CORS (#71)

* added cors origin config option
vocascan · Dec 31, 2021 · b889acc · b889acc
1 parent 3325e8f
commit b889acc
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 7 deletions.
diff --git a/app/Middleware/SecurityMiddleware.js b/app/Middleware/SecurityMiddleware.js
@@ -0,0 +1,9 @@
+const cors = require('cors');
+
+const config = require('../config/config');
+
+const CorsMiddleware = cors({
+  origin: config.server.cors,
+});
+
+module.exports = [CorsMiddleware];
diff --git a/app/config/config/schema.js b/app/config/config/schema.js
@@ -44,6 +44,7 @@ const configSchema = Joi.object({
     jwt_secret: Joi.string().required(),
     salt_rounds: Joi.number().integer().min(0).max(20).default(10),
     registration_locked: Joi.boolean().default(false),
+    cors: Joi.alternatives().try(Joi.boolean(), Joi.keyArray()).default(false),
   }).required(),
 
   database: Joi.object({

diff --git a/app/config/joi.js b/app/config/joi.js
@@ -1,9 +1,20 @@
-const Joi = require('joi').extend((joi) => ({
-  base: joi.array(),
-  type: 'stringArray',
-  coerce: (value) => ({
-    value: value.split ? value.split(',') : value,
-  }),
-}));
+const Joi = require('joi')
+  .extend((joi) => ({
+    base: joi.array(),
+    type: 'stringArray',
+    coerce: (value) => ({
+      value: value.split ? value.split(',') : value,
+    }),
+  }))
+  .extend((joi) => ({
+    base: joi.array(),
+    type: 'keyArray',
+    coerce: (value) => {
+      if (typeof value === 'object') {
+        return { value: Object.values(value) };
+      }
+      return { value: [value] };
+    },
+  }));
 
 module.exports = Joi;
diff --git a/package.json b/package.json
@@ -38,6 +38,7 @@
     "cli-highlight": "^2.1.11",
     "commander": "^8.3.0",
     "console-table-printer": "^2.10.0",
+    "cors": "^2.8.5",
     "dotenv": "^8.1.0",
     "express": "^4.16.2",
     "http-status": "^1.5.0",

diff --git a/server.js b/server.js
@@ -21,6 +21,7 @@ const runServer = async (extraConfig) => {
 
   const { errorConverter, errorHandler } = require('./app/Middleware/ErrorMiddleware.js');
   const LoggingMiddleware = require('./app/Middleware/LoggingMiddleware');
+  const SecurityMiddleware = require('./app/Middleware/SecurityMiddleware');
   const ApiError = require('./app/utils/ApiError.js');
 
   const routes = require('./routes');
@@ -32,6 +33,9 @@ const runServer = async (extraConfig) => {
   // logging middleware
   app.use(LoggingMiddleware);
 
+  // security
+  app.use(SecurityMiddleware);
+
   // middleware
   app.use(express.json());
 

diff --git a/vocascan.config.example.js b/vocascan.config.example.js
@@ -11,6 +11,7 @@ module.exports = {
     jwt_secret: '',
     salt_rounds: 10,
     registration_locked: false,
+    cors: ['https://web.example1.com', 'https://web.example2.com'],
   },
 
   database: {