Add config options for cors handling (#124)

Add config options for cors handling Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/124
2020-01-26 19:09:54 +00:00 · 2020-01-26 19:09:54 +00:00 · b2b1546a8f
commit b2b1546a8f
parent 7e9446ea07
4 changed files with 44 additions and 10 deletions
--- a/config.yml.sample
+++ b/config.yml.sample
@ -63,6 +63,15 @@ redis:
  # 0 means default database
  db: 0
 cors:
  # Whether to enable or disable cors headers.
  enable: true
  # A list of origins which may access the api.
  origins:
    - *
  # How long (in seconds) the results of a preflight request can be cached.
  maxage: 0
 mailer:
  # Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
  enabled: false
--- a/docs/content/doc/setup/config.md
+++ b/docs/content/doc/setup/config.md
@ -106,6 +106,15 @@ redis:
  # 0 means default database
  db: 0
 cors:
  # Whether to enable or disable cors headers.
  enable: true
  # A list of origins which may access the api.
  origins:
    - *
  # How long (in seconds) the results of a preflight request can be cached.
  maxage: 0
 mailer:
  # Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
  enabled: false
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -94,6 +94,10 @@ const (
 	MigrationWunderlistClientID     Key = `migration.wunderlist.clientid`
 	MigrationWunderlistClientSecret Key = `migration.wunderlist.clientsecret`
 	MigrationWunderlistRedirectURL  Key = `migration.wunderlist.redirecturl`
 	CorsEnable  Key = `cors.enable`
 	CorsOrigins Key = `cors.origins`
 	CorsMaxAge  Key = `cors.maxage`
 )
 // GetString returns a string config value
@ -121,6 +125,11 @@ func (k Key) GetDuration() time.Duration {
 	return viper.GetDuration(string(k))
 }
 // GetStringSlice returns a string slice from a config option
 func (k Key) GetStringSlice() []string {
 	return viper.GetStringSlice(string(k))
 }
 // Set sets a value
 func (k Key) Set(i interface{}) {
 	viper.Set(string(k), i)
@ -205,6 +214,10 @@ func InitDefaultConfig() {
 	// Files
 	FilesBasePath.setDefault("files")
 	FilesMaxSize.setDefault("20MB")
 	// Cors
 	CorsEnable.setDefault(true)
 	CorsOrigins.setDefault([]string{"*"})
 	CorsMaxAge.setDefault(0)
 }
 // InitConfig initializes the config, sets defaults etc.
--- a/pkg/routes/routes.go
+++ b/pkg/routes/routes.go
@ -138,16 +138,19 @@ func RegisterRoutes(e *echo.Echo) {
 	}
 	// CORS_SHIT
-	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
+	if config.CorsEnable.GetBool() {
-		AllowOrigins: []string{"*"},
+		e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
-		Skipper: func(context echo.Context) bool {
+			AllowOrigins: config.CorsOrigins.GetStringSlice(),
-			// Since it is not possible to register this middleware just for the api group,
+			MaxAge:       config.CorsMaxAge.GetInt(),
-			// we just disable it when for caldav requests.
+			Skipper: func(context echo.Context) bool {
-			// Caldav requires OPTIONS requests to be answered in a specific manner,
+				// Since it is not possible to register this middleware just for the api group,
-			// not doing this would break the caldav implementation
+				// we just disable it when for caldav requests.
-			return strings.HasPrefix(context.Path(), "/dav")
+				// Caldav requires OPTIONS requests to be answered in a specific manner,
-		},
+				// not doing this would break the caldav implementation
-	}))
+				return strings.HasPrefix(context.Path(), "/dav")
 			},
 		}))
 	}
 	// API Routes
 	a := e.Group("/api/v1")