config flag to enable CORS response headers for data downloads (#834)
This commit is contained in:
parent
d524252f1f
commit
e422c9065f
|
@ -312,7 +312,7 @@ proc new*(
|
||||||
taskpool = taskpool)
|
taskpool = taskpool)
|
||||||
|
|
||||||
restServer = RestServerRef.new(
|
restServer = RestServerRef.new(
|
||||||
codexNode.initRestApi(config, repoStore),
|
codexNode.initRestApi(config, repoStore, config.apiCorsAllowedOrigin),
|
||||||
initTAddress(config.apiBindAddress , config.apiPort),
|
initTAddress(config.apiBindAddress , config.apiPort),
|
||||||
bufferSize = (1024 * 64),
|
bufferSize = (1024 * 64),
|
||||||
maxRequestBodySize = int.high)
|
maxRequestBodySize = int.high)
|
||||||
|
|
|
@ -190,6 +190,12 @@ type
|
||||||
name: "api-port"
|
name: "api-port"
|
||||||
abbr: "p" }: Port
|
abbr: "p" }: Port
|
||||||
|
|
||||||
|
apiCorsAllowedOrigin* {.
|
||||||
|
desc: "The REST Api CORS allowed origin for downloading data. '*' will allow all origins, '' will allow none.",
|
||||||
|
defaultValue: string.none
|
||||||
|
defaultValueDesc: "Disallow all cross origin requests to download data"
|
||||||
|
name: "api-cors-origin" }: Option[string]
|
||||||
|
|
||||||
repoKind* {.
|
repoKind* {.
|
||||||
desc: "Backend for main repo store (fs, sqlite, leveldb)"
|
desc: "Backend for main repo store (fs, sqlite, leveldb)"
|
||||||
defaultValueDesc: "fs"
|
defaultValueDesc: "fs"
|
||||||
|
|
|
@ -107,6 +107,8 @@ proc retrieveCid(
|
||||||
await stream.close()
|
await stream.close()
|
||||||
|
|
||||||
proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRouter) =
|
proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRouter) =
|
||||||
|
let allowedOrigin = router.allowedOrigin # prevents capture inside of api defintion
|
||||||
|
|
||||||
router.rawApi(
|
router.rawApi(
|
||||||
MethodPost,
|
MethodPost,
|
||||||
"/api/codex/v1/data") do (
|
"/api/codex/v1/data") do (
|
||||||
|
@ -166,6 +168,12 @@ proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRoute
|
||||||
Http400,
|
Http400,
|
||||||
$cid.error())
|
$cid.error())
|
||||||
|
|
||||||
|
if corsOrigin =? allowedOrigin:
|
||||||
|
resp.setHeader("Access-Control-Allow-Origin", corsOrigin)
|
||||||
|
resp.setHeader("Access-Control-Allow-Methods", "GET, OPTIONS")
|
||||||
|
resp.setHeader("Access-Control-Headers", "X-Requested-With")
|
||||||
|
resp.setHeader("Access-Control-Max-Age", "86400")
|
||||||
|
|
||||||
await node.retrieveCid(cid.get(), local = true, resp=resp)
|
await node.retrieveCid(cid.get(), local = true, resp=resp)
|
||||||
|
|
||||||
router.api(
|
router.api(
|
||||||
|
@ -181,6 +189,12 @@ proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRoute
|
||||||
Http400,
|
Http400,
|
||||||
$cid.error())
|
$cid.error())
|
||||||
|
|
||||||
|
if corsOrigin =? allowedOrigin:
|
||||||
|
resp.setHeader("Access-Control-Allow-Origin", corsOrigin)
|
||||||
|
resp.setHeader("Access-Control-Allow-Methods", "GET, OPTIONS")
|
||||||
|
resp.setHeader("Access-Control-Headers", "X-Requested-With")
|
||||||
|
resp.setHeader("Access-Control-Max-Age", "86400")
|
||||||
|
|
||||||
await node.retrieveCid(cid.get(), local = false, resp=resp)
|
await node.retrieveCid(cid.get(), local = false, resp=resp)
|
||||||
|
|
||||||
router.api(
|
router.api(
|
||||||
|
@ -636,8 +650,13 @@ proc initDebugApi(node: CodexNodeRef, conf: CodexConf, router: var RestRouter) =
|
||||||
trace "Excepting processing request", exc = exc.msg
|
trace "Excepting processing request", exc = exc.msg
|
||||||
return RestApiResponse.error(Http500)
|
return RestApiResponse.error(Http500)
|
||||||
|
|
||||||
proc initRestApi*(node: CodexNodeRef, conf: CodexConf, repoStore: RepoStore): RestRouter =
|
proc initRestApi*(
|
||||||
var router = RestRouter.init(validate)
|
node: CodexNodeRef,
|
||||||
|
conf: CodexConf,
|
||||||
|
repoStore: RepoStore,
|
||||||
|
corsAllowedOrigin: ?string): RestRouter =
|
||||||
|
|
||||||
|
var router = RestRouter.init(validate, corsAllowedOrigin)
|
||||||
|
|
||||||
initDataApi(node, repoStore, router)
|
initDataApi(node, repoStore, router)
|
||||||
initSalesApi(node, router)
|
initSalesApi(node, router)
|
||||||
|
|
Loading…
Reference in New Issue