diff --git a/cmd/serve.go b/cmd/serve.go index d4d185ca..7df02e28 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -39,6 +39,8 @@ const ( postgresMigrationsSourceFlag = "postgres-migrations-source" fastlyServiceFlag = "fastly-service" fastlyKeyFlag = "fastly-key" + corsAllowOriginsFlag = "cors-allow-origins" + corsAllowCredentialsFlag = "cors-allow-credentials" ) func ginLogger(logger *logrus.Logger) gin.HandlerFunc { @@ -82,6 +84,8 @@ func getGin( trustedProxies []string, logger *logrus.Logger, debug bool, + corsAllowOrigins []string, + corsAllowCredentials bool, ) (*gin.Engine, error) { if !debug { gin.SetMode(gin.ReleaseMode) @@ -107,7 +111,7 @@ func getGin( middlewares = append(middlewares, fastly.New(fastlyService, viper.GetString(fastlyKeyFlag), logger)) } - return ctrl.SetupRouter(trustedProxies, apiRootPrefix, middlewares...) //nolint: wrapcheck + return ctrl.SetupRouter(trustedProxies, apiRootPrefix, corsAllowOrigins, corsAllowCredentials, middlewares...) //nolint: wrapcheck } func getMetadataStorage(endpoint string) *metadata.Hasura { @@ -214,6 +218,11 @@ func init() { addStringFlag(serveCmd.Flags(), fastlyServiceFlag, "", "Enable Fastly middleware and enable automated purges") addStringFlag(serveCmd.Flags(), fastlyKeyFlag, "", "Fastly CDN Key to authenticate purges") } + + { + addStringArrayFlag(serveCmd.Flags(), corsAllowOriginsFlag, []string{"*"}, "CORS allow origins") + addBoolFlag(serveCmd.Flags(), corsAllowCredentialsFlag, false, "CORS allow credentials") + } } var serveCmd = &cobra.Command{ @@ -282,6 +291,8 @@ var serveCmd = &cobra.Command{ viper.GetStringSlice(trustedProxiesFlag), logger, viper.GetBool(debugFlag), + viper.GetStringSlice(corsAllowOriginsFlag), + viper.GetBool(corsAllowCredentialsFlag), ) cobra.CheckErr(err) diff --git a/controller/controller.go b/controller/controller.go index ccf4ff03..1d88e60f 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -111,7 +111,11 @@ func New( } func (ctrl *Controller) SetupRouter( - trustedProxies []string, apiRootPrefix string, middleware ...gin.HandlerFunc, + trustedProxies []string, + apiRootPrefix string, + corsOrigins []string, + corsAllowCredentials bool, + middleware ...gin.HandlerFunc, ) (*gin.Engine, error) { router := gin.New() if err := router.SetTrustedProxies(trustedProxies); err != nil { @@ -126,20 +130,25 @@ func (ctrl *Controller) SetupRouter( router.Use(mw) } - router.Use(cors.New(cors.Config{ - AllowOrigins: []string{"*"}, + corsConfig := cors.Config{ + AllowOrigins: corsOrigins, AllowMethods: []string{"GET", "PUT", "POST", "HEAD", "DELETE"}, AllowHeaders: []string{ "Authorization", "Origin", "if-match", "if-none-match", "if-modified-since", "if-unmodified-since", "x-hasura-admin-secret", "x-nhost-bucket-id", "x-nhost-file-name", "x-nhost-file-id", "x-hasura-role", }, - // AllowWildcard: true, ExposeHeaders: []string{ "Content-Length", "Content-Type", "Cache-Control", "ETag", "Last-Modified", "X-Error", }, MaxAge: 12 * time.Hour, //nolint: gomnd - })) + } + + if corsAllowCredentials { + corsConfig.AllowCredentials = true + } + + router.Use(cors.New(corsConfig)) router.GET("/healthz", ctrl.Health) diff --git a/controller/delete_broken_metadata_test.go b/controller/delete_broken_metadata_test.go index 9d33e0b4..aca34173 100644 --- a/controller/delete_broken_metadata_test.go +++ b/controller/delete_broken_metadata_test.go @@ -103,7 +103,7 @@ func TestDeleteBrokenMetadata(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) responseRecorder := httptest.NewRecorder() diff --git a/controller/delete_file_test.go