moves whitelist to config and catches errors #1039
2 changed files with 36 additions and 12 deletions
|
@ -18,7 +18,8 @@
|
||||||
"host": "https://www.example.com",
|
"host": "https://www.example.com",
|
||||||
"description": "A decentralized hosting platform built on LBRY",
|
"description": "A decentralized hosting platform built on LBRY",
|
||||||
"twitter": false,
|
"twitter": false,
|
||||||
"blockListEndpoint": "https://api.lbry.com/file/list_blocked"
|
"blockListEndpoint": "https://api.lbry.com/file/list_blocked",
|
||||||
|
"corsWhitelist": []
|
||||||
},
|
},
|
||||||
"publishing": {
|
"publishing": {
|
||||||
"primaryClaimAddress": null,
|
"primaryClaimAddress": null,
|
||||||
|
|
|
@ -24,7 +24,7 @@ const processTrending = require('./utils/processTrending');
|
||||||
const { setRouteDataInContextMiddleware } = require('./middleware/httpContextMiddleware');
|
const { setRouteDataInContextMiddleware } = require('./middleware/httpContextMiddleware');
|
||||||
|
|
||||||
const {
|
const {
|
||||||
details: { port: PORT, blockListEndpoint },
|
details: { port: PORT, blockListEndpoint, corsWhitelist, host },
|
||||||
startup: { performChecks, performUpdates },
|
startup: { performChecks, performUpdates },
|
||||||
} = require('@config/siteConfig');
|
} = require('@config/siteConfig');
|
||||||
|
|
||||||
|
@ -83,23 +83,36 @@ function Server() {
|
||||||
|
|
||||||
// set HTTP headers to protect against well-known web vulnerabilties
|
// set HTTP headers to protect against well-known web vulnerabilties
|
||||||
app.use(helmet());
|
app.use(helmet());
|
||||||
// open cors for lbry.tv lbry.tech localhost lbry.com
|
// open cors for site/config:host (current instance)
|
||||||
var whitelist = [
|
var originWhitelist = [
|
||||||
'https://lbry.com',
|
host
|
||||||
'https://lbry.tech',
|
|
||||||
'https://lbry.tv',
|
|
||||||
'http://localhost',
|
|
||||||
'http://localhost:1337',
|
|
||||||
];
|
];
|
||||||
var corsOptions = {
|
// whitelist is found in site/config:details:
|
||||||
|
// enter corsWhitelist: ["*"] to allow all
|
||||||
|
// enter your domains otherwise:["https://example.com", ...]
|
||||||
|
if ( corsWhitelist && corsWhitelist.length ) {
|
||||||
|
originWhitelist = originWhitelist.concat(corsWhitelist);
|
||||||
|
}
|
||||||
|
|
||||||
|
var corsOptions = originWhitelist && originWhitelist.includes('*')
|
||||||
|
? {
|
||||||
|
"origin": "*",
|
||||||
|
"methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
|
||||||
|
"preflightContinue": false,
|
||||||
|
"optionsSuccessStatus": 204
|
||||||
|
}
|
||||||
|
: {
|
||||||
origin: function(origin, callback) {
|
origin: function(origin, callback) {
|
||||||
if (whitelist.indexOf(origin) !== -1) {
|
if ((origin === undefined) || originWhitelist.indexOf(origin) !== -1) {
|
||||||
callback(null, true);
|
callback(null, true);
|
||||||
} else {
|
} else {
|
||||||
callback(new Error('Not allowed by CORS'));
|
let error = new Error(`CORS has blocked this website from access. Contact an administrator from ${host} if you feel this is in error.`);
|
||||||
|
error.code = "ECORS"
|
||||||
|
callback(error);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
app.use(cors(corsOptions));
|
app.use(cors(corsOptions));
|
||||||
// Support per-request http-context
|
// Support per-request http-context
|
||||||
app.use(httpContext.middleware);
|
app.use(httpContext.middleware);
|
||||||
|
@ -166,6 +179,16 @@ function Server() {
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
app.use( (error, req, res, next) => {
|
||||||
|
if (error.code === 'ECORS'){
|
||||||
|
res.status(403);
|
||||||
|
res.send({message: error})
|
||||||
|
} else {
|
||||||
|
res.status(520);
|
||||||
|
res.send({ message: error });
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
this.app = app;
|
this.app = app;
|
||||||
};
|
};
|
||||||
this.createServer = () => {
|
this.createServer = () => {
|
||||||
|
|
Loading…
Reference in a new issue