config flag to enable CORS response headers for data downloads (#834)

This commit is contained in:
Eric 2024-06-17 21:33:21 +10:00 committed by GitHub
parent d524252f1f
commit e422c9065f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 28 additions and 3 deletions

View File

@ -312,7 +312,7 @@ proc new*(
taskpool = taskpool) taskpool = taskpool)
restServer = RestServerRef.new( restServer = RestServerRef.new(
codexNode.initRestApi(config, repoStore), codexNode.initRestApi(config, repoStore, config.apiCorsAllowedOrigin),
initTAddress(config.apiBindAddress , config.apiPort), initTAddress(config.apiBindAddress , config.apiPort),
bufferSize = (1024 * 64), bufferSize = (1024 * 64),
maxRequestBodySize = int.high) maxRequestBodySize = int.high)

View File

@ -190,6 +190,12 @@ type
name: "api-port" name: "api-port"
abbr: "p" }: Port abbr: "p" }: Port
apiCorsAllowedOrigin* {.
desc: "The REST Api CORS allowed origin for downloading data. '*' will allow all origins, '' will allow none.",
defaultValue: string.none
defaultValueDesc: "Disallow all cross origin requests to download data"
name: "api-cors-origin" }: Option[string]
repoKind* {. repoKind* {.
desc: "Backend for main repo store (fs, sqlite, leveldb)" desc: "Backend for main repo store (fs, sqlite, leveldb)"
defaultValueDesc: "fs" defaultValueDesc: "fs"

View File

@ -107,6 +107,8 @@ proc retrieveCid(
await stream.close() await stream.close()
proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRouter) = proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRouter) =
let allowedOrigin = router.allowedOrigin # prevents capture inside of api defintion
router.rawApi( router.rawApi(
MethodPost, MethodPost,
"/api/codex/v1/data") do ( "/api/codex/v1/data") do (
@ -166,6 +168,12 @@ proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRoute
Http400, Http400,
$cid.error()) $cid.error())
if corsOrigin =? allowedOrigin:
resp.setHeader("Access-Control-Allow-Origin", corsOrigin)
resp.setHeader("Access-Control-Allow-Methods", "GET, OPTIONS")
resp.setHeader("Access-Control-Headers", "X-Requested-With")
resp.setHeader("Access-Control-Max-Age", "86400")
await node.retrieveCid(cid.get(), local = true, resp=resp) await node.retrieveCid(cid.get(), local = true, resp=resp)
router.api( router.api(
@ -181,6 +189,12 @@ proc initDataApi(node: CodexNodeRef, repoStore: RepoStore, router: var RestRoute
Http400, Http400,
$cid.error()) $cid.error())
if corsOrigin =? allowedOrigin:
resp.setHeader("Access-Control-Allow-Origin", corsOrigin)
resp.setHeader("Access-Control-Allow-Methods", "GET, OPTIONS")
resp.setHeader("Access-Control-Headers", "X-Requested-With")
resp.setHeader("Access-Control-Max-Age", "86400")
await node.retrieveCid(cid.get(), local = false, resp=resp) await node.retrieveCid(cid.get(), local = false, resp=resp)
router.api( router.api(
@ -636,8 +650,13 @@ proc initDebugApi(node: CodexNodeRef, conf: CodexConf, router: var RestRouter) =
trace "Excepting processing request", exc = exc.msg trace "Excepting processing request", exc = exc.msg
return RestApiResponse.error(Http500) return RestApiResponse.error(Http500)
proc initRestApi*(node: CodexNodeRef, conf: CodexConf, repoStore: RepoStore): RestRouter = proc initRestApi*(
var router = RestRouter.init(validate) node: CodexNodeRef,
conf: CodexConf,
repoStore: RepoStore,
corsAllowedOrigin: ?string): RestRouter =
var router = RestRouter.init(validate, corsAllowedOrigin)
initDataApi(node, repoStore, router) initDataApi(node, repoStore, router)
initSalesApi(node, router) initSalesApi(node, router)