b/controller/delete_file_test.go index b942a6fe..1fdcac2b 100644 --- a/controller/delete_file_test.go +++ b/controller/delete_file_test.go @@ -53,7 +53,7 @@ func TestDeleteFile(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) responseRecorder := httptest.NewRecorder() diff --git a/controller/delete_orphans_test.go b/controller/delete_orphans_test.go index db8549e6..3c67aa09 100644 --- a/controller/delete_orphans_test.go +++ b/controller/delete_orphans_test.go @@ -75,7 +75,7 @@ func TestDeleteOrphans(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) responseRecorder := httptest.NewRecorder() diff --git a/controller/get_file_information_test.go b/controller/get_file_information_test.go index b000e0f5..37b39e06 100644 --- a/controller/get_file_information_test.go +++ b/controller/get_file_information_test.go @@ -146,7 +146,7 @@ func TestGetFileInfo(t *testing.T) { logger, ) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) responseRecorder := httptest.NewRecorder() diff --git a/controller/get_file_presigned_url_test.go b/controller/get_file_presigned_url_test.go index 4d31d390..d4270d71 100644 --- a/controller/get_file_presigned_url_test.go +++ b/controller/get_file_presigned_url_test.go @@ -92,7 +92,7 @@ func TestGetFilePresignedURL(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) responseRecorder := httptest.NewRecorder() diff --git a/controller/get_file_test.go b/controller/get_file_test.go index 4c7c4104..58f9e2c8 100644 --- a/controller/get_file_test.go +++ b/controller/get_file_test.go @@ -78,7 +78,7 @@ func TestGetFile(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) responseRecorder := httptest.NewRecorder() diff --git a/controller/list_broken_metadata_test.go b/controller/list_broken_metadata_test.go index b61526b7..fc44f68d 100644 --- a/controller/list_broken_metadata_test.go +++ b/controller/list_broken_metadata_test.go @@ -96,7 +96,7 @@ func TestListBrokenMetadata(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) responseRecorder := httptest.NewRecorder() diff --git a/controller/list_not_uploaded_test.go b/controller/list_not_uploaded_test.go index 4f0a496e..7c83d045 100644 --- a/controller/list_not_uploaded_test.go +++ b/controller/list_not_uploaded_test.go @@ -84,7 +84,7 @@ func TestListNotUploaded(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) responseRecorder := httptest.NewRecorder() diff --git a/controller/list_orphans_test.go b/controller/list_orphans_test.go index c099a511..fe94032c 100644 --- a/controller/list_orphans_test.go +++ b/controller/list_orphans_test.go @@ -73,7 +73,7 @@ func TestListOrphans(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) responseRecorder := httptest.NewRecorder() diff --git a/controller/update_file_test.go b/controller/update_file_test.go index 218d9164..3d192c8f 100644 --- a/controller/update_file_test.go +++ b/controller/update_file_test.go @@ -148,7 +148,7 @@ func TestUpdateFile(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) body, contentType := createUpdateMultiForm(t, file) diff --git a/controller/upload_file_test.go b/controller/upload_file_test.go index 0e8ff25d..d0800d34 100644 --- a/controller/upload_file_test.go +++ b/controller/upload_file_test.go @@ -231,7 +231,7 @@ func TestUploadFile(t *testing.T) { ctrl := controller.New("http://asd", "/v1", "asdasd", metadataStorage, contentStorage, nil, logger) - router, _ := ctrl.SetupRouter(nil, "/v1", ginLogger(logger)) + router, _ := ctrl.SetupRouter(nil, "/v1", []string{"*"}, false, ginLogger(logger)) body, contentType := createMultiForm(t, files...)