From 36fa34b3037c4c74ea1c7a5a91497a020a09b5a3 Mon Sep 17 00:00:00 2001
From: yassinedorbozgithub <yassine.dorboz.2022@gmail.com>
Date: Sat, 12 Apr 2025 04:58:56 +0100
Subject: [PATCH 1/2] fix(api): resolve allowed_domains redis bug

---
 api/src/main.ts                                  | 6 +++---
 api/src/setting/services/setting.service.spec.ts | 2 +-
 api/src/setting/services/setting.service.ts      | 4 ++--
 api/src/websocket/utils/gateway-options.ts       | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/api/src/main.ts b/api/src/main.ts
index 1ba080a4..7b38a68e 100644
--- a/api/src/main.ts
+++ b/api/src/main.ts
@@ -50,11 +50,11 @@ async function bootstrap() {
 
   const settingService = app.get<SettingService>(SettingService);
   app.enableCors({
-    origin: (origin, callback) => {
-      settingService
+    origin: async (origin, callback) => {
+      await settingService
         .getAllowedOrigins()
         .then((allowedOrigins) => {
-          if (!origin || allowedOrigins.has(origin)) {
+          if (!origin || allowedOrigins.includes(origin)) {
             callback(null, true);
           } else {
             callback(new Error('Not allowed by CORS'));
diff --git a/api/src/setting/services/setting.service.spec.ts b/api/src/setting/services/setting.service.spec.ts
index e3fac80e..17e8d274 100644
--- a/api/src/setting/services/setting.service.spec.ts
+++ b/api/src/setting/services/setting.service.spec.ts
@@ -195,7 +195,7 @@ describe('SettingService', () => {
       expect(settingService.find).toHaveBeenCalledWith({
         label: 'allowed_domains',
       });
-      expect(result).toEqual(new Set(['*', 'https://example.com']));
+      expect(result).toEqual(['*', 'https://example.com']);
     });
   });
 });
diff --git a/api/src/setting/services/setting.service.ts b/api/src/setting/services/setting.service.ts
index a07a94c9..1f4d5cad 100644
--- a/api/src/setting/services/setting.service.ts
+++ b/api/src/setting/services/setting.service.ts
@@ -135,7 +135,7 @@ export class SettingService extends BaseService<Setting> {
    * @returns A promise that resolves to a set of allowed origins
    */
   @Cacheable(ALLOWED_ORIGINS_CACHE_KEY)
-  async getAllowedOrigins() {
+  async getAllowedOrigins(): Promise<string[]> {
     const settings = (await this.find({
       label: 'allowed_domains',
     })) as TextSetting[];
@@ -150,7 +150,7 @@ export class SettingService extends BaseService<Setting> {
       ...allowedDomains,
     ]);
 
-    return uniqueOrigins;
+    return Array.from(uniqueOrigins);
   }
 
   /**
diff --git a/api/src/websocket/utils/gateway-options.ts b/api/src/websocket/utils/gateway-options.ts
index 4d2795c8..d8b64593 100644
--- a/api/src/websocket/utils/gateway-options.ts
+++ b/api/src/websocket/utils/gateway-options.ts
@@ -54,15 +54,15 @@ export const buildWebSocketGatewayOptions = (): Partial<ServerOptions> => {
     ...(config.sockets.cookie && { cookie: config.sockets.cookie }),
     ...(config.sockets.onlyAllowOrigins && {
       cors: {
-        origin: (origin, cb) => {
+        origin: async (origin, cb) => {
           // Retrieve the allowed origins from the settings
           const app = AppInstance.getApp();
           const settingService = app.get<SettingService>(SettingService);
 
-          settingService
+          await settingService
             .getAllowedOrigins()
             .then((allowedOrigins) => {
-              if (origin && allowedOrigins.has(origin)) {
+              if (origin && allowedOrigins.includes(origin)) {
                 cb(null, true);
               } else {
                 // eslint-disable-next-line no-console

From 39e587de2683d20bba72a15faffeb13b2c14b0f6 Mon Sep 17 00:00:00 2001
From: yassinedorbozgithub <yassine.dorboz.2022@gmail.com>
Date: Sat, 12 Apr 2025 05:00:34 +0100
Subject: [PATCH 2/2] fix(api): resolve getAllowsOrigins unit tests

---
 api/src/setting/services/setting.service.spec.ts | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/api/src/setting/services/setting.service.spec.ts b/api/src/setting/services/setting.service.spec.ts
index 17e8d274..8bc5b4cf 100644
--- a/api/src/setting/services/setting.service.spec.ts
+++ b/api/src/setting/services/setting.service.spec.ts
@@ -161,14 +161,12 @@ describe('SettingService', () => {
       expect(settingService.find).toHaveBeenCalledWith({
         label: 'allowed_domains',
       });
-      expect(result).toEqual(
-        new Set([
-          '*',
-          'https://example.com',
-          'https://test.com',
-          'https://another.com',
-        ]),
-      );
+      expect(result).toEqual([
+        '*',
+        'https://example.com',
+        'https://test.com',
+        'https://another.com',
+      ]);
     });
 
     it('should return the config allowed cors only if no settings are found', async () => {
@@ -179,7 +177,7 @@ describe('SettingService', () => {
       expect(settingService.find).toHaveBeenCalledWith({
         label: 'allowed_domains',
       });
-      expect(result).toEqual(new Set(['*']));
+      expect(result).toEqual(['*']);
     });
 
     it('should handle settings with empty values', async () => {