Build base web

virtweb_backend/Cargo.lock

@@ -19,6 +19,21 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "actix-cors"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b340e9cfa5b08690aae90fb61beb44e9b06f44fe3d0f93781aaa58cfba86245e"
+dependencies = [
+ "actix-utils",
+ "actix-web",
+ "derive_more",
+ "futures-util",
+ "log",
+ "once_cell",
+ "smallvec",
+]
+
 [[package]]
 name = "actix-http"
 version = "3.4.0"
@@ -1878,6 +1893,7 @@ checksum = "9dcc60c0624df774c82a0ef104151231d37da4962957d691c011c852b2473314"
 name = "virtweb_backend"
 version = "0.1.0"
 dependencies = [
+ "actix-cors",
  "actix-identity",
  "actix-remote-ip",
  "actix-session",

virtweb_backend/Cargo.toml

@@ -15,6 +15,7 @@ actix-web = "4"
 actix-remote-ip = "0.1.0"
 actix-session = { version = "0.7.2", features = ["cookie-session"] }
 actix-identity = "0.5.2"
+actix-cors = "0.6.4"
 serde = { version = "1.0.175", features = ["derive"] }
 serde_json = "1.0.105"
 futures-util = "0.3.28"

virtweb_backend/src/main.rs

@@ -1,9 +1,11 @@
+use actix_cors::Cors;
 use actix_identity::config::LogoutBehaviour;
 use actix_identity::IdentityMiddleware;
 use actix_remote_ip::RemoteIPConfig;
 use actix_session::storage::CookieSessionStore;
 use actix_session::SessionMiddleware;
 use actix_web::cookie::{Key, SameSite};
+use actix_web::http::header;
 use actix_web::middleware::Logger;
 use actix_web::web::Data;
 use actix_web::{web, App, HttpServer};
@@ -40,7 +42,16 @@ async fn main() -> std::io::Result<()> {
             .login_deadline(Some(Duration::from_secs(MAX_SESSION_DURATION)))
             .build();
 
+        let cors = Cors::default()
+            .allowed_origin(&AppConfig::get().website_origin)
+            .allowed_methods(vec!["GET", "POST", "DELETE", "PUT"])
+            .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT])
+            .allowed_header(header::CONTENT_TYPE)
+            .supports_credentials()
+            .max_age(3600);
+
         App::new()
+            .wrap(cors)
             .wrap(Logger::default())
             .wrap(AuthChecker)
             .wrap(identity_middleware)