service: handle cors config and use it only on gateway
* Don't make cors enabled on all (*) by default. * Handle related web.allowedOrigins options * Only the gateway api should be called by a browser so setup the cors handler only on it
This commit is contained in:
parent
5483620fb0
commit
86d822a247
@ -32,7 +32,6 @@ import (
|
|||||||
"agola.io/agola/internal/services/types"
|
"agola.io/agola/internal/services/types"
|
||||||
"agola.io/agola/internal/util"
|
"agola.io/agola/internal/util"
|
||||||
|
|
||||||
ghandlers "github.com/gorilla/handlers"
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
"go.uber.org/zap/zapcore"
|
"go.uber.org/zap/zapcore"
|
||||||
@ -115,11 +114,6 @@ func (s *Configstore) Run(ctx context.Context) error {
|
|||||||
|
|
||||||
go func() { errCh <- s.readDB.Run(ctx) }()
|
go func() { errCh <- s.readDB.Run(ctx) }()
|
||||||
|
|
||||||
corsAllowedMethodsOptions := ghandlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "DELETE"})
|
|
||||||
corsAllowedHeadersOptions := ghandlers.AllowedHeaders([]string{"Accept", "Accept-Encoding", "Authorization", "Content-Length", "Content-Type", "X-CSRF-Token", "Authorization"})
|
|
||||||
corsAllowedOriginsOptions := ghandlers.AllowedOrigins([]string{"*"})
|
|
||||||
corsHandler := ghandlers.CORS(corsAllowedMethodsOptions, corsAllowedHeadersOptions, corsAllowedOriginsOptions)
|
|
||||||
|
|
||||||
projectGroupHandler := api.NewProjectGroupHandler(logger, s.readDB)
|
projectGroupHandler := api.NewProjectGroupHandler(logger, s.readDB)
|
||||||
projectGroupSubgroupsHandler := api.NewProjectGroupSubgroupsHandler(logger, s.ah, s.readDB)
|
projectGroupSubgroupsHandler := api.NewProjectGroupSubgroupsHandler(logger, s.ah, s.readDB)
|
||||||
projectGroupProjectsHandler := api.NewProjectGroupProjectsHandler(logger, s.ah, s.readDB)
|
projectGroupProjectsHandler := api.NewProjectGroupProjectsHandler(logger, s.ah, s.readDB)
|
||||||
@ -234,7 +228,7 @@ func (s *Configstore) Run(ctx context.Context) error {
|
|||||||
apirouter.Handle("/remotesources/{remotesourceref}", deleteRemoteSourceHandler).Methods("DELETE")
|
apirouter.Handle("/remotesources/{remotesourceref}", deleteRemoteSourceHandler).Methods("DELETE")
|
||||||
|
|
||||||
mainrouter := mux.NewRouter()
|
mainrouter := mux.NewRouter()
|
||||||
mainrouter.PathPrefix("/").Handler(corsHandler(router))
|
mainrouter.PathPrefix("/").Handler(router)
|
||||||
|
|
||||||
var tlsConfig *tls.Config
|
var tlsConfig *tls.Config
|
||||||
if s.c.Web.TLS {
|
if s.c.Web.TLS {
|
||||||
|
@ -137,10 +137,17 @@ func NewGateway(gc *config.Config) (*Gateway, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (g *Gateway) Run(ctx context.Context) error {
|
func (g *Gateway) Run(ctx context.Context) error {
|
||||||
|
// noop coors handler
|
||||||
|
corsHandler := func(h http.Handler) http.Handler {
|
||||||
|
return h
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(g.c.Web.AllowedOrigins) > 0 {
|
||||||
corsAllowedMethodsOptions := ghandlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "DELETE"})
|
corsAllowedMethodsOptions := ghandlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "DELETE"})
|
||||||
corsAllowedHeadersOptions := ghandlers.AllowedHeaders([]string{"Accept", "Accept-Encoding", "Authorization", "Content-Length", "Content-Type", "X-CSRF-Token", "Authorization"})
|
corsAllowedHeadersOptions := ghandlers.AllowedHeaders([]string{"Accept", "Accept-Encoding", "Authorization", "Content-Length", "Content-Type", "X-CSRF-Token", "Authorization"})
|
||||||
corsAllowedOriginsOptions := ghandlers.AllowedOrigins([]string{"*"})
|
corsAllowedOriginsOptions := ghandlers.AllowedOrigins(g.c.Web.AllowedOrigins)
|
||||||
corsHandler := ghandlers.CORS(corsAllowedMethodsOptions, corsAllowedHeadersOptions, corsAllowedOriginsOptions)
|
corsHandler = ghandlers.CORS(corsAllowedMethodsOptions, corsAllowedHeadersOptions, corsAllowedOriginsOptions)
|
||||||
|
}
|
||||||
|
|
||||||
webhooksHandler := api.NewWebhooksHandler(logger, g.ah, g.configstoreClient, g.runserviceClient, g.c.APIExposedURL)
|
webhooksHandler := api.NewWebhooksHandler(logger, g.ah, g.configstoreClient, g.runserviceClient, g.c.APIExposedURL)
|
||||||
|
|
||||||
|
@ -33,7 +33,6 @@ import (
|
|||||||
"agola.io/agola/internal/services/runservice/types"
|
"agola.io/agola/internal/services/runservice/types"
|
||||||
"agola.io/agola/internal/util"
|
"agola.io/agola/internal/util"
|
||||||
|
|
||||||
ghandlers "github.com/gorilla/handlers"
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
etcdclientv3 "go.etcd.io/etcd/clientv3"
|
etcdclientv3 "go.etcd.io/etcd/clientv3"
|
||||||
"go.uber.org/zap/zapcore"
|
"go.uber.org/zap/zapcore"
|
||||||
@ -161,11 +160,6 @@ func (s *Runservice) Run(ctx context.Context) error {
|
|||||||
|
|
||||||
ch := make(chan *types.ExecutorTask)
|
ch := make(chan *types.ExecutorTask)
|
||||||
|
|
||||||
corsAllowedMethodsOptions := ghandlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "DELETE"})
|
|
||||||
corsAllowedHeadersOptions := ghandlers.AllowedHeaders([]string{"Accept", "Accept-Encoding", "Authorization", "Content-Length", "Content-Type", "X-CSRF-Token", "Authorization"})
|
|
||||||
corsAllowedOriginsOptions := ghandlers.AllowedOrigins([]string{"*"})
|
|
||||||
corsHandler := ghandlers.CORS(corsAllowedMethodsOptions, corsAllowedHeadersOptions, corsAllowedOriginsOptions)
|
|
||||||
|
|
||||||
// executor dedicated api, only calls from executor should happen on these handlers
|
// executor dedicated api, only calls from executor should happen on these handlers
|
||||||
executorStatusHandler := api.NewExecutorStatusHandler(logger, s.e, s.ah)
|
executorStatusHandler := api.NewExecutorStatusHandler(logger, s.e, s.ah)
|
||||||
executorTaskStatusHandler := api.NewExecutorTaskStatusHandler(s.e, ch)
|
executorTaskStatusHandler := api.NewExecutorTaskStatusHandler(s.e, ch)
|
||||||
@ -217,7 +211,7 @@ func (s *Runservice) Run(ctx context.Context) error {
|
|||||||
apirouter.Handle("/changegroups", changeGroupsUpdateTokensHandler).Methods("GET")
|
apirouter.Handle("/changegroups", changeGroupsUpdateTokensHandler).Methods("GET")
|
||||||
|
|
||||||
mainrouter := mux.NewRouter()
|
mainrouter := mux.NewRouter()
|
||||||
mainrouter.PathPrefix("/").Handler(corsHandler(router))
|
mainrouter.PathPrefix("/").Handler(router)
|
||||||
|
|
||||||
// Return a bad request when it doesn't match any route
|
// Return a bad request when it doesn't match any route
|
||||||
mainrouter.NotFoundHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusBadRequest) })
|
mainrouter.NotFoundHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusBadRequest) })
|
||||||
|
Loading…
Reference in New Issue
Block a user