openclawd/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

business: session 13 — fix rate limiter crash + add CORS

Browse source
This commit is contained in:
Hoid 2026-02-14 14:38:03 +00:00
parent 8d2b670697
commit 1ba6f2a90c
4 changed files with 54 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

18
projects/business/src/pdf-api/dist/index.js vendored
View file

@ -18,10 +18,28 @@ const PORT = parseInt(process.env.PORT || "3100", 10);
// Load API keys from persistent store
loadKeys();
app.use(helmet());
// CORS — allow browser requests from the landing page
app.use((req, res, next) => {
const origin = req.headers.origin;
const allowed = ["https://docfast.dev", "http://localhost:3100"];
if (origin && allowed.includes(origin)) {
res.setHeader("Access-Control-Allow-Origin", origin);
}
res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-API-Key");
res.setHeader("Access-Control-Max-Age", "86400");
if (req.method === "OPTIONS") {
res.status(204).end();
return;
}
next();
});
// Raw body for Stripe webhook signature verification
app.use("/v1/billing/webhook", express.raw({ type: "application/json" }));
app.use(express.json({ limit: "2mb" }));
app.use(express.text({ limit: "2mb", type: "text/*" }));
// Trust nginx proxy
app.set("trust proxy", 1);
// Rate limiting
const limiter = rateLimit({
windowMs: 60_000,

20
projects/business/src/pdf-api/src/index.ts
View file

@ -21,11 +21,31 @@ const PORT = parseInt(process.env.PORT || "3100", 10);
loadKeys();
app.use(helmet());
// CORS — allow browser requests from the landing page
app.use((req, res, next) => {
const origin = req.headers.origin;
const allowed = ["https://docfast.dev", "http://localhost:3100"];
if (origin && allowed.includes(origin)) {
res.setHeader("Access-Control-Allow-Origin", origin);
}
res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-API-Key");
res.setHeader("Access-Control-Max-Age", "86400");
if (req.method === "OPTIONS") {
res.status(204).end();
return;
}
next();
});
// Raw body for Stripe webhook signature verification
app.use("/v1/billing/webhook", express.raw({ type: "application/json" }));
app.use(express.json({ limit: "2mb" }));
app.use(express.text({ limit: "2mb", type: "text/*" }));
// Trust nginx proxy
app.set("trust proxy", 1);
// Rate limiting
const limiter = rateLimit({
windowMs: 60_000,