rework cors, fix WAN origin

This commit is contained in:
Roberto Hidalgo 2023-01-04 01:07:56 -06:00
parent c4d226db22
commit 9caab0ac94

View File

@ -37,7 +37,7 @@ type HTTPConfig struct {
// Listen is a hostname:port // Listen is a hostname:port
Listen string `yaml:"listen"` Listen string `yaml:"listen"`
// Origin describes the http origins to allow // Origin describes the http origins to allow
Origin string `yaml:"domain"` Origin string `yaml:"origin"`
} }
type Config struct { type Config struct {
@ -53,7 +53,7 @@ func ConfigDefaults(dbPath string) *Config {
DB: dbPath, DB: dbPath,
HTTP: &HTTPConfig{ HTTP: &HTTPConfig{
Listen: "localhost:8000", Listen: "localhost:8000",
Origin: "http://localhost:8000", Origin: "localhost",
}, },
} }
} }
@ -71,6 +71,10 @@ type auditLog struct {
func newAuditLog(r *http.Request, err error) *auditLog { func newAuditLog(r *http.Request, err error) *auditLog {
u := user.FromContext(r) u := user.FromContext(r)
ip := r.RemoteAddr ip := r.RemoteAddr
xforward := r.Header.Get("X-Forwarded-For")
if xforward != "" {
ip = xforward
}
ua := r.Header.Get("user-agent") ua := r.Header.Get("user-agent")
al := &auditLog{ al := &auditLog{
@ -94,18 +98,21 @@ func newAuditLog(r *http.Request, err error) *auditLog {
func allowCORS(handler httprouter.Handle) httprouter.Handle { func allowCORS(handler httprouter.Handle) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, params httprouter.Params) { return func(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
header := w.Header() output := w.Header()
header.Set("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE") input := r.Header
header.Set("Access-Control-Allow-Origin", "http://localhost:8080")
header.Set("Access-Control-Allow-Credentials", "true")
header.Set("Access-Control-Allow-Headers", "content-type,webauthn")
header.Set("Access-Control-Expose-Headers", "webauthn")
if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" { if input.Get("Access-Control-Request-Method") != "" {
// Set CORS headers output.Set("Access-Control-Allow-Methods", input.Get("Allow"))
// Adjust status code to 204 output.Set("Access-Control-Allow-Origin", r.Host)
w.WriteHeader(http.StatusOK) output.Set("Access-Control-Allow-Credentials", "true")
return output.Set("Access-Control-Allow-Headers", "content-type,webauthn")
output.Set("Access-Control-Expose-Headers", "webauthn")
if r.Method == http.MethodOptions {
// Set CORS headers
// Adjust status code to 204
w.WriteHeader(http.StatusOK)
return
}
} }
if handler != nil { if handler != nil {
@ -114,21 +121,6 @@ func allowCORS(handler httprouter.Handle) httprouter.Handle {
} }
} }
func CORS(w http.ResponseWriter, r *http.Request) {
if r.Header.Get("Access-Control-Request-Method") != "" {
// Set CORS headers
header := w.Header()
header.Set("Access-Control-Allow-Methods", r.Header.Get("Allow"))
header.Set("Access-Control-Allow-Origin", "http://localhost:8080")
header.Set("Access-Control-Allow-Credentials", "true")
header.Set("Access-Control-Allow-Headers", "content-type,webauthn")
header.Set("Access-Control-Expose-Headers", "webauthn")
}
// Adjust status code to 204
w.WriteHeader(http.StatusNoContent)
}
func rex(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { func rex(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var err error var err error
u := user.FromContext(r) u := user.FromContext(r)
@ -162,7 +154,9 @@ var _db db.Session
func Initialize(config *Config) (http.Handler, error) { func Initialize(config *Config) (http.Handler, error) {
router := httprouter.New() router := httprouter.New()
router.GlobalOPTIONS = http.HandlerFunc(CORS) router.GlobalOPTIONS = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
allowCORS(nil)(w, r, nil)
})
db := sqlite.ConnectionURL{ db := sqlite.ConnectionURL{
Database: config.DB, Database: config.DB,
@ -184,7 +178,7 @@ func Initialize(config *Config) (http.Handler, error) {
wan, err := webauthn.New(&webauthn.Config{ wan, err := webauthn.New(&webauthn.Config{
RPDisplayName: config.Name, RPDisplayName: config.Name,
RPID: config.HTTP.Origin, RPID: config.HTTP.Origin,
RPOrigins: []string{config.HTTP.Listen}, RPOrigins: []string{config.HTTP.Origin},
// RPIcon: "https://go-webauthn.local/logo.png", // RPIcon: "https://go-webauthn.local/logo.png",
}) })
if err != nil { if err != nil {