added CORS support for com.daplie.goldilocks api calls

This is needed in order to support set up from the installer
This commit is contained in:
tigerbot 2017-06-09 16:33:49 -06:00
parent e96ebfc1fc
commit 78c1fb344e
1 changed files with 43 additions and 2 deletions

View File

@ -19,6 +19,27 @@ module.exports.create = function (deps, conf) {
}); });
*/ */
function handleCors(req, res, methods) {
if (!methods) {
methods = ['GET', 'POST'];
}
if (!Array.isArray(methods)) {
methods = [ methods ];
}
res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*');
res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
if (req.method.toUpperCase() !== 'OPTIONS') {
return false;
}
res.setHeader('Allow', methods.join(', '));
res.end();
return true;
}
function isAuthorized(req, res, fn) { function isAuthorized(req, res, fn) {
var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, '')); var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
if (!auth) { if (!auth) {
@ -42,11 +63,21 @@ module.exports.create = function (deps, conf) {
return { return {
init: function (req, res) { init: function (req, res) {
if (handleCors(req, res, 'POST')) {
return;
}
if (req.method !== 'POST') {
res.statusCode = 405;
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({ error: { message: 'method '+req.method+' not allowed'}}));
return;
}
jsonParser(req, res, function () { jsonParser(req, res, function () {
return deps.PromiseA.resolve().then(function () { return deps.PromiseA.resolve().then(function () {
console.log('init POST body', req.body);
console.log('req.body', req.body);
var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, '')); var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
var token = jwt.decode(req.body.access_token); var token = jwt.decode(req.body.access_token);
var refresh = jwt.decode(req.body.refresh_token); var refresh = jwt.decode(req.body.refresh_token);
@ -109,7 +140,8 @@ module.exports.create = function (deps, conf) {
res.setHeader('Content-Type', 'application/json;'); res.setHeader('Content-Type', 'application/json;');
res.end(JSON.stringify({ success: true })); res.end(JSON.stringify({ success: true }));
}); });
}, function (err) { })
.catch(function (err) {
res.setHeader('Content-Type', 'application/json;'); res.setHeader('Content-Type', 'application/json;');
res.end(JSON.stringify({ error: { message: err.message, code: err.code, uri: err.uri } })); res.end(JSON.stringify({ error: { message: err.message, code: err.code, uri: err.uri } }));
}); });
@ -117,6 +149,9 @@ module.exports.create = function (deps, conf) {
}); });
} }
, tunnel: function (req, res) { , tunnel: function (req, res) {
if (handleCors(req, res)) {
return;
}
isAuthorized(req, res, function () { isAuthorized(req, res, function () {
if ('POST' !== req.method) { if ('POST' !== req.method) {
res.setHeader('Content-Type', 'application/json'); res.setHeader('Content-Type', 'application/json');
@ -144,6 +179,9 @@ module.exports.create = function (deps, conf) {
}); });
} }
, config: function (req, res) { , config: function (req, res) {
if (handleCors(req, res)) {
return;
}
isAuthorized(req, res, function () { isAuthorized(req, res, function () {
if ('POST' !== req.method) { if ('POST' !== req.method) {
res.setHeader('Content-Type', 'application/json;'); res.setHeader('Content-Type', 'application/json;');
@ -163,6 +201,9 @@ module.exports.create = function (deps, conf) {
}); });
} }
, request: function (req, res) { , request: function (req, res) {
if (handleCors(req, res, '*')) {
return;
}
isAuthorized(req, res, function () { isAuthorized(req, res, function () {
jsonParser(req, res, function () { jsonParser(req, res, function () {