From 4863b62055a76dbe2a7e07d8f8b7007b0a1c4a3f Mon Sep 17 00:00:00 2001 From: saravanakumardb1 Date: Sat, 28 Feb 2026 20:23:58 -0800 Subject: [PATCH] feat(fastify-core): deny CORS by default when origin unset, add graceful shutdown handlers --- packages/fastify-core/src/create-app.ts | 4 ++-- packages/fastify-core/src/start.ts | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/packages/fastify-core/src/create-app.ts b/packages/fastify-core/src/create-app.ts index 9c947446..3063eb8a 100644 --- a/packages/fastify-core/src/create-app.ts +++ b/packages/fastify-core/src/create-app.ts @@ -30,8 +30,8 @@ export async function createServiceApp(options: ServiceAppOptions): Promise o.trim()) : true; + // CORS — deny all origins when CORS_ORIGIN is not explicitly set + const origin = corsOrigin ? corsOrigin.split(',').map(o => o.trim()) : false; await app.register(cors, { origin }); // OpenAPI spec (optional — consumer must have @fastify/swagger installed) diff --git a/packages/fastify-core/src/start.ts b/packages/fastify-core/src/start.ts index a2addd17..e74160e9 100644 --- a/packages/fastify-core/src/start.ts +++ b/packages/fastify-core/src/start.ts @@ -6,6 +6,16 @@ import type { FastifyApp, StartOptions } from './types.js'; export async function startService(app: FastifyApp, options: StartOptions): Promise { const { port, host = '0.0.0.0' } = options; + + // Graceful shutdown on SIGTERM/SIGINT (Docker, K8s, Ctrl-C) + for (const signal of ['SIGTERM', 'SIGINT'] as const) { + process.on(signal, async () => { + app.log.info(`Received ${signal}, shutting down gracefully…`); + await app.close(); + process.exit(0); + }); + } + try { await app.listen({ port, host }); app.log.info(`Service listening on ${host}:${port}`);