From 1666693c2574934d63f36493881e8cfe96575180 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= Date: Sat, 19 Nov 2022 20:33:03 +0100 Subject: [PATCH] add cors. --- client/src/neko/index.ts | 2 ++ server/go.mod | 3 ++- server/go.sum | 2 ++ server/internal/config/server.go | 19 +++++++++++++++++++ server/internal/http/http.go | 10 ++++++++++ 5 files changed, 35 insertions(+), 1 deletion(-) diff --git a/client/src/neko/index.ts b/client/src/neko/index.ts index 777520e..f6b56d2 100644 --- a/client/src/neko/index.ts +++ b/client/src/neko/index.ts @@ -47,6 +47,8 @@ export class NekoClient extends BaseClient implements EventEmitter { this.$vue = vue this.$accessor = vue.$accessor this.url = url + // convert ws url to http url + this.$vue.$http.defaults.baseURL = url.replace(/^ws/, 'http').replace(/\/ws$/, '') } private cleanup() { diff --git a/server/go.mod b/server/go.mod index 027b970..a3c7c96 100644 --- a/server/go.mod +++ b/server/go.mod @@ -3,8 +3,9 @@ module m1k1o/neko go 1.18 require ( - github.com/fsnotify/fsnotify v1.6.0 // indirect + github.com/fsnotify/fsnotify v1.6.0 github.com/go-chi/chi v4.1.2+incompatible + github.com/go-chi/cors v1.2.1 github.com/gorilla/websocket v1.5.0 github.com/kataras/go-events v0.0.3 github.com/pion/ice/v2 v2.2.11 // indirect diff --git a/server/go.sum b/server/go.sum index 024d6b2..8fdd49c 100644 --- a/server/go.sum +++ b/server/go.sum @@ -65,6 +65,8 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= +github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4= +github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= diff --git a/server/internal/config/server.go b/server/internal/config/server.go index 51f0465..d3cd24f 100644 --- a/server/internal/config/server.go +++ b/server/internal/config/server.go @@ -1,6 +1,8 @@ package config import ( + "m1k1o/neko/internal/utils" + "net/http" "path" "github.com/spf13/cobra" @@ -13,6 +15,7 @@ type Server struct { Bind string Static string PathPrefix string + CORS []string } func (Server) Init(cmd *cobra.Command) error { @@ -41,6 +44,11 @@ func (Server) Init(cmd *cobra.Command) error { return err } + cmd.PersistentFlags().StringSlice("cors", []string{"*"}, "list of allowed origins for CORS") + if err := viper.BindPFlag("cors", cmd.PersistentFlags().Lookup("cors")); err != nil { + return err + } + return nil } @@ -50,4 +58,15 @@ func (s *Server) Set() { s.Bind = viper.GetString("bind") s.Static = viper.GetString("static") s.PathPrefix = path.Join("/", path.Clean(viper.GetString("path_prefix"))) + + s.CORS = viper.GetStringSlice("cors") + in, _ := utils.ArrayIn("*", s.CORS) + if len(s.CORS) == 0 || in { + s.CORS = []string{"*"} + } +} + +func (s *Server) AllowOrigin(r *http.Request, origin string) bool { + in, _ := utils.ArrayIn(origin, s.CORS) + return in || s.CORS[0] == "*" } diff --git a/server/internal/http/http.go b/server/internal/http/http.go index bf75d10..b71a806 100644 --- a/server/internal/http/http.go +++ b/server/internal/http/http.go @@ -13,6 +13,7 @@ import ( "github.com/go-chi/chi" "github.com/go-chi/chi/middleware" + "github.com/go-chi/cors" "github.com/rs/zerolog" "github.com/rs/zerolog/log" @@ -38,6 +39,15 @@ func New(conf *config.Server, webSocketHandler types.WebSocketHandler, desktop t router.Use(middleware.Recoverer) // Recover from panics without crashing server router.Use(middleware.Compress(5, "application/octet-stream")) + router.Use(cors.Handler(cors.Options{ + AllowOriginFunc: conf.AllowOrigin, + AllowedMethods: []string{"GET", "POST", "DELETE", "OPTIONS"}, + AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"}, + ExposedHeaders: []string{"Link"}, + AllowCredentials: true, + MaxAge: 300, // Maximum value not ignored by any of major browsers + })) + if conf.PathPrefix != "/" { router.Use(func(h http.Handler) http.Handler { return http.StripPrefix(conf.PathPrefix, h)