jdb/strawboss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CORS OPTIONS routes.

Browse Source
This commit is contained in:
Jonathan Bernard 2018-12-29 22:19:26 -06:00
parent 774d0b446f
commit 26aa246188
1 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/main/nim/strawbosspkg/server.nim
View File

@ -37,6 +37,22 @@ template halt(code: HttpCode,
result.matched = true result.matched = true
break allRoutes break allRoutes
template allowCors(methods = @["GET"], allowedHeaders = @["*"]): typed =
## Immediately replies with the appropriate headers for a CORS response
## allowing the specified options.. This means any further code will not be
## executed after calling this template in the current route.
bind TCActionSend, newHttpHeaders
result[0] = CallbackAction.TCActionSend
result[1] = Http200
result[2] = some(@{
"Access-Control-Allow-Origin": $request.headers["Origin"],
"Access-Control-Allow-Methods": methods.join(", "),
"Access-Control-Allow-Headers": allowedHeaders.join(", ")
})
result[3] = ""
result.matched = true
break allRoutes
template jsonResp(code: HttpCode, details: string = "", headers: RawHeaders = @{:} ) = template jsonResp(code: HttpCode, details: string = "", headers: RawHeaders = @{:} ) =
halt( halt(
code, code,
@ -169,6 +185,7 @@ proc start*(cfg: StrawBossConfig): void =
get "/version": get "/version":
resp($(%("strawboss v" & SB_VERSION)), JSON) resp($(%("strawboss v" & SB_VERSION)), JSON)
options "/auth-token": allowCors(@["POST"])
post "/auth-token": post "/auth-token":
var uname, pwd: string var uname, pwd: string
try: try:
@ -182,11 +199,14 @@ proc start*(cfg: StrawBossConfig): void =
resp($(%authToken), JSON) resp($(%authToken), JSON)
except: jsonResp(Http401, getCurrentExceptionMsg()) except: jsonResp(Http401, getCurrentExceptionMsg())
options "/verify-auth": allowCors()
get "/verify-auth": get "/verify-auth":
checkAuth() checkAuth()
resp(Http200, $(%*{ "username": session.user.name }), JSON) resp(Http200, $(%*{ "username": session.user.name }), JSON)
options "/projects": allowCors(@["GET", "POST"])
get "/projects": get "/projects":
## List project summaries (ProjectDefs only) ## List project summaries (ProjectDefs only)
@ -244,7 +264,7 @@ proc start*(cfg: StrawBossConfig): void =
let msg = "unable to list versions for project " & @"projectName" let msg = "unable to list versions for project " & @"projectName"
json500Resp(getCurrentException(), msg) json500Resp(getCurrentException(), msg)
get "/project/@projectName/version/@version?": get "/project/@projectName/version/@version":
## Get a detailed project record including step definitions (ProjectConfig). ## Get a detailed project record including step definitions (ProjectConfig).
checkAuth() checkAuth()
@ -407,6 +427,7 @@ proc start*(cfg: StrawBossConfig): void =
## TODO: how do we want to handle auth for this? Unlike ## TODO: how do we want to handle auth for this? Unlike
#checkAuth(): if not authed: return true #checkAuth(): if not authed: return true
options "/project/@projectName/step/@stepName/run/@buildRef?": allowCors(@["POST"])
post "/project/@projectName/step/@stepName/run/@buildRef?": post "/project/@projectName/step/@stepName/run/@buildRef?":
# Kick off a run # Kick off a run
@ -444,6 +465,10 @@ proc start*(cfg: StrawBossConfig): void =
resp($(%"shutting down"), JSON) resp($(%"shutting down"), JSON)
# In general, we will allow all cross-origin GET requests, as all of our
# APIs that are accessible via GET requests are idempotent.
options re".*": allowCors(@["GET"])
get re".*": get re".*":
jsonResp(Http404) jsonResp(Http404)