From 0fa9159dbc6601397bd5695cae6a2a4e446678b3 Mon Sep 17 00:00:00 2001
From: Angelo Reale <12191809+angeloreale@users.noreply.github.com>
Date: Thu, 8 Aug 2024 15:27:39 +0100
Subject: [PATCH] [DPTM-2]  Dev env (#27)

* ar(fix) [DPTM-2]: Ensure autonomous Dev environment

* ar(fix) [DPTM-2]: Ensure autonomous Dev environment

* ar(fix) [DPTM-2]: Ensure autonomous Dev environment
---
 src/middleware.ts | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/middleware.ts b/src/middleware.ts
index 35619354..7a494ea3 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -16,8 +16,14 @@ export const config = {
   matcher: ['/api/:path*'],
 };
 
+const allowedOrigins = {
+  [`${process.env.MAIN_URL}`]: process.env.MAIN_URL,
+  [`${process.env.NEXUS_HOST}`]: process.env.NEXUS_HOST,
+  [`${process.env.API_HOST}`]: process.env.API_HOST,
+};
+
 const headers: Record<string, any> = {
-  'Access-Control-Allow-Origin': process.env.MAIN_URL || 'https://www.dreampip.com',
+  'Access-Control-Allow-Origin': `${process.env.MAIN_URL}` || 'https://www.dreampip.com',
   'Cache-Control': 'maxage=0, s-maxage=300, stale-while-revalidate=300',
   // DEV-DEBUG:
   // 'content-type': 'application/json',
@@ -27,6 +33,11 @@ const headers: Record<string, any> = {
 };
 
 export default async function middleware(request: NextRequest) {
+  const origin = request.headers.get('x-forwarded-host') || '';
+  if (origin !== process.env.MAIN_URL) {
+    headers['Access-Control-Allow-Origin'] = allowedOrigins[origin] || 'https://www.dreampip.com';
+  }
+
   // You could alternatively limit based on user ID or similar
   const response = next();
   const ip = ipAddress(request) || '127.0.0.1';