Merge pull request #44 from dhiway/corspolicyupdated

fix: cors policy updated
dhiway · Aug 2, 2024 · bc07b3f · bc07b3f
2 parents 403be70 + 1611e83
commit bc07b3f
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 16 deletions.
diff --git a/package.json b/package.json
@@ -15,6 +15,7 @@
         "@cord.network/sdk": "0.9.3-1rc14",
         "@cord.network/vc-export": "0.9.3-1rc14",
         "body-parser": "^1.20.2",
+        "cors": "^2.8.5",
         "dotenv": "^16.0.3",
         "express": "^4.18.2",
         "moment": "^2.30.1",
@@ -28,6 +29,7 @@
         "yamljs": "^0.3.0"
     },
     "devDependencies": {
+        "@types/cors": "^2.8.14",
         "@types/express": "^4.17.17",
         "@types/node": "^20.11.0",
         "@types/swagger-ui-express": "^4.1.3",

diff --git a/src/index.ts b/src/index.ts
@@ -1,26 +1,22 @@
+import app from './server';
 import express from 'express';
-import bodyParser from 'body-parser';
-import fs from 'fs';
-import swaggerUi from 'swagger-ui-express';
-import YAML from 'yamljs';
-
-import { createSchema, getSchemaById } from './controller/schema_controller';
 import { createConnection } from 'typeorm';
 import { dbConfig } from './dbconfig';
 import { addDelegateAsRegistryDelegate } from './init';
+import {
+  createSchema,
+  getSchemaById,
+} from './controller/schema_controller';
 import {
   documentHashOnChain,
   getCredById,
   issueVC,
   revokeCred,
   updateCred,
 } from './controller/credential_controller';
-
-const app = express();
-export const { PORT } = process.env;
-
-app.use(bodyParser.json({ limit: '5mb' }));
-app.use(express.json());
+const {
+  PORT
+} = process.env;
 
 const credentialRouter = express.Router({ mergeParams: true });
 const schemaRouter = express.Router({ mergeParams: true });
@@ -49,9 +45,6 @@ schemaRouter.get('/:id', async (req, res) => {
   return await getSchemaById(req, res);
 });
 
-const openApiDocumentation = YAML.load('./apis.yaml');
-
-app.use('/docs', swaggerUi.serve, swaggerUi.setup(openApiDocumentation));
 app.use('/api/v1/schema', schemaRouter);
 app.use('/api/v1/cred', credentialRouter);
 
@@ -68,7 +61,6 @@ app.get('/*', async (req, res) => {
 async function main() {
   try {
     await createConnection(dbConfig);
-
     await addDelegateAsRegistryDelegate();
   } catch (error) {
     console.log('error: ', error);

diff --git a/src/server.ts b/src/server.ts
@@ -0,0 +1,76 @@
+import express from 'express';
+import bodyParser from 'body-parser';
+import cors from 'cors';
+import YAML from 'yamljs';
+import swaggerUi from 'swagger-ui-express';
+
+const app = express();
+export const { PORT } = process.env;
+
+app.use(bodyParser.json({ limit: '5mb' }));
+app.use(express.json());
+
+const allowedOrigins = [
+  'http://localhost:3000',
+  'http://localhost:5001',
+  'http://localhost:5108',
+  'https://studio.dhiway.com',
+  'https://markdemo.dhiway.com',
+  'https://studiodemo.dhiway.com',
+];
+
+const allowedDomains = [
+  'localhost',
+  'dhiway.com',
+  'dway.io',
+  'cord.network',
+  'amplifyapp.com' /* For supporting quick hosting of UI */,
+];
+
+app.use(
+  cors({
+    origin: function (origin, callback) {
+      if (!origin) return callback(null, true);
+      let tmpOrigin = origin;
+
+      if (origin.slice(-1) === '/') {
+        tmpOrigin = origin.substring(0, origin.length - 1);
+      }
+      if (allowedOrigins.indexOf(tmpOrigin) === -1) {
+        /* Check if we should allow star/asterisk */
+        const b = tmpOrigin.split('/')[2].split('.');
+        const domain = `${b[b.length - 2]}.${b[b.length - 1]}`;
+        if (allowedDomains.indexOf(domain) === -1) {
+          console.log(tmpOrigin, domain);
+          const msg = `The CORS policy for this site (${origin}) does not allow access from the specified Origin.`;
+          return callback(new Error(msg), false);
+        }
+      }
+      return callback(null, true);
+    },
+    optionsSuccessStatus: 200, // For legacy browser support
+    credentials: true,
+    preflightContinue: true,
+    methods: ['GET', 'PUT', 'POST', 'DELETE', 'OPTIONS', 'HEAD', 'PATCH'],
+    allowedHeaders: [
+      'Content-Type',
+      'X-UserId',
+      'Accept',
+      'Authorization',
+      'user-agent',
+      'Host',
+      'X-Forwarded-For',
+      'Upgrade',
+      'Connection',
+      'X-Content-Type-Options',
+      'Content-Security-Policy',
+      'X-Frame-Options',
+      'Strict-Transport-Security',
+    ],
+  })
+);
+
+const openApiDocumentation = YAML.load('./apis.yaml');
+app.use('/docs', swaggerUi.serve, swaggerUi.setup(openApiDocumentation));
+
+export default app;