| 1 |
40 |
defmodule DaProductAppWeb.Endpoint do |
| 2 |
20 |
use Phoenix.Endpoint, otp_app: :da_product_app |
| 3 |
|
|
| 4 |
|
# The session will be stored in the cookie and signed, |
| 5 |
|
# this means its contents can be read but not tampered with. |
| 6 |
|
# Set :encryption_salt if you would also like to encrypt it. |
| 7 |
|
@session_options [ |
| 8 |
|
store: :cookie, |
| 9 |
|
key: "_da_product_app_key", |
| 10 |
|
signing_salt: "3VV41hZ9", |
| 11 |
|
same_site: "Lax", |
| 12 |
|
# Only secure cookies in production to allow HTTP in development |
| 13 |
|
secure: Mix.env() == :prod |
| 14 |
|
] |
| 15 |
|
|
| 16 |
|
# Static file cache headers for security and performance |
| 17 |
|
@static_headers (if Mix.env() == :prod do |
| 18 |
|
%{ |
| 19 |
|
"cache-control" => "public, max-age=31536000, immutable", |
| 20 |
|
"x-content-type-options" => "nosniff" |
| 21 |
|
} |
| 22 |
|
else |
| 23 |
|
%{ |
| 24 |
|
"cache-control" => "public, max-age=3600", |
| 25 |
|
"x-content-type-options" => "nosniff" |
| 26 |
|
} |
| 27 |
|
end) |
| 28 |
|
|
| 29 |
|
socket "/live", Phoenix.LiveView.Socket, |
| 30 |
|
websocket: [connect_info: [session: @session_options]], |
| 31 |
|
longpoll: [connect_info: [session: @session_options]] |
| 32 |
|
|
| 33 |
|
# Serve at "/" the static files from "priv/static" directory. |
| 34 |
|
# |
| 35 |
|
# You should set gzip to true if you are running phx.digest |
| 36 |
|
# when deploying your static files in production. |
| 37 |
|
plug Plug.Static, |
| 38 |
|
at: "/", |
| 39 |
|
from: :da_product_app, |
| 40 |
|
gzip: Mix.env() == :prod, |
| 41 |
|
only: DaProductAppWeb.static_paths(), |
| 42 |
|
headers: @static_headers |
| 43 |
|
|
| 44 |
|
# Add Tidewave for AI assistant integration |
| 45 |
|
if Code.ensure_loaded?(Tidewave) do |
| 46 |
|
plug Tidewave, |
| 47 |
|
allow_remote_access: true, |
| 48 |
|
allowed_origins: [ |
| 49 |
|
"http://demo.ctrmv.com:4040", |
| 50 |
|
"https://mercurypay.ariticapp.com", |
| 51 |
|
"http://mercurypay.ariticapp.com:4040", |
| 52 |
|
"http://localhost:4040", |
| 53 |
|
"http://127.0.0.1:4040" |
| 54 |
|
] |
| 55 |
|
end |
| 56 |
|
|
| 57 |
|
# Code reloading can be explicitly enabled under the |
| 58 |
|
# :code_reloader configuration of your endpoint. |
| 59 |
|
if code_reloading? do |
| 60 |
|
socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket |
| 61 |
|
plug Phoenix.LiveReloader |
| 62 |
|
plug Phoenix.CodeReloader |
| 63 |
|
plug Phoenix.Ecto.CheckRepoStatus, otp_app: :da_product_app |
| 64 |
|
end |
| 65 |
|
|
| 66 |
|
plug Phoenix.LiveDashboard.RequestLogger, |
| 67 |
|
param_key: "request_logger", |
| 68 |
|
cookie_key: "request_logger" |
| 69 |
|
|
| 70 |
|
# Security headers plug - must be early in the pipeline |
| 71 |
|
plug DaProductAppWeb.Plugs.SecurityHeaders |
| 72 |
|
|
| 73 |
|
plug Plug.RequestId |
| 74 |
|
plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint] |
| 75 |
|
|
| 76 |
|
# Read raw body for NPCI routes before Plug.Parsers processes it |
| 77 |
|
plug DaProductAppWeb.Plugs.ConditionalBodyReader |
| 78 |
|
|
| 79 |
|
# Body parsing - exclude XML from JSON parsing to prevent errors |
| 80 |
|
plug Plug.Parsers, |
| 81 |
|
parsers: [:urlencoded, :multipart, :json], |
| 82 |
|
pass: ["text/xml", "application/xml", "*/*"], |
| 83 |
|
json_decoder: Phoenix.json_library() |
| 84 |
|
|
| 85 |
|
plug Plug.MethodOverride |
| 86 |
|
plug Plug.Head |
| 87 |
|
plug Plug.Session, @session_options |
| 88 |
|
plug DaProductAppWeb.Router |
| 89 |
|
|
| 90 |
|
|
| 91 |
|
end |