env python 1.0

2025-09-20 14:05:42 +03:00
parent a26a0bf10b
commit 58419b0e14
6 changed files with 43 additions and 16 deletions
--- a/server/backend/endpoints.py
+++ b/server/backend/endpoints.py
@@ -4,17 +4,23 @@ from . import pydentic, JWT
 from datetime import datetime, timedelta
 from pydantic import EmailStr
 from server.database import db
-
 import asyncio

 api = FastAPI()

+from dotenv import load_dotenv                              #Работа с env для CORS
+import os
+load_dotenv()
+origins = os.getenv("ALLOW_ORIGINS").split(",")
+credentials = os.getenv("ALLOW_CREDENTIALS").lower() == "true"
+methods = os.getenv("ALLOW_METHODS").split(",")
+headers = os.getenv("ALLOW_HEADERS").split(",")
 api.add_middleware(
    CORSMiddleware,
-    allow_origins=["*"],  # "*" — разрешить всем; можно указать список конкретных доменов
-    allow_credentials=True,
-    allow_methods=["*"],  # GET, POST, PUT, DELETE и т.д.
-    allow_headers=["*"],  # Разрешить любые заголовки
+    allow_origins=origins,
+    allow_credentials=credentials,
+    allow_methods=methods,
+    allow_headers=headers,
 )

@api.get("/protected")
@@ -22,7 +28,7 @@ async def protected(current_user: str = Depends(JWT.current_user)):
    return {"msg": f"Hello, {current_user}"}

@api.get("/", response_model=pydentic.IdofPersons)
-async def get_all_rows():
+async def get_all_rows(current_user: str = Depends(JWT.current_user)):
    for row in await db.get_all_rows():
        if row:
            return row
@@ -42,14 +48,14 @@ async def create_user(row:pydentic.CreateUser):
    await db.CreateUser(new_row)
    return new_row
@api.delete("/user_delete/{id}", response_model=pydentic.IdofPersons)
-async def delete_user(id: int):
+async def delete_user(id: int,current_user: str = Depends(JWT.current_user)):
    user = await db.GetUser(id)
    if not user:
        raise HTTPException(status_code=404, detail="The user isn't found")
    await db.DeleteUser(id)
    return user
@api.put("/user_update/{id}", response_model=pydentic.IdofPersons)
-async def update_user(id: int, updated_row: pydentic.UserUpdate):
+async def update_user(id: int, updated_row: pydentic.UserUpdate, current_user: str = Depends(JWT.current_user)):
    user = await db.GetUser(id)
    if not user:
        raise HTTPException(status_code=404, detail="The user isn't found")