From 8ded28beb3ed2c9cf1a299381580101c34f8a2a2 Mon Sep 17 00:00:00 2001 From: jessop Date: Tue, 8 Oct 2019 09:06:33 -0400 Subject: [PATCH] applies open cors to publish routes --- cli/defaults/siteConfig.json | 3 +-- server/index.js | 43 +----------------------------------- server/routes/api/index.js | 11 ++++----- 3 files changed, 8 insertions(+), 49 deletions(-) diff --git a/cli/defaults/siteConfig.json b/cli/defaults/siteConfig.json index e6366a3d..7b23113e 100644 --- a/cli/defaults/siteConfig.json +++ b/cli/defaults/siteConfig.json @@ -18,8 +18,7 @@ "host": "https://www.example.com", "description": "A decentralized hosting platform built on LBRY", "twitter": false, - "blockListEndpoint": "https://api.lbry.com/file/list_blocked", - "corsWhitelist": [] + "blockListEndpoint": "https://api.lbry.com/file/list_blocked" }, "publishing": { "primaryClaimAddress": null, diff --git a/server/index.js b/server/index.js index d96ba252..87455cea 100644 --- a/server/index.js +++ b/server/index.js @@ -3,7 +3,6 @@ const express = require('express'); const bodyParser = require('body-parser'); const expressHandlebars = require('express-handlebars'); const helmet = require('helmet'); -const cors = require('cors'); const cookieSession = require('cookie-session'); const http = require('http'); const logger = require('winston'); @@ -24,7 +23,7 @@ const processTrending = require('./utils/processTrending'); const { setRouteDataInContextMiddleware } = require('./middleware/httpContextMiddleware'); const { - details: { port: PORT, blockListEndpoint, corsWhitelist, host }, + details: { port: PORT, blockListEndpoint }, startup: { performChecks, performUpdates }, } = require('@config/siteConfig'); @@ -83,37 +82,7 @@ function Server() { // set HTTP headers to protect against well-known web vulnerabilties app.use(helmet()); - // open cors for site/config:host (current instance) - var originWhitelist = [ - host - ]; - // whitelist is found in site/config:details: - // enter corsWhitelist: ["*"] to allow all - // enter your domains otherwise:["https://example.com", ...] - if ( corsWhitelist && corsWhitelist.length ) { - originWhitelist = originWhitelist.concat(corsWhitelist); - } - var corsOptions = originWhitelist && originWhitelist.includes('*') - ? { - "origin": "*", - "methods": "GET,HEAD,PUT,PATCH,POST,DELETE", - "preflightContinue": false, - "optionsSuccessStatus": 204 - } - : { - origin: function(origin, callback) { - if ((origin === undefined) || originWhitelist.indexOf(origin) !== -1) { - callback(null, true); - } else { - let error = new Error(`CORS has blocked this website from access. Contact an administrator from ${host} if you feel this is in error.`); - error.code = "ECORS" - callback(error); - } - }, - }; - - app.use(cors(corsOptions)); // Support per-request http-context app.use(httpContext.middleware); @@ -179,16 +148,6 @@ function Server() { ); }); - app.use( (error, req, res, next) => { - if (error.code === 'ECORS'){ - res.status(403); - res.send({message: error}) - } else { - res.status(520); - res.send({ message: error }); - } - }) - this.app = app; }; this.createServer = () => { diff --git a/server/routes/api/index.js b/server/routes/api/index.js index a2b1c2b8..c2d6eda4 100644 --- a/server/routes/api/index.js +++ b/server/routes/api/index.js @@ -25,6 +25,7 @@ const publishingConfig = require('../../controllers/api/config/site/publishing') const getTorList = require('../../controllers/api/tor'); const getBlockedList = require('../../controllers/api/blocked'); const getOEmbedData = require('../../controllers/api/oEmbed'); +const cors = require('cors'); export default { // homepage routes @@ -43,10 +44,10 @@ export default { '/api/claim/data/:claimName/:claimId' : { controller: [ torCheckMiddleware, claimData ] }, '/api/claim/get/:name/:claimId' : { controller: [ torCheckMiddleware, claimGet ] }, '/api/claim/list/:name' : { controller: [ torCheckMiddleware, claimList ] }, - '/api/claim/long-id' : { method: 'post', controller: [ torCheckMiddleware, claimLongId ] }, // note: should be a 'get' - '/api/claim/publish' : { method: 'post', controller: [ torCheckMiddleware, autoblockPublishMiddleware, multipartMiddleware, autoblockPublishBodyMiddleware, claimPublish ] }, - '/api/claim/update' : { method: 'post', controller: [ torCheckMiddleware, multipartMiddleware, claimUpdate ] }, - '/api/claim/abandon' : { method: 'post', controller: [ torCheckMiddleware, multipartMiddleware, claimAbandon ] }, + '/api/claim/long-id' : { method: 'post', controller: [ cors(), torCheckMiddleware, claimLongId ] }, // note: should be a 'get' + '/api/claim/publish' : { method: 'post', controller: [ cors(), torCheckMiddleware, autoblockPublishMiddleware, multipartMiddleware, autoblockPublishBodyMiddleware, claimPublish ] }, + '/api/claim/update' : { method: 'post', controller: [ cors(), torCheckMiddleware, multipartMiddleware, claimUpdate ] }, + '/api/claim/abandon' : { method: 'post', controller: [ cors(), torCheckMiddleware, multipartMiddleware, claimAbandon ] }, '/api/claim/resolve/:name/:claimId' : { controller: [ torCheckMiddleware, claimResolve ] }, '/api/claim/short-id/:longId/:name' : { controller: [ torCheckMiddleware, claimShortId ] }, '/api/claim/views/:claimId' : { controller: [ torCheckMiddleware, claimViews ] }, @@ -55,7 +56,7 @@ export default { // user routes '/api/user/password/' : { method: 'put', controller: [ torCheckMiddleware, userPassword ] }, // configs - '/api/config/site/publishing' : { controller: [ torCheckMiddleware, publishingConfig ] }, + '/api/config/site/publishing' : { controller: [ cors(), torCheckMiddleware, publishingConfig ] }, // tor '/api/tor' : { controller: [ torCheckMiddleware, getTorList ] }, // blocked -- 2.45.2