add cors , add user should be enabled by default

Azaion.Api/Program.cs

@@ -109,6 +109,18 @@ builder.Services.AddScoped<ICache, MemoryCache>();
 builder.Services.AddValidatorsFromAssemblyContaining<RegisterUserValidator>();
 builder.Services.AddExceptionHandler<BusinessExceptionHandler>();
 
+// Add CORS configuration
+builder.Services.AddCors(options =>
+{
+    options.AddPolicy("AdminCorsPolicy", policy =>
+    {
+        policy.WithOrigins("https://admin.azaion.com", "http://admin.azaion.com")
+              .AllowAnyMethod()
+              .AllowAnyHeader()
+              .AllowCredentials();
+    });
+});
+
 var app = builder.Build();
 
 if (app.Environment.IsDevelopment())
@@ -117,6 +129,8 @@ if (app.Environment.IsDevelopment())
     app.UseSwaggerUI();
 }
 
+app.UseCors("AdminCorsPolicy");
+
 app.UseAuthentication();
 app.UseAuthorization();
 
@@ -136,7 +150,7 @@ app.MapPost("/users",
     .RequireAuthorization(apiAdminPolicy)
     .WithOpenApi(op => new(op){ Summary = "Creates a new user"});
 
-app.MapGet("/currentuser",
+app.MapGet("/users/current",
     async (IAuthService authService) => await authService.GetCurrentUser())
     .RequireAuthorization()
     .WithOpenApi(op => new(op){ Summary = "Get Current User"});
@@ -159,14 +173,6 @@ app.MapPut("/users/queue-offsets/set",
     .RequireAuthorization()
     .WithOpenApi(op => new OpenApiOperation(op) { Summary = "Sets user's queue offsets" });
 
-app.MapPost("/resources/{dataFolder?}",
-        async ([FromRoute]string? dataFolder, IFormFile data, IResourcesService resourceService, CancellationToken ct)
-            => await resourceService.SaveResource(dataFolder, data, ct))
-    .Accepts<IFormFile>("multipart/form-data")
-    .RequireAuthorization()
-    //.WithOpenApi(op => new(op){ Summary = "Upload resource"}); //For some reason doesn't work when this is specified.
-    .DisableAntiforgery();
-
 app.MapPut("/users/{email}/enable", async (string email, IUserService userService, CancellationToken ct)
         => await userService.SetEnableStatus(email, true, ct))
     .RequireAuthorization(apiAdminPolicy)
@@ -182,6 +188,14 @@ app.MapDelete("/users/{email}", async (string email, IUserService userService, C
     .RequireAuthorization(apiAdminPolicy)
     .WithOpenApi(op => new OpenApiOperation(op) { Summary = "Remove user" });
 
+app.MapPost("/resources/{dataFolder?}",
+        async ([FromRoute]string? dataFolder, IFormFile data, IResourcesService resourceService, CancellationToken ct)
+            => await resourceService.SaveResource(dataFolder, data, ct))
+    .Accepts<IFormFile>("multipart/form-data")
+    .RequireAuthorization()
+    //.WithOpenApi(op => new(op){ Summary = "Upload resource"}); //For some reason doesn't work when this is specified.
+    .DisableAntiforgery();
+
 app.MapGet("/resources/list/{dataFolder?}",
     async ([FromRoute]string? dataFolder, string? search, IResourcesService resourcesService, CancellationToken ct)
         => await resourcesService.ListResources(dataFolder, search, ct))
@@ -190,7 +204,7 @@ app.MapGet("/resources/list/{dataFolder?}",
 
 app.MapPost("/resources/clear/{dataFolder?}",
         ([FromRoute]string? dataFolder, IResourcesService resourcesService) => resourcesService.ClearFolder(dataFolder))
-    .RequireAuthorization()
+    .RequireAuthorization(apiAdminPolicy)
     .WithOpenApi(op => new OpenApiOperation(op) { Summary = "Clear folder" });
 
 app.MapPost("/resources/get/{dataFolder?}", //Need to have POST method for secure password

Azaion.Services/UserService.cs

@@ -36,7 +36,8 @@ public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
                 Email = request.Email,
                 PasswordHash = request.Password.ToHash(),
                 Role = request.Role,
-                CreatedAt = DateTime.UtcNow
+                CreatedAt = DateTime.UtcNow,
+                IsEnabled = true
             }, token: ct);
         });
     }