Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-03-26 02:11:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix cors middleware (#2450)

Browse Source 
* fix cors response

* fix cors properly
This commit is contained in:
Aiden McClelland
2023-10-09 17:34:27 -06:00
committed by GitHub
parent 23b0674ac0
commit 7632373097
2 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
backend/src/middleware/cors.rs
View File

@@ -1,4 +1,6 @@
use futures::FutureExt; use futures::FutureExt;
use http::HeaderValue;
use hyper::header::HeaderMap;
use rpc_toolkit::hyper::http::Error as HttpError; use rpc_toolkit::hyper::http::Error as HttpError;
use rpc_toolkit::hyper::{Body, Method, Request, Response}; use rpc_toolkit::hyper::{Body, Method, Request, Response};
use rpc_toolkit::rpc_server_helpers::{ use rpc_toolkit::rpc_server_helpers::{
@@ -6,24 +8,35 @@ use rpc_toolkit::rpc_server_helpers::{
}; };
use rpc_toolkit::Metadata; use rpc_toolkit::Metadata;
fn get_cors_headers(req: &Request<Body>) -> HeaderMap {
let mut res = HeaderMap::new();
if let Some(origin) = req.headers().get("Origin") {
res.insert("Access-Control-Allow-Origin", origin.clone());
}
if let Some(method) = req.headers().get("Access-Control-Request-Method") {
res.insert("Access-Control-Allow-Methods", method.clone());
}
if let Some(headers) = req.headers().get("Access-Control-Request-Headers") {
res.insert("Access-Control-Allow-Headers", headers.clone());
}
res.insert(
"Access-Control-Allow-Credentials",
HeaderValue::from_static("true"),
);
res
}
pub async fn cors<M: Metadata>( pub async fn cors<M: Metadata>(
req: &mut Request<Body>, req: &mut Request<Body>,
_metadata: M, _metadata: M,
) -> Result<Result<DynMiddlewareStage2, Response<Body>>, HttpError> { ) -> Result<Result<DynMiddlewareStage2, Response<Body>>, HttpError> {
let headers = get_cors_headers(req);
if req.method() == Method::OPTIONS { if req.method() == Method::OPTIONS {
Ok(Err(Response::builder() Ok(Err({
.header( let mut res = Response::new(Body::empty());
"Access-Control-Allow-Origin", res.headers_mut().extend(headers.into_iter());
if let Some(origin) = req.headers().get("origin").and_then(|s| s.to_str().ok()) { res
origin }))
} else {
"*"
},
)
.header("Access-Control-Allow-Methods", "*")
.header("Access-Control-Allow-Headers", "*")
.header("Access-Control-Allow-Credentials", "true")
.body(Body::empty())?))
} else { } else {
Ok(Ok(Box::new(|_, _| { Ok(Ok(Box::new(|_, _| {
async move { async move {
@@ -31,8 +44,7 @@ pub async fn cors<M: Metadata>(
async move { async move {
let res: DynMiddlewareStage4 = Box::new(|res| { let res: DynMiddlewareStage4 = Box::new(|res| {
async move { async move {
res.headers_mut() res.headers_mut().extend(headers.into_iter());
.insert("Access-Control-Allow-Origin", "*".parse()?);
Ok::<_, HttpError>(()) Ok::<_, HttpError>(())
} }
.boxed() .boxed()

6
backend/src/net/ssl.rs
View File

@@ -18,14 +18,12 @@ use rpc_toolkit::command;
use tokio::sync::{Mutex, RwLock}; use tokio::sync::{Mutex, RwLock};
use tracing::instrument; use tracing::instrument;
use crate::account::AccountInfo;
use crate::context::{self, RpcContext};
use crate::hostname::Hostname; use crate::hostname::Hostname;
use crate::net::dhcp::ips; use crate::net::dhcp::ips;
use crate::net::keys::{Key, KeyInfo}; use crate::net::keys::{Key, KeyInfo};
use crate::prelude::*; use crate::prelude::*;
use crate::{
account::AccountInfo,
context::{self, RpcContext},
};
use crate::{Error, ErrorKind, ResultExt}; use crate::{Error, ErrorKind, ResultExt};
static CERTIFICATE_VERSION: i32 = 2; // X509 version 3 is actually encoded as '2' in the cert because fuck you. static CERTIFICATE_VERSION: i32 = 2; // X509 version 3 is actually encoded as '2' in the cert because fuck you.