ci/cd + https + front

backend/src/lib.rs

@@ -152,14 +152,16 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
     let swagger_ui = SwaggerUi::new("/swagger-ui")
         .url("/api-docs/openapi.json", ApiDoc::openapi());
 
+    let allowed_origins = std::env::var("ALLOWED_ORIGINS")
+        .unwrap_or_else(|_| "http://localhost:3000,http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:8080".to_string());
+
+    let origins: Vec<HeaderValue> = allowed_origins
+        .split(',')
+        .filter_map(|origin| origin.trim().parse::<HeaderValue>().ok())
+        .collect();
+
     let cors = CorsLayer::new()
-        .allow_origin([
-            "http://localhost:3000".parse::<HeaderValue>().unwrap(),
-            "http://localhost:5173".parse::<HeaderValue>().unwrap(),
-            "http://localhost:5174".parse::<HeaderValue>().unwrap(),
-            "http://localhost:5175".parse::<HeaderValue>().unwrap(),
-            "http://localhost:8080".parse::<HeaderValue>().unwrap(),
-        ])
+        .allow_origin(origins)
         .allow_methods([Method::GET, Method::POST, Method::PUT, Method::DELETE, Method::OPTIONS])
         .allow_headers([
             axum::http::header::CONTENT_TYPE,
@@ -168,9 +170,10 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
         ])
         .allow_credentials(true);
 
-    let app = api_routes
-        .layer(cors)
-        .merge(swagger_ui);
+    let app = Router::new()
+        .nest("/api", api_routes)
+        .merge(swagger_ui)
+        .layer(cors);
 
     Ok(app)
 }