feat: v5.2.0

surmon-china · surmon-china · commit b1461bb86262 · 2025-07-16T18:42:40.000+08:00
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "nodepress",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "description": "RESTful API service for Surmon.me blog",
   "author": "Surmon",
   "license": "MIT",
diff --git a/src/app.config.ts b/src/app.config.ts
@@ -49,6 +49,8 @@ export const APP_BIZ = {
   FE_URL: 'https://surmon.me',
   /** Static resource host URL */
   STATIC_URL: 'https://static.surmon.me',
+  /** Allowed CORS origins */
+  CORS_ALLOWED_ORIGINS: ['https://surmon.me', /\.surmon\.me$/],
   /** Authentication config */
   AUTH: {
     /** JWT token expiration time in seconds */
diff --git a/src/main.ts b/src/main.ts
@@ -43,19 +43,36 @@ async function bootstrap() {
     request.locals.isUnauthenticated = !isAuthenticated
   })
 
+  // Enable CORS https://github.com/fastify/fastify-cors
+  app.enableCors({
+    // Allow all origins in development, restrict in production
+    origin: isDevEnv ? true : APP_BIZ.CORS_ALLOWED_ORIGINS,
+    preflight: true,
+    credentials: true,
+    maxAge: 600,
+    methods: ['HEAD', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE']
+    // Defaults to reflecting the headers specified in the request's Access-Control-Request-Headers header if not specified.
+    // allowedHeaders: [
+    //   'Authorization',
+    //   'Origin',
+    //   'No-Cache',
+    //   'X-Requested-With',
+    //   'If-Modified-Since',
+    //   'Pragma',
+    //   'Last-Modified',
+    //   'Cache-Control',
+    //   'Expires',
+    //   'Content-Type',
+    //   'X-E4M-With',
+    //   'Sentry-Trace',
+    //   'Baggage'
+    // ]
+  })
+
   // Register global filters and interceptors
   app.useGlobalFilters(new HttpExceptionFilter())
   app.useGlobalInterceptors(new TransformInterceptor())
-  if (isDevEnv) {
-    app.useGlobalInterceptors(new LoggingInterceptor())
-    app.enableCors({
-      origin: true,
-      preflight: true,
-      credentials: true,
-      maxAge: 86400,
-      methods: ['GET', 'PUT', 'POST', 'DELETE', 'PATCH']
-    })
-  }
+  if (isDevEnv) app.useGlobalInterceptors(new LoggingInterceptor())
 
   return await app.listen(APP_BIZ.PORT)
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "nodepress",`
`3`		`- "version": "5.1.0",`
	`3`	`+ "version": "5.2.0",`
`4`	`4`	`"description": "RESTful API service for Surmon.me blog",`
`5`	`5`	`"author": "Surmon",`
`6`	`6`	`"license": "MIT",`