From 02f631c1d9e8f38389929873885c5c38d5d34bcd Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Mon, 7 Jul 2025 09:07:18 +0100 Subject: [PATCH 01/13] chore: setup dependencies --- mix.exs | 5 ++++- mix.lock | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/mix.exs b/mix.exs index b6d2366..9c29507 100644 --- a/mix.exs +++ b/mix.exs @@ -55,7 +55,10 @@ defmodule Atlas.MixProject do # server {:dns_cluster, "~> 0.1.1"}, - {:bandit, "~> 1.2"} + {:bandit, "~> 1.2"}, + + # cors + {:corsica, "~> 2.1.3"} ] end diff --git a/mix.lock b/mix.lock index fa8a2f8..aec3586 100644 --- a/mix.lock +++ b/mix.lock @@ -2,6 +2,7 @@ "bandit": {:hex, :bandit, "1.7.0", "d1564f30553c97d3e25f9623144bb8df11f3787a26733f00b21699a128105c0c", [:mix], [{:hpax, "~> 1.0", [hex: :hpax, repo: "hexpm", optional: false]}, {:plug, "~> 1.18", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}, {:thousand_island, "~> 1.0", [hex: :thousand_island, repo: "hexpm", optional: false]}, {:websock, "~> 0.5", [hex: :websock, repo: "hexpm", optional: false]}], "hexpm", "3e2f7a98c7a11f48d9d8c037f7177cd39778e74d55c7af06fe6227c742a8168a"}, "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"}, "castore": {:hex, :castore, "1.0.14", "4582dd7d630b48cf5e1ca8d3d42494db51e406b7ba704e81fbd401866366896a", [:mix], [], "hexpm", "7bc1b65249d31701393edaaac18ec8398d8974d52c647b7904d01b964137b9f4"}, + "corsica": {:hex, :corsica, "2.1.3", "dccd094ffce38178acead9ae743180cdaffa388f35f0461ba1e8151d32e190e6", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "616c08f61a345780c2cf662ff226816f04d8868e12054e68963e95285b5be8bc"}, "credo": {:hex, :credo, "1.7.12", "9e3c20463de4b5f3f23721527fcaf16722ec815e70ff6c60b86412c695d426c1", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "8493d45c656c5427d9c729235b99d498bd133421f3e0a683e5c1b561471291e5"}, "db_connection": {:hex, :db_connection, "2.8.0", "64fd82cfa6d8e25ec6660cea73e92a4cbc6a18b31343910427b702838c4b33b2", [:mix], [{:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "008399dae5eee1bf5caa6e86d204dcb44242c82b1ed5e22c881f2c34da201b15"}, "decimal": {:hex, :decimal, "2.3.0", "3ad6255aa77b4a3c4f818171b12d237500e63525c2fd056699967a3e7ea20f62", [:mix], [], "hexpm", "a4d66355cb29cb47c3cf30e71329e58361cfcb37c34235ef3bf1d7bf3773aeac"}, From 2887a2dcad337ba271d3b0cc79cac0570bc78fec Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Mon, 7 Jul 2025 09:14:38 +0100 Subject: [PATCH 02/13] feat: add plug on endpoint --- lib/atlas_web/endpoint.ex | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/atlas_web/endpoint.ex b/lib/atlas_web/endpoint.ex index fb8245a..16a2a9b 100644 --- a/lib/atlas_web/endpoint.ex +++ b/lib/atlas_web/endpoint.ex @@ -47,5 +47,12 @@ defmodule AtlasWeb.Endpoint do plug Plug.MethodOverride plug Plug.Head plug Plug.Session, @session_options + + plug Corsica, + # FIXME: add frontend routes + origins: "*", + allow_credentials: true, + max_age: 600 + plug AtlasWeb.Router end From 9a60bf4dd5fb63bbcaf6d794bc87587730165bdf Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Mon, 7 Jul 2025 09:55:11 +0100 Subject: [PATCH 03/13] feat: add dev and prod origin config for CORS --- config/dev.exs | 4 ++++ config/prod.exs | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/config/dev.exs b/config/dev.exs index 7852ac3..9dffe4b 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -64,3 +64,7 @@ config :phoenix, :plug_init_mode, :runtime # Disable swoosh api client as it is only required for production adapters. config :swoosh, :api_client, false + +# Config setup for Corsica +# FIXME add url