From 9667576110648da676cf181b29417e1fa305775b Mon Sep 17 00:00:00 2001
From: Joe Meyer <joseph@meyer.id>
Date: Fri, 5 Jul 2024 18:35:25 -0500
Subject: [PATCH] better cors

---
 .env.template |  2 +-
 src/main.ts   | 22 ++++++++++++++++++++--
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/.env.template b/.env.template
index 55961d5..2f2a848 100644
--- a/.env.template
+++ b/.env.template
@@ -2,7 +2,7 @@
 EDGE_SERVER_PORT=4000 # default in ai-maestro-edge
 
 # Falls back to []. Will always allow in localhost or 192.168.x.x
-CORS_ORIGIN=
+CORS_ORIGINS=http://domain1.com,https://domain2.io
 
 # MariaDB/MySQL
 SQL_HOST=
diff --git a/src/main.ts b/src/main.ts
index c5efd6b..a45925a 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -16,8 +16,26 @@ const server = createServer(app);
 // Middleware to parse JSON bodies
 app.use(express.json());
 
-// Enable CORS
-app.use(cors());
+// CORS configuration
+const corsOrigins = process.env.ALLOWED_CORS_ORIGINS?.split(',') ?? [];
+const corsOptions = {
+  origin: function (
+    origin: string | undefined,
+    callback: (error: Error | null, allow?: boolean) => void
+  ) {
+    const allowedOrigins = ['http://localhost:5173', ...corsOrigins];
+    if (!origin || allowedOrigins.indexOf(origin) !== -1) {
+      callback(null, true);
+    } else {
+      callback(new Error('Not allowed by CORS'));
+    }
+  },
+  credentials: true,
+  optionsSuccessStatus: 200,
+};
+
+// Enable CORS with the specified options
+app.use(cors(corsOptions));
 
 app.use('/api/computers', computersRouter);
 app.use('/api/gpus', gpusRouter);