Merge pull request #1041 from lbryio/cors2
applies open cors to publish routes
This commit is contained in:
commit
648639e6c6
3 changed files with 8 additions and 49 deletions
|
@ -18,8 +18,7 @@
|
||||||
"host": "https://www.example.com",
|
"host": "https://www.example.com",
|
||||||
"description": "A decentralized hosting platform built on LBRY",
|
"description": "A decentralized hosting platform built on LBRY",
|
||||||
"twitter": false,
|
"twitter": false,
|
||||||
"blockListEndpoint": "https://api.lbry.com/file/list_blocked",
|
"blockListEndpoint": "https://api.lbry.com/file/list_blocked"
|
||||||
"corsWhitelist": []
|
|
||||||
},
|
},
|
||||||
"publishing": {
|
"publishing": {
|
||||||
"primaryClaimAddress": null,
|
"primaryClaimAddress": null,
|
||||||
|
|
|
@ -3,7 +3,6 @@ const express = require('express');
|
||||||
const bodyParser = require('body-parser');
|
const bodyParser = require('body-parser');
|
||||||
const expressHandlebars = require('express-handlebars');
|
const expressHandlebars = require('express-handlebars');
|
||||||
const helmet = require('helmet');
|
const helmet = require('helmet');
|
||||||
const cors = require('cors');
|
|
||||||
const cookieSession = require('cookie-session');
|
const cookieSession = require('cookie-session');
|
||||||
const http = require('http');
|
const http = require('http');
|
||||||
const logger = require('winston');
|
const logger = require('winston');
|
||||||
|
@ -24,7 +23,7 @@ const processTrending = require('./utils/processTrending');
|
||||||
const { setRouteDataInContextMiddleware } = require('./middleware/httpContextMiddleware');
|
const { setRouteDataInContextMiddleware } = require('./middleware/httpContextMiddleware');
|
||||||
|
|
||||||
const {
|
const {
|
||||||
details: { port: PORT, blockListEndpoint, corsWhitelist, host },
|
details: { port: PORT, blockListEndpoint },
|
||||||
startup: { performChecks, performUpdates },
|
startup: { performChecks, performUpdates },
|
||||||
} = require('@config/siteConfig');
|
} = require('@config/siteConfig');
|
||||||
|
|
||||||
|
@ -83,37 +82,7 @@ function Server() {
|
||||||
|
|
||||||
// set HTTP headers to protect against well-known web vulnerabilties
|
// set HTTP headers to protect against well-known web vulnerabilties
|
||||||
app.use(helmet());
|
app.use(helmet());
|
||||||
// open cors for site/config:host (current instance)
|
|
||||||
var originWhitelist = [
|
|
||||||
host
|
|
||||||
];
|
|
||||||
// whitelist is found in site/config:details:
|
|
||||||
// enter corsWhitelist: ["*"] to allow all
|
|
||||||
// enter your domains otherwise:["https://example.com", ...]
|
|
||||||
if ( corsWhitelist && corsWhitelist.length ) {
|
|
||||||
originWhitelist = originWhitelist.concat(corsWhitelist);
|
|
||||||
}
|
|
||||||
|
|
||||||
var corsOptions = originWhitelist && originWhitelist.includes('*')
|
|
||||||
? {
|
|
||||||
"origin": "*",
|
|
||||||
"methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
|
|
||||||
"preflightContinue": false,
|
|
||||||
"optionsSuccessStatus": 204
|
|
||||||
}
|
|
||||||
: {
|
|
||||||
origin: function(origin, callback) {
|
|
||||||
if ((origin === undefined) || originWhitelist.indexOf(origin) !== -1) {
|
|
||||||
callback(null, true);
|
|
||||||
} else {
|
|
||||||
let error = new Error(`CORS has blocked this website from access. Contact an administrator from ${host} if you feel this is in error.`);
|
|
||||||
error.code = "ECORS"
|
|
||||||
callback(error);
|
|
||||||
}
|
|
||||||
},
|
|
||||||
};
|
|
||||||
|
|
||||||
app.use(cors(corsOptions));
|
|
||||||
// Support per-request http-context
|
// Support per-request http-context
|
||||||
app.use(httpContext.middleware);
|
app.use(httpContext.middleware);
|
||||||
|
|
||||||
|
@ -179,16 +148,6 @@ function Server() {
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
app.use( (error, req, res, next) => {
|
|
||||||
if (error.code === 'ECORS'){
|
|
||||||
res.status(403);
|
|
||||||
