UNPKG

signalk-server

Version:

An implementation of a [Signal K](http://signalk.org) server for boats.

github.com/SignalK/signalk-server

SignalK/signalk-server

76 lines (75 loc) 3.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
"use strict"; var __rest = (this && this.__rest) || function (s, e) { var t = {}; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) t[p] = s[p]; if (s != null && typeof Object.getOwnPropertySymbols === "function") for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) t[p[i]] = s[p[i]]; } return t; }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.handleAdminUICORSOrigin = void 0; exports.setupCors = setupCors; const debug_1 = require("./debug"); const cors_1 = __importDefault(require("cors")); function setupCors(app, { allowedCorsOrigins }) { const corsDebug = (0, debug_1.createDebug)('signalk-server:cors'); const corsOptions = { credentials: true }; const corsOrigins = allowedCorsOrigins ? allowedCorsOrigins .split(',') .map((s) => s.trim().replace(/\/*$/, '')) : []; // default wildcard cors configuration does not work // with credentials:include client requests, so add // our own wildcard rule that will match all origins // but respond with that origin, not the default * if (allowedCorsOrigins === null || allowedCorsOrigins === void 0 ? void 0 : allowedCorsOrigins.startsWith('*')) { corsOptions.origin = (origin, cb) => cb(null, origin); corsDebug('Allowing all origins'); } else if (corsOrigins.length > 0) { // set origin only if corsOrigins are set so that // we get the default cors module functionality // for simple requests by default corsOptions.origin = corsOrigins; corsDebug(`corsOrigins:${corsOrigins.toString()}`); } app.use((0, cors_1.default)(corsOptions)); app.use((req, res, next) => { const origin = req.header('origin'); if (origin !== undefined && !corsOrigins.includes(origin)) { corsDebug(`${origin} is not present in corsOrigins: ${corsOrigins.toString()}`); } else { corsDebug(`${origin} is allowed`); } next(); }); } const handleAdminUICORSOrigin = (securityConfig) => { var _a; let allowedCorsOrigins = []; if (securityConfig.adminUIOrigin && securityConfig.allowedCorsOrigins && securityConfig.allowedCorsOrigins.length > 0) { allowedCorsOrigins = (_a = securityConfig.allowedCorsOrigins) === null || _a === void 0 ? void 0 : _a.split(','); const adminUIOriginUrl = new URL(securityConfig.adminUIOrigin); if (allowedCorsOrigins.indexOf(securityConfig.adminUIOrigin) === -1 && adminUIOriginUrl.hostname !== 'localhost') { allowedCorsOrigins.push(securityConfig.adminUIOrigin); } } // eslint-disable-next-line @typescript-eslint/no-unused-vars const { adminUIOrigin } = securityConfig, configWithoutAdminUIOrigin = __rest(securityConfig, ["adminUIOrigin"]); return Object.assign(Object.assign({}, configWithoutAdminUIOrigin), { allowedCorsOrigins: allowedCorsOrigins.join(',') }); }; exports.handleAdminUICORSOrigin = handleAdminUICORSOrigin;