feat: add CORS support with user-sourced trusted origins from .env

src/tools/cors.ts

@@ -0,0 +1,44 @@
+import * as dotenv from 'dotenv';
+dotenv.config({ quiet: true });
+
+import cors from 'cors';
+import { getEnvString } from './jwt';
+
+/**
+ * Returns user-trusted origins from the .env file.
+ * Defaults to http://localhost:6568 if no user config is found.
+ *
+ * @return     {string[]}  A list of user-trusted origins.
+ */
+function getTrustedOrigins(): string[] {
+	let trustedOrigins: string[] = ['http://localhost:6568'];
+	const configOriginsString: string | undefined = getEnvString('trustedOrigins', true);
+
+	// No config available.
+	if (configOriginsString === undefined) {
+		console.log('WARN: trustedOrigins is unknown. Defaulting to http://localhost:6568. CORS might not work.');
+		return trustedOrigins;
+	}
+	// Config available
+	else if (typeof configOriginsString === 'string')
+		// But if it's empty, return defaults.
+		if (configOriginsString === '')
+			return trustedOrigins;
+		// Otherwise overwrite trustedOrigins with user-provided comma-separated values.
+		else
+			trustedOrigins = configOriginsString.split(',');
+
+	return trustedOrigins;
+}
+
+/**
+ * Retruns the CORS configuration containing user-provided origins.
+ * If none were found, they default to http://localhost:6568.
+ *
+ * @return     {any}  The cors configuration.
+ */
+export function getCorsConfig(): any {
+	return cors({
+		origin: getTrustedOrigins()
+	});
+}