add CORS and improve config

This commit is contained in:
hippoz 2022-03-01 21:32:08 +02:00
parent 7f59b666a2
commit d59f1be9e7
Signed by: hippoz
GPG key ID: 7C52899193467641
2 changed files with 18 additions and 2 deletions

View file

@ -3,7 +3,10 @@ export const watchedGuildIds = ["822089558886842418", "736292509134749807"];
export const jwtSecret = process.env.JWT_SECRET; export const jwtSecret = process.env.JWT_SECRET;
export const jwtHandoffSecret = process.env.JWT_HANDOFF_SECRET; export const jwtHandoffSecret = process.env.JWT_HANDOFF_SECRET;
export const discordToken = process.env.DISCORD_TOKEN; export const discordToken = process.env.DISCORD_TOKEN;
export const dangerousAdminMode = true; export const dangerousAdminMode = false;
export const allowedHosts = [
`http://localhost:${mainHttpListenPort}`
];
export const logContextMap = { export const logContextMap = {
DiscordClient: { DiscordClient: {
log: true, log: true,

View file

@ -1,6 +1,6 @@
import express from "express"; import express from "express";
import { guildMap, logger } from "../common.js"; import { guildMap, logger } from "../common.js";
import { dangerousAdminMode } from "../config.js"; import { allowedHosts, dangerousAdminMode } from "../config.js";
import { checkAuth, createHandoffToken, createToken, decodeHandoffToken } from "../tokens.js"; import { checkAuth, createHandoffToken, createToken, decodeHandoffToken } from "../tokens.js";
import { v4 } from "uuid"; import { v4 } from "uuid";
import { gatewayServer } from "../commonservers.js"; import { gatewayServer } from "../commonservers.js";
@ -9,6 +9,19 @@ const error = logger("error", "API");
const router = express(); const router = express();
// https://stackoverflow.com/questions/24897801/enable-access-control-allow-origin-for-multiple-domains-in-node-js
router.use((req, res, next) => {
const allowedOrigins = allowedHosts;
const origin = req.headers.origin;
if (allowedOrigins.includes(origin)) {
res.setHeader("Access-Control-Allow-Origin", origin);
}
res.header("Access-Control-Allow-Methods", "GET, OPTIONS");
res.header("Access-Control-Allow-Headers", "Content-Type, Authorization");
res.header("Access-Control-Allow-Credentials", false);
return next();
});
router.get("/", (req, res) => { router.get("/", (req, res) => {
res.status(200).send({ error: false, message: "SUCCESS_API_OK" }); res.status(200).send({ error: false, message: "SUCCESS_API_OK" });
}); });