From 1d2bb02e65df0b193a6a7cb3394fe6842c882646 Mon Sep 17 00:00:00 2001
From: adjoly <contact@adjoly.fr>
Date: Wed, 24 Sep 2025 14:12:05 +0200
Subject: [PATCH 1/5] =?UTF-8?q?=E3=80=8C=F0=9F=94=A8=E3=80=8D=20fix(cors?=
 =?UTF-8?q?=20issue):=20should=20be=20working=20as=20expected?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 package.json            |  1 +
 pnpm-lock.yaml          | 11 +++++++++++
 src/api/auth/default.js |  6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/package.json b/package.json
index 7eedbe9..93287eb 100644
--- a/package.json
+++ b/package.json
@@ -2,6 +2,7 @@
 	"dependencies": {
 		"@avalabs/avalanchejs": "^5.0.0",
 		"@fastify/cookie": "^11.0.2",
+		"@fastify/cors": "^11.1.0",
 		"@fastify/env": "^5.0.2",
 		"@fastify/jwt": "^9.1.0",
 		"axios": "^1.10.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 91f44c7..0a5a097 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -14,6 +14,9 @@ importers:
       '@fastify/cookie':
         specifier: ^11.0.2
         version: 11.0.2
+      '@fastify/cors':
+        specifier: ^11.1.0
+        version: 11.1.0
       '@fastify/env':
         specifier: ^5.0.2
         version: 5.0.2
@@ -255,6 +258,9 @@ packages:
   '@fastify/cookie@11.0.2':
     resolution: {integrity: sha512-GWdwdGlgJxyvNv+QcKiGNevSspMQXncjMZ1J8IvuDQk0jvkzgWWZFNC2En3s+nHndZBGV8IbLwOI/sxCZw/mzA==}
 
+  '@fastify/cors@11.1.0':
+    resolution: {integrity: sha512-sUw8ed8wP2SouWZTIbA7V2OQtMNpLj2W6qJOYhNdcmINTu6gsxVYXjQiM9mdi8UUDlcoDDJ/W2syPo1WB2QjYA==}
+
   '@fastify/deepmerge@2.0.2':
     resolution: {integrity: sha512-3wuLdX5iiiYeZWP6bQrjqhrcvBIf0NHbQH1Ur1WbHvoiuTYUEItgygea3zs8aHpiitn0lOB8gX20u1qO+FDm7Q==}
 
@@ -1758,6 +1764,11 @@ snapshots:
       cookie: 1.0.2
       fastify-plugin: 5.0.1
 
+  '@fastify/cors@11.1.0':
+    dependencies:
+      fastify-plugin: 5.0.1
+      toad-cache: 3.7.0
+
   '@fastify/deepmerge@2.0.2': {}
 
   '@fastify/env@5.0.2':
diff --git a/src/api/auth/default.js b/src/api/auth/default.js
index 6a15651..dd706e8 100644
--- a/src/api/auth/default.js
+++ b/src/api/auth/default.js
@@ -1,5 +1,6 @@
 import fastifyJWT from '@fastify/jwt';
 import fastifyCookie from '@fastify/cookie';
+import cors from '@fastify/cors'
 
 import { register } from './register.js';
 import { login } from './login.js';
@@ -22,6 +23,11 @@ authDB.prepareDB();
  */
 export default async function(fastify, options) {
 
+	fastify.register(cors, {
+		origin: "*",
+		methods: ["GET", "POST", "DELETE"]
+	});
+
 	fastify.register(fastifyJWT, {
 		secret: process.env.JWT_SECRET || '123456789101112131415161718192021',
 		cookie: {

From f3bb3ce5eb9b582010bdf1e9aad98af83973cb29 Mon Sep 17 00:00:00 2001
From: adjoly <contact@adjoly.fr>
Date: Tue, 14 Oct 2025 15:02:31 +0200
Subject: [PATCH 2/5] =?UTF-8?q?=E3=80=8C=F0=9F=94=A8=E3=80=8D=20fix:=20cha?=
 =?UTF-8?q?nged=20to=20env?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .env.example            | 2 ++
 src/api/auth/default.js | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.env.example b/.env.example
index 8ecbc62..304a913 100644
--- a/.env.example
+++ b/.env.example
@@ -24,3 +24,5 @@ SMTP_FROM=<the address to send from>
 SMTP_AUTH_USERNAME=<smtp-user>
 SMTP_AUTH_PASSWORD=<smtp pass>
 EMAIL_TO=<mail to send to>
+
+CORS_ORIGIN=<the url of origin for cors>
diff --git a/src/api/auth/default.js b/src/api/auth/default.js
index 0650fa1..a39fc99 100644
--- a/src/api/auth/default.js
+++ b/src/api/auth/default.js
@@ -24,7 +24,7 @@ authDB.prepareDB();
 export default async function(fastify, options) {
 
 	fastify.register(cors, {
-		origin: "http://localhost:5173",
+		origin: process.ENV.CORS_ORIGIN || '*',
 		credentials: true,
 		methods: [ "GET", "POST", "DELETE", "OPTIONS" ]
 	});

