0.1.1-cors-internal

2025-06-02 22:20:37 +03:00
parent 0982dff45b
commit 30000a4803
7 changed files with 315 additions and 156 deletions
--- a/src/main.rs
+++ b/src/main.rs
@@ -7,9 +7,10 @@ mod thumbnail;
 mod core;
 mod overlay;

-use actix_web::{middleware::Logger, web, App, HttpServer};
+use actix_web::{middleware::Logger, web, App, HttpServer, http::header::{self, HeaderName}};
+use actix_cors::Cors;
 use app_state::AppState;
-use handlers::{proxy_handler, upload_handler};
+use handlers::{proxy_handler, upload_handler, root_handler};
 use log::warn;
 use tokio::task::spawn_blocking;
 use std::env;
@@ -34,9 +35,32 @@ async fn main() -> std::io::Result<()> {
    });

    HttpServer::new(move || {
+        // Настройка CORS middleware
+        let cors = Cors::default()
+            .allow_any_origin() // TODO: ограничить конкретными доменами в продакшене
+            .allowed_methods(vec!["GET", "POST", "OPTIONS"])
+            .allowed_headers(vec![
+                header::DNT,
+                header::USER_AGENT,
+                HeaderName::from_static("x-requested-with"),
+                header::IF_MODIFIED_SINCE,
+                header::CACHE_CONTROL,
+                header::CONTENT_TYPE,
+                header::RANGE,
+                header::AUTHORIZATION,
+            ])
+            .expose_headers(vec![
+                header::CONTENT_LENGTH,
+                header::CONTENT_RANGE,
+            ])
+            .supports_credentials()
+            .max_age(1728000); // 20 дней
+
        App::new()
            .app_data(web::Data::new(app_state.clone()))
+            .wrap(cors)
            .wrap(Logger::default())
+            .route("/", web::get().to(root_handler))
            .route("/", web::post().to(upload_handler))
            .route("/{path:.*}", web::get().to(proxy_handler))
    })