From 8553d79f5ef1efb0b04b63d519f55e7730f527ab Mon Sep 17 00:00:00 2001
From: patdelphi <patdelphi@outlook.com>
Date: Tue, 19 Aug 2025 17:39:12 +0800
Subject: [PATCH] =?UTF-8?q?Update=20CORS=20config:=20=E6=94=AF=E6=8C=81?=
 =?UTF-8?q?=E5=8A=A8=E6=80=81Koyeb=E5=9F=9F=E5=90=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/index.cjs | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/server/index.cjs b/server/index.cjs
index ecafb77..0e29495 100644
--- a/server/index.cjs
+++ b/server/index.cjs
@@ -42,11 +42,21 @@ app.use(helmet({
 // CORS配置
 app.use(cors({
   origin: process.env.NODE_ENV === 'production' 
-    ? [
-        'https://common-charyl-patdelphi-75adc386.koyeb.app',
-        'http://localhost:5173', 
-        'http://localhost:4173'
-      ] // 生产环境允许的域名
+    ? (origin, callback) => {
+        // 允许Koyeb域名、localhost和环境变量指定的域名
+        const allowedOrigins = [
+          'http://localhost:5173',
+          'http://localhost:4173',
+          process.env.CORS_ORIGIN
+        ].filter(Boolean);
+        
+        // 允许所有.koyeb.app域名
+        if (!origin || origin.endsWith('.koyeb.app') || allowedOrigins.includes(origin)) {
+          callback(null, true);
+        } else {
+          callback(new Error('Not allowed by CORS'));
+        }
+      }
     : true, // 开发环境允许所有域名
   credentials: true,
   methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],