From 9f194449ac0017e6cc82b55534f5724c910bfc95 Mon Sep 17 00:00:00 2001
From: adjoly <contact@adjoly.fr>
Date: Tue, 14 Oct 2025 15:03:14 +0200
Subject: [PATCH 3/5] =?UTF-8?q?=E3=80=8C=F0=9F=94=A8=E3=80=8D=20fix:=20cha?=
 =?UTF-8?q?nge=20default=20to=20vite=20url?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/auth/default.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/auth/default.js b/src/api/auth/default.js
index a39fc99..63b9888 100644
--- a/src/api/auth/default.js
+++ b/src/api/auth/default.js
@@ -24,7 +24,7 @@ authDB.prepareDB();
 export default async function(fastify, options) {
 
 	fastify.register(cors, {
-		origin: process.ENV.CORS_ORIGIN || '*',
+		origin: process.ENV.CORS_ORIGIN || 'http://localhost:5173',
 		credentials: true,
 		methods: [ "GET", "POST", "DELETE", "OPTIONS" ]
 	});

From 8d937764446ffaaa79d9cb4d8822abe7e14753d7 Mon Sep 17 00:00:00 2001
From: adjoly <contact@adjoly.fr>
Date: Wed, 15 Oct 2025 16:40:28 +0200
Subject: [PATCH 4/5] =?UTF-8?q?=E3=80=8C=F0=9F=94=A8=E3=80=8D=20fix:=20add?=
 =?UTF-8?q?ed=20cors=20to=20user=20api?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/user/default.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/api/user/default.js b/src/api/user/default.js
index a5efe65..1c63b59 100644
--- a/src/api/user/default.js
+++ b/src/api/user/default.js
@@ -1,5 +1,6 @@
 import fastifyJWT from '@fastify/jwt';
 import fastifyCookie from '@fastify/cookie';
+import cors from '@fastify/cors'
 import Database from 'better-sqlite3';
 
 var env = process.env.NODE_ENV || 'development';
@@ -56,6 +57,13 @@ const deleteFriends = database.prepare('DELETE FROM friends WHERE username = ?;'
  * @param {import('fastify').FastifyPluginOptions}	options
  */
 export default async function(fastify, options) {
+
+	fastify.register(cors, {
+		origin: process.ENV.CORS_ORIGIN || 'http://localhost:5173',
+		credentials: true,
+		methods: [ "GET", "POST", "DELETE", "OPTIONS" ]
+	});
+
 	fastify.register(fastifyJWT, {
 		secret: process.env.JWT_SECRET || '123456789101112131415161718192021',
 		cookie: {

From 2a252b4af34a087ae7fa7e573c661a60a9806bee Mon Sep 17 00:00:00 2001
From: adjoly <contact@adjoly.fr>
Date: Wed, 15 Oct 2025 16:42:00 +0200
Subject: [PATCH 5/5] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20w?=
 =?UTF-8?q?ip(docker):=20added=20cors=20env=20to=20docker?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker/api-base/compose.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker/api-base/compose.yml b/docker/api-base/compose.yml
index 76b987e..fa6d469 100644
--- a/docker/api-base/compose.yml
+++ b/docker/api-base/compose.yml
@@ -15,6 +15,7 @@ services:
       - API_TARGET=user
       - LOG_FILE_PATH=/var/log/log.log
       - JWT_SECRET=${JWT_SECRET}
+      - CORS_ORIGIN=${CORS_ORIGIN}
     restart: unless-stopped
   auth-api:
     container_name: transcendence-api-auth
@@ -35,6 +36,7 @@ services:
       - API_TARGET=auth
       - LOG_FILE_PATH=/var/log/log.log
       - JWT_SECRET=${JWT_SECRET}
+      - CORS_ORIGIN=${CORS_ORIGIN}
     restart: unless-stopped
   scorestore-api:
     container_name: transcendence-api-scoreStore