modified: serv_nginx/api_bb/internal/handlers/auth.go

modified: serv_nginx/api_bb/pkg/middleware/middleware.go set Access-Controll-Allow-Origin Origin Allow-Credentials true
2025-10-10 03:18:34 +05:00
parent 0e067c7477
commit b7252c7900
2 changed files with 58 additions and 18 deletions
@@ -29,6 +29,12 @@ func NewAuthHandler(authService service.AuthService, jwtService service.JWTServi
 func (h *AuthHandler) Routes() chi.Router {
 	r := chi.NewRouter()

+		// Обработка OPTIONS запросов для CORS
+	r.Options("/register", h.handleOptions)
+	r.Options("/login", h.handleOptions)
+	r.Options("/logout", h.handleOptions)
+	r.Options("/profile", h.handleOptions)
+	
 	r.Post("/register", h.Register)
 	r.Post("/login", h.Login)
 	r.Post("/logout", h.Logout)
@@ -37,6 +43,15 @@ func (h *AuthHandler) Routes() chi.Router {
 	return r
 }

+// Обработчик для OPTIONS запросов
+func (h *AuthHandler) handleOptions(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
+	w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+	w.Header().Set("Access-Control-Max-Age", "300")
+	w.WriteHeader(http.StatusOK)
+}
+
+
 type RegisterRequest struct {
 	Email       string `json:"email"`
 	Password    string `json:"password"`
@@ -66,6 +81,10 @@ type UserResponse struct {
 }

 func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+
 	var req RegisterRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
@@ -95,6 +114,10 @@ func (h *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
 }

 func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	
 	var req LoginRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		utils.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
@@ -126,6 +149,10 @@ func (h *AuthHandler) Login(w http.ResponseWriter, r *http.Request) {
 }

 func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+
 	// Удаляем куку
 	http.SetCookie(w, &http.Cookie{
 		Name:     "auth_token",
@@ -144,6 +171,10 @@ func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
 }

 func (h *AuthHandler) GetProfile(w http.ResponseWriter, r *http.Request) {
+	// Устанавливаем CORS заголовки
+	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	
 	user, ok := middleware.GetUserFromContext(r.Context())
 	if !ok {
 		utils.RespondWithError(w, http.StatusUnauthorized, "Authentication required")
@@ -1,24 +1,33 @@
 package middleware

 import (
-    "net/http"
+	"net/http"

-    "github.com/go-chi/chi/v5/middleware"
-    "github.com/go-chi/cors"
+	"github.com/go-chi/chi/v5/middleware"
+	"github.com/go-chi/cors"
 )

 func CommonMiddleware() []func(http.Handler) http.Handler {
-    return []func(http.Handler) http.Handler{
-        middleware.Logger,
-        middleware.Recoverer,
-        middleware.RequestID,
-        cors.Handler(cors.Options{
-            AllowedOrigins:   []string{"https://*", "http://*"},
-            AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
-            AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
-            ExposedHeaders:   []string{"Link"},
-            AllowCredentials: false,
-            MaxAge:           300,
-        }),
-    }   
+	return []func(http.Handler) http.Handler{
+		middleware.Logger,
+		middleware.Recoverer,
+		middleware.RequestID,
+		cors.Handler(cors.Options{
+			AllowedOrigins: []string{
+				"https://xn--80abahjtcfl5d0a8di.xn--p1ai",
+				"https://begushiybashkir.ru",
+				"http://localhost:3000",
+				"http://localhost:3001",
+				"http://localhost:5173"},
+			AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+			AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "X-Requested-With"},
+			ExposedHeaders:   []string{
+                "Link",
+                "Content-Length",
+                "Set-Cookie",
+            },
+			AllowCredentials: true,
+			MaxAge:           300,
+		}),
+	}
 }