feat: enable FAL proxy

2025-04-06 11:36:04 -04:00 · 2025-04-06 11:36:04 -04:00 · aa6df63025
commit aa6df63025
parent 92fa2e0af2
3 changed files with 45 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -42,3 +42,5 @@ Thumbs.db
 .next
 *.local
 .vercel
+
+**/.env
--- a/apps/demo-nextjs-app-router/app/api/hello/route.tsx
+++ b/apps/demo-nextjs-app-router/app/api/hello/route.tsx
@ -0,0 +1,5 @@
+import { NextResponse } from "next/server";
+
+export async function GET() {
+  return NextResponse.json({ message: "Hello from Next.js!" });
+}
--- a/apps/demo-nextjs-app-router/middleware.ts
+++ b/apps/demo-nextjs-app-router/middleware.ts
@ -0,0 +1,38 @@
+import { NextResponse } from "next/server";
+
+const allowedOrigins = [
+  "https://05985828-1e5d-490f-9c5e-d906081efb32.lovableproject.com",
+  "https://animator.gg",
+  ,
+  "https://www.animator.gg",
+];
+
+export function middleware(request: Request) {
+  const origin = request.headers.get("origin");
+
+  if (origin && allowedOrigins.includes(origin)) {
+    const response = NextResponse.next();
+    response.headers.set("Access-Control-Allow-Origin", origin);
+    response.headers.set(
+      "Access-Control-Allow-Methods",
+      "GET, POST, PUT, DELETE, OPTIONS",
+    );
+    response.headers.set(
+      "Access-Control-Allow-Headers",
+      "Content-Type, Authorization",
+    );
+    return response;
+  }
+
+  // If the origin is not allowed, block the request
+  if (origin) {
+    return new NextResponse("Forbidden", { status: 403 });
+  }
+
+  // Allow requests without an origin (e.g., server-to-server requests)
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: "/api/:path*", // Apply middleware to all API routes
+};