kennethnym/aris
1
0
Fork 0
mirror of https://github.com/kennethnym/aris.git synced 2026-03-24 02:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(backend): add CORS middleware and disable CSRF in dev

Browse Source 
- Add CORS middleware for /api/auth/* and global routes
- Disable better-auth CSRF origin check when NODE_ENV != production

Co-authored-by: Ona <no-reply@ona.com>
This commit is contained in:
Kenneth
2026-03-23 00:22:36 +00:00
parent 7909211c1b
commit 09ad98990c
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/aelis-backend/src/auth/index.ts
View File

@@ -16,6 +16,9 @@ export function createAuth(db: Database) {
provider: "pg", provider: "pg",
schema, schema,
}), }),
advanced: {
disableCSRFCheck: process.env.NODE_ENV !== "production",
},
emailAndPassword: { emailAndPassword: {
enabled: true, enabled: true,
}, },

21
apps/aelis-backend/src/server.ts
View File

@@ -1,4 +1,5 @@
import { Hono } from "hono" import { Hono } from "hono"
import { cors } from "hono/cors"
import { registerAdminHttpHandlers } from "./admin/http.ts" import { registerAdminHttpHandlers } from "./admin/http.ts"
import { createRequireAdmin } from "./auth/admin-middleware.ts" import { createRequireAdmin } from "./auth/admin-middleware.ts"
@@ -50,6 +51,26 @@ function main() {
const app = new Hono() const app = new Hono()
app.use(
"/api/auth/*",
cors({
origin: (origin) => origin,
allowHeaders: ["Content-Type", "Authorization"],
allowMethods: ["POST", "GET", "OPTIONS"],
exposeHeaders: ["Content-Length"],
maxAge: 600,
credentials: true,
}),
)
app.use(
"*",
cors({
origin: (origin) => origin,
credentials: true,
}),
)
app.get("/health", (c) => c.json({ status: "ok" })) app.get("/health", (c) => c.json({ status: "ok" }))
const authSessionMiddleware = createRequireSession(auth) const authSessionMiddleware = createRequireSession(auth)