from __future__ import annotations import os from fastapi import FastAPI from fastapi.middleware.cors import CORSMiddleware from fastapi.staticfiles import StaticFiles from .core.config import get_settings from .routers.api import router as api_router settings = get_settings() app = FastAPI(title=settings.app_name) # Origins are configurable via VOXSUM_CORS_ORIGINS (comma-separated); default is # a wildcard for this single-tenant app. Credentials are intentionally disabled: # the API uses no cookies/auth, and a wildcard origin combined with # allow_credentials=True is invalid per the CORS spec — Starlette would reflect # the caller's Origin and return Access-Control-Allow-Credentials: true, letting # any site make credentialed cross-origin requests. _cors_origins = [ origin.strip() for origin in os.environ.get("VOXSUM_CORS_ORIGINS", "*").split(",") if origin.strip() ] app.add_middleware( CORSMiddleware, allow_origins=_cors_origins or ["*"], allow_credentials=False, allow_methods=["*"], allow_headers=["*"], ) @app.get("/health") def healthcheck() -> dict[str, str]: return {"status": "ok"} app.include_router(api_router) # The "/" mount is a catch-all and must be registered LAST: Starlette matches # routes/mounts in registration order, so any route declared after it (e.g. # /health) would be shadowed by the static file server and return 404. app.mount("/static", StaticFiles(directory=settings.static_dir), name="static") app.mount("/media", StaticFiles(directory=settings.audio_dir), name="media") app.mount("/", StaticFiles(directory=settings.frontend_dir, html=True), name="frontend")