diff --git a/services/identity/src/config.rs b/services/identity/src/config.rs --- a/services/identity/src/config.rs +++ b/services/identity/src/config.rs @@ -7,8 +7,8 @@ use crate::constants::{ DEFAULT_OPENSEARCH_ENDPOINT, DEFAULT_TUNNELBROKER_ENDPOINT, KEYSERVER_PUBLIC_KEY, LOCALSTACK_ENDPOINT, OPAQUE_SERVER_SETUP, - OPENSEARCH_ENDPOINT, SECRETS_DIRECTORY, SECRETS_SETUP_FILE, - TUNNELBROKER_GRPC_ENDPOINT, + OPENSEARCH_ENDPOINT, REMOTE_ENVIRONMENT, SECRETS_DIRECTORY, + SECRETS_SETUP_FILE, TUNNELBROKER_GRPC_ENDPOINT, }; /// Raw CLI arguments, should be only used internally to create ServerConfig @@ -73,6 +73,7 @@ pub keyserver_public_key: Option, pub tunnelbroker_endpoint: String, pub opensearch_endpoint: String, + pub remote_environment: Option, } impl ServerConfig { @@ -95,18 +96,19 @@ let server_setup = get_server_setup(path_buf.as_path())?; let keyserver_public_key = env::var(KEYSERVER_PUBLIC_KEY).ok(); + let remote_environment_opt = env::var(REMOTE_ENVIRONMENT).ok(); + let remote_environment = + remote_environment_opt.and_then(|s| RemoteEnvironment::try_from(s).ok()); + Ok(Self { localstack_endpoint: cli.localstack_endpoint.clone(), tunnelbroker_endpoint: cli.tunnelbroker_endpoint.clone(), opensearch_endpoint: cli.opensearch_endpoint.clone(), server_setup, keyserver_public_key, + remote_environment, }) } - - pub fn is_dev(&self) -> bool { - self.localstack_endpoint.is_some() - } } impl fmt::Debug for ServerConfig { @@ -131,6 +133,8 @@ Json(serde_json::Error), #[display(...)] Decode(DecodeError), + #[display(...)] + InvalidRemoteEnvironment, } fn get_server_setup( @@ -160,3 +164,21 @@ comm_opaque2::ServerSetup::deserialize(&decoded_server_setup) .map_err(Error::Opaque) } + +#[derive(Clone, PartialEq)] +pub enum RemoteEnvironment { + Staging, + Production, +} + +impl TryFrom for RemoteEnvironment { + type Error = Error; + + fn try_from(value: String) -> Result { + match value.as_str() { + "staging" => Ok(RemoteEnvironment::Staging), + "production" => Ok(RemoteEnvironment::Production), + _ => Err(Error::InvalidRemoteEnvironment), + } + } +} diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs --- a/services/identity/src/constants.rs +++ b/services/identity/src/constants.rs @@ -216,6 +216,14 @@ super::request_metadata::DEVICE_ID, super::request_metadata::ACCESS_TOKEN, ]; - pub const DEFAULT_ALLOW_ORIGIN: [&str; 2] = - ["https://web.comm.app", "http://localhost:3000"]; + pub const STAGING_ALLOW_ORIGIN_LIST: [&str; 3] = [ + "http://localhost:3000", + "http://localhost:3001", + "http://localhost:3002", + ]; + pub const PROD_ALLOW_ORIGIN_LIST: [&str; 1] = ["https://web.comm.app"]; } + +// Remote Environment + +pub const REMOTE_ENVIRONMENT: &str = "REMOTE_ENVIRONMENT"; diff --git a/services/identity/src/cors.rs b/services/identity/src/cors.rs --- a/services/identity/src/cors.rs +++ b/services/identity/src/cors.rs @@ -1,18 +1,26 @@ use http::{HeaderName, HeaderValue}; use tower_http::cors::{AllowOrigin, CorsLayer}; -use crate::{config::CONFIG, constants::cors}; +use crate::{ + config::{RemoteEnvironment, CONFIG}, + constants::cors, +}; pub fn cors_layer() -> CorsLayer { - let allow_origin = if CONFIG.is_dev() { - AllowOrigin::mirror_request() - } else { - AllowOrigin::list( - cors::DEFAULT_ALLOW_ORIGIN + let allow_origin = match CONFIG.remote_environment { + None => AllowOrigin::mirror_request(), + Some(RemoteEnvironment::Staging) => AllowOrigin::list( + cors::STAGING_ALLOW_ORIGIN_LIST .iter() .cloned() .map(HeaderValue::from_static), - ) + ), + Some(RemoteEnvironment::Production) => AllowOrigin::list( + cors::PROD_ALLOW_ORIGIN_LIST + .iter() + .cloned() + .map(HeaderValue::from_static), + ), }; CorsLayer::new() .allow_origin(allow_origin)