Janooski · pheonix8 · May 27, 2025 · May 27, 2025 · May 27, 2025 · May 27, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -51,6 +51,7 @@ jobs:
           echo "POSTGRES_USER=postgres" >> $GITHUB_ENV
           echo "POSTGRES_PASSWORD=postgres" >> $GITHUB_ENV
           echo "POSTGRES_DB=postgres" >> $GITHUB_ENV
+          echo "AUTHORIZED_PARTIES=http://localhost" >> $GITHUB_ENV
       - name: Run tests
         working-directory: service
         run: uv run pytest --cov=app --cov-report=html

diff --git a/README.md b/README.md
@@ -73,3 +73,8 @@ docker run hello-world # confirms the successful installation.
 1. In the backend repository, create a new file `touch .env` and add the password.
 
 The docker-compose file will import the file as a secret and set it as the Postgres password. `.env` is added go the `.gitignore` file, so the password isn't in GitHub.
+
+## Dev Setup
+
+### Environment Variables
+Create a `.env` in the root of the directory. See the environment variables in the example.env file. 
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -25,6 +25,7 @@ services:
       - POSTGRES_HOST=${POSTGRES_HOST}
       - POSTGRES_PORT=${POSTGRES_PORT}
       - POSTGRES_DB=${POSTGRES_DB}
+      - AUTHORIZED_PARTIES=${AUTHORIZED_PARTIES}
       - CLERK_SECRET_KEY=${CLERK_SECRET_KEY}
     networks:
       - proxy

diff --git a/example.env b/example.env
@@ -0,0 +1,7 @@
+POSTGRES_USER=
+POSTGRES_PASSWORD=
+POSTGRES_HOST=
+POSTGRES_PORT=
+POSTGRES_DB=
+CLERK_SECRET_KEY=
+AUTHORIZED_PARTIES=
diff --git a/service/app/main.py b/service/app/main.py
@@ -1,15 +1,15 @@
+import os
+
+from dotenv import load_dotenv
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 
 from .routers import plan_router
 
+load_dotenv()
 app = FastAPI()
 
-origins = [
-    "http://localhost:5173",
-    "http://localhost",
-    "http://localhost:8080",
-]
+origins = os.getenv("AUTHORIZED_PARTIES").split(",")
 
 app.add_middleware(
     CORSMiddleware,

diff --git a/service/app/middlewares/auth_middleware.py b/service/app/middlewares/auth_middleware.py
@@ -3,12 +3,15 @@
 
 from clerk_backend_api import Clerk
 from clerk_backend_api.jwks_helpers import AuthenticateRequestOptions, RequestState
+from dotenv import load_dotenv
 from fastapi import Depends, HTTPException, Request
 from sqlmodel import Session
 
 from ..database import get_session
 from ..services.user_service import create_user, get_user_by_clerk_id
 
+load_dotenv()
+
 
 async def auth_dependency(request: Request, session: Annotated[Session, Depends(get_session)]) -> RequestState:
     authorization = request.headers.get("Authorization")
@@ -19,7 +22,7 @@ async def auth_dependency(request: Request, session: Annotated[Session, Depends(
     sdk = Clerk(bearer_auth=os.getenv("CLERK_SECRET_KEY"))
 
     request_state = sdk.authenticate_request(
-        request, AuthenticateRequestOptions(authorized_parties=["http://localhost:5173"])
+        request, AuthenticateRequestOptions(authorized_parties=os.getenv("AUTHORIZED_PARTIES").split(","))
     )
 
     if not request_state.is_signed_in: