From fc703794634206cbdd006f02083a03d6ec65b2fd Mon Sep 17 00:00:00 2001 From: Vojtech Simetka Date: Fri, 22 Apr 2022 19:47:29 +0500 Subject: [PATCH] feat: add cors setings --- package-lock.json | 48 +++++++++++++++++++++++++++++++++++++++++++++++ package.json | 2 ++ src/config.ts | 13 +++++++++++-- src/index.ts | 6 +++--- src/server.ts | 4 ++++ 5 files changed, 68 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0d0d8b8f..503caad2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,6 +11,7 @@ "dependencies": { "@ethersphere/bee-js": "^4.0.0", "@ethersphere/swarm-cid": "^0.1.0", + "cors": "^2.8.5", "express": "^4.17.3", "http-proxy-middleware": "^2.0.4", "prom-client": "^14.0.1", @@ -25,6 +26,7 @@ "@ethersphere/bee-factory": "^0.4.0", "@fluffy-spoon/substitute": "^1.208.0", "@jest/types": "^27.5.1", + "@types/cors": "^2.8.12", "@types/express": "^4.17.13", "@types/jest": "^27.4.1", "@types/node": "^17.0.23", @@ -2218,6 +2220,12 @@ "integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==", "dev": true }, + "node_modules/@types/cors": { + "version": "2.8.12", + "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz", + "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==", + "dev": true + }, "node_modules/@types/express": { "version": "4.17.13", "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.13.tgz", @@ -3858,6 +3866,18 @@ "integrity": "sha512-JxbCBUdrfr6AQjOXrxoTvAMJO4HBTUIlBzslcJPAz+/KT8yk53fXun51u+RenNYvad/+Vc2DIz5o9UxlCDymFQ==", "dev": true }, + "node_modules/cors": { + "version": "2.8.5", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", + "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + }, + "engines": { + "node": ">= 0.10" + } + }, "node_modules/cosmiconfig": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.0.1.tgz", @@ -8609,6 +8629,14 @@ "integrity": "sha512-h2AatdwYH+JHiZpv7pt/gSX1XoRGb7L/qSIeuqA6GwYoF9w1vP1cw42TO0aI2pNyshRK5893hNSl+1//vHK7hQ==", "dev": true }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/object-inspect": { "version": "1.12.0", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.0.tgz", @@ -12720,6 +12748,12 @@ "integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==", "dev": true }, + "@types/cors": { + "version": "2.8.12", + "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz", + "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==", + "dev": true + }, "@types/express": { "version": "4.17.13", "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.13.tgz", @@ -14000,6 +14034,15 @@ "integrity": "sha512-JxbCBUdrfr6AQjOXrxoTvAMJO4HBTUIlBzslcJPAz+/KT8yk53fXun51u+RenNYvad/+Vc2DIz5o9UxlCDymFQ==", "dev": true }, + "cors": { + "version": "2.8.5", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", + "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "requires": { + "object-assign": "^4", + "vary": "^1" + } + }, "cosmiconfig": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.0.1.tgz", @@ -17619,6 +17662,11 @@ "integrity": "sha512-h2AatdwYH+JHiZpv7pt/gSX1XoRGb7L/qSIeuqA6GwYoF9w1vP1cw42TO0aI2pNyshRK5893hNSl+1//vHK7hQ==", "dev": true }, + "object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=" + }, "object-inspect": { "version": "1.12.0", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.0.tgz", diff --git a/package.json b/package.json index 7288fbb3..394bddb4 100644 --- a/package.json +++ b/package.json @@ -38,6 +38,7 @@ "@ethersphere/bee-factory": "^0.4.0", "@fluffy-spoon/substitute": "^1.208.0", "@jest/types": "^27.5.1", + "@types/cors": "^2.8.12", "@types/express": "^4.17.13", "@types/jest": "^27.4.1", "@types/node": "^17.0.23", @@ -64,6 +65,7 @@ "dependencies": { "@ethersphere/bee-js": "^4.0.0", "@ethersphere/swarm-cid": "^0.1.0", + "cors": "^2.8.5", "express": "^4.17.3", "http-proxy-middleware": "^2.0.4", "prom-client": "^14.0.1", diff --git a/src/config.ts b/src/config.ts index 3932ffaa..243dde3d 100644 --- a/src/config.ts +++ b/src/config.ts @@ -1,3 +1,5 @@ +import type { CorsOptions } from 'cors' + export interface AppConfig { beeApiUrl: string authorization?: string @@ -10,6 +12,7 @@ export interface AppConfig { export interface ServerConfig { hostname: string port: number + corsOptions: CorsOptions } interface StampsConfigHardcoded { @@ -41,6 +44,7 @@ export type EnvironmentVariables = Partial<{ // Server PORT: string HOSTNAME: string + CORS_ORIGIN: string // CID subdomain support CID_SUBDOMAINS: string @@ -70,6 +74,7 @@ export const DEFAULT_POSTAGE_USAGE_THRESHOLD = 0.7 export const DEFAULT_POSTAGE_USAGE_MAX = 0.9 export const DEFAULT_POSTAGE_REFRESH_PERIOD = 60_000 export const DEFAULT_LOG_LEVEL = 'info' +export const DEFAULT_CORS_ORIGIN = true export const logLevel = process.env.LOG_LEVEL && SUPPORTED_LEVELS.includes(process.env.LOG_LEVEL as SupportedLevels) @@ -94,8 +99,12 @@ export function getAppConfig({ } } -export function getServerConfig({ PORT, HOSTNAME }: EnvironmentVariables = {}): ServerConfig { - return { hostname: HOSTNAME || DEFAULT_HOSTNAME, port: Number(PORT || DEFAULT_PORT) } +export function getServerConfig({ PORT, HOSTNAME, CORS_ORIGIN }: EnvironmentVariables = {}): ServerConfig { + return { + hostname: HOSTNAME || DEFAULT_HOSTNAME, + port: Number(PORT || DEFAULT_PORT), + corsOptions: { origin: CORS_ORIGIN ?? DEFAULT_CORS_ORIGIN }, + } } export function getStampsConfig({ diff --git a/src/index.ts b/src/index.ts index 4ea4b51e..99f5ee00 100644 --- a/src/index.ts +++ b/src/index.ts @@ -10,7 +10,7 @@ async function main() { // Configuration const stampConfig = getStampsConfig(process.env as EnvironmentVariables) const appConfig = getAppConfig(process.env as EnvironmentVariables) - const { hostname, port } = getServerConfig(process.env as EnvironmentVariables) + const { hostname, port, corsOptions } = getServerConfig(process.env as EnvironmentVariables) logger.debug('proxy config', appConfig) logger.debug('server config', { hostname: hostname, port }) @@ -23,10 +23,10 @@ async function main() { logger.info('starting postage stamp manager') await stampManager.start(stampConfig) logger.info('starting the proxy') - app = createApp(appConfig, stampManager) + app = createApp(appConfig, stampManager, corsOptions) } else { logger.info('starting the app without postage stamps management') - app = createApp(appConfig) + app = createApp(appConfig, undefined, corsOptions) } // Start the Proxy diff --git a/src/server.ts b/src/server.ts index f51003e0..bd885a75 100644 --- a/src/server.ts +++ b/src/server.ts @@ -5,6 +5,7 @@ import type { StampsManager } from './stamps' import { logger } from './logger' import * as bzzLink from './bzz-link' import { register } from './metrics' +import cors, { CorsOptions } from 'cors' const SWARM_STAMP_HEADER = 'swarm-postage-batch-id' @@ -20,6 +21,7 @@ export const POST_PROXY_ENDPOINTS = ['/bzz', '/bytes', '/chunks', '/feeds/:owner export const createApp = ( { hostname, beeApiUrl, authorization, cidSubdomains, ensSubdomains, removePinHeader }: AppConfig, stampManager: StampsManager | undefined = undefined, + corsOptions: CorsOptions | undefined, ): Application => { const commonOptions: Options = { target: beeApiUrl, @@ -30,6 +32,8 @@ export const createApp = ( // Create Express Server const app = express() + app.use(cors(corsOptions)) + if (hostname) { const subdomainOffset = hostname.split('.').length app.set('subdomain offset', subdomainOffset)