CORS middlware (#82)

* add cors middlware * clean up
tarkov-database · Mar 25, 2023 · 20c70df · 20c70df
1 parent 47aa616
commit 20c70df
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 3 deletions.
diff --git a/middleware/cors/cors.go b/middleware/cors/cors.go
@@ -0,0 +1,69 @@
+package cors
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+
+	"github.com/julienschmidt/httprouter"
+)
+
+var corsOrigins []string
+
+func init() {
+	var err error
+
+	corsOrigins, err = parseCORSOrigins(os.Getenv("CORS_ALLOWED_ORIGINS"))
+	if err != nil {
+		log.Printf("CORS origin configuration error: %s\n", err)
+		os.Exit(2)
+	}
+}
+
+func parseCORSOrigins(originsStr string) ([]string, error) {
+	origins := []string{}
+
+	if originsStr != "" {
+		originsArr := strings.Split(originsStr, ",")
+		for _, origin := range originsArr {
+			origin = strings.TrimSpace(origin)
+			if origin != "" {
+				// Validate the URL
+				u, err := url.ParseRequestURI(origin)
+				if err != nil {
+					return nil, err
+				}
+				// Only allow http and https schemes
+				if u.Scheme != "http" && u.Scheme != "https" {
+					return nil, fmt.Errorf("invalid URL scheme %q in origin %q", u.Scheme, origin)
+				}
+				origins = append(origins, origin)
+			}
+		}
+	}
+
+	return origins, nil
+}
+
+func Handler(h httprouter.Handle) httprouter.Handle {
+	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+		if origin := r.Header.Get("Origin"); origin != "" {
+			for _, v := range corsOrigins {
+				if v == origin {
+					w.Header().Set("Access-Control-Allow-Origin", origin)
+					break
+				}
+			}
+		}
+
+		if r.Method == http.MethodOptions {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+
+		h(w, r, ps)
+	}
+}
diff --git a/route/route.go b/route/route.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	cntrl "github.com/tarkov-database/tileserver/controller"
+	"github.com/tarkov-database/tileserver/middleware/cors"
 
 	"github.com/julienschmidt/httprouter"
 )
@@ -19,15 +20,19 @@ func routes() *httprouter.Router {
 	r := httprouter.New()
 
 	// Index
-	r.GET(prefix, cntrl.IndexGET)
+	r.GET(prefix, middlwares(cntrl.IndexGET))
 	r.Handler("GET", "/", http.RedirectHandler(prefix, http.StatusMovedPermanently))
 
 	// Tileset
-	r.GET(prefix+"/:id", cntrl.TileJSONGET)
-	r.GET(prefix+"/:id/tiles/:z/:x/:y", cntrl.TileGET)
+	r.GET(prefix+"/:id", middlwares(cntrl.TileJSONGET))
+	r.GET(prefix+"/:id/tiles/:z/:x/:y", middlwares(cntrl.TileGET))
 
 	r.RedirectTrailingSlash = true
 	r.HandleOPTIONS = true
 
 	return r
 }
+
+func middlwares(h httprouter.Handle) httprouter.Handle {
+	return cors.Handler(h)
+}