Merge pull request 'feat(api): Add payload query API and trusted origins management' (#51) from feat/query-api-and-trusted-origins into master

Reviewed-on: https://code.cannabrands.app/Creationshop/dispensary-scraper/pulls/51
2025-12-12 07:49:54 +00:00
parent a077f81c65 daab0ae9b2
commit d86190912f
8 changed files with 1629 additions and 33 deletions
--- a/backend/migrations/085_trusted_origins.sql
+++ b/backend/migrations/085_trusted_origins.sql
@@ -0,0 +1,59 @@
+-- Migration 085: Trusted Origins Management
+-- Allows admin to manage trusted IPs and domains via UI instead of hardcoded values
+
+-- Trusted origins table (IPs and domains that bypass API key auth)
+CREATE TABLE IF NOT EXISTS trusted_origins (
+  id SERIAL PRIMARY KEY,
+
+  -- Origin type: 'ip', 'domain', 'pattern'
+  origin_type VARCHAR(20) NOT NULL CHECK (origin_type IN ('ip', 'domain', 'pattern')),
+
+  -- The actual value
+  -- For ip: '127.0.0.1', '::1', '192.168.1.0/24'
+  -- For domain: 'cannaiq.co', 'findadispo.com'
+  -- For pattern: '^https://.*\.cannabrands\.app$' (regex)
+  origin_value VARCHAR(255) NOT NULL,
+
+  -- Description for admin reference
+  description TEXT,
+
+  -- Active flag
+  active BOOLEAN DEFAULT true,
+
+  -- Audit
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  created_by INTEGER REFERENCES users(id),
+  updated_at TIMESTAMPTZ DEFAULT NOW(),
+
+  UNIQUE(origin_type, origin_value)
+);
+
+-- Index for quick lookups
+CREATE INDEX IF NOT EXISTS idx_trusted_origins_active ON trusted_origins(active) WHERE active = true;
+CREATE INDEX IF NOT EXISTS idx_trusted_origins_type ON trusted_origins(origin_type, active);
+
+-- Seed with current hardcoded values
+INSERT INTO trusted_origins (origin_type, origin_value, description) VALUES
+  -- Trusted IPs (localhost)
+  ('ip', '127.0.0.1', 'Localhost IPv4'),
+  ('ip', '::1', 'Localhost IPv6'),
+  ('ip', '::ffff:127.0.0.1', 'Localhost IPv4-mapped IPv6'),
+
+  -- Trusted domains
+  ('domain', 'cannaiq.co', 'CannaiQ production'),
+  ('domain', 'www.cannaiq.co', 'CannaiQ production (www)'),
+  ('domain', 'findadispo.com', 'FindADispo production'),
+  ('domain', 'www.findadispo.com', 'FindADispo production (www)'),
+  ('domain', 'findagram.co', 'Findagram production'),
+  ('domain', 'www.findagram.co', 'Findagram production (www)'),
+  ('domain', 'localhost:3010', 'Local backend dev'),
+  ('domain', 'localhost:8080', 'Local admin dev'),
+  ('domain', 'localhost:5173', 'Local Vite dev'),
+
+  -- Pattern-based (regex)
+  ('pattern', '^https://.*\.cannabrands\.app$', 'All cannabrands.app subdomains'),
+  ('pattern', '^https://.*\.cannaiq\.co$', 'All cannaiq.co subdomains')
+ON CONFLICT (origin_type, origin_value) DO NOTHING;
+
+-- Add comment
+COMMENT ON TABLE trusted_origins IS 'IPs and domains that bypass API key authentication. Managed via /admin.';