Fix CORS, timezone y configuraciones para producción

- Actualizar middleware CORS para permitir orígenes de producción y apps móviles - Cambiar timezone de America/Tijuana a America/Mexico_City en PostulationController - Agregar configuración de Google Maps - Agregar servicio de notificaciones push Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 08:59:17 +00:00
parent 689e456fe5
commit 21260b645f
6 changed files with 762 additions and 25 deletions
--- a/app/Http/Controllers/PostulationController.php
+++ b/app/Http/Controllers/PostulationController.php
@@ -124,7 +124,7 @@ class PostulationController extends Controller
          // Parsear fecha y hora del formato ISO que envía el frontend
          $dateStr = substr(strip_tags($request->setdate), 0, 10); // "2026-01-28"
          $timeStr = substr(strip_tags($request->sethour), 11, 8); // "19:47:00"
-          $postulation->appointment = Carbon::createFromFormat('Y-m-d H:i:s', $dateStr . ' ' . $timeStr, 'America/Tijuana')->tz('UTC');
+          $postulation->appointment = Carbon::createFromFormat('Y-m-d H:i:s', $dateStr . ' ' . $timeStr, 'America/Mexico_City')->tz('UTC');
          $postulation->amount = 5000;
          $postulation->details = preg_replace('/\d+/', '', strip_tags($request->details));
          $postulation->save();
--- a/app/Http/Middleware/Cors.php
+++ b/app/Http/Middleware/Cors.php
@@ -12,15 +12,27 @@ class Cors
     */
    public function handle($request, Closure $next)
    {
+        $allowedOrigins = [
+            'http://localhost',
+            'https://localhost',
+            'ionic://localhost',
+            'https://jobhero.consultoria-as.com',
+            'https://jobhero-api.consultoria-as.com',
+            'capacitor://localhost',
+            'http://localhost:8100'
+        ];

-        $allowedOrigins = ['http://localhost', 'ionic://localhost'];
+        $origin = $request->server('HTTP_ORIGIN');

-          if (in_array($request->server('HTTP_ORIGIN'), $allowedOrigins)) {
-              return $next($request)
-                  ->header('Access-Control-Allow-Origin', $request->server('HTTP_ORIGIN'))
-                  ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
-                  ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, X-XSRF-TOKEN');
-          }
+        // Allow requests from mobile apps (no origin or capacitor/ionic)
+        if (empty($origin) || in_array($origin, $allowedOrigins)) {
+            $response = $next($request);
+            $allowOrigin = empty($origin) ? '*' : $origin;
+            return $response
+                ->header('Access-Control-Allow-Origin', $allowOrigin)
+                ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
+                ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, X-XSRF-TOKEN');
+        }

        return $next($request);
    }