Skip to content

Commit ebacde1

Browse files
PythonHacker24PythonHacker24
committed
Updated Query Middleware for better websocket standards
1 parent ffecb57 commit ebacde1

File tree

1 file changed

+47
-9
lines changed

1 file changed

+47
-9
lines changed

api/middleware/middleware.go

Lines changed: 47 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package middleware
33
import (
44
"context"
55
"net/http"
6+
"strings"
67
"time"
78

89
"go.uber.org/zap"
@@ -33,9 +34,9 @@ func LoggingMiddleware(next http.HandlerFunc) http.HandlerFunc {
3334
})
3435
}
3536

36-
/*
37-
authentication middleware for http requests
38-
return username and sessionID with context
37+
/*
38+
authentication middleware for http requests
39+
return username and sessionID with context
3940
*/
4041
func AuthenticationMiddleware(next http.HandlerFunc) http.HandlerFunc {
4142
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -61,9 +62,46 @@ func AuthenticationMiddleware(next http.HandlerFunc) http.HandlerFunc {
6162
})
6263
}
6364

64-
/*
65-
authentication middleware for http requests with query
66-
return username and sessionID with context
65+
/*
66+
handles CORS headers
67+
*/
68+
func CORSMiddleware(next http.HandlerFunc, allowedOrigins []string, allowedMethods []string, allowedHeaders []string) http.HandlerFunc {
69+
/* select all allowed origins */
70+
originMap := make(map[string]bool)
71+
for _, o := range allowedOrigins {
72+
originMap[o] = true
73+
}
74+
75+
/* extract methods and origin */
76+
methods := strings.Join(allowedMethods, ", ")
77+
headers := strings.Join(allowedHeaders, ", ")
78+
79+
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
80+
/* get the origin header */
81+
origin := r.Header.Get("Origin")
82+
/* set appropriate CORS header */
83+
if origin != "" && (originMap["*"] || originMap[origin]) {
84+
w.Header().Set("Access-Control-Allow-Origin", origin)
85+
w.Header().Set("Vary", "Origin")
86+
w.Header().Set("Access-Control-Allow-Methods", methods)
87+
w.Header().Set("Access-Control-Allow-Headers", headers)
88+
w.Header().Set("Access-Control-Allow-Credentials", "true")
89+
}
90+
91+
/* handle preflight (OPTIONS) requests */
92+
if r.Method == http.MethodOptions {
93+
w.WriteHeader(http.StatusNoContent)
94+
return
95+
}
96+
97+
/* call the next handler for non-OPTIONS requests */
98+
next(w, r)
99+
})
100+
}
101+
102+
/*
103+
authentication middleware for http requests with query
104+
return username and sessionID with context
67105
*/
68106
func AuthenticationQueryMiddleware(next http.HandlerFunc) http.HandlerFunc {
69107
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -72,11 +110,11 @@ func AuthenticationQueryMiddleware(next http.HandlerFunc) http.HandlerFunc {
72110

73111
/* get the token query */
74112
tokenQ := query.Get("token")
75-
if tokenQ == "" {
76-
zap.L().Info("Query authentication without token value")
113+
if tokenQ == "" {
114+
zap.L().Info("Query authentication without token value")
77115
http.Error(w, "Missing 'token' query parameter value", http.StatusBadRequest)
78116
return
79-
}
117+
}
80118

81119
/* extract username and sessionID from the token */
82120
username, sessionID, err := token.GetDataFromJWT(tokenQ)

0 commit comments

Comments
 (0)