From 8d4b8c5f0cd71eece9e1a9c03616be810ced3a04 Mon Sep 17 00:00:00 2001
From: pheonix8 <61965711+pheonix8@users.noreply.github.com>
Date: Tue, 27 May 2025 16:09:28 +0200
Subject: [PATCH 1/4] move authorized parties to Environment

---
 .github/example.env                        |  7 +++++++
 README.md                                  |  5 +++++
 service/app/database.py                    |  1 +
 service/app/main.py                        | 11 ++++++-----
 service/app/middlewares/auth_middleware.py |  5 ++++-
 5 files changed, 23 insertions(+), 6 deletions(-)
 create mode 100644 .github/example.env

diff --git a/.github/example.env b/.github/example.env
new file mode 100644
index 0000000..c4d29b2
--- /dev/null
+++ b/.github/example.env
@@ -0,0 +1,7 @@
+POSTGRES_USER=
+POSTGRES_PASSWORD=
+POSTGRES_HOST=
+POSTGRES_PORT=
+POSTGRES_DB=
+CLERK_SECRET_KEY=
+AUTHORIZED_PARTIES=
\ No newline at end of file
diff --git a/README.md b/README.md
index d6107a6..5f36487 100644
--- a/README.md
+++ b/README.md
@@ -73,3 +73,8 @@ docker run hello-world # confirms the successful installation.
 1. In the backend repository, create a new file `touch .env` and add the password.
 
 The docker-compose file will import the file as a secret and set it as the Postgres password. `.env` is added go the `.gitignore` file, so the password isn't in GitHub.
+
+## Dev Setup
+
+### Environment Variables
+Create a `.env` in the root of the directory. See the environment variables in the example.env file. 
\ No newline at end of file
diff --git a/service/app/database.py b/service/app/database.py
index cd541f9..f5afd4e 100644
--- a/service/app/database.py
+++ b/service/app/database.py
@@ -6,6 +6,7 @@
 from sqlalchemy.orm import sessionmaker
 from sqlmodel import Session, SQLModel, create_engine
 
+
 load_dotenv()
 
 postgres_url = f"postgresql+psycopg://{os.getenv('POSTGRES_USER')}:{os.getenv('POSTGRES_PASSWORD')}@{os.getenv('POSTGRES_HOST')}:{os.getenv('POSTGRES_PORT')}/{os.getenv('POSTGRES_DB')}"
diff --git a/service/app/main.py b/service/app/main.py
index f36a6fd..e61afbd 100644
--- a/service/app/main.py
+++ b/service/app/main.py
@@ -1,15 +1,16 @@
+import os
+
+from dotenv import load_dotenv
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 
 from .routers import plan_router
 
+
+load_dotenv()
 app = FastAPI()
 
-origins = [
-    "http://localhost:5173",
-    "http://localhost",
-    "http://localhost:8080",
-]
+origins = os.getenv("AUTHORIZED_PARTIES").split(",")
 
 app.add_middleware(
     CORSMiddleware,
diff --git a/service/app/middlewares/auth_middleware.py b/service/app/middlewares/auth_middleware.py
index fbad6ce..f1aa0be 100644
--- a/service/app/middlewares/auth_middleware.py
+++ b/service/app/middlewares/auth_middleware.py
@@ -3,6 +3,7 @@
 
 from clerk_backend_api import Clerk
 from clerk_backend_api.jwks_helpers import AuthenticateRequestOptions, RequestState
+from dotenv import load_dotenv
 from fastapi import Depends, HTTPException, Request
 from sqlmodel import Session
 
@@ -10,6 +11,8 @@
 from ..services.user_service import create_user, get_user_by_clerk_id
 
 
+load_dotenv()
+
 async def auth_dependency(request: Request, session: Annotated[Session, Depends(get_session)]) -> RequestState:
     authorization = request.headers.get("Authorization")
 
@@ -19,7 +22,7 @@ async def auth_dependency(request: Request, session: Annotated[Session, Depends(
     sdk = Clerk(bearer_auth=os.getenv("CLERK_SECRET_KEY"))
 
     request_state = sdk.authenticate_request(
-        request, AuthenticateRequestOptions(authorized_parties=["http://localhost:5173"])
+        request, AuthenticateRequestOptions(authorized_parties=os.getenv("AUTHORIZED_PARTIES").split(","))
     )
 
     if not request_state.is_signed_in:

From dbc50d8b762154bc356d4b11e26f7d4bbd935fab Mon Sep 17 00:00:00 2001
From: pheonix8 <61965711+pheonix8@users.noreply.github.com>
Date: Tue, 27 May 2025 16:28:03 +0200
Subject: [PATCH 2/4] linting

---
 service/app/database.py                    | 1 -
 service/app/main.py                        | 1 -
 service/app/middlewares/auth_middleware.py | 2 +-
 3 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/service/app/database.py b/service/app/database.py
index f5afd4e..cd541f9 100644
--- a/service/app/database.py
+++ b/service/app/database.py
@@ -6,7 +6,6 @@
 from sqlalchemy.orm import sessionmaker
 from sqlmodel import Session, SQLModel, create_engine
 
-
 load_dotenv()
 
 postgres_url = f"postgresql+psycopg://{os.getenv('POSTGRES_USER')}:{os.getenv('POSTGRES_PASSWORD')}@{os.getenv('POSTGRES_HOST')}:{os.getenv('POSTGRES_PORT')}/{os.getenv('POSTGRES_DB')}"
diff --git a/service/app/main.py b/service/app/main.py
index e61afbd..8bd3ccf 100644
--- a/service/app/main.py
+++ b/service/app/main.py
@@ -6,7 +6,6 @@
 
 from .routers import plan_router
 
-
 load_dotenv()
 app = FastAPI()
 
diff --git a/service/app/middlewares/auth_middleware.py b/service/app/middlewares/auth_middleware.py
index f1aa0be..29568e3 100644
--- a/service/app/middlewares/auth_middleware.py
+++ b/service/app/middlewares/auth_middleware.py
@@ -10,9 +10,9 @@
 from ..database import get_session
 from ..services.user_service import create_user, get_user_by_clerk_id
 
-
 load_dotenv()
 
+
 async def auth_dependency(request: Request, session: Annotated[Session, Depends(get_session)]) -> RequestState:
     authorization = request.headers.get("Authorization")
 

From 770fa89acc2a25617fb9f18c10136ac01001d032 Mon Sep 17 00:00:00 2001
From: pheonix8 <61965711+pheonix8@users.noreply.github.com>
Date: Tue, 27 May 2025 16:32:45 +0200
Subject: [PATCH 3/4] add authorized_parties to ci env

---
 .github/workflows/ci.yml           | 1 +
 .github/example.env => example.env | 0
 2 files changed, 1 insertion(+)
 rename .github/example.env => example.env (100%)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e6558ef..cd01704 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -51,6 +51,7 @@ jobs:
           echo "POSTGRES_USER=postgres" >> $GITHUB_ENV
           echo "POSTGRES_PASSWORD=postgres" >> $GITHUB_ENV
           echo "POSTGRES_DB=postgres" >> $GITHUB_ENV
+          echo "AUTHORIZED_PARTIES=http://localhost" >> $GITHUB_ENV
       - name: Run tests
         working-directory: service
         run: uv run pytest --cov=app --cov-report=html
diff --git a/.github/example.env b/example.env
similarity index 100%
rename from .github/example.env
rename to example.env

From db1bee3d0fd47f8353ddf8fc05efff37a35b8aeb Mon Sep 17 00:00:00 2001
From: pheonix8 <61965711+pheonix8@users.noreply.github.com>
Date: Tue, 27 May 2025 17:41:35 +0200
Subject: [PATCH 4/4] add var to docker-compose.prod.yml

---
 docker-compose.prod.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 996d8e6..2c9a949 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -25,6 +25,7 @@ services:
       - POSTGRES_HOST=${POSTGRES_HOST}
       - POSTGRES_PORT=${POSTGRES_PORT}
       - POSTGRES_DB=${POSTGRES_DB}
+      - AUTHORIZED_PARTIES=${AUTHORIZED_PARTIES}
       - CLERK_SECRET_KEY=${CLERK_SECRET_KEY}
     networks:
       - proxy