for frontend +config :atlas_id, origins: ["http://localhost:3000"] diff --git a/config/prod.exs b/config/prod.exs index 1d0d4e6..d554f52 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -9,5 +9,9 @@ config :swoosh, local: false # Do not print debug messages in production config :logger, level: :info +# Config setup for Corsica +# FIXME add url for frontend +config :atlas_id, origins: ["http://localhost:3000"] + # Runtime production configuration, including reading # of environment variables, is done on config/runtime.exs. From 9ffc76bcde1edda1f5d56b5e9b67abc38c933afc Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Mon, 7 Jul 2025 09:56:24 +0100 Subject: [PATCH 04/13] feat: restrict CORS origins to frontend url --- lib/atlas_web/endpoint.ex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/atlas_web/endpoint.ex b/lib/atlas_web/endpoint.ex index 16a2a9b..b539f20 100644 --- a/lib/atlas_web/endpoint.ex +++ b/lib/atlas_web/endpoint.ex @@ -49,10 +49,10 @@ defmodule AtlasWeb.Endpoint do plug Plug.Session, @session_options plug Corsica, - # FIXME: add frontend routes - origins: "*", + origins: &AtlasWeb.Plugs.CorsicaConfig.origins/1, + log: [rejected: :error], allow_credentials: true, - max_age: 600 + allow_headers: ["authorization", "content-type", "accept"] plug AtlasWeb.Router end From 9370973b3c65034d00e4a36b83d0db947e26c08a Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Mon, 7 Jul 2025 09:59:44 +0100 Subject: [PATCH 05/13] feat: setup config file for corsica --- lib/atlas_web/corsica_config.ex | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 lib/atlas_web/corsica_config.ex diff --git a/lib/atlas_web/corsica_config.ex b/lib/atlas_web/corsica_config.ex new file mode 100644 index 0000000..b902afa --- /dev/null +++ b/lib/atlas_web/corsica_config.ex @@ -0,0 +1,16 @@ +defmodule AtlasWeb.Plugs.CorsicaConfig do + @doc """ + Allows any origin in dev/test; restricts to known origin(s) in prod. + """ + def allowed_origins(origin) do + case Mix.env() do + :prod -> + # FIXME add url for frontend + origin in ["http://localhost:3000"] + + _ -> + # allow all in dev/test + true + end + end +end From 1ac6dc06d8e98d0bb9c906aa1e55123c6b54eaed Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Mon, 7 Jul 2025 10:38:36 +0100 Subject: [PATCH 06/13] chore: linting --- lib/atlas_web/corsica_config.ex | 5 +++-- lib/atlas_web/endpoint.ex | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/atlas_web/corsica_config.ex b/lib/atlas_web/corsica_config.ex index b902afa..47b98aa 100644 --- a/lib/atlas_web/corsica_config.ex +++ b/lib/atlas_web/corsica_config.ex @@ -1,11 +1,12 @@ defmodule AtlasWeb.Plugs.CorsicaConfig do - @doc """ + @moduledoc """ + Provides dynamic origin configuration for Corsica based on the environment. Allows any origin in dev/test; restricts to known origin(s) in prod. """ def allowed_origins(origin) do case Mix.env() do :prod -> - # FIXME add url for frontend + # FIXME add url for frontend origin in ["http://localhost:3000"] _ -> diff --git a/lib/atlas_web/endpoint.ex b/lib/atlas_web/endpoint.ex index b539f20..73409c1 100644 --- a/lib/atlas_web/endpoint.ex +++ b/lib/atlas_web/endpoint.ex @@ -1,5 +1,6 @@ defmodule AtlasWeb.Endpoint do use Phoenix.Endpoint, otp_app: :atlas + alias AtlasWeb.Plugs.CorsicaConfig # The session will be stored in the cookie and signed, # this means its contents can be read but not tampered with. @@ -49,7 +50,7 @@ defmodule AtlasWeb.Endpoint do plug Plug.Session, @session_options plug Corsica, - origins: &AtlasWeb.Plugs.CorsicaConfig.origins/1, + origins: &allowed_origins/1, log: [rejected: :error], allow_credentials: true, allow_headers: ["authorization", "content-type", "accept"] From 288704eefc2e9a846d5d2a6b166d18a929583b28 Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Mon, 7 Jul 2025 10:43:55 +0100 Subject: [PATCH 07/13] chore: fix failed tests --- lib/atlas_web/endpoint.