Add CORS support

2022-11-14 21:59:03 -06:00 · 2022-11-14 21:59:03 -06:00 · ffc057c2c5
commit ffc057c2c5
parent ac1d221f38
7 changed files with 73 additions and 7 deletions
--- a/deploy/deployment.yaml
+++ b/deploy/deployment.yaml
@ -21,6 +21,8 @@ spec:
              value: '4'
            - name: SERVER_FORCE_SSL
              value: 'true'
+            - name: ENABLE_CORS
+              value: 'true'
            - name: DATABASE_USERNAME
              valueFrom:
                secretKeyRef:
--- a/package.json
+++ b/package.json
@ -9,7 +9,7 @@
  },
  "dependencies": {
    "@atao60/fse-cli": "^0.1.7",
-    "@extollo/lib": "^0.14.8",
+    "@extollo/lib": "^0.14.10",
    "@types/node": "^18.11.9",
    "any-date-parser": "^1.5.3",
    "copyfiles": "^2.4.1",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -3,7 +3,7 @@ lockfileVersion: 5.4
 specifiers:
  '@atao60/fse-cli': ^0.1.7
  '@extollo/cc': ^0.6.0
-  '@extollo/lib': ^0.14.8
+  '@extollo/lib': ^0.14.10
  '@types/node': ^18.11.9
  any-date-parser: ^1.5.3
  copyfiles: ^2.4.1
@ -19,7 +19,7 @@ specifiers:

 dependencies:
  '@atao60/fse-cli': 0.1.7
-  '@extollo/lib': 0.14.8
+  '@extollo/lib': 0.14.10
  '@types/node': 18.11.9
  any-date-parser: 1.5.3
  copyfiles: 2.4.1
@ -126,8 +126,8 @@ packages:
      - supports-color
    dev: true

-  /@extollo/lib/0.14.8:
-    resolution: {integrity: sha512-W98WJd8GIcLfQlqfqlsy0WkHWuHYEV929oEMktjP1Mf66n31Vu9S13Pds3wki3/CKVQ4wdOm4OEZstWAy+cHQA==}
+  /@extollo/lib/0.14.10:
+    resolution: {integrity: sha512-lAQxRRR7Dn7oIV3lDlKs0f6tRkhFGkFBjylfo+kcfHIxEzItnyvg3XNJtZ/xGiQuERnF0eMO+Cd5YsT0zeDouQ==}
    dependencies:
      '@atao60/fse-cli': 0.1.7
      '@extollo/ui': 0.1.0_@types+node@14.18.33
--- a/src/app/configs/cors.config.ts
+++ b/src/app/configs/cors.config.ts
@ -0,0 +1,12 @@
+import {env, HTTPMethod} from '@extollo/lib'
+
+export default {
+    enable: env('ENABLE_CORS', false),
+    allow: {
+        origins: [
+            'https://garrettmills.dev',
+            'https://glmdev.tech',
+        ] as string[],
+        methods: ['post', 'get', 'options'] as HTTPMethod[],
+    },
+}
--- a/src/app/configs/server.config.ts
+++ b/src/app/configs/server.config.ts
@ -8,6 +8,7 @@ import {
    CacheQueue,
    BusConnectorConfig, QueueConfig, SyncQueue
 } from '@extollo/lib'
+import {CORS} from '../http/middlewares/CORS.middleware'

 export default {
    debug: env('DEBUG_MODE', false),
@ -61,7 +62,7 @@ export default {

    middleware: {
        global: {
-            pre: [],
+            pre: [CORS],
        },
    },
 }
--- a/src/app/http/middlewares/CORS.middleware.ts
+++ b/src/app/http/middlewares/CORS.middleware.ts
@ -0,0 +1,48 @@
+import {Middleware, Injectable, Inject, Config, HTTPMethod, Response, HTTPStatus, http, Logging} from '@extollo/lib'
+
+/**
+ * CORS Middleware
+ * --------------------------------------------
+ * Put some description here.
+ */
+@Injectable()
+export class CORS extends Middleware {
+    @Inject()
+    protected readonly config!: Config
+
+    @Inject()
+    protected readonly logging!: Logging
+
+    public async apply() {
+        this.logging.debug('CORS Middleware')
+        if ( !this.config.get('cors.enable', false) ) {
+            this.logging.debug('Will not send CORS headers: CORS is disabled.')
+            return
+        }
+
+        const response: Response = this.request.response
+        response.setHeader('Access-Control-Allow-Headers', '*')
+
+        if ( this.config.get('server.debug', false) ) {
+            response.setHeader('Access-Control-Allow-Origin', '*')
+            response.setHeader('Access-Control-Allow-Methods', '*')
+
+            if ( this.request.method === 'options' ) {
+                return http(HTTPStatus.NO_CONTENT)
+            }
+
+            return
+        }
+
+        const origins = this.config.get('cors.allow.origins', []) as string[]
+        response.setHeader('Access-Control-Allow-Origin', origins.join(','))
+
+        const methods = this.config.get('cors.allow.methods') as HTTPMethod[]
+        response.setHeader('Access-Control-Allow-Methods', methods.map(x => x.toUpperCase()).join(','))
+
+        if ( this.request.method === 'options' ) {
+            response.setStatus(HTTPStatus.NO_CONTENT)
+            return ''
+        }
+    }
+}
--- a/src/app/http/routes/app.routes.ts
+++ b/src/app/http/routes/app.routes.ts
@ -1,4 +1,4 @@
-import {redirect, Route, SessionAuthMiddleware} from '@extollo/lib'
+import {redirect, Route, SessionAuthMiddleware, api} from '@extollo/lib'
 import {Home} from '../controllers/Home.controller'
 import {PageView} from '../middlewares/PageView.middleware'
 import {Snippets} from '../controllers/Snippets.controller'
@ -9,6 +9,9 @@ import {LoadFeedPosts} from '../middlewares/parameters/LoadFeedPosts.middleware'
 import {ValidContactForm} from '../middlewares/parameters/ValidContactForm.middleware'
 import {RateLimit} from '../middlewares/RateLimit.middleware'

+Route.endpoint('options', '**')
+    .handledBy(() => api.one({}))
+
 Route
    .group('/', () => {
        Route.get('/')