2014-09-18 07:20:18 +08:00
|
|
|
package api
|
|
|
|
|
2014-09-19 00:48:37 +08:00
|
|
|
import (
|
2014-09-19 11:12:49 +08:00
|
|
|
"net/http"
|
2014-09-19 00:48:37 +08:00
|
|
|
"regexp"
|
|
|
|
"strings"
|
|
|
|
)
|
|
|
|
|
2014-12-31 22:21:58 +08:00
|
|
|
// CORS represents CORS configuration
|
2014-09-18 07:20:18 +08:00
|
|
|
type CORS struct {
|
2014-09-19 00:48:37 +08:00
|
|
|
AllowOrigins []string
|
|
|
|
AllowHeaders []string
|
|
|
|
AllowMethods []string
|
|
|
|
ContentType string
|
|
|
|
allowOriginPatterns []string
|
2014-09-18 07:20:18 +08:00
|
|
|
}
|
|
|
|
|
2014-12-31 22:21:58 +08:00
|
|
|
// AllowRequestsFrom returns handler to verify that requests come from allowedOrigins
|
2014-09-19 11:12:49 +08:00
|
|
|
func AllowRequestsFrom(allowedOrigins ...string) http.HandlerFunc {
|
|
|
|
c := &CORS{
|
2014-09-18 07:20:18 +08:00
|
|
|
AllowOrigins: allowedOrigins,
|
|
|
|
AllowMethods: []string{"GET", "POST"},
|
|
|
|
AllowHeaders: []string{"Origin", "Content-Type"},
|
2014-09-19 00:48:37 +08:00
|
|
|
ContentType: "application/json; charset=utf-8",
|
2014-09-18 07:20:18 +08:00
|
|
|
}
|
2014-09-19 00:48:37 +08:00
|
|
|
|
2014-09-19 11:12:49 +08:00
|
|
|
c.generatePatterns()
|
2014-09-19 00:48:37 +08:00
|
|
|
|
2014-09-19 11:12:49 +08:00
|
|
|
return func(w http.ResponseWriter, req *http.Request) {
|
|
|
|
origin := req.Header.Get("Origin")
|
|
|
|
if c.isOriginAllowed(origin) {
|
|
|
|
w.Header().Set("Access-Control-Allow-Origin", origin)
|
|
|
|
w.Header().Set("Access-Control-Allow-Headers", c.AllowedHeaders())
|
|
|
|
w.Header().Set("Access-Control-Allow-Methods", c.AllowedMethods())
|
|
|
|
w.Header().Set("Content-Type", c.ContentType)
|
|
|
|
}
|
|
|
|
}
|
2014-09-18 07:20:18 +08:00
|
|
|
}
|
|
|
|
|
2014-10-16 01:57:07 +08:00
|
|
|
// isOriginAllowed returns true if origin matches an allowed origin pattern.
|
2014-09-19 00:48:37 +08:00
|
|
|
func (c *CORS) isOriginAllowed(origin string) (allowed bool) {
|
|
|
|
for _, allowedOriginPattern := range c.allowOriginPatterns {
|
|
|
|
allowed, _ = regexp.MatchString(allowedOriginPattern, origin)
|
|
|
|
if allowed {
|
|
|
|
return
|
2014-09-18 07:20:18 +08:00
|
|
|
}
|
|
|
|
}
|
2014-09-19 00:48:37 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-09-23 16:46:19 +08:00
|
|
|
// generatePatterns generates regex expression for AllowOrigins
|
2014-09-19 00:48:37 +08:00
|
|
|
func (c *CORS) generatePatterns() {
|
|
|
|
if c.AllowOrigins != nil {
|
|
|
|
for _, origin := range c.AllowOrigins {
|
|
|
|
pattern := regexp.QuoteMeta(origin)
|
|
|
|
pattern = strings.Replace(pattern, "\\*", ".*", -1)
|
|
|
|
pattern = strings.Replace(pattern, "\\?", ".", -1)
|
|
|
|
c.allowOriginPatterns = append(c.allowOriginPatterns, "^"+pattern+"$")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-10-16 01:57:07 +08:00
|
|
|
// AllowedHeaders returns allowed headers in a string
|
2014-09-19 00:48:37 +08:00
|
|
|
func (c *CORS) AllowedHeaders() string {
|
|
|
|
return strings.Join(c.AllowHeaders, ",")
|
|
|
|
}
|
|
|
|
|
2014-10-16 01:57:07 +08:00
|
|
|
// AllowedMethods returns allowed http methods in a string
|
2014-09-19 00:48:37 +08:00
|
|
|
func (c *CORS) AllowedMethods() string {
|
|
|
|
return strings.Join(c.AllowMethods, ",")
|
2014-09-18 07:20:18 +08:00
|
|
|
}
|