openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: add CORS headers and trust proxy for rate limiter

Browse source 
- Added CORS middleware allowing docfast.dev origin
- Added app.set('trust proxy', 1) to fix ERR_ERL_UNEXPECTED_X_FORWARDED_FOR
- The rate limiter was crashing on every proxied request through nginx
This commit is contained in:
DocFast Bot 2026-02-14 14:37:28 +00:00
parent 7f04789997
commit 6276d61aa3
1 changed files with 20 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/index.ts
View file

@ -21,11 +21,31 @@ const PORT = parseInt(process.env.PORT || "3100", 10);
loadKeys(); loadKeys();
app.use(helmet()); app.use(helmet());
// CORS — allow browser requests from the landing page
app.use((req, res, next) => {
const origin = req.headers.origin;
const allowed = ["https://docfast.dev", "http://localhost:3100"];
if (origin && allowed.includes(origin)) {
res.setHeader("Access-Control-Allow-Origin", origin);
}
res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-API-Key");
res.setHeader("Access-Control-Max-Age", "86400");
if (req.method === "OPTIONS") {
res.status(204).end();
return;
}
next();
});
// Raw body for Stripe webhook signature verification // Raw body for Stripe webhook signature verification
app.use("/v1/billing/webhook", express.raw({ type: "application/json" })); app.use("/v1/billing/webhook", express.raw({ type: "application/json" }));
app.use(express.json({ limit: "2mb" })); app.use(express.json({ limit: "2mb" }));
app.use(express.text({ limit: "2mb", type: "text/*" })); app.use(express.text({ limit: "2mb", type: "text/*" }));
// Trust nginx proxy
app.set("trust proxy", 1);
// Rate limiting // Rate limiting
const limiter = rateLimit({ const limiter = rateLimit({
windowMs: 60_000, windowMs: 60_000,