Staging #1066
4 changed files with 57 additions and 5 deletions
|
|
@ -18,7 +18,8 @@
|
|||
"host": "https://www.example.com",
|
||||
"description": "A decentralized hosting platform built on LBRY",
|
||||
"twitter": false,
|
||||
"blockListEndpoint": "https://api.lbry.com/file/list_blocked"
|
||||
"blockListEndpoint": "https://api.lbry.com/file/list_blocked",
|
||||
"corsWhitelist": []
|
||||
},
|
||||
"publishing": {
|
||||
"primaryClaimAddress": null,
|
||||
|
|
|
|||
15
package-lock.json
generated
15
package-lock.json
generated
|
|
@ -3611,6 +3611,15 @@
|
|||
"resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
|
||||
"integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
|
||||
},
|
||||
"cors": {
|
||||
"version": "2.8.5",
|
||||
"resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
|
||||
"integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
|
||||
"requires": {
|
||||
"object-assign": "^4",
|
||||
"vary": "^1"
|
||||
}
|
||||
},
|
||||
"cosmiconfig": {
|
||||
"version": "5.0.7",
|
||||
"resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-5.0.7.tgz",
|
||||
|
|
@ -8605,9 +8614,9 @@
|
|||
}
|
||||
},
|
||||
"mixin-deep": {
|
||||
"version": "1.3.1",
|
||||
"resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz",
|
||||
"integrity": "sha512-8ZItLHeEgaqEvd5lYBXfm4EZSFCX29Jb9K+lAHhDKzReKBQKj3R+7NOF6tjqYi9t4oI8VUfaWITJQm86wnXGNQ==",
|
||||
"version": "1.3.2",
|
||||
"resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz",
|
||||
"integrity": "sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"for-in": "^1.0.2",
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@
|
|||
"body-parser": "^1.18.3",
|
||||
"connect-multiparty": "^2.2.0",
|
||||
"cookie-session": "^2.0.0-beta.3",
|
||||
"cors": "^2.8.5",
|
||||
"express": "^4.16.4",
|
||||
"express-handlebars": "^3.0.0",
|
||||
"express-http-context": "^1.2.0",
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ const express = require('express');
|
|||
const bodyParser = require('body-parser');
|
||||
const expressHandlebars = require('express-handlebars');
|
||||
const helmet = require('helmet');
|
||||
const cors = require('cors');
|
||||
const cookieSession = require('cookie-session');
|
||||
const http = require('http');
|
||||
const logger = require('winston');
|
||||
|
|
@ -23,7 +24,7 @@ const processTrending = require('./utils/processTrending');
|
|||
const { setRouteDataInContextMiddleware } = require('./middleware/httpContextMiddleware');
|
||||
|
||||
const {
|
||||
details: { port: PORT, blockListEndpoint },
|
||||
details: { port: PORT, blockListEndpoint, corsWhitelist, host },
|
||||
startup: { performChecks, performUpdates },
|
||||
} = require('@config/siteConfig');
|
||||
|
||||
|
|
@ -82,7 +83,37 @@ function Server() {
|
|||
|
||||
// set HTTP headers to protect against well-known web vulnerabilties
|
||||
app.use(helmet());
|
||||
// open cors for site/config:host (current instance)
|
||||
var originWhitelist = [
|
||||
host
|
||||
];
|
||||
// whitelist is found in site/config:details:
|
||||
// enter corsWhitelist: ["*"] to allow all
|
||||
// enter your domains otherwise:["https://example.com", ...]
|
||||
if ( corsWhitelist && corsWhitelist.length ) {
|
||||
originWhitelist = originWhitelist.concat(corsWhitelist);
|
||||
}
|
||||
|
||||
var corsOptions = originWhitelist && originWhitelist.includes('*')
|
||||
? {
|
||||
"origin": "*",
|
||||
"methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
|
||||
"preflightContinue": false,
|
||||
"optionsSuccessStatus": 204
|
||||
}
|
||||
: {
|
||||
origin: function(origin, callback) {
|
||||
if ((origin === undefined) || originWhitelist.indexOf(origin) !== -1) {
|
||||
callback(null, true);
|
||||
} else {
|
||||
let error = new Error(`CORS has blocked this website from access. Contact an administrator from ${host} if you feel this is in error.`);
|
||||
error.code = "ECORS"
|
||||
callback(error);
|
||||
}
|
||||
},
|
||||
};
|
||||
|
||||
app.use(cors(corsOptions));
|
||||
// Support per-request http-context
|
||||
app.use(httpContext.middleware);
|
||||
|
||||
|
|
@ -148,6 +179,16 @@ function Server() {
|
|||
);
|
||||
});
|
||||
|
||||
app.use( (error, req, res, next) => {
|
||||
if (error.code === 'ECORS'){
|
||||
res.status(403);
|
||||
res.send({message: error})
|
||||
} else {
|
||||
res.status(520);
|
||||
res.send({ message: error });
|
||||
}
|
||||
})
|
||||
|
||||
this.app = app;
|
||||
};
|
||||
this.createServer = () => {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue