ob/sprint
1
0
Fork 0
mirror of https://github.com/hex248/sprint.git synced 2026-02-08 18:33:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

moved cors middleware to correct place

Browse Source
This commit is contained in:
Oliver Bryan
2025-12-22 03:23:44 +00:00
parent 058387493e
commit 8ad235241e
2 changed files with 67 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
packages/backend/src/auth/middleware.ts
View File

@@ -39,3 +39,68 @@ export const withAuth = <T extends BunRequest>(handler: AuthedRouteHandler<T>):
}; };
}; };
const CORS_ALLOWED_ORIGINS = (process.env.CORS_ORIGIN ?? "http://localhost:1420")
.split(",")
.map((origin) => origin.trim())
.filter(Boolean);
const CORS_ALLOW_METHODS = process.env.CORS_ALLOW_METHODS ?? "GET,POST,PUT,PATCH,DELETE,OPTIONS";
const CORS_ALLOW_HEADERS_DEFAULT = process.env.CORS_ALLOW_HEADERS ?? "Content-Type, Authorization";
const CORS_MAX_AGE = process.env.CORS_MAX_AGE ?? "86400";
const getCorsAllowOrigin = (req: Request) => {
const requestOrigin = req.headers.get("Origin");
if (!requestOrigin) {
return "*";
}
if (CORS_ALLOWED_ORIGINS.includes("*")) {
return "*";
}
if (CORS_ALLOWED_ORIGINS.includes(requestOrigin)) {
return requestOrigin;
}
return null;
};
const buildCorsHeaders = (req: Request) => {
const headers = new Headers();
const allowOrigin = getCorsAllowOrigin(req);
if (allowOrigin) {
headers.set("Access-Control-Allow-Origin", allowOrigin);
if (allowOrigin !== "*") {
headers.set("Vary", "Origin");
}
}
headers.set("Access-Control-Allow-Methods", CORS_ALLOW_METHODS);
const requestedHeaders = req.headers.get("Access-Control-Request-Headers");
headers.set("Access-Control-Allow-Headers", requestedHeaders || CORS_ALLOW_HEADERS_DEFAULT);
headers.set("Access-Control-Max-Age", CORS_MAX_AGE);
return headers;
};
export const withCors = <T extends BunRequest>(handler: RouteHandler<T>): RouteHandler<T> => {
return async (req: T) => {
const corsHeaders = buildCorsHeaders(req);
if (req.method === "OPTIONS") {
return new Response(null, { status: 204, headers: corsHeaders });
}
const res = await handler(req);
const wrapped = new Response(res.body, res);
corsHeaders.forEach((value, key) => {
wrapped.headers.set(key, value);
});
return wrapped;
};
};

71
packages/backend/src/index.ts
View File

@@ -1,79 +1,12 @@
import { db, testDB } from "./db/client";
import { User } from "@issue/shared"; import { User } from "@issue/shared";
import { withAuth, withCors } from "./auth/middleware";
import { db, testDB } from "./db/client";
import { routes } from "./routes"; import { routes } from "./routes";
import { createDemoData } from "./utils"; import { createDemoData } from "./utils";
const DEV = process.argv.find((arg) => ["--dev", "--developer", "-d"].includes(arg.toLowerCase())) != null; const DEV = process.argv.find((arg) => ["--dev", "--developer", "-d"].includes(arg.toLowerCase())) != null;
const PORT = process.argv.find((arg) => arg.toLowerCase().startsWith("--port="))?.split("=")[1] || 0; const PORT = process.argv.find((arg) => arg.toLowerCase().startsWith("--port="))?.split("=")[1] || 0;
type RouteHandler<T extends Request = Request> = (req: T) => Response | Promise<Response>;
const CORS_ALLOWED_ORIGINS = (process.env.CORS_ORIGIN ?? "http://localhost:1420")
.split(",")
.map((origin) => origin.trim())
.filter(Boolean);
const CORS_ALLOW_METHODS = process.env.CORS_ALLOW_METHODS ?? "GET,POST,PUT,PATCH,DELETE,OPTIONS";
const CORS_ALLOW_HEADERS_DEFAULT = process.env.CORS_ALLOW_HEADERS ?? "Content-Type, Authorization";
const CORS_MAX_AGE = process.env.CORS_MAX_AGE ?? "86400";
const getCorsAllowOrigin = (req: Request) => {
const requestOrigin = req.headers.get("Origin");
if (!requestOrigin) {
return "*";
}
if (CORS_ALLOWED_ORIGINS.includes("*")) {
return "*";
}
if (CORS_ALLOWED_ORIGINS.includes(requestOrigin)) {
return requestOrigin;
}
return null;
};
const buildCorsHeaders = (req: Request) => {
const headers = new Headers();
const allowOrigin = getCorsAllowOrigin(req);
if (allowOrigin) {
headers.set("Access-Control-Allow-Origin", allowOrigin);
if (allowOrigin !== "*") {
headers.set("Vary", "Origin");
}
}
headers.set("Access-Control-Allow-Methods", CORS_ALLOW_METHODS);
const requestedHeaders = req.headers.get("Access-Control-Request-Headers");
headers.set("Access-Control-Allow-Headers", requestedHeaders || CORS_ALLOW_HEADERS_DEFAULT);
headers.set("Access-Control-Max-Age", CORS_MAX_AGE);
return headers;
};
const withCors = <T extends Request>(handler: RouteHandler<T>): RouteHandler<T> => {
return async (req: T) => {
const corsHeaders = buildCorsHeaders(req);
if (req.method === "OPTIONS") {
return new Response(null, { status: 204, headers: corsHeaders });
}
const res = await handler(req);
const wrapped = new Response(res.body, res);
corsHeaders.forEach((value, key) => {
wrapped.headers.set(key, value);
});
return wrapped;
};
};
const main = async () => { const main = async () => {
const server = Bun.serve({ const server = Bun.serve({
port: Number(PORT), port: Number(PORT),