From a9e9362eed8832c0f34613ba511ddefcdddc193b Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@paul.lol>
Date: Fri, 14 Jun 2024 09:27:55 -0500
Subject: [PATCH] allow lan ips for cors

---
 src/main.rs   | 1 +
 src/routes.rs | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index 61a1073..88e1628 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -31,6 +31,7 @@ const ALLOWED_ORIGINS: [&str; 6] = [
 
 const ALLOWED_SUBDOMAIN: &str = ".mutiny-web.pages.dev";
 const ALLOWED_LOCALHOST: &str = "http://127.0.0.1:";
+const ALLOWED_LAN: &str = "http://192.168.";
 
 const API_VERSION: &str = "v2";
 
diff --git a/src/routes.rs b/src/routes.rs
index bfc4b94..4a50ee6 100644
--- a/src/routes.rs
+++ b/src/routes.rs
@@ -1,7 +1,9 @@
 use crate::auth::verify_token;
 use crate::kv::{KeyValue, KeyValueOld};
 use crate::models::VssItem;
-use crate::{State, ALLOWED_LOCALHOST, ALLOWED_ORIGINS, ALLOWED_SUBDOMAIN, API_VERSION};
+use crate::{
+    State, ALLOWED_LAN, ALLOWED_LOCALHOST, ALLOWED_ORIGINS, ALLOWED_SUBDOMAIN, API_VERSION,
+};
 use axum::headers::authorization::Bearer;
 use axum::headers::{Authorization, Origin};
 use axum::http::StatusCode;
@@ -244,6 +246,7 @@ pub fn valid_origin(origin: &str) -> bool {
     ALLOWED_ORIGINS.contains(&origin)
         || origin.ends_with(ALLOWED_SUBDOMAIN)
         || origin.starts_with(ALLOWED_LOCALHOST)
+        || origin.starts_with(ALLOWED_LAN)
 }
 
 pub fn validate_cors(origin: Option<TypedHeader<Origin>>) -> Result<(), (StatusCode, String)> {