From 68952486af5acd2172f0db4d2aa8a1e544c62755 Mon Sep 17 00:00:00 2001 From: Derrick Hammer Date: Mon, 18 Mar 2024 13:49:02 -0400 Subject: [PATCH] refactor: add cors mw for account --- api/account/account.go | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/api/account/account.go b/api/account/account.go index 6fa86e7..5191f50 100644 --- a/api/account/account.go +++ b/api/account/account.go @@ -9,6 +9,8 @@ import ( "net/http" "strings" + "github.com/rs/cors" + "git.lumeweb.com/LumeWeb/portal/api/swagger" "git.lumeweb.com/LumeWeb/portal/api/router" @@ -376,18 +378,23 @@ func (a *AccountAPI) Routes() (*httprouter.Router, error) { appServer(c) } + corsMw := cors.New(cors.Options{ + AllowedOrigins: []string{"*." + a.config.Config().Core.Domain}, + AllowedMethods: []string{"*"}, + }) + routes := map[string]jape.Handler{ - "POST /api/auth/ping": middleware.ApplyMiddlewares(a.ping, pingAuthMw, middleware.ProxyMiddleware), - "POST /api/auth/login": middleware.ApplyMiddlewares(a.login, loginAuthMw2fa, middleware.ProxyMiddleware), - "POST /api/auth/register": middleware.ApplyMiddlewares(a.register, middleware.ProxyMiddleware), - "POST /api/auth/verify-email": middleware.ApplyMiddlewares(a.verifyEmail, middleware.ProxyMiddleware), - "POST /api/auth/otp/verify": middleware.ApplyMiddlewares(a.otpVerify, authMw, middleware.ProxyMiddleware), - "POST /api/auth/otp/validate": middleware.ApplyMiddlewares(a.otpValidate, authMw, middleware.ProxyMiddleware), - "POST /api/auth/otp/disable": middleware.ApplyMiddlewares(a.otpDisable, authMw, middleware.ProxyMiddleware), - "POST /api/auth/password-reset/request": middleware.ApplyMiddlewares(a.passwordResetRequest, middleware.ProxyMiddleware), + "POST /api/auth/ping": middleware.ApplyMiddlewares(a.ping, corsMw, pingAuthMw, middleware.ProxyMiddleware), + "POST /api/auth/login": middleware.ApplyMiddlewares(a.login, corsMw, loginAuthMw2fa, middleware.ProxyMiddleware), + "POST /api/auth/register": middleware.ApplyMiddlewares(a.register, corsMw, middleware.ProxyMiddleware), + "POST /api/auth/verify-email": middleware.ApplyMiddlewares(a.verifyEmail, corsMw, middleware.ProxyMiddleware), + "POST /api/auth/otp/verify": middleware.ApplyMiddlewares(a.otpVerify, corsMw, authMw, middleware.ProxyMiddleware), + "POST /api/auth/otp/validate": middleware.ApplyMiddlewares(a.otpValidate, corsMw, authMw, middleware.ProxyMiddleware), + "POST /api/auth/otp/disable": middleware.ApplyMiddlewares(a.otpDisable, corsMw, authMw, middleware.ProxyMiddleware), + "POST /api/auth/password-reset/request": middleware.ApplyMiddlewares(a.passwordResetRequest, corsMw, middleware.ProxyMiddleware), "POST /api/auth/password-reset/confirm": middleware.ApplyMiddlewares(a.passwordResetConfirm, middleware.ProxyMiddleware), - "POST /api/auth/logout": middleware.ApplyMiddlewares(a.logout, authMw, middleware.ProxyMiddleware), - "GET /*path": getHandler, + "POST /api/auth/logout": middleware.ApplyMiddlewares(a.logout, corsMw, authMw, middleware.ProxyMiddleware), + "GET /*path": middleware.ApplyMiddlewares(getHandler, corsMw), } return jape.Mux(routes), nil