Skip to content

Add fixes#34

Merged
rosasbehoundja merged 4 commits into
IFRI-AI-Classes:mainfrom
Pinite37:main
Mar 29, 2026
Merged

Add fixes#34
rosasbehoundja merged 4 commits into
IFRI-AI-Classes:mainfrom
Pinite37:main

Conversation

@rosasbehoundja
Copy link
Copy Markdown
Contributor

@rosasbehoundja rosasbehoundja commented Mar 29, 2026

No description provided.

Copilot AI review requested due to automatic review settings March 29, 2026 08:53
@rosasbehoundja rosasbehoundja merged commit 06fc280 into IFRI-AI-Classes:main Mar 29, 2026
3 checks passed
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adjusts the application startup defaults and simplifies CORS configuration for the FastAPI app under backup/, aiming to align runtime behavior with the intended deployment environment.

Changes:

  • Update start.sh defaults (worker count, frontend URL env var) and change how SECRET_KEY is provided.
  • Replace dynamic/validated CORS origin building in backup/app/main.py with a static allow-list including the configured production frontend URL.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
start.sh Changes runtime defaults and environment variables used at launch (workers, frontend URL, SECRET_KEY).
backup/app/main.py Simplifies CORS allow-list construction by hardcoding origins and appending FRONTEND_PROD_URL.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread backup/app/main.py


ALLOWED_ORIGINS = _build_allowed_origins()
ALLOWED_ORIGINS = ["http://localhost:3000", "http://127.0.0.1:3000", "https://ifri-ai-classes.github.io", FRONTEND_PROD_URL]
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ALLOWED_ORIGINS currently always includes localhost origins and appends FRONTEND_PROD_URL even when it is an empty string. This broadens CORS in production and can also introduce an invalid origin entry. Consider rebuilding this list from environment configuration, filtering out falsy/invalid values, and only including localhost origins in dev/test.

Copilot uses AI. Check for mistakes.
Comment thread start.sh
Comment on lines 17 to 21
# Require stable secret key in environments with external users.
# Generate and export a fresh SECRET_KEY at launch time.
export SECRET_KEY="$(python -c "import secrets; print(secrets.token_urlsafe(32))")"
export SECRET_KEY="X2ZlC8ezhVReYCer02s7TdwRT10epQMjwZVKAFwTOE4"
if [[ -z "${SECRET_KEY:-}" ]]; then
echo "ERROR: SECRET_KEY is required. Set it in your environment before starting the server." >&2
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoding SECRET_KEY in the repo is a security issue and also makes the subsequent "SECRET_KEY is required" check ineffective (it can never be empty). Prefer reading SECRET_KEY from the environment/secret manager (and failing fast if missing), and avoid committing real secrets to version control. Also update/remove the nearby comment that says a fresh key is generated at launch, since the script now sets a fixed value.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rosasbehoundja