added hacky CORS headers

93ea9c83 · Christian Pointner · fed04f35 · 93ea9c83 · 93ea9c83 · 93ea9c83
Commit 93ea9c83 authored 6 years ago by Christian Pointner
--- a/cmd/tank/config.go
+++ b/cmd/tank/config.go
@@ -34,16 +34,32 @@ import (
 	"gopkg.in/yaml.v2"
 )

+type CorsConfig struct {
+	AllowedOrigins     []string `json:"allowed-origins" yaml:"allowed-origins" toml:"allowed-origins"`
+	AllowedMethods     []string `json:"allowed-methods" yaml:"allowed-methods" toml:"allowed-methods"`
+	AllowedHeaders     []string `json:"allowed-headers" yaml:"allowed-headers" toml:"allowed-headers"`
+	ExposedHeaders     []string `json:"exposed-headers" yaml:"exposed-headers" toml:"exposed-headers"`
+	MaxAge             int      `json:"max-age" yaml:"max-age" toml:"max-age"`
+	AllowCredentials   bool     `json:"allow-credentials" yaml:"allow-credentials" toml:"allow-credentials"`
+	OptionsPassthrough bool     `json:"options-passthrough" yaml:"options-passthrough" toml:"options-passthrough"`
+	Debug              bool     `json:"debug" yaml:"debug" toml:"debug"`
+}
+
 type Config struct {
 	Store    store.Config    `json:"store" yaml:"store" toml:"store"`
 	Importer importer.Config `json:"importer" yaml:"importer" toml:"importer"`
 	Auth     auth.Config     `json:"auth" yaml:"auth" toml:"auth"`
+	Cors     *CorsConfig     `json:"cors" yaml:"cors" toml:"cors"`
 }

 func (c *Config) ExpandEnv() {
 	c.Store.ExpandEnv()
 	c.Importer.ExpandEnv()
 	c.Auth.ExpandEnv()
+
+	if c.Cors != nil {
+		// TODO: implement this...
+	}
 }

 func ReadConfig(configfile string) (conf *Config, err error) {

--- a/cmd/tank/main.go
+++ b/cmd/tank/main.go
@@ -125,7 +125,7 @@ func cmdRun(c *cli.Context) error {
 		return cli.NewExitError(err.Error(), 1)
 	}

-	if err = runWeb(ln, st, im); err != nil {
+	if err = runWeb(ln, st, im, conf.Cors); err != nil {
 		return cli.NewExitError(err.Error(), 1)
 	}
 	return cli.NewExitError("", 0)
@@ -155,7 +155,7 @@ func cmdRunSa(c *cli.Context) error {
 		return cli.NewExitError("", 2)
 	}

-	if err = runWeb(lns[0], st, im); err != nil {
+	if err = runWeb(lns[0], st, im, conf.Cors); err != nil {
 		return cli.NewExitError(err.Error(), 1)
 	}
 	return cli.NewExitError("", 0)

--- a/cmd/tank/web.go
+++ b/cmd/tank/web.go
@@ -30,6 +30,7 @@ import (
 	"time"

 	"github.com/gorilla/mux"
+	"github.com/rs/cors"
 	"gitlab.servus.at/autoradio/tank/api/v1"
 	"gitlab.servus.at/autoradio/tank/importer"
 	"gitlab.servus.at/autoradio/tank/store"
@@ -41,7 +42,7 @@ const (
 	WebAPIv1Prefix  = "/api/v1/"
 )

-func runWeb(ln net.Listener, st *store.Store, im *importer.Importer) error {
+func runWeb(ln net.Listener, st *store.Store, im *importer.Importer, cc *CorsConfig) error {
 	r := mux.NewRouter()

 	r.Handle("/", http.RedirectHandler(WebUIPathPrefix, http.StatusSeeOther))
@@ -55,6 +56,20 @@ func runWeb(ln net.Listener, st *store.Store, im *importer.Importer) error {
 		ReadTimeout:  12 * time.Hour,
 	}

+	if cc != nil {
+		c := cors.New(cors.Options{
+			AllowedOrigins:     cc.AllowedOrigins,
+			AllowedMethods:     cc.AllowedMethods,
+			AllowedHeaders:     cc.AllowedHeaders,
+			ExposedHeaders:     cc.ExposedHeaders,
+			MaxAge:             cc.MaxAge,
+			AllowCredentials:   cc.AllowCredentials,
+			OptionsPassthrough: cc.OptionsPassthrough,
+			Debug:              cc.Debug,
+		})
+		srv.Handler = c.Handler(r)
+	}
+
 	infoLog.Printf("web: listening on %s", ln.Addr())
 	return srv.Serve(ln)
 }
--- a/contrib/sample-cfg.yaml
+++ b/contrib/sample-cfg.yaml
@@ -33,3 +33,16 @@ auth:
    ## keys will be randomly generated if this is not set
    secret: "very very secret - don't tell anyone"
    max-age: 12h
+
+### uncomment to enable CORS headers
+### see: https://godoc.org/github.com/rs/cors#Options
+cors:
+  allowed-origins: ['*']
+  allowed-methods:
+    - GET
+    - PUT
+    - POST
+    - PATCH
+    - DELETE
+  allowed-headers: ['*']
+  max-age: 10
--- a/go.mod
+++ b/go.mod
@@ -13,6 +13,7 @@ require (
 	github.com/jinzhu/gorm v1.9.1
 	github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a
 	github.com/lib/pq v0.0.0-20180523175426-90697d60dd84
+	github.com/rs/cors v1.6.0
 	github.com/shurcooL/httpfs v0.0.0-20181222201310-74dc9339e414 // indirect
 	github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd // indirect
 	golang.org/x/crypto v0.0.0-20180808211826-de0752318171

--- a/go.sum
+++ b/go.sum
@@ -17,6 +17,8 @@ github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a h1:eeaG9XMUvRBYX
 github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/lib/pq v0.0.0-20180523175426-90697d60dd84 h1:it29sI2IM490luSc3RAhp5WuCYnc6RtbfLVAB7nmC5M=
 github.com/lib/pq v0.0.0-20180523175426-90697d60dd84/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/rs/cors v1.6.0 h1:G9tHG9lebljV9mfp9SNPDL36nCDxmo3zTlAf1YgvzmI=
+github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/shurcooL/httpfs v0.0.0-20181222201310-74dc9339e414 h1:IYVb70m/qpJGjyZV2S4qbdSDnsMl+w9nsQ2iQedf1HI=
 github.com/shurcooL/httpfs v0.0.0-20181222201310-74dc9339e414/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
 github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd h1:ug7PpSOB5RBPK1Kg6qskGBoP3Vnj/aNYFTznWvlkGo0=