feat: added allowed hosts, schemes, headers config

Author: duruer

src/main/kotlin/co/statu/parsek/config/ParsekConfig.kt

@@ -11,7 +11,21 @@ data class ParsekConfig(
 ) {
     companion object {
         data class RouterConfig(
-            @SerializedName("api-prefix") var apiPrefix: String = "/api"
+            @SerializedName("api-prefix") var apiPrefix: String = "/api",
+            @SerializedName("allowed-hosts") var allowedHosts: Set<String> = setOf("localhost", "127.0.0.1", "0.0.0.0"),
+            @SerializedName("allowed-schemes") var allowedSchemes: Set<String> = setOf("http", "https"),
+            @SerializedName("allowed-headers") var allowedHeaders: Set<String> = setOf(
+                "x-requested-with",
+                "Access-Control-Allow-Origin",
+                "origin",
+                "Content-Type",
+                "accept",
+                "X-PINGARUNER",
+                "x-csrf-token"
+            ),
+            @SerializedName("allowed-methods") var allowedMethods: Set<String> = setOf(
+                "GET", "POST", "OPTIONS", "DELETE", "PATCH", "PUT"
+            )
         )
 
         data class ServerConfig(

src/main/kotlin/co/statu/parsek/config/migration/ConfigMigration3To4.kt

@@ -0,0 +1,47 @@
+package co.statu.parsek.config.migration
+
+import co.statu.parsek.annotation.Migration
+import co.statu.parsek.config.ConfigMigration
+import io.vertx.core.json.JsonArray
+import io.vertx.core.json.JsonObject
+
+@Migration
+class ConfigMigration3To4 : ConfigMigration(3, 4, "Add CORS configuration to router section") {
+    override fun migrate(config: JsonObject) {
+        val router = config.getJsonObject("router") ?: JsonObject().also { config.put("router", it) }
+
+        if (!router.containsKey("allowed-hosts")) {
+            router.put("allowed-hosts", JsonArray(listOf("localhost", "127.0.0.1", "0.0.0.0")))
+        }
+
+        if (!router.containsKey("allowed-schemes")) {
+            router.put("allowed-schemes", JsonArray(listOf("http", "https")))
+        }
+
+        if (!router.containsKey("allowed-headers")) {
+            router.put(
+                "allowed-headers", JsonArray(
+                    listOf(
+                        "x-requested-with",
+                        "Access-Control-Allow-Origin",
+                        "origin",
+                        "Content-Type",
+                        "accept",
+                        "X-PINGARUNER",
+                        "x-csrf-token"
+                    )
+                )
+            )
+        }
+
+        if (!router.containsKey("allowed-methods")) {
+            router.put(
+                "allowed-methods", JsonArray(
+                    listOf(
+                        "GET", "POST", "OPTIONS", "DELETE", "PATCH", "PUT"
+                    )
+                )
+            )
+        }
+    }
+}

src/main/kotlin/co/statu/parsek/model/Route.kt

@@ -16,49 +16,39 @@ abstract class Route {
 
     abstract fun getHandler(): Handler<RoutingContext>
 
-    open val allowedSchemes = setOf("http", "https")
-    open val allowedHosts = setOf("localhost", "127.0.0.1", "0.0.0.0")
-
-    open val allowedHeaders = setOf(
-        "x-requested-with",
-        "Access-Control-Allow-Origin",
-        "origin",
-        "Content-Type",
-        "accept",
-        "X-PINGARUNER",
-        "x-csrf-token"
-    )
-
-    open val allowedMethods = setOf<HttpMethod>(
-        HttpMethod.GET,
-        HttpMethod.POST,
-        HttpMethod.OPTIONS,
-        HttpMethod.DELETE,
-        HttpMethod.PATCH,
-        HttpMethod.PUT
-    )
-
-    open fun corsHandler(): Handler<RoutingContext>? = Handler { ctx ->
+    open val allowedSchemes: Set<String> = emptySet()
+    open val allowedHosts: Set<String> = emptySet()
+
+    open val allowedHeaders: Set<String> = emptySet()
+
+    open val allowedMethods: Set<HttpMethod> = emptySet()
+
+    open fun corsHandler(
+        hosts: Set<String> = allowedHosts,
+        schemes: Set<String> = allowedSchemes,
+        headers: Set<String> = allowedHeaders,
+        methods: Set<HttpMethod> = allowedMethods
+    ): Handler<RoutingContext>? = Handler { ctx ->
         val origin = ctx.request().getHeader("Origin")
         if (origin != null) {
             try {
                 val uri = URI(origin)
                 // Check the scheme and host
-                if (uri.scheme in allowedSchemes && uri.host in allowedHosts) {
+                if (uri.scheme in schemes && uri.host in hosts) {
                     // If the origin is allowed, add it to the response header
-                    ctx.response().putHeader("Access-Control-Allow-Origin", "*")
+                    ctx.response().putHeader("Access-Control-Allow-Origin", origin)
                 }
             } catch (_: Exception) {
                 // If the URI cannot be parsed, do not add any header.
             }
         }
 
         // Add the allowed methods to the header:
-        val methodsAsString = allowedMethods.joinToString(",") { it.name() }
+        val methodsAsString = methods.joinToString(",") { it.name() }
         ctx.response().putHeader("Access-Control-Allow-Methods", methodsAsString)
 
         // Add the allowed headers to the header:
-        val headersAsString = allowedHeaders.joinToString(",")
+        val headersAsString = headers.joinToString(",")
         ctx.response().putHeader("Access-Control-Allow-Headers", headersAsString)
 
         // If it's a Preflight (OPTIONS) request, end the response immediately:
@@ -69,6 +59,8 @@ abstract class Route {
         }
     }
 
+    open fun corsHandler(): Handler<RoutingContext>? = corsHandler()
+
     open fun bodyHandler(): Handler<RoutingContext>? = BodyHandler.create()
 
     open fun getValidationHandler(schemaRepository: SchemaRepository): ValidationHandler? =

src/main/kotlin/co/statu/parsek/route/RouterProvider.kt

@@ -10,6 +10,7 @@ import co.statu.parsek.config.ConfigManager
 import co.statu.parsek.model.Api
 import co.statu.parsek.model.Route
 import io.vertx.core.Vertx
+import io.vertx.core.http.HttpMethod
 import io.vertx.ext.web.Router
 import io.vertx.ext.web.handler.SessionHandler
 import io.vertx.ext.web.sstore.LocalSessionStore
@@ -149,7 +150,13 @@ class RouterProvider private constructor(
                     routedRoute.handler(bodyHandler)
                 }
 
-                val corsHandler = route.corsHandler()
+                val corsHandler = route.corsHandler(
+                    hosts = route.allowedHosts.takeIf { it.isNotEmpty() } ?: routerConfig.allowedHosts,
+                    schemes = route.allowedSchemes.takeIf { it.isNotEmpty() } ?: routerConfig.allowedSchemes,
+                    headers = route.allowedHeaders.takeIf { it.isNotEmpty() } ?: routerConfig.allowedHeaders,
+                    methods = (route.allowedMethods.takeIf { it.isNotEmpty() }?.map { it.name() }?.toSet()
+                        ?: routerConfig.allowedMethods).map { HttpMethod.valueOf(it) }.toSet()
+                )
 
                 if (corsHandler != null) {
                     routedRoute.handler(corsHandler)