins: list[str] = [
+        "http://localhost:3000",
+        "https://cartsnitch.com",
+        "https://dev.cartsnitch.com",
+        "https://uat.cartsnitch.com",
+    ]
 
     receiptwitness_url: str = "http://receiptwitness:8001"
     stickershock_url: str = "http://stickershock:8002"

src/cartsnitch_api/main.py

@@ -6,6 +6,7 @@ from fastapi import APIRouter, FastAPI
 
 from cartsnitch_api.auth.routes import router as auth_router
 from cartsnitch_api.cache import cache_client
+from cartsnitch_api.database import dispose_engine
 from cartsnitch_api.middleware.cors import add_cors_middleware
 from cartsnitch_api.middleware.error_handler import add_error_handlers, add_error_monitor_middleware
 from cartsnitch_api.middleware.rate_limit import add_rate_limit_middleware
@@ -25,7 +26,6 @@ from cartsnitch_api.routes.user import router as user_router
 
 @asynccontextmanager
 async def lifespan(app: FastAPI):
-    from cartsnitch_api.database import dispose_engine
     await cache_client.initialize()
     yield
     await cache_client.close()