feat: add CORS support with user-sourced trusted origins from .env
All checks were successful
Update changelog / changelog (push) Successful in 24s
All checks were successful
Update changelog / changelog (push) Successful in 24s
This commit is contained in:
@@ -3,10 +3,11 @@ dotenv.config({ quiet: true });
|
||||
|
||||
import express from 'express';
|
||||
import { version } from '../package.json';
|
||||
import miscRouter from './routes/miscRoutes';
|
||||
import userRouter from './routes/userRoutes';
|
||||
import { AppDataSource } from './data-source'
|
||||
import inferUser from './middleware/inferUser';
|
||||
import miscRouter from './routes/miscRoutes';
|
||||
import userRouter from './routes/userRoutes';
|
||||
import { getCorsConfig } from './tools/cors';
|
||||
|
||||
AppDataSource.initialize().then(async () => {
|
||||
|
||||
@@ -15,6 +16,7 @@ AppDataSource.initialize().then(async () => {
|
||||
const app: express.Express = express();
|
||||
|
||||
app.use(express.json());
|
||||
app.use(getCorsConfig());
|
||||
app.use(inferUser);
|
||||
app.use(miscRouter, userRouter);
|
||||
|
||||
|
||||
44
src/tools/cors.ts
Normal file
44
src/tools/cors.ts
Normal file
@@ -0,0 +1,44 @@
|
||||
import * as dotenv from 'dotenv';
|
||||
dotenv.config({ quiet: true });
|
||||
|
||||
import cors from 'cors';
|
||||
import { getEnvString } from './jwt';
|
||||
|
||||
/**
|
||||
* Returns user-trusted origins from the .env file.
|
||||
* Defaults to http://localhost:6568 if no user config is found.
|
||||
*
|
||||
* @return {string[]} A list of user-trusted origins.
|
||||
*/
|
||||
function getTrustedOrigins(): string[] {
|
||||
let trustedOrigins: string[] = ['http://localhost:6568'];
|
||||
const configOriginsString: string | undefined = getEnvString('trustedOrigins', true);
|
||||
|
||||
// No config available.
|
||||
if (configOriginsString === undefined) {
|
||||
console.log('WARN: trustedOrigins is unknown. Defaulting to http://localhost:6568. CORS might not work.');
|
||||
return trustedOrigins;
|
||||
}
|
||||
// Config available
|
||||
else if (typeof configOriginsString === 'string')
|
||||
// But if it's empty, return defaults.
|
||||
if (configOriginsString === '')
|
||||
return trustedOrigins;
|
||||
// Otherwise overwrite trustedOrigins with user-provided comma-separated values.
|
||||
else
|
||||
trustedOrigins = configOriginsString.split(',');
|
||||
|
||||
return trustedOrigins;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retruns the CORS configuration containing user-provided origins.
|
||||
* If none were found, they default to http://localhost:6568.
|
||||
*
|
||||
* @return {any} The cors configuration.
|
||||
*/
|
||||
export function getCorsConfig(): any {
|
||||
return cors({
|
||||
origin: getTrustedOrigins()
|
||||
});
|
||||
}
|
||||
Reference in New Issue
Block a user