Add ability to set CORS headers

2020-03-06 09:47:51 +05:30 · 2020-03-06 09:47:51 +05:30 · 7930719eaa
parent cc687b1b2b
commit 7930719eaa
9 changed files with 56 additions and 6 deletions
--- a/2
+++ b/2
@ -49,5 +49,7 @@ RUN chmod +x /start.sh

 USER nobody

+ENV GO_ENV production
+
 ENTRYPOINT ["./start.sh"]
 CMD ["./super-graph", "serv"]
--- a/config/dev.yml
+++ b/config/dev.yml
@ -36,6 +36,15 @@ migrations_path: ./config/migrations
 # encrypting the cursor data
 secret_key: supercalifajalistics

+# CORS: A list of origins a cross-domain request can be executed from. 
+# If the special * value is present in the list, all origins will be allowed. 
+# An origin may contain a wildcard (*) to replace 0 or more 
+# characters (i.e.: http://*.domain.com).
+cors_allowed_origins: ["*"]
+
+# Debug Cross Origin Resource Sharing requests
+cors_debug: true
+
 # Postgres related environment Variables
 # SG_DATABASE_HOST
 # SG_DATABASE_PORT
--- a/go.mod
+++ b/go.mod
@ -21,6 +21,7 @@ require (
 	github.com/magiconair/properties v1.8.1 // indirect
 	github.com/pelletier/go-toml v1.4.0 // indirect
 	github.com/pkg/errors v0.8.1
+	github.com/rs/cors v1.7.0
 	github.com/rs/zerolog v1.15.0
 	github.com/spf13/afero v1.2.2 // indirect
 	github.com/spf13/cobra v0.0.5
--- a/go.sum
+++ b/go.sum
@ -180,6 +180,8 @@ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
+github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0 h1:uPRuwkWF4J6fGsJ2R0Gn2jB1EQiav9k3S6CSdygQJXY=
--- a/serv/config.go
+++ b/serv/config.go
@ -26,11 +26,13 @@ type config struct {
 	EnableTracing  bool   `mapstructure:"enable_tracing"`
 	UseAllowList   bool   `mapstructure:"use_allow_list"`
 	Production     bool
-	WatchAndReload bool   `mapstructure:"reload_on_config_change"`
-	AuthFailBlock  bool   `mapstructure:"auth_fail_block"`
-	SeedFile       string `mapstructure:"seed_file"`
-	MigrationsPath string `mapstructure:"migrations_path"`
-	SecretKey      string `mapstructure:"secret_key"`
+	WatchAndReload bool     `mapstructure:"reload_on_config_change"`
+	AuthFailBlock  bool     `mapstructure:"auth_fail_block"`
+	SeedFile       string   `mapstructure:"seed_file"`
+	MigrationsPath string   `mapstructure:"migrations_path"`
+	SecretKey      string   `mapstructure:"secret_key"`
+	AllowedOrigins []string `mapstructure:"cors_allowed_origins"`
+	DebugCORS      bool     `mapstructure:"cors_debug"`

 	Inflections map[string]string

--- a/serv/http.go
+++ b/serv/http.go
@ -8,6 +8,8 @@ import (
 	"net/http"
 	"strings"
 	"time"
+
+	"github.com/rs/cors"
 )

 const (
@ -61,6 +63,20 @@ type resolver struct {
 	Duration    time.Duration `json:"duration"`
 }

+func apiV1Handler() http.Handler {
+	h := withAuth(http.HandlerFunc(apiV1), conf.Auth)
+
+	if len(conf.AllowedOrigins) != 0 {
+		c := cors.New(cors.Options{
+			AllowedOrigins:   conf.AllowedOrigins,
+			AllowCredentials: true,
+			Debug:            conf.DebugCORS,
+		})
+		h = c.Handler(h)
+	}
+
+	return h
+}
 func apiV1(w http.ResponseWriter, r *http.Request) {
 	ctx := &coreContext{Context: r.Context()}

--- a/serv/serv.go
+++ b/serv/serv.go
@ -154,7 +154,7 @@ func routeHandler() (http.Handler, error) {

 	routes := map[string]http.Handler{
 		"/health":         http.HandlerFunc(health),
-		"/api/v1/graphql": withAuth(http.HandlerFunc(apiV1), conf.Auth),
+		"/api/v1/graphql": apiV1Handler(),
 	}

 	if err := setActionRoutes(routes); err != nil {
--- a/tmpl/dev.yml
+++ b/tmpl/dev.yml
@ -36,6 +36,15 @@ migrations_path: ./config/migrations
 # encrypting the cursor data
 secret_key: supercalifajalistics

+# CORS: A list of origins a cross-domain request can be executed from. 
+# If the special * value is present in the list, all origins will be allowed. 
+# An origin may contain a wildcard (*) to replace 0 or more 
+# characters (i.e.: http://*.domain.com).
+cors_allowed_origins: ["*"]
+
+# Debug Cross Origin Resource Sharing requests
+cors_debug: false
+
 # Postgres related environment Variables
 # SG_DATABASE_HOST
 # SG_DATABASE_PORT
--- a/tmpl/prod.yml
+++ b/tmpl/prod.yml
@ -36,6 +36,15 @@ enable_tracing: true
 # encrypting the cursor data
 # secret_key: supercalifajalistics

+# CORS: A list of origins a cross-domain request can be executed from. 
+# If the special * value is present in the list, all origins will be allowed. 
+# An origin may contain a wildcard (*) to replace 0 or more 
+# characters (i.e.: http://*.domain.com).
+# cors_allowed_origins: ["*"]
+
+# Debug Cross Origin Resource Sharing requests
+# cors_debug: false
+
 # Postgres related environment Variables
 # SG_DATABASE_HOST
 # SG_DATABASE_PORT