Merge pull request #17 from factly/web/remove-hardcoded-cors

server: update server no auth config example envs

Author: shreeharsha-factly

config-noauth.env.example

@@ -30,6 +30,10 @@ GOPIE_S3_ENDPOINT=http://minio:9000
 GOPIE_S3_SSL=false
 GOPIE_S3_REGION=us-east-1
 GOPIE_DOWNLOADS_S3_BUCKET=downloads
+# Flag to determine if CORS is handled by ingress (true) or by the application (false)
+GOPIE_CORS_HANDLED_BY_INGRESS=false
+
+
 
 # ==================================
 # Companion Service Configuration

server/.env.example

@@ -80,24 +80,3 @@ GOPIE_AIAGENT_URL=http://localhost:8000
 ## CORS CONFIGURATION
 # Flag to determine if CORS is handled by ingress (true) or by the application (false)
 GOPIE_CORS_HANDLED_BY_INGRESS=false
-
-# Main server CORS settings
-GOPIE_MAIN_CORS_ALLOW_ORIGINS="http://localhost:3000"
-GOPIE_MAIN_CORS_ALLOW_METHODS="GET,POST,HEAD,PUT,DELETE,PATCH,OPTIONS"
-GOPIE_MAIN_CORS_ALLOW_HEADERS="Origin, Content-Type, Accept, Authorization, X-Requested-With, X-CSRF-Token, userID, x-user-id, x-project-ids, x-dataset-ids, x-chat-id, x-organization-id"
-GOPIE_MAIN_CORS_ALLOW_CREDENTIALS=true
-GOPIE_MAIN_CORS_MAX_AGE=86400
-
-# Internal server CORS settings
-GOPIE_INTERNAL_CORS_ALLOW_ORIGINS="http://localhost:3000"
-GOPIE_INTERNAL_CORS_ALLOW_METHODS="GET,POST,HEAD,PUT,DELETE,PATCH,OPTIONS"
-GOPIE_INTERNAL_CORS_ALLOW_HEADERS="Origin, Content-Type, Accept, Authorization, X-Requested-With, X-CSRF-Token, userID, x-user-id, x-project-ids, x-dataset-ids, x-chat-id, x-organization-id"
-GOPIE_INTERNAL_CORS_ALLOW_CREDENTIALS=true
-GOPIE_INTERNAL_CORS_MAX_AGE=86400
-
-# API server CORS settings
-GOPIE_API_CORS_ALLOW_ORIGINS="http://localhost:3000"
-GOPIE_API_CORS_ALLOW_METHODS="GET,POST,HEAD,PUT,DELETE,PATCH,OPTIONS"
-GOPIE_API_CORS_ALLOW_HEADERS="Origin, Content-Type, Accept, Authorization, X-Requested-With, X-CSRF-Token, userID, x-user-id, x-project-ids, x-dataset-ids, x-chat-id, x-organization-id"
-GOPIE_API_CORS_ALLOW_CREDENTIALS=true
-GOPIE_API_CORS_MAX_AGE=86400

server/domain/pkg/config/config.go

@@ -66,9 +66,6 @@ type GopieConfig struct {
 	EnableZitadel        bool
 	DownloadsServer      DownloadsConfig
 	EncryptionKey        string
-	MainCORS             CORSConfig
-	InternalCORS         CORSConfig
-	APICORS              CORSConfig
 	CORSHandledByIngress bool
 }
 
@@ -267,27 +264,6 @@ func setDefaults() {
 	viper.SetDefault("GOPIE_MOTHERDUCK_HELPER_DB_DIR_PATH", "./motherduck")
 	viper.SetDefault("GOPIE_DOWNLOADS_USE_SERVER", false)
 
