coolaj86/goldilocks.js
1
0
Fork 1
Code Issues Pull Requests Releases Activity

added CORS header needed after recent change to OAuth3 library requests

Browse Source
This commit is contained in:
tigerbot 2017-10-25 13:35:06 -06:00
parent 72ff65e833
commit 20cf66c67d
1 changed files with 3 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/admin/apis.js
View File

@ -21,6 +21,7 @@ module.exports.create = function (deps, conf) {
res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*'); res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*');
res.setHeader('Access-Control-Allow-Methods', methods.join(', ')); res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
res.setHeader('Access-Control-Allow-Credentials', 'true');
if (req.method.toUpperCase() === 'OPTIONS') { if (req.method.toUpperCase() === 'OPTIONS') {
res.setHeader('Allow', methods.join(', ')); res.setHeader('Allow', methods.join(', '));
@ -60,13 +61,6 @@ module.exports.create = function (deps, conf) {
} }
function isAuthorized(req, res, fn) { function isAuthorized(req, res, fn) {
// OPTIONS requests are only to determine if a particular request is allowed, and the
// browser won't send the session header with this request, so don't try to authenticate.
if (req.method === 'OPTIONS') {
fn();
return;
}
var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, '')); var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
if (!auth) { if (!auth) {
res.statusCode = 401; res.statusCode = 401;
@ -558,10 +552,9 @@ module.exports.create = function (deps, conf) {
// add middleware without worrying too much about the consequences to older code. // add middleware without worrying too much about the consequences to older code.
app.use('/:name', handleOldApis); app.use('/:name', handleOldApis);
app.use('/', isAuthorized, jsonParser); // Not all routes support all of these methods, but not worth making this more specific
app.use('/', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE']), isAuthorized, jsonParser);
// Not all config routes support PUT or DELETE, but not worth making this more specific
app.use( '/config', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE']));
app.get( '/config', config.restful.readConfig); app.get( '/config', config.restful.readConfig);
app.get( '/config/:group', config.restful.readConfig); app.get( '/config/:group', config.restful.readConfig);
app.get( '/config/:group/:mod(modules)/:modId?', config.restful.readConfig); app.get( '/config/:group/:mod(modules)/:modId?', config.restful.readConfig);
@ -583,7 +576,6 @@ module.exports.create = function (deps, conf) {
app.put( '/config/domains/:domId', config.restful.updateDomain); app.put( '/config/domains/:domId', config.restful.updateDomain);
app.delete('/config/domains/:domId', config.restful.removeDomain); app.delete('/config/domains/:domId', config.restful.removeDomain);
app.use( '/tokens', makeCorsHandler(['GET', 'POST', 'DELETE']));
app.get( '/tokens', tokens.restful.getAll); app.get( '/tokens', tokens.restful.getAll);
app.get( '/tokens/:id', tokens.restful.getOne); app.get( '/tokens/:id', tokens.restful.getOne);
app.post( '/tokens', tokens.restful.save); app.post( '/tokens', tokens.restful.save);