streamby-core
Version:
StreamBy middleware framework for media storage management
43 lines (42 loc) • 1.77 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.projectOriginMiddleware = void 0;
const manager_1 = require("../models/manager");
const projectOriginMiddleware = async (req, res, next) => {
const projectId = req.params.projectId;
const origin = req.headers.origin;
if (!projectId) {
return next();
}
if (!origin) {
return res.status(403).json({ message: 'Origin header is required' });
}
try {
const Project = (0, manager_1.getModel)('projects');
const project = await Project.findOne({ id: projectId });
if (!project) {
return res.status(404).json({ message: 'Project not found' });
}
if (project.allowedOrigin && project.allowedOrigin.length > 0) {
// Allow if public ('*') or origin is in the list
if (project.allowedOrigin.includes('*') || project.allowedOrigin.includes(origin)) {
res.header('Access-Control-Allow-Origin', origin);
res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
return next();
}
else {
return res.status(403).json({ message: 'Origin not allowed' });
}
}
else {
// If allowedOrigin is empty, deny access for security.
return res.status(403).json({ message: 'Origin not allowed' });
}
}
catch (error) {
console.error('Error in projectOriginMiddleware:', error);
return res.status(500).json({ message: 'Internal server error' });
}
};
exports.projectOriginMiddleware = projectOriginMiddleware;