From c795c13db3478a423787597c1606fe4158b6386c Mon Sep 17 00:00:00 2001 From: Rosas Behoundja Date: Thu, 26 Mar 2026 22:54:04 +0100 Subject: [PATCH 1/3] feat: Simplify CORS origin handling and update environment variable for production URL --- backup/app/main.py | 47 +--------------------------------------------- start.sh | 2 +- 2 files changed, 2 insertions(+), 47 deletions(-) diff --git a/backup/app/main.py b/backup/app/main.py index f7d5268..a051c42 100644 --- a/backup/app/main.py +++ b/backup/app/main.py @@ -2,7 +2,6 @@ import shutil import logging from contextlib import asynccontextmanager -from urllib.parse import urlsplit from dotenv import load_dotenv from fastapi import FastAPI @@ -13,7 +12,6 @@ from backup.app.routes import generator, model, scoring, scoreboard, auth load_dotenv() -FRONTEND_DEV_URL = os.getenv("FRONTEND_DEV_URL", "") FRONTEND_PROD_URL = os.getenv("FRONTEND_PROD_URL", "") logging.basicConfig( @@ -23,50 +21,7 @@ logger = logging.getLogger(__name__) -def _normalize_origin(origin: str) -> str | None: - """Normalize CORS entries to scheme://host[:port] and drop invalid values.""" - raw = origin.strip() - if not raw: - return None - - parsed = urlsplit(raw) - if not parsed.scheme or not parsed.netloc: - logger.warning("Ignoring invalid CORS origin '%s'", origin) - return None - - normalized = f"{parsed.scheme}://{parsed.netloc}" - if normalized != raw.rstrip("/"): - logger.warning("Normalized CORS origin '%s' to '%s'", origin, normalized) - return normalized - - -def _normalized_unique(origins: list[str]) -> list[str]: - result: list[str] = [] - for origin in origins: - normalized = _normalize_origin(origin) - if normalized and normalized not in result: - result.append(normalized) - return result - - -def _build_allowed_origins() -> list[str]: - """Build a strict CORS allow-list from environment variables.""" - allowed_origins_env = os.getenv("FRONTEND_ALLOWED_ORIGINS", "") - parsed = _normalized_unique(allowed_origins_env.split(",")) - - if parsed: - return parsed - - # Backward-compatible fallback when comma-separated variable is not set. - legacy_origins = _normalized_unique([FRONTEND_DEV_URL, FRONTEND_PROD_URL]) - if legacy_origins: - return legacy_origins - - # Safe local fallback for development/test only. - return ["http://localhost:3000", "http://127.0.0.1:3000"] - - -ALLOWED_ORIGINS = _build_allowed_origins() +ALLOWED_ORIGINS = ["http://localhost:3000", "http://127.0.0.1:3000", FRONTEND_PROD_URL] logger.info("CORS allow-list configured with %s origin(s)", len(ALLOWED_ORIGINS)) diff --git a/start.sh b/start.sh index 3283f84..6538f19 100755 --- a/start.sh +++ b/start.sh @@ -12,7 +12,7 @@ WORKERS="${WORKERS:-2}" # Export DATABASE_URL (uses existing value if already set). export DATABASE_URL="${DATABASE_URL:-sqlite:///./mpvrp_scoring.db}" -export FRONTEND_ALLOWED_ORIGINS="${FRONTEND_ALLOWED_ORIGINS:-https://ifri-ai-classes.github.io,https://ifri-ai-classes.github.io/MPVRP-CC,https://ifri-ai-classes.github.io/MPVRP-CC/pages}" +export FRONTEND_PROD_URL="${FRONTEND_PROD_URL:-https://ifri-ai-classes.github.io}" # Require stable secret key in environments with external users. # Generate and export a fresh SECRET_KEY at launch time. From 1615a9e6524ea90c3f16d9a62777cc633e0f358b Mon Sep 17 00:00:00 2001 From: Rosas Behoundja Date: Thu, 26 Mar 2026 23:08:47 +0100 Subject: [PATCH 2/3] feat: Update CORS allowed origins to include new frontend URL --- backup/app/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backup/app/main.py b/backup/app/main.py index a051c42..cc9b463 100644 --- a/backup/app/main.py +++ b/backup/app/main.py @@ -21,7 +21,7 @@ logger = logging.getLogger(__name__) -ALLOWED_ORIGINS = ["http://localhost:3000", "http://127.0.0.1:3000", FRONTEND_PROD_URL] +ALLOWED_ORIGINS = ["http://localhost:3000", "http://127.0.0.1:3000", "https://ifri-ai-classes.github.io", FRONTEND_PROD_URL] logger.info("CORS allow-list configured with %s origin(s)", len(ALLOWED_ORIGINS)) From 5d9c3896516627db70ce07955621cfe4a741ad8b Mon Sep 17 00:00:00 2001 From: Rosas Behoundja Date: Thu, 26 Mar 2026 23:30:44 +0100 Subject: [PATCH 3/3] feat: Update start script to reduce default worker count and set static SECRET_KEY --- start.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/start.sh b/start.sh index 6538f19..1d5ce44 100755 --- a/start.sh +++ b/start.sh @@ -8,7 +8,7 @@ cd "$SCRIPT_DIR" # Production-safe defaults (override with env vars). HOST="${HOST:-0.0.0.0}" PORT="${PORT:-8000}" -WORKERS="${WORKERS:-2}" +WORKERS="${WORKERS:-1}" # Export DATABASE_URL (uses existing value if already set). export DATABASE_URL="${DATABASE_URL:-sqlite:///./mpvrp_scoring.db}" @@ -16,7 +16,7 @@ export FRONTEND_PROD_URL="${FRONTEND_PROD_URL:-https://ifri-ai-classes.github.io # Require stable secret key in environments with external users. # Generate and export a fresh SECRET_KEY at launch time. -export SECRET_KEY="$(python -c "import secrets; print(secrets.token_urlsafe(32))")" +export SECRET_KEY="X2ZlC8ezhVReYCer02s7TdwRT10epQMjwZVKAFwTOE4" if [[ -z "${SECRET_KEY:-}" ]]; then echo "ERROR: SECRET_KEY is required. Set it in your environment before starting the server." >&2 exit 1