node-web-mvc/dist/servlets/cors/DefaultCorsProcessor.js

node spring mvc

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const HttpHeaders_1 = __importDefault(require("../http/HttpHeaders"));
const CorsUtils_1 = __importDefault(require("../util/CorsUtils"));
const HttpStatus_1 = __importDefault(require("../http/HttpStatus"));
class DefaultCorsProcessor {
    tryAddVaryHeaders(response) {
        response.addHeader(HttpHeaders_1.default.VARY, HttpHeaders_1.default.ORIGIN, true);
        response.addHeader(HttpHeaders_1.default.VARY, HttpHeaders_1.default.ACCESS_CONTROL_REQUEST_METHOD, true);
        response.addHeader(HttpHeaders_1.default.VARY, HttpHeaders_1.default.ACCESS_CONTROL_REQUEST_HEADERS, true);
    }
    rejectResponse(response) {
        response.setStatus(HttpStatus_1.default.FORBIDDEN);
        return response.fullResponse('Invalid CORS request', null);
    }
    async processRequest(config, request, response) {
        // 添加缓存控制
        this.tryAddVaryHeaders(response);
        // 是否已处理
        const isHandled = !!response.getHeader(HttpHeaders_1.default.ACCESS_CONTROL_ALLOW_ORIGIN);
        // 不是跨域请求
        const isCrossRequest = CorsUtils_1.default.isCrossRequest(request);
        if (!isCrossRequest || isHandled) {
            // 如果不是跨域请求，或者已经处理
            return true;
        }
        const isPreFlightRequest = CorsUtils_1.default.isPreFlightRequest(request);
        // 在预请求时如果没有跨域配置，则直接返回false
        if (!config) {
            if (isPreFlightRequest) {
                this.rejectResponse(response);
                return false;
            }
            return true;
        }
        return this.handleInternal(request, response, config, isPreFlightRequest);
    }
    getHeader(request, name) {
        const value = request.getHeader(name);
        if (value instanceof Array) {
            return value;
        }
        return value.toString().split(',');
    }
    getMethodToUse(request, isPrelightRequest) {
        var _a;
        return isPrelightRequest ? (_a = this.getHeader(request, HttpHeaders_1.default.ACCESS_CONTROL_REQUEST_METHOD)) === null || _a === void 0 ? void 0 : _a[0] : request.method;
    }
    getHeadersToUse(request, isPrelightRequest) {
        return isPrelightRequest ? this.getHeader(request, HttpHeaders_1.default.ACCESS_CONTROL_REQUEST_HEADERS) : Object.keys(request.headers);
    }
    checkOrigin(config, requestOrigin) {
        return config.checkOrigin(requestOrigin);
    }
    checkHttpMethods(config, requestMethod) {
        return config.checkHttpMethod(requestMethod);
    }
    checkHeaders(config, requestHeaders) {
        return config.checkHeaders(requestHeaders);
    }
    async handleInternal(request, response, config, isPreFlightRequest) {
        var _a, _b;
        const requestOrigin = (_a = request.getHeaderValue(HttpHeaders_1.default.ORIGIN)) === null || _a === void 0 ? void 0 : _a[0];
        const allowOrigin = this.checkOrigin(config, requestOrigin);
        // 校验origin
        if (allowOrigin == null) {
            await this.rejectResponse(response);
            return false;
        }
        // 校验method
        const requestMethod = this.getMethodToUse(request, isPreFlightRequest);
        const allowMethods = this.checkHttpMethods(config, requestMethod);
        if (!allowMethods) {
            this.rejectResponse(response);
            return false;
        }
        // 校验请求头
        const requestHeaders = this.getHeadersToUse(request, isPreFlightRequest);
        const allowHeaders = this.checkHeaders(config, requestHeaders);
        if (isPreFlightRequest && allowHeaders == null) {
            this.rejectResponse(response);
            return false;
        }
        // 设置允许origin
        response.setHeader(HttpHeaders_1.default.ACCESS_CONTROL_ALLOW_ORIGIN, allowOrigin);
        if (isPreFlightRequest) {
            response.setHeader(HttpHeaders_1.default.ACCESS_CONTROL_ALLOW_METHODS, allowMethods);
        }
        if (isPreFlightRequest && allowHeaders.length > 0) {
            response.setHeader(HttpHeaders_1.default.ACCESS_CONTROL_ALLOW_HEADERS, allowHeaders);
        }
        if (((_b = config.exposedHeaders) === null || _b === void 0 ? void 0 : _b.length) > 0) {
            response.setHeader(HttpHeaders_1.default.ACCESS_CONTROL_EXPOSE_HEADERS, config.exposedHeaders);
        }
        if (config.allowCredentials) {
            response.setHeader(HttpHeaders_1.default.ACCESS_CONTROL_ALLOW_CREDENTIALS, true.toString());
        }
        if (config.allowPrivateNetwork) {
            response.setHeader(HttpHeaders_1.default.ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK, true.toString());
        }
        if (isPreFlightRequest && config.maxAge) {
            response.setHeader(HttpHeaders_1.default.ACCESS_CONTROL_MAX_AGE, config.maxAge);
        }
        return true;
    }
}
exports.default = DefaultCorsProcessor;