From aa6df6302520a0e697472b9e979162804f737420 Mon Sep 17 00:00:00 2001
From: Jerry Tian <jerryrt@gmail.com>
Date: Sun, 6 Apr 2025 11:36:04 -0400
Subject: [PATCH] feat: enable FAL proxy

---
 .gitignore                                    |  2 +
 .../app/api/hello/route.tsx                   |  5 +++
 apps/demo-nextjs-app-router/middleware.ts     | 38 +++++++++++++++++++
 3 files changed, 45 insertions(+)
 create mode 100644 apps/demo-nextjs-app-router/app/api/hello/route.tsx
 create mode 100644 apps/demo-nextjs-app-router/middleware.ts

diff --git a/.gitignore b/.gitignore
index fe035ef..e208925 100644
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,5 @@ Thumbs.db
 .next
 *.local
 .vercel
+
+**/.env
diff --git a/apps/demo-nextjs-app-router/app/api/hello/route.tsx b/apps/demo-nextjs-app-router/app/api/hello/route.tsx
new file mode 100644
index 0000000..46f08a7
--- /dev/null
+++ b/apps/demo-nextjs-app-router/app/api/hello/route.tsx
@@ -0,0 +1,5 @@
+import { NextResponse } from "next/server";
+
+export async function GET() {
+  return NextResponse.json({ message: "Hello from Next.js!" });
+}
diff --git a/apps/demo-nextjs-app-router/middleware.ts b/apps/demo-nextjs-app-router/middleware.ts
new file mode 100644
index 0000000..0f45a97
--- /dev/null
+++ b/apps/demo-nextjs-app-router/middleware.ts
@@ -0,0 +1,38 @@
+import { NextResponse } from "next/server";
+
+const allowedOrigins = [
+  "https://05985828-1e5d-490f-9c5e-d906081efb32.lovableproject.com",
+  "https://animator.gg",
+  ,
+  "https://www.animator.gg",
+];
+
+export function middleware(request: Request) {
+  const origin = request.headers.get("origin");
+
+  if (origin && allowedOrigins.includes(origin)) {
+    const response = NextResponse.next();
+    response.headers.set("Access-Control-Allow-Origin", origin);
+    response.headers.set(
+      "Access-Control-Allow-Methods",
+      "GET, POST, PUT, DELETE, OPTIONS",
+    );
+    response.headers.set(
+      "Access-Control-Allow-Headers",
+      "Content-Type, Authorization",
+    );
+    return response;
+  }
+
+  // If the origin is not allowed, block the request
+  if (origin) {
+    return new NextResponse("Forbidden", { status: 403 });
+  }
+
+  // Allow requests without an origin (e.g., server-to-server requests)
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: "/api/:path*", // Apply middleware to all API routes
+};