app.py

import os
from flask import Flask
from db import db, db_init
from flask_cors import CORS
from common.bcrypt import bcrypt
from auth.apis import auth_blueprint
from todolist.apis import todo_blueprint

app = Flask(__name__)

CORS(app)
cors = CORS(app, resources={r"/api/*": {"origins": "https://week-22-jokodev.netlify.app/"}})

@app.after_request
def add_secure_headers(response):
    response.headers['Content-Security-Policy'] = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/; frame-ancestors 'self'"
    response.headers['X-Frame-Options'] = 'SAMEORIGIN'
    response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
    response.headers['Referrer-Policy'] = 'strict-origin'
    response.headers['X-Content-Type-Options'] = 'nosniff'
    response.headers['Permissions-Policy'] = "geolocation 'self'; microphone 'none'; camera 'none'"
    return response

database_url = os.getenv("DATABASE_URL")
app.config['SQLALCHEMY_DATABASE_URI'] = database_url

db.init_app(app)
bcrypt.init_app(app)

app.register_blueprint(auth_blueprint, url_prefix="/auth")
app.register_blueprint(todo_blueprint, url_prefix="/todolist")

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=int(os.environ.get("PORT", 8080)))


# with app.app_context():
#     db_init()