modified: serv_nginx/api_bb/internal/handlers/auth.go

modified: serv_nginx/api_bb/pkg/middleware/middleware.go set Access-Controll-Allow-Origin Origin Allow-Credentials true
2025-10-10 03:18:34 +05:00
parent 0e067c7477
commit b7252c7900
2 changed files with 58 additions and 18 deletions
@@ -29,6 +29,12 @@ func NewAuthHandler(authService service.AuthService, jwtService service.JWTServi
 func (h *AuthHandler) Routes() chi.Router {
 	r := chi.NewRouter()

+		// Обработка OPTIONS запросов для CORS
+	r.Options("/register", h.handleOptions)
+	r.Options("/login", h.handleOptions)
+	r.Options("/logout", h.handleOptions)
+	r.Options("/profile", h.handleOptions)
+	
 	r.Post("/register", h.Register)
 	r.Post("/login", h.Login)
 	r.Post("/logout", h.Logout)
@@ -37,6 +43,15 @@ func (h *AuthHandler) Routes() chi.Router {
 	return r
 }

+// Обработчик для OPTIONS запросов
+func (h *AuthHandler) handleOptions(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
+	w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+	w.Header().Set("Access-Control-Max-Age", "300")
+	w.WriteHeader(http.StatusOK)
+}
+
+
 type RegisterRequest struct {
 	Email       string `json:"email"`
 	Password    string `json:"password"`
@@ -66,6 +81,10 @@ type UserResponse struct {
 }

 func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+
 	var req RegisterRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
@@ -95,6 +114,10 @@ func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
 }

 func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	
 	var req LoginRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
@@ -126,6 +149,10 @@ func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
 }

 func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+
 	// Удаляем куку
 	http.SetCookie(w, &http.Cookie{
 		Name:     "auth_token",
@@ -144,6 +171,10 @@ func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
 }

 func (h *AuthHandler) GetProfile(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	
 	user, ok := middleware.GetUserFromContext(r.Context())
 	if !ok {
 		utils.RespondWithError(w, http.StatusUnauthorized, "Authentication required")
@@ -13,11 +13,20 @@ func CommonMiddleware() []func(http.Handler) http.Handler {
 		middleware.Recoverer,
 		middleware.RequestID,
 		cors.Handler(cors.Options{
-            AllowedOrigins:   []string{"https://*", "http://*"},
+			AllowedOrigins: []string{
+				"https://xn--80abahjtcfl5d0a8di.xn--p1ai",
+				"https://begushiybashkir.ru",
+				"http://localhost:3000",
+				"http://localhost:3001",
+				"http://localhost:5173"},
 			AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
-            AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
-            ExposedHeaders:   []string{"Link"},
-            AllowCredentials: false,
+			AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "X-Requested-With"},
+			ExposedHeaders:   []string{
+                "Link",
+                "Content-Length",
+                "Set-Cookie",
+            },
+			AllowCredentials: true,
 			MaxAge:           300,
 		}),
 	}