Add CORS support

src/app/configs/cors.config.ts

@@ -0,0 +1,12 @@
+import {env, HTTPMethod} from '@extollo/lib'
+
+export default {
+    enable: env('ENABLE_CORS', false),
+    allow: {
+        origins: [
+            'https://garrettmills.dev',
+            'https://glmdev.tech',
+        ] as string[],
+        methods: ['post', 'get', 'options'] as HTTPMethod[],
+    },
+}

src/app/configs/server.config.ts

@@ -8,6 +8,7 @@ import {
     CacheQueue,
     BusConnectorConfig, QueueConfig, SyncQueue
 } from '@extollo/lib'
+import {CORS} from '../http/middlewares/CORS.middleware'
 
 export default {
     debug: env('DEBUG_MODE', false),
@@ -61,7 +62,7 @@ export default {
 
     middleware: {
         global: {
-            pre: [],
+            pre: [CORS],
         },
     },
 }

src/app/http/middlewares/CORS.middleware.ts

@@ -0,0 +1,48 @@
+import {Middleware, Injectable, Inject, Config, HTTPMethod, Response, HTTPStatus, http, Logging} from '@extollo/lib'
+
+/**
+ * CORS Middleware
+ * --------------------------------------------
+ * Put some description here.
+ */
+@Injectable()
+export class CORS extends Middleware {
+    @Inject()
+    protected readonly config!: Config
+
+    @Inject()
+    protected readonly logging!: Logging
+
+    public async apply() {
+        this.logging.debug('CORS Middleware')
+        if ( !this.config.get('cors.enable', false) ) {
+            this.logging.debug('Will not send CORS headers: CORS is disabled.')
+            return
+        }
+
+        const response: Response = this.request.response
+        response.setHeader('Access-Control-Allow-Headers', '*')
+
+        if ( this.config.get('server.debug', false) ) {
+            response.setHeader('Access-Control-Allow-Origin', '*')
+            response.setHeader('Access-Control-Allow-Methods', '*')
+
+            if ( this.request.method === 'options' ) {
+                return http(HTTPStatus.NO_CONTENT)
+            }
+
+            return
+        }
+
+        const origins = this.config.get('cors.allow.origins', []) as string[]
+        response.setHeader('Access-Control-Allow-Origin', origins.join(','))
+
+        const methods = this.config.get('cors.allow.methods') as HTTPMethod[]
+        response.setHeader('Access-Control-Allow-Methods', methods.map(x => x.toUpperCase()).join(','))
+
+        if ( this.request.method === 'options' ) {
+            response.setStatus(HTTPStatus.NO_CONTENT)
+            return ''
+        }
+    }
+}

src/app/http/routes/app.routes.ts

@@ -1,4 +1,4 @@
-import {redirect, Route, SessionAuthMiddleware} from '@extollo/lib'
+import {redirect, Route, SessionAuthMiddleware, api} from '@extollo/lib'
 import {Home} from '../controllers/Home.controller'
 import {PageView} from '../middlewares/PageView.middleware'
 import {Snippets} from '../controllers/Snippets.controller'
@@ -9,6 +9,9 @@ import {LoadFeedPosts} from '../middlewares/parameters/LoadFeedPosts.middleware'
 import {ValidContactForm} from '../middlewares/parameters/ValidContactForm.middleware'
 import {RateLimit} from '../middlewares/RateLimit.middleware'
 
+Route.endpoint('options', '**')
+    .handledBy(() => api.one({}))
+
 Route
     .group('/', () => {
         Route.get('/')