Merge branch 'main' into wip/messaging

2025-05-07 23:23:36 +02:00 · 2025-05-07 23:23:36 +02:00 · 71f0cc14be
commit 71f0cc14be
parent 358a7f8336 c4dafa1f2c
14 changed files with 164 additions and 25 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -1,3 +1,4 @@
+use actix_cors::Cors;
 use actix_web::{App, HttpServer, web};
 use argon2::Argon2;
 use clap::Parser;
@ -7,7 +8,7 @@ use std::time::SystemTime;
 mod config;
 use config::{Config, ConfigBuilder};
 mod api;
-pub mod crypto;
+
 pub mod utils;

 type Error = Box<dyn std::error::Error>;
@ -22,6 +23,7 @@ struct Args {
 #[derive(Clone)]
 struct Data {
    pub pool: Pool<Postgres>,
+    pub cache_pool: redis::Client,
    pub _config: Config,
    pub argon2: Argon2<'static>,
    pub start_time: SystemTime,
@ -43,6 +45,8 @@ async fn main() -> Result<(), Error> {

    let pool = PgPool::connect_with(config.database.connect_options()).await?;

+    let cache_pool = redis::Client::open(config.cache_database.url())?;
+
    /*
    TODO: Figure out if a table should be used here and if not then what.
    Also figure out if these should be different types from what they currently are and if we should add more "constraints"
@ -153,15 +157,45 @@ async fn main() -> Result<(), Error> {

    let data = Data {
        pool,
+        cache_pool,
        _config: config,
        // TODO: Possibly implement "pepper" into this (thinking it could generate one if it doesnt exist and store it on disk)
        argon2: Argon2::default(),
        start_time: SystemTime::now(),
    };

+    
    HttpServer::new(move || {
+        // Set CORS headers
+        let cors = Cors::default()
+            /*
+                Set Allowed-Control-Allow-Origin header to whatever
+                the request's Origin header is. Must be done like this
+                rather than setting it to "*" due to CORS not allowing
+                sending of credentials (cookies) with wildcard origin.
+            */
+            .allowed_origin_fn(|_origin, _req_head| {
+                true
+            })
+            /*
+                Allows any request method in CORS preflight requests.
+                This will be restricted to only ones actually in use later.
+            */
+            .allow_any_method()
+            /*
+                Allows any header(s) in request in CORS preflight requests.
+                This wll be restricted to only ones actually in use later.
+            */
+            .allow_any_header()
+            /*
+                Allows browser to include cookies in requests.
+                This is needed for receiving the secure HttpOnly refresh_token cookie.
+            */
+            .supports_credentials();
+
        App::new()
            .app_data(web::Data::new(data.clone()))
+            .wrap(cors)
            .service(api::web())
    })
    .bind((web.url, web.port))?