valitovgaziz/tp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified: serv_nginx/api_bb/internal/handlers/auth.go

Browse Source 
modified:   serv_nginx/api_bb/pkg/middleware/middleware.go
set Access-Controll-Allow-Origin Origin
Allow-Credentials true
This commit is contained in:
Газиз Валитов
2025-10-10 03:18:34 +05:00
parent 0e067c7477
commit b7252c7900
2 changed files with 58 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
serv_nginx/api_bb/internal/handlers/auth.go
+31
View File
@@ -28,6 +28,12 @@ func NewAuthHandler(authService service.AuthService, jwtService service.JWTServi
func (h *AuthHandler) Routes() chi.Router { func (h *AuthHandler) Routes() chi.Router {
r := chi.NewRouter() r := chi.NewRouter()
// Обработка OPTIONS запросов для CORS
r.Options("/register", h.handleOptions)
r.Options("/login", h.handleOptions)
r.Options("/logout", h.handleOptions)
r.Options("/profile", h.handleOptions)
r.Post("/register", h.Register) r.Post("/register", h.Register)
r.Post("/login", h.Login) r.Post("/login", h.Login)
@@ -37,6 +43,15 @@ func (h *AuthHandler) Routes() chi.Router {
return r return r
} }
// Обработчик для OPTIONS запросов
func (h *AuthHandler) handleOptions(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
w.Header().Set("Access-Control-Max-Age", "300")
w.WriteHeader(http.StatusOK)
}
type RegisterRequest struct { type RegisterRequest struct {
Email string `json:"email"` Email string `json:"email"`
Password string `json:"password"` Password string `json:"password"`
@@ -66,6 +81,10 @@ type UserResponse struct {
} }
func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) { func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
// Устанавливаем CORS заголовки
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
w.Header().Set("Access-Control-Allow-Credentials", "true")
var req RegisterRequest var req RegisterRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil { if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload") utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
@@ -95,6 +114,10 @@ func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
} }
func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) { func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
// Устанавливаем CORS заголовки
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
w.Header().Set("Access-Control-Allow-Credentials", "true")
var req LoginRequest var req LoginRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil { if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload") utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
@@ -126,6 +149,10 @@ func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
} }
func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) { func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
// Устанавливаем CORS заголовки
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
w.Header().Set("Access-Control-Allow-Credentials", "true")
// Удаляем куку // Удаляем куку
http.SetCookie(w, &http.Cookie{ http.SetCookie(w, &http.Cookie{
Name: "auth_token", Name: "auth_token",
@@ -144,6 +171,10 @@ func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
} }
func (h *AuthHandler) GetProfile(w http.ResponseWriter, r *http.Request) { func (h *AuthHandler) GetProfile(w http.ResponseWriter, r *http.Request) {
// Устанавливаем CORS заголовки
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
w.Header().Set("Access-Control-Allow-Credentials", "true")
user, ok := middleware.GetUserFromContext(r.Context()) user, ok := middleware.GetUserFromContext(r.Context())
if !ok { if !ok {
utils.RespondWithError(w, http.StatusUnauthorized, "Authentication required") utils.RespondWithError(w, http.StatusUnauthorized, "Authentication required")
serv_nginx/api_bb/pkg/middleware/middleware.go
+27 -18
View File
@@ -1,24 +1,33 @@
package middleware package middleware
import ( import (
"net/http" "net/http"
"github.com/go-chi/chi/v5/middleware" "github.com/go-chi/chi/v5/middleware"
"github.com/go-chi/cors" "github.com/go-chi/cors"
) )
func CommonMiddleware() []func(http.Handler) http.Handler { func CommonMiddleware() []func(http.Handler) http.Handler {
return []func(http.Handler) http.Handler{ return []func(http.Handler) http.Handler{
middleware.Logger, middleware.Logger,
middleware.Recoverer, middleware.Recoverer,
middleware.RequestID, middleware.RequestID,
cors.Handler(cors.Options{ cors.Handler(cors.Options{
AllowedOrigins: []string{"https://*", "http://*"}, AllowedOrigins: []string{
AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}, "https://xn--80abahjtcfl5d0a8di.xn--p1ai",
AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"}, "https://begushiybashkir.ru",
ExposedHeaders: []string{"Link"}, "http://localhost:3000",
AllowCredentials: false, "http://localhost:3001",
MaxAge: 300, "http://localhost:5173"},
}), AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
} AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "X-Requested-With"},
} ExposedHeaders: []string{
"Link",
"Content-Length",
"Set-Cookie",
},
AllowCredentials: true,
MaxAge: 300,
}),
}
}