brief-20/backend/src/main.ts

import { NestFactory } from '@nestjs/core';
import { ValidationPipe } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { AppModule } from './app.module';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  const configService = app.get(ConfigService);

  // Configuration globale des pipes de validation
  app.useGlobalPipes(
    new ValidationPipe({
      whitelist: true,
      transform: true,
      forbidNonWhitelisted: true,
    }),
  );

  // Configuration CORS selon l'environnement
  const environment = configService.get<string>('NODE_ENV', 'development');
  const frontendUrl = configService.get<string>('FRONTEND_URL', 'http://localhost:3001');

  if (environment === 'development') {
    // En développement, on autorise toutes les origines avec credentials
    app.enableCors({
      origin: true,
      methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
      credentials: true,
    });
    console.log('CORS configured for development environment (all origins allowed)');
  } else {
    // En production, on restreint les origines autorisées
    const allowedOrigins = [frontendUrl];
    // Ajouter d'autres origines si nécessaire (ex: sous-domaines, CDN, etc.)
    const additionalOrigins = configService.get<string>('ADDITIONAL_CORS_ORIGINS');
    if (additionalOrigins) {
      allowedOrigins.push(...additionalOrigins.split(','));
    }

    app.enableCors({
      origin: (origin, callback) => {
        // Permettre les requêtes sans origine (comme les appels d'API mobile)
        if (!origin || allowedOrigins.includes(origin)) {
          callback(null, true);
        } else {
          callback(new Error(`Origin ${origin} not allowed by CORS`));
        }
      },
      methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
      credentials: true,
      maxAge: 86400, // 24 heures de mise en cache des résultats preflight
    });
    console.log(`CORS configured for production environment with allowed origins: ${allowedOrigins.join(', ')}`);
  }

  // Préfixe global pour les routes API
  app.setGlobalPrefix(configService.get<string>('API_PREFIX', 'api'));

  const port = configService.get<number>('PORT', 3000);
  await app.listen(port);
  console.log(`Application is running on: http://localhost:${port}`);
}
bootstrap();