gnx/Hotel-Booking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Iliyan Angelov
2025-11-29 01:21:11 +02:00
parent cf97df9aeb
commit fb16d7ae34
2856 changed files with 5558 additions and 248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Backend/src/main.py
View File

@@ -65,9 +65,20 @@ if settings.RATE_LIMIT_ENABLED:
app.state.limiter = limiter
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
logger.info(f'Rate limiting enabled: {settings.RATE_LIMIT_PER_MINUTE} requests/minute')
# CORS middleware must be added LAST to handle OPTIONS preflight requests before other middleware
# In FastAPI/Starlette, middleware is executed in reverse order (last added = first executed = outermost)
# So adding CORS last ensures it wraps all other middleware and handles OPTIONS requests early
if settings.is_development:
app.add_middleware(CORSMiddleware, allow_origin_regex='http://(localhost|127\\.0\\.0\\.1)(:\\d+)?', allow_credentials=True, allow_methods=['*'], allow_headers=['*'])
logger.info('CORS configured for development (allowing localhost)')
# More restrictive CORS even in development for better security practices
app.add_middleware(
CORSMiddleware,
allow_origin_regex='http://(localhost|127\\.0\\.0\\.1)(:\\d+)?',
allow_credentials=True,
allow_methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'], # Explicit methods
allow_headers=['Content-Type', 'Authorization', 'X-XSRF-TOKEN', 'X-Requested-With', 'X-Request-ID'] # Explicit headers
)
logger.info('CORS configured for development (allowing localhost with explicit methods/headers)')
else:
# Validate CORS_ORIGINS in production
if not settings.CORS_ORIGINS or len(settings.CORS_ORIGINS) == 0:
@@ -125,7 +136,7 @@ from .routes import (
faq_routes, loyalty_routes, guest_profile_routes, analytics_routes,
workflow_routes, task_routes, notification_routes, group_booking_routes,
advanced_room_routes, rate_plan_routes, package_routes, security_routes,
email_campaign_routes
email_campaign_routes, blog_routes
)
# Register all routes with /api prefix (removed duplicate registrations)
@@ -172,6 +183,7 @@ app.include_router(package_routes.router, prefix=api_prefix)
app.include_router(security_routes.router, prefix=api_prefix)
app.include_router(email_campaign_routes.router, prefix=api_prefix)
app.include_router(page_content_routes.router, prefix=api_prefix)
app.include_router(blog_routes.router, prefix=api_prefix)
logger.info('All routes registered successfully')
def ensure_jwt_secret():