-	// Default CORS settings for main server
-	viper.SetDefault("GOPIE_MAIN_CORS_ALLOW_ORIGINS", "*")
-	viper.SetDefault("GOPIE_MAIN_CORS_ALLOW_METHODS", "GET,POST,HEAD,PUT,DELETE,PATCH,OPTIONS")
-	viper.SetDefault("GOPIE_MAIN_CORS_ALLOW_HEADERS", "Origin, Content-Type, Accept, Authorization, X-Requested-With, X-CSRF-Token, userID, x-user-id, x-project-ids, x-dataset-ids, x-chat-id, x-organization-id")
-	viper.SetDefault("GOPIE_MAIN_CORS_ALLOW_CREDENTIALS", false)
-	viper.SetDefault("GOPIE_MAIN_CORS_MAX_AGE", 86400)
-
-	// Default CORS settings for internal server
-	viper.SetDefault("GOPIE_INTERNAL_CORS_ALLOW_ORIGINS", "*")
-	viper.SetDefault("GOPIE_INTERNAL_CORS_ALLOW_METHODS", "GET,POST,HEAD,PUT,DELETE,PATCH,OPTIONS")
-	viper.SetDefault("GOPIE_INTERNAL_CORS_ALLOW_HEADERS", "Origin, Content-Type, Accept, Authorization, X-Requested-With, X-CSRF-Token, userID, x-user-id, x-project-ids, x-dataset-ids, x-chat-id, x-organization-id")
-	viper.SetDefault("GOPIE_INTERNAL_CORS_ALLOW_CREDENTIALS", false)
-	viper.SetDefault("GOPIE_INTERNAL_CORS_MAX_AGE", 86400)
-
-	// Default CORS settings for API server
-	viper.SetDefault("GOPIE_API_CORS_ALLOW_ORIGINS", "*")
-	viper.SetDefault("GOPIE_API_CORS_ALLOW_METHODS", "GET,POST,HEAD,PUT,DELETE,PATCH,OPTIONS")
-	viper.SetDefault("GOPIE_API_CORS_ALLOW_HEADERS", "Origin, Content-Type, Accept, Authorization, X-Requested-With, X-CSRF-Token, userID, x-user-id, x-project-ids, x-dataset-ids, x-chat-id, x-organization-id")
-	viper.SetDefault("GOPIE_API_CORS_ALLOW_CREDENTIALS", false)
-	viper.SetDefault("GOPIE_API_CORS_MAX_AGE", 86400)
-
 	// Flag to determine if CORS is handled by ingress (true) or by the application (false)
 	viper.SetDefault("GOPIE_CORS_HANDLED_BY_INGRESS", false)
 }
@@ -359,27 +335,6 @@ func LoadConfig() (*GopieConfig, error) {
 		DownloadsServer: DownloadsConfig{
 			Bucket: viper.GetString("GOPIE_DOWNLOADS_S3_BUCKET"),
 		},
-		MainCORS: CORSConfig{
-			AllowOrigins:     viper.GetString("GOPIE_MAIN_CORS_ALLOW_ORIGINS"),
-			AllowMethods:     viper.GetString("GOPIE_MAIN_CORS_ALLOW_METHODS"),
-			AllowHeaders:     viper.GetString("GOPIE_MAIN_CORS_ALLOW_HEADERS"),
-			AllowCredentials: viper.GetBool("GOPIE_MAIN_CORS_ALLOW_CREDENTIALS"),
-			MaxAge:           viper.GetInt("GOPIE_MAIN_CORS_MAX_AGE"),
-		},
-		InternalCORS: CORSConfig{
-			AllowOrigins:     viper.GetString("GOPIE_INTERNAL_CORS_ALLOW_ORIGINS"),
-			AllowMethods:     viper.GetString("GOPIE_INTERNAL_CORS_ALLOW_METHODS"),
-			AllowHeaders:     viper.GetString("GOPIE_INTERNAL_CORS_ALLOW_HEADERS"),
-			AllowCredentials: viper.GetBool("GOPIE_INTERNAL_CORS_ALLOW_CREDENTIALS"),
-			MaxAge:           viper.GetInt("GOPIE_INTERNAL_CORS_MAX_AGE"),
-		},
-		APICORS: CORSConfig{
-			AllowOrigins:     viper.GetString("GOPIE_API_CORS_ALLOW_ORIGINS"),
-			AllowMethods:     viper.GetString("GOPIE_API_CORS_ALLOW_METHODS"),
-			AllowHeaders:     viper.GetString("GOPIE_API_CORS_ALLOW_HEADERS"),
-			AllowCredentials: viper.GetBool("GOPIE_API_CORS_ALLOW_CREDENTIALS"),
-			MaxAge:           viper.GetInt("GOPIE_API_CORS_MAX_AGE"),
-		},
 		EncryptionKey: viper.GetString("GOPIE_ENCRYPTION_KEY"),
 	}
 

server/interfaces/http/serve.go

@@ -47,13 +47,7 @@ func serve(cfg *config.GopieConfig, params *ServerParams, ctx context.Context) e
 
 	// Apply CORS middleware only if not handled by ingress
 	if !cfg.CORSHandledByIngress {
-		app.Use(cors.New(cors.Config{
-			AllowOrigins:     cfg.MainCORS.AllowOrigins,
-			AllowMethods:     cfg.MainCORS.AllowMethods,
-			AllowHeaders:     cfg.MainCORS.AllowHeaders,
-			AllowCredentials: cfg.MainCORS.AllowCredentials,
-			MaxAge:           cfg.MainCORS.MaxAge,
-		}))
+		app.Use(cors.New(cors.Config{}))
 	}
 
 	app.Use(fiberzap.New(fiberzap.Config{
@@ -172,13 +166,7 @@ func serveInternal(cfg *config.GopieConfig, params *ServerParams, ctx context.Co
 
 	// Apply CORS middleware only if not handled by ingress
 	if !cfg.CORSHandledByIngress {
-		app.Use(cors.New(cors.Config{
-			AllowOrigins:     cfg.InternalCORS.AllowOrigins,
-			AllowMethods:     cfg.InternalCORS.AllowMethods,
-			AllowHeaders:     cfg.InternalCORS.AllowHeaders,
-			AllowCredentials: cfg.InternalCORS.AllowCredentials,
-			MaxAge:           cfg.InternalCORS.MaxAge,
-		}))
+		app.Use(cors.New(cors.Config{}))
 	}
 
 	app.Use(fiberzap.New(fiberzap.Config{
@@ -251,13 +239,7 @@ func serveAPI(cfg *config.GopieConfig, params *ServerParams, ctx context.Context
 
 	// Apply CORS middleware only if not handled by ingress
 	if !cfg.CORSHandledByIngress {
-		app.Use(cors.New(cors.Config{
-			AllowOrigins:     cfg.APICORS.AllowOrigins,
-			AllowMethods:     cfg.APICORS.AllowMethods,
-			AllowHeaders:     cfg.APICORS.AllowHeaders,
-			AllowCredentials: cfg.APICORS.AllowCredentials,
-			MaxAge:           cfg.APICORS.MaxAge,
-		}))
+		app.Use(cors.New(cors.Config{}))
 	}
 
 	app.Use(fiberzap.New(fiberzap.Config{