Support CORS for POST and PATCH availability endpoints (#897)

2024-09-23 17:08:56 +02:00 · 2024-09-23 17:08:56 +02:00 · 032d7e7495
parent 4e8630791a
commit 032d7e7495
1 changed files with 29 additions and 7 deletions
--- a/codex/rest/api.nim
+++ b/codex/rest/api.nim
@ -224,6 +224,8 @@ proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRoute
      return RestApiResponse.response($json, contentType="application/json")

 proc initSalesApi(node: CodexNodeRef, router: var RestRouter) =
+  let allowedOrigin = router.allowedOrigin
+
  router.api(
    MethodGet,
    "/api/codex/v1/sales/slots") do () -> RestApiResponse:
@ -290,22 +292,29 @@ proc initSalesApi(node: CodexNodeRef, router: var RestRouter) =
      ## minPrice       - minimum price to be paid (in amount of tokens)
      ## maxCollateral  - maximum collateral user is willing to pay per filled Slot (in amount of tokens)

+      var headers = newSeq[(string,string)]()
+
+      if corsOrigin =? allowedOrigin:
+        headers.add(("Access-Control-Allow-Origin", corsOrigin))
+        headers.add(("Access-Control-Allow-Methods", "POST, OPTIONS"))
+        headers.add(("Access-Control-Max-Age", "86400"))
+
      try:
        without contracts =? node.contracts.host:
-          return RestApiResponse.error(Http503, "Sales unavailable")
+          return RestApiResponse.error(Http503, "Sales unavailable", headers = headers)

        let body = await request.getBody()

        without restAv =? RestAvailability.fromJson(body), error:
-          return RestApiResponse.error(Http400, error.msg)
+          return RestApiResponse.error(Http400, error.msg, headers = headers)

        let reservations = contracts.sales.context.reservations

        if restAv.totalSize == 0:
-          return RestApiResponse.error(Http400, "Total size must be larger then zero")
+          return RestApiResponse.error(Http400, "Total size must be larger then zero", headers = headers)

        if not reservations.hasAvailable(restAv.totalSize.truncate(uint)):
-          return RestApiResponse.error(Http422, "Not enough storage quota")
+          return RestApiResponse.error(Http422, "Not enough storage quota", headers = headers)

        without availability =? (
          await reservations.createAvailability(
@ -314,14 +323,27 @@ proc initSalesApi(node: CodexNodeRef, router: var RestRouter) =
            restAv.minPrice,
            restAv.maxCollateral)
          ), error:
-          return RestApiResponse.error(Http500, error.msg)
+          return RestApiResponse.error(Http500, error.msg, headers = headers)

        return RestApiResponse.response(availability.toJson,
                                        Http201,
-                                        contentType="application/json")
+                                        contentType="application/json", 
+                                        headers = headers)
      except CatchableError as exc:
        trace "Excepting processing request", exc = exc.msg
-        return RestApiResponse.error(Http500)
+        return RestApiResponse.error(Http500, headers = headers)
+
+  router.api(
+    MethodOptions,
+    "/api/codex/v1/sales/availability/{id}") do (id: AvailabilityId, resp: HttpResponseRef) -> RestApiResponse:
+
+      if corsOrigin =? allowedOrigin:
+        resp.setHeader("Access-Control-Allow-Origin", corsOrigin)
+        resp.setHeader("Access-Control-Allow-Methods", "PATCH, OPTIONS")
+        resp.setHeader("Access-Control-Max-Age", "86400")
+
+      resp.status = Http204
+      await resp.sendBody("")

  router.rawApi(
    MethodPatch,