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/atlas_web/endpoint.ex b/lib/atlas_web/endpoint.ex index 73409c1..b35e024 100644 --- a/lib/atlas_web/endpoint.ex +++ b/lib/atlas_web/endpoint.ex @@ -50,7 +50,7 @@ defmodule AtlasWeb.Endpoint do plug Plug.Session, @session_options plug Corsica, - origins: &allowed_origins/1, + origins: &CorsicaConfig.allowed_origins/1, log: [rejected: :error], allow_credentials: true, allow_headers: ["authorization", "content-type", "accept"] From f534a95760dd8da6c06a07c200a7cb1eff33e9af Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Wed, 9 Jul 2025 15:35:33 +0100 Subject: [PATCH 08/13] fix: typo on id --- config/dev.exs | 2 +- config/prod.exs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/dev.exs b/config/dev.exs index 9dffe4b..2259e8a 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -67,4 +67,4 @@ config :swoosh, :api_client, false # Config setup for Corsica # FIXME add url for frontend -config :atlas_id, origins: ["http://localhost:3000"] +config :atlas, origins: ["http://localhost:3000"] diff --git a/config/prod.exs b/config/prod.exs index d554f52..c4129d3 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -11,7 +11,7 @@ config :logger, level: :info # Config setup for Corsica # FIXME add url for frontend -config :atlas_id, origins: ["http://localhost:3000"] +config :atlas, origins: ["http://localhost:3000"] # Runtime production configuration, including reading # of environment variables, is done on config/runtime.exs. From 63790e968e342f5b645084a4041fcb07f604e8de Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Wed, 9 Jul 2025 16:02:26 +0100 Subject: [PATCH 09/13] refactor: convert from configuration by standalone file to configuration in prod config file --- config/dev.exs | 2 +- config/prod.exs | 12 +++++++++--- lib/atlas_web/corsica_config.ex | 17 ----------------- lib/atlas_web/endpoint.ex | 3 +-- 4 files changed, 11 insertions(+), 23 deletions(-) delete mode 100644 lib/atlas_web/corsica_config.ex diff --git a/config/dev.exs b/config/dev.exs index 2259e8a..fbd5a33 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -67,4 +67,4 @@ config :swoosh, :api_client, false # Config setup for Corsica # FIXME add url for frontend -config :atlas, origins: ["http://localhost:3000"] +config :atlas, :allowed_origins, "*" diff --git a/config/prod.exs b/config/prod.exs index c4129d3..d93ba27 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -9,9 +9,15 @@ config :swoosh, local: false # Do not print debug messages in production config :logger, level: :info -# Config setup for Corsica -# FIXME add url for frontend -config :atlas, origins: ["http://localhost:3000"] +# FIXME: FRONTEND_URL is still not defined +# Configures CORS allowed origins +config :atlas, + :allowed_origins, + System.get_env("FRONTEND_URL") || + raise(""" + environment variable FRONTEND_URL is missing. + This should be the URL of your frontend application. + """) # Runtime production configuration, including reading # of environment variables, is done on config/runtime.exs. diff --git a/lib/atlas_web/corsica_config.ex b/lib/atlas_web/corsica_config.ex deleted file mode 100644 index 47b98aa..0000000 --- a/lib/atlas_web/corsica_config.ex +++ /dev/null @@ -1,17 +0,0 @@ -defmodule AtlasWeb.Plugs.CorsicaConfig do - @moduledoc """ - Provides dynamic origin configuration for Corsica based on the environment. - Allows any origin in dev/test; restricts to known origin(s) in prod. - """ - def allowed_origins(origin) do - case Mix.env() do - :prod -> - # FIXME add url for frontend - origin in ["http://localhost:3000"] - - _ -> - # allow all in dev/test - true - end - end -end diff --git a/lib/atlas_web/endpoint.ex b/lib/atlas_web/endpoint.ex index b35e024..964c08a 100644 --- a/lib/atlas_web/endpoint.ex +++ b/lib/atlas_web/endpoint.ex @@ -1,6 +1,5 @@ defmodule AtlasWeb.Endpoint do use Phoenix.Endpoint, otp_app: :atlas - alias AtlasWeb.Plugs.CorsicaConfig # The session will be stored in the cookie and signed, # this means its contents can be read but not tampered with. @@ -50,7 +49,7 @@ defmodule AtlasWeb.Endpoint do plug Plug.Session, @session_options plug Corsica, - origins: &CorsicaConfig.allowed_origins/1, + origins: Application.compile_env(:atlas, :allowed_origins), log: [rejected: :error], allow_credentials: true, allow_headers: ["authorization", "content-type", "accept"] From bfe7afa0ff2538211bd006dea635f59fd711f3d0 Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Sun, 13 Jul 2025 19:18:41 +0100 Subject: [PATCH 10/13] chore: remove FIXME tags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: João Lobo <30907944+joaodiaslobo@users.noreply.github.com> --- config/dev.exs | 1 - 1 file changed, 1 deletion(-) diff --git a/config/dev.exs b/config/dev.exs index fbd5a33..110f465 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -66,5 +66,4 @@ config :phoenix, :plug_init_mode, :runtime config :swoosh, :api_client, false # Config setup for Corsica -# FIXME add url for frontend config :atlas, :allowed_origins, "*" From 988b9b6a93c0bcb53ab5a85afe30d8f65f89de01 Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Sun, 13 Jul 2025 19:19:02 +0100 Subject: [PATCH 11/13] chore: remove FIXME tag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: João Lobo <30907944+joaodiaslobo@users.noreply.github.com> --- config/prod.exs | 1 - 1 file changed, 1 deletion(-) diff --git a/config/prod.exs b/config/prod.exs index d93ba27..32a4600 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -9,7 +9,6 @@ config :swoosh, local: false # Do not print debug messages in production config :logger, level: :info -# FIXME: FRONTEND_URL is still not defined # Configures CORS allowed origins config :atlas, :allowed_origins, From bfae3ecc0b2fe75d9d6e39dcb8e82192da1aa21c Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Sun, 13 Jul 2025 19:24:45 +0100 Subject: [PATCH 12/13] fix: add missing comma --- mix.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.exs b/mix.exs index 153295a..4174698 100644 --- a/mix.exs +++ b/mix.exs @@ -65,7 +65,7 @@ defmodule Atlas.MixProject do {:bandit, "~> 1.2"}, # cors - {:corsica, "~> 2.1.3"} + {:corsica, "~> 2.1.3"}, # utilities {:remote_ip, "~> 1.2"}, From 8e99d10c5ef9596c2f34be238100e09fb53c7c30 Mon Sep 17 00:00:00 2001 From: GuilhermePSF Date: Sun, 13 Jul 2025 19:32:35 +0100 Subject: [PATCH 13/13] chore: format --- config/dev.exs | 1 + 1 file changed, 1 insertion(+) diff --git a/config/dev.exs b/config/dev.exs index cb24ad1..15cf041 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -67,6 +67,7 @@ config :swoosh, :api_client, false # Config setup for Corsica config :atlas, :allowed_origins, "*" + config :atlas, Atlas.Accounts.Guardian, issuer: "atlas", secret_key: "your-dev-secret-key-here-make-it-long-enough",