res.send({message: error})
|
|
||||||
} else {
|
|
||||||
res.status(520);
|
|
||||||
res.send({ message: error });
|
|
||||||
}
|
|
||||||
})
|
|
||||||
|
|
||||||
this.app = app;
|
this.app = app;
|
||||||
};
|
};
|
||||||
this.createServer = () => {
|
this.createServer = () => {
|
||||||
|
|
|
@ -25,6 +25,7 @@ const publishingConfig = require('../../controllers/api/config/site/publishing')
|
||||||
const getTorList = require('../../controllers/api/tor');
|
const getTorList = require('../../controllers/api/tor');
|
||||||
const getBlockedList = require('../../controllers/api/blocked');
|
const getBlockedList = require('../../controllers/api/blocked');
|
||||||
const getOEmbedData = require('../../controllers/api/oEmbed');
|
const getOEmbedData = require('../../controllers/api/oEmbed');
|
||||||
|
const cors = require('cors');
|
||||||
|
|
||||||
export default {
|
export default {
|
||||||
// homepage routes
|
// homepage routes
|
||||||
|
@ -43,10 +44,10 @@ export default {
|
||||||
'/api/claim/data/:claimName/:claimId' : { controller: [ torCheckMiddleware, claimData ] },
|
'/api/claim/data/:claimName/:claimId' : { controller: [ torCheckMiddleware, claimData ] },
|
||||||
'/api/claim/get/:name/:claimId' : { controller: [ torCheckMiddleware, claimGet ] },
|
'/api/claim/get/:name/:claimId' : { controller: [ torCheckMiddleware, claimGet ] },
|
||||||
'/api/claim/list/:name' : { controller: [ torCheckMiddleware, claimList ] },
|
'/api/claim/list/:name' : { controller: [ torCheckMiddleware, claimList ] },
|
||||||
'/api/claim/long-id' : { method: 'post', controller: [ torCheckMiddleware, claimLongId ] }, // note: should be a 'get'
|
'/api/claim/long-id' : { method: 'post', controller: [ cors(), torCheckMiddleware, claimLongId ] }, // note: should be a 'get'
|
||||||
'/api/claim/publish' : { method: 'post', controller: [ torCheckMiddleware, autoblockPublishMiddleware, multipartMiddleware, autoblockPublishBodyMiddleware, claimPublish ] },
|
'/api/claim/publish' : { method: 'post', controller: [ cors(), torCheckMiddleware, autoblockPublishMiddleware, multipartMiddleware, autoblockPublishBodyMiddleware, claimPublish ] },
|
||||||
'/api/claim/update' : { method: 'post', controller: [ torCheckMiddleware, multipartMiddleware, claimUpdate ] },
|
'/api/claim/update' : { method: 'post', controller: [ cors(), torCheckMiddleware, multipartMiddleware, claimUpdate ] },
|
||||||
'/api/claim/abandon' : { method: 'post', controller: [ torCheckMiddleware, multipartMiddleware, claimAbandon ] },
|
'/api/claim/abandon' : { method: 'post', controller: [ cors(), torCheckMiddleware, multipartMiddleware, claimAbandon ] },
|
||||||
'/api/claim/resolve/:name/:claimId' : { controller: [ torCheckMiddleware, claimResolve ] },
|
'/api/claim/resolve/:name/:claimId' : { controller: [ torCheckMiddleware, claimResolve ] },
|
||||||
'/api/claim/short-id/:longId/:name' : { controller: [ torCheckMiddleware, claimShortId ] },
|
'/api/claim/short-id/:longId/:name' : { controller: [ torCheckMiddleware, claimShortId ] },
|
||||||
'/api/claim/views/:claimId' : { controller: [ torCheckMiddleware, claimViews ] },
|
'/api/claim/views/:claimId' : { controller: [ torCheckMiddleware, claimViews ] },
|
||||||
|
@ -55,7 +56,7 @@ export default {
|
||||||
// user routes
|
// user routes
|
||||||
'/api/user/password/' : { method: 'put', controller: [ torCheckMiddleware, userPassword ] },
|
'/api/user/password/' : { method: 'put', controller: [ torCheckMiddleware, userPassword ] },
|
||||||
// configs
|
// configs
|
||||||
'/api/config/site/publishing' : { controller: [ torCheckMiddleware, publishingConfig ] },
|
'/api/config/site/publishing' : { controller: [ cors(), torCheckMiddleware, publishingConfig ] },
|
||||||
// tor
|
// tor
|
||||||
'/api/tor' : { controller: [ torCheckMiddleware, getTorList ] },
|
'/api/tor' : { controller: [ torCheckMiddleware, getTorList ] },
|
||||||
// blocked
|
// blocked
|
||||||
|
|
Loading…
Reference in a new issue