Fix LAN API base and development CORS regression

2026-03-01 13:56:25 -03:00
parent bdd97d1c62
commit 48cfc79b5f
6 changed files with 45 additions and 5 deletions
--- a/backend/app/main.py
+++ b/backend/app/main.py
@@ -18,6 +18,16 @@ from app.services.typesense_index import ensure_typesense_collection
 settings = get_settings()
 UPLOAD_ENDPOINT_PATH = "/api/v1/documents/upload"
 UPLOAD_ENDPOINT_METHOD = "POST"
+DEVELOPMENT_CORS_PRIVATE_ORIGIN_REGEX = (
+    r"^https?://("
+    r"localhost"
+    r"|127(?:\.\d{1,3}){3}"
+    r"|0\.0\.0\.0"
+    r"|10(?:\.\d{1,3}){3}"
+    r"|192\.168(?:\.\d{1,3}){2}"
+    r"|172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2}"
+    r")(?::\d+)?$"
+)


 def _is_upload_size_guard_target(request: Request) -> bool:
@@ -34,9 +44,14 @@ def create_app() -> FastAPI:
    """Builds and configures the FastAPI application instance."""

    app = FastAPI(title="DCM DMS API", version="0.1.0")
+    app_env = settings.app_env.strip().lower()
+    allow_origin_regex = (
+        DEVELOPMENT_CORS_PRIVATE_ORIGIN_REGEX if app_env in {"development", "dev"} else None
+    )
    app.add_middleware(
        CORSMiddleware,
        allow_origins=settings.cors_origins,
+        allow_origin_regex=allow_origin_regex,
        allow_credentials=True,
        allow_methods=["*"],
        allow_headers=["*"],
--- a/backend/tests/test_upload_request_size_middleware.py
+++ b/backend/tests/test_upload_request_size_middleware.py
@@ -115,6 +115,7 @@ def _install_main_import_stubs() -> dict[str, ModuleType | None]:
        """Returns minimal settings consumed by app.main during test import."""

        return SimpleNamespace(
+            app_env="development",
            cors_origins=["http://localhost:5173"],
            max_upload_request_size_bytes=1024,
        )