add CORS to main api

This commit is contained in:
AJ ONeal 2016-06-08 14:05:10 -04:00
parent e24dd9bac6
commit 7525b7d0a7
3 changed files with 70 additions and 43 deletions

View File

@ -220,7 +220,17 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) {
};
}
var CORS = require('connect-cors');
var cors = CORS({ credentials: true, headers: [
'X-Requested-With'
, 'X-HTTP-Method-Override'
, 'Content-Type'
, 'Accept'
, 'Authorization'
], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] });
return function (req, res, next) {
cors(req, res, function () {
var experienceId = req.hostname + req.url.replace(/\/api\/.*/, '/').replace(/\/+/g, '#').replace(/#$/, '');
var apiId = req.url.replace(/.*\/api\//, '').replace(/\/.*/, '');
@ -248,5 +258,6 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) {
if (Date.now() - localCache.apis[experienceId].createdAt > (5 * 60 * 1000)) {
localCache.apis[experienceId] = { handler: loadApiHandler(experienceId), createdAt: Date.now() };
}
});
};
};

7
lib/bootstrap.js vendored
View File

@ -48,10 +48,9 @@ module.exports.create = function (app, xconfx, models) {
function errorIfNotApi(req, res, next) {
// if it's not an ip address
if (/[a-z]+/.test(req.headers.host)) {
if (!/^api\./.test(req.headers.host)) {
console.log('req.headers.host');
console.log(req.headers.host);
if (/[a-z]+/.test(req.hostname || req.headers.host)) {
if (!/^api\./.test(req.hostname || req.headers.host)) {
console.warn('not API req.headers.host:', req.hostname || req.headers.host);
res.send({ error: { message: "no api. subdomain prefix" } });
return;
}

View File

@ -10,6 +10,8 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) {
var apiApp;
var setupDomain = xconfx.setupDomain = ('cloud.' + xconfx.primaryDomain);
var setupApp;
var CORS;
var cors;
function redirectHttpsHelper(req, res) {
var host = req.hostname || req.headers.host || '';
@ -58,6 +60,20 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) {
res.end(metaRedirect);
}
function redirectSetup(reason, req, res/*, next*/) {
var url = 'https://cloud.' + xconfx.primaryDomain;
if (443 !== xconfx.externalPort) {
url += ':' + xconfx.externalPort;
}
url += '#referrer=' + reason;
res.statusCode = 302;
res.setHeader('Location', url);
res.end();
}
function redirectHttps(req, res) {
if (localCache.le[req.hostname]) {
if (localCache.le[req.hostname].conf) {
@ -222,20 +238,6 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) {
});
}
function redirectSetup(reason, req, res/*, next*/) {
var url = 'https://cloud.' + xconfx.primaryDomain;
if (443 !== xconfx.externalPort) {
url += ':' + xconfx.externalPort;
}
url += '#referrer=' + reason;
res.statusCode = 302;
res.setHeader('Location', url);
res.end();
}
function serveStatic(req, res, next) {
// If we get this far we can be pretty confident that
// the domain was already set up because it's encrypted
@ -274,6 +276,21 @@ module.exports.create = function (app, xconfx, apiFactories, apiDeps) {
if (!apiApp) {
apiApp = require('./apis').create(xconfx, apiFactories, apiDeps);
}
if (/^OPTIONS$/i.test(req.method)) {
if (!cors) {
CORS = require('connect-cors');
cors = CORS({ credentials: true, headers: [
'X-Requested-With'
, 'X-HTTP-Method-Override'
, 'Content-Type'
, 'Accept'
, 'Authorization'
], methods: [ "GET", "POST", "PATCH", "PUT", "DELETE" ] });
}
cors(req, res, apiApp);
}
apiApp(req, res, next);
return;
}