From b7252c7900ff5c18790bdce5404f16be7fd2a56f Mon Sep 17 00:00:00 2001
From: valitovgaziz <valitovgaziz@yandex.ru>
Date: Fri, 10 Oct 2025 03:18:34 +0500
Subject: [PATCH] 	modified:  
 serv_nginx/api_bb/internal/handlers/auth.go 	modified:  
 serv_nginx/api_bb/pkg/middleware/middleware.go set
 Access-Controll-Allow-Origin Origin Allow-Credentials true

---
 serv_nginx/api_bb/internal/handlers/auth.go   | 31 +++++++++++++
 .../api_bb/pkg/middleware/middleware.go       | 45 +++++++++++--------
 2 files changed, 58 insertions(+), 18 deletions(-)

diff --git a/serv_nginx/api_bb/internal/handlers/auth.go b/serv_nginx/api_bb/internal/handlers/auth.go
index 86dea6a..2811770 100644
--- a/serv_nginx/api_bb/internal/handlers/auth.go
+++ b/serv_nginx/api_bb/internal/handlers/auth.go
@@ -28,6 +28,12 @@ func NewAuthHandler(authService service.AuthService, jwtService service.JWTServi
 
 func (h *AuthHandler) Routes() chi.Router {
 	r := chi.NewRouter()
+
+		// Обработка OPTIONS запросов для CORS
+	r.Options("/register", h.handleOptions)
+	r.Options("/login", h.handleOptions)
+	r.Options("/logout", h.handleOptions)
+	r.Options("/profile", h.handleOptions)
 	
 	r.Post("/register", h.Register)
 	r.Post("/login", h.Login)
@@ -37,6 +43,15 @@ func (h *AuthHandler) Routes() chi.Router {
 	return r
 }
 
+// Обработчик для OPTIONS запросов
+func (h *AuthHandler) handleOptions(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
+	w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+	w.Header().Set("Access-Control-Max-Age", "300")
+	w.WriteHeader(http.StatusOK)
+}
+
+
 type RegisterRequest struct {
 	Email       string `json:"email"`
 	Password    string `json:"password"`
@@ -66,6 +81,10 @@ type UserResponse struct {
 }
 
 func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+
 	var req RegisterRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
@@ -95,6 +114,10 @@ func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	
 	var req LoginRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
@@ -126,6 +149,10 @@ func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+
 	// Удаляем куку
 	http.SetCookie(w, &http.Cookie{
 		Name:     "auth_token",
@@ -144,6 +171,10 @@ func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *AuthHandler) GetProfile(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	
 	user, ok := middleware.GetUserFromContext(r.Context())
 	if !ok {
 		utils.RespondWithError(w, http.StatusUnauthorized, "Authentication required")
diff --git a/serv_nginx/api_bb/pkg/middleware/middleware.go b/serv_nginx/api_bb/pkg/middleware/middleware.go
index 2783d9a..1547337 100644
--- a/serv_nginx/api_bb/pkg/middleware/middleware.go
+++ b/serv_nginx/api_bb/pkg/middleware/middleware.go
@@ -1,24 +1,33 @@
 package middleware
 
 import (
-    "net/http"
-    
-    "github.com/go-chi/chi/v5/middleware"
-    "github.com/go-chi/cors"
+	"net/http"
+
+	"github.com/go-chi/chi/v5/middleware"
+	"github.com/go-chi/cors"
 )
 
 func CommonMiddleware() []func(http.Handler) http.Handler {
-    return []func(http.Handler) http.Handler{
-        middleware.Logger,
-        middleware.Recoverer,
-        middleware.RequestID,
-        cors.Handler(cors.Options{
-            AllowedOrigins:   []string{"https://*", "http://*"},
-            AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
-            AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
-            ExposedHeaders:   []string{"Link"},
-            AllowCredentials: false,
-            MaxAge:           300,
-        }),
-    }   
-}
\ No newline at end of file
+	return []func(http.Handler) http.Handler{
+		middleware.Logger,
+		middleware.Recoverer,
+		middleware.RequestID,
+		cors.Handler(cors.Options{
+			AllowedOrigins: []string{
+				"https://xn--80abahjtcfl5d0a8di.xn--p1ai",
+				"https://begushiybashkir.ru",
+				"http://localhost:3000",
+				"http://localhost:3001",
+				"http://localhost:5173"},
+			AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+			AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "X-Requested-With"},
+			ExposedHeaders:   []string{
+                "Link",
+                "Content-Length",
+                "Set-Cookie",
+            },
+			AllowCredentials: true,
+			MaxAge:           300,
+		}),
+	}
+}