""" Local proxy + static file server for the eGrow Order Scanner. - Serves order-scanner.html and assets from this folder - Forwards POST /api requests to https://egrow.dev/proxy.php with the Authorization header intact (bypasses browser CORS limits) Run: python proxy_server.py Then open: http://localhost:8000/order-scanner.html """ import http.server import socketserver import urllib.request import urllib.error import os PORT = 8000 TARGET = os.environ.get("EGROW_API", "https://api5.egrow.com/graphql") class Handler(http.server.SimpleHTTPRequestHandler): def _send_cors(self): self.send_header("Access-Control-Allow-Origin", "*") self.send_header("Access-Control-Allow-Methods", "POST, GET, OPTIONS") self.send_header("Access-Control-Allow-Headers", "Content-Type, Authorization") def do_OPTIONS(self): self.send_response(204) self._send_cors() self.end_headers() def do_POST(self): if self.path != "/api": self.send_error(404, "Not found") return length = int(self.headers.get("Content-Length", 0)) body = self.rfile.read(length) req = urllib.request.Request(TARGET, data=body, method="POST") req.add_header("Content-Type", self.headers.get("Content-Type", "application/json")) req.add_header("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36") req.add_header("Accept", "application/json, */*") req.add_header("Origin", "https://app.egrow.com") req.add_header("Referer", "https://app.egrow.com/") # Forward token as X-Api-Key (eGrow's actual auth scheme) auth = self.headers.get("Authorization", "") if auth.lower().startswith("bearer "): req.add_header("X-Api-Key", auth.split(" ", 1)[1]) elif auth: req.add_header("X-Api-Key", auth) api_key = self.headers.get("X-Api-Key") if api_key: req.add_header("X-Api-Key", api_key) print(f"[proxy] -> {TARGET} headers: {dict(req.header_items())}") try: with urllib.request.urlopen(req, timeout=20) as resp: data = resp.read() self.send_response(resp.status) self.send_header("Content-Type", resp.headers.get("Content-Type", "application/json")) self._send_cors() self.end_headers() self.wfile.write(data) except urllib.error.HTTPError as e: data = e.read() self.send_response(e.code) self.send_header("Content-Type", "application/json") self._send_cors() self.end_headers() self.wfile.write(data) except Exception as e: self.send_response(502) self.send_header("Content-Type", "application/json") self._send_cors() self.end_headers() self.wfile.write(f'{{"errors":[{{"message":"Proxy error: {e}"}}]}}'.encode()) socketserver.TCPServer.allow_reuse_address = True with socketserver.TCPServer(("127.0.0.1", PORT), Handler) as httpd: print(f"Serving http://localhost:{PORT}") print(f"Proxying POST /api -> {TARGET}") httpd.serve_forever()