groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

promote(GRO-2586): dev → uat — CORS origin allowlist enforcement (#220)
CI / Test (pull_request) Successful in 30s
Details
CI / Lint & Typecheck (pull_request) Successful in 39s
Details
CI / Build & Push Docker Images (pull_request) Successful in 1m36s
Details

Browse Source 
promote(GRO-2586): dev → uat — CORS origin allowlist enforcement
This commit is contained in:
Flea Flicker
2026-06-26 13:46:44 +00:00
committed by Flea Flicker
parent 1b6cd5825a
commit 37e14f30c8
4 changed files with 89 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/index.ts
+4 -2
View File
@@ -3,6 +3,7 @@ import { Hono } from "hono";
import { logger } from "hono/logger";
import { cors } from "hono/cors";
import { getAuth, initAuth, getActiveProviders } from "./lib/auth.js";
import { enforceAuthCors } from "./lib/auth-cors.js";
import { clientsRouter } from "./routes/clients.js";
import { petsRouter } from "./routes/pets.js";
import { servicesRouter } from "./routes/services.js";
@@ -200,9 +201,10 @@ api.use("*", resolveStaffMiddleware);
// Better-Auth handler — mounted as sub-app to handle all /api/auth/* routes
// authMiddleware and resolveStaffMiddleware both skip /api/auth/ paths
const authRouter = new Hono();
authRouter.all("/*", (c) => {
authRouter.all("/*", async (c) => {
try {
return getAuth().handler(c.req.raw);
const res = await getAuth().handler(c.req.raw);
return enforceAuthCors(c.req.header("origin"), TRUSTED_ORIGINS, res);
} catch {
return c.json({ error: "Authentication not configured" }, 503);
}