From bb527822267e87bb82c4e39ad560ebc176a3998f Mon Sep 17 00:00:00 2001
From: Mathis HERRIOT <197931332+0x485254@users.noreply.github.com>
Date: Thu, 29 Jan 2026 17:34:53 +0100
Subject: [PATCH] feat: enhance environment configuration and CORS handling
- Added `NEXT_PUBLIC_APP_URL` and `NEXT_PUBLIC_CONTACT_EMAIL` to environment variables for frontend configuration.
- Updated CORS logic to support domain-based restrictions with dynamic origin validation.
- Improved frontend image hostname resolution using environment-driven URLs.
- Standardized contact email usage across the application.
---
backend/src/realtime/events.gateway.ts | 16 +++++++++++++---
docker-compose.prod.yml | 2 ++
frontend/next.config.ts | 15 +++++++++++++--
frontend/src/app/(dashboard)/help/page.tsx | 4 +++-
frontend/src/app/layout.tsx | 2 +-
5 files changed, 32 insertions(+), 7 deletions(-)
diff --git a/backend/src/realtime/events.gateway.ts b/backend/src/realtime/events.gateway.ts
index dfce18f..ecb3167 100644
--- a/backend/src/realtime/events.gateway.ts
+++ b/backend/src/realtime/events.gateway.ts
@@ -33,9 +33,19 @@ import { JwtService } from "../crypto/services/jwt.service";
return;
}
- // En production, on peut restreindre via une variable d'environnement (injectée par ConfigService ultérieurement ou via process.env ici pour le décorateur si besoin,
- // mais le décorateur est évalué au chargement. NestJS permet d'utiliser une fonction pour l'origine)
- callback(null, true);
+ // En production, on peut restreindre via une variable d'environnement
+ const domainName = process.env.CORS_DOMAIN_NAME;
+ if (!domainName || domainName === "*") {
+ callback(null, true);
+ return;
+ }
+
+ const allowedOrigins = domainName.split(",").map((o) => o.trim());
+ if (allowedOrigins.includes(origin)) {
+ callback(null, true);
+ } else {
+ callback(new Error("Not allowed by CORS"));
+ }
},
credentials: true,
methods: ["GET", "POST"],
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 6e40ebf..e01d7cb 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -131,6 +131,8 @@ services:
environment:
NODE_ENV: production
NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-https://api.memegoat.fr}
+ NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL:-https://memegoat.fr}
+ NEXT_PUBLIC_CONTACT_EMAIL: ${MAIL_FROM:-noreply@memegoat.fr}
depends_on:
- backend
diff --git a/frontend/next.config.ts b/frontend/next.config.ts
index ab82892..d01f22b 100644
--- a/frontend/next.config.ts
+++ b/frontend/next.config.ts
@@ -1,5 +1,16 @@
import type { NextConfig } from "next";
+const appUrl = process.env.NEXT_PUBLIC_APP_URL || "https://memegoat.fr";
+const apiUrl = process.env.NEXT_PUBLIC_API_URL || "https://api.memegoat.fr";
+
+const getHostname = (url: string) => {
+ try {
+ return new URL(url).hostname;
+ } catch {
+ return url;
+ }
+};
+
const nextConfig: NextConfig = {
/* config options here */
reactCompiler: true,
@@ -7,11 +18,11 @@ const nextConfig: NextConfig = {
remotePatterns: [
{
protocol: "https",
- hostname: "memegoat.fr",
+ hostname: getHostname(appUrl),
},
{
protocol: "https",
- hostname: "api.memegoat.fr",
+ hostname: getHostname(apiUrl),
},
],
},
diff --git a/frontend/src/app/(dashboard)/help/page.tsx b/frontend/src/app/(dashboard)/help/page.tsx
index 0bcfc01..49e99c4 100644
--- a/frontend/src/app/(dashboard)/help/page.tsx
+++ b/frontend/src/app/(dashboard)/help/page.tsx
@@ -63,7 +63,9 @@ export default function HelpPage() {
N'hésitez pas à nous contacter sur nos réseaux sociaux ou par email.
- contact@memegoat.fr
+
+ {process.env.NEXT_PUBLIC_CONTACT_EMAIL || "contact@memegoat.fr"}
+
);
diff --git a/frontend/src/app/layout.tsx b/frontend/src/app/layout.tsx
index 921aa04..3802742 100644
--- a/frontend/src/app/layout.tsx
+++ b/frontend/src/app/layout.tsx
@@ -32,7 +32,7 @@ export const metadata: Metadata = {
openGraph: {
type: "website",
locale: "fr_FR",
- url: "https://memegoat.local",
+ url: "/",
siteName: "MemeGoat",
title: "MemeGoat | Partagez vos meilleurs mèmes",
description: "La plateforme ultime pour les mèmes. Rejoignez le troupeau !",