Spaces:

DazaC
/

giragroup-bi-backend

Sleeping

Adzacam commited on 22 days ago

Commit

5f553ce

1 Parent(s): 76765ac

chore: update password hashing algorithm to pbkdf2_sha256 and relax CORS middleware configurations

Files changed (1) hide show

app.py CHANGED Viewed

@@ -29,7 +29,7 @@ SECRET_KEY = os.getenv("JWT_SECRET", "super-secret-local-key")
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 60 * 24
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/auth/login")
 def verify_password(plain_password, hashed_password):
@@ -80,15 +80,15 @@ app = FastAPI(
 # CORS: sólo permite peticiones desde el frontend registrado
 _ALLOWED_ORIGINS = [
     origin.strip()
-    for origin in os.getenv("CORS_ALLOWED_ORIGINS", "https://dazac-giragroup-bi-frontend.vercel.app").split(",")
     if origin.strip()
 ]
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=_ALLOWED_ORIGINS,
     allow_credentials=False,
-    allow_methods=["GET", "POST"],
-    allow_headers=["Content-Type"],
 )
 # Valores válidos para el CHECK constraint de Supabase

 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 60 * 24
+pwd_context = CryptContext(schemes=["pbkdf2_sha256"], deprecated="auto")
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/auth/login")
 def verify_password(plain_password, hashed_password):
 # CORS: sólo permite peticiones desde el frontend registrado
 _ALLOWED_ORIGINS = [
     origin.strip()
+    for origin in os.getenv("CORS_ALLOWED_ORIGINS", "http://localhost:5173,https://giragroup-bi-frontend-tei-jgc45f654-dazz-s-projects.vercel.app,https://giragroup-bi-frontend-tei-ii.vercel.app").split(",")
     if origin.strip()
 ]
 app.add_middleware(
     CORSMiddleware,
+    allow_origins=["*"],
     allow_credentials=False,
+    allow_methods=["*"],
+    allow_headers=["*"],
 )
 # Valores válidos para el CHECK constraint de Supabase