Skip to content

Commit 5b0eb39

Browse files
nadilasnadilas
committed
chore: work towards web support with cors
1 parent 6e83333 commit 5b0eb39

File tree

3 files changed

+47
-10
lines changed

3 files changed

+47
-10
lines changed

apps/api/go.mod

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@ require (
6767
require (
6868
buf.build/gen/go/gnostic/gnostic/protocolbuffers/go v1.36.6-20230414000709-087bc8072ce4.1 // indirect
6969
cel.dev/expr v0.24.0 // indirect
70+
connectrpc.com/cors v0.1.0 // indirect
7071
github.com/PaesslerAG/gval v1.2.4 // indirect
7172
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
7273
github.com/bytedance/sonic v1.13.3 // indirect
@@ -109,6 +110,7 @@ require (
109110
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
110111
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
111112
github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 // indirect
113+
github.com/rs/cors v1.11.1 // indirect
112114
github.com/shopspring/decimal v1.4.0 // indirect
113115
github.com/stoewer/go-strcase v1.3.1 // indirect
114116
github.com/tidwall/btree v1.8.0 // indirect

apps/api/go.sum

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

apps/api/main.go

Lines changed: 41 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,18 +2,9 @@ package main
22

33
import (
44
"bytes"
5-
"connectrpc.com/grpcreflect"
6-
"connectrpc.com/vanguard"
75
"context"
86
"errors"
97
"fmt"
10-
"github.com/arl/statsviz"
11-
sentrygin "github.com/getsentry/sentry-go/gin"
12-
"github.com/gin-contrib/cors"
13-
"github.com/gin-contrib/static"
14-
openapi2 "go.dot.industries/brease/openapi"
15-
trace2 "go.dot.industries/brease/trace"
16-
"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin"
178
"io"
189
"log"
1910
"net/http"
@@ -22,6 +13,19 @@ import (
2213
"strings"
2314
"time"
2415

16+
connectcors "connectrpc.com/cors"
17+
"connectrpc.com/grpcreflect"
18+
"connectrpc.com/vanguard"
19+
"github.com/arl/statsviz"
20+
sentrygin "github.com/getsentry/sentry-go/gin"
21+
"github.com/gin-contrib/cors"
22+
"github.com/gin-contrib/static"
23+
cors2 "github.com/rs/cors"
24+
openapi2 "go.dot.industries/brease/openapi"
25+
trace2 "go.dot.industries/brease/trace"
26+
"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin"
27+
"golang.org/x/exp/slog"
28+
2529
"buf.build/gen/go/dot/brease/connectrpc/go/brease/auth/v1/authv1connect"
2630
"buf.build/gen/go/dot/brease/connectrpc/go/brease/context/v1/contextv1connect"
2731
"connectrpc.com/connect"
@@ -153,16 +157,27 @@ func newApp(db storage.Database, logger *zap.Logger) *gin.Engine {
153157

154158
// config CORS
155159
config := cors.DefaultConfig()
160+
config.AllowCredentials = true
161+
config.AllowMethods = append(connectcors.AllowedMethods(), "OPTIONS")
162+
config.AllowHeaders = connectcors.AllowedHeaders()
163+
config.ExposeHeaders = connectcors.ExposedHeaders()
164+
var allowedOrigins []string
156165
originsStr := env.Getenv("BREASE_CORS_ALLOW_ORIGINS", "*")
157166
if originsStr == "*" {
158167
config.AllowAllOrigins = true
168+
allowedOrigins = append(allowedOrigins, "*")
159169
} else {
160170
origins := strings.Split(originsStr, ",")
161171
config.AllowOrigins = append(config.AllowOrigins, origins...)
172+
allowedOrigins = append(allowedOrigins, origins...)
162173
logger.Info(
163174
"CORS origins",
164175
zap.Strings("origins", origins),
165176
)
177+
config.AllowOriginFunc = func(origin string) bool {
178+
slog.Error("Trying origin check", "origin", origin, "allowedOrigin", origins)
179+
return true
180+
}
166181
}
167182

168183
r.Use(cors.New(config))
@@ -244,7 +259,7 @@ func newApp(db storage.Database, logger *zap.Logger) *gin.Engine {
244259
}
245260

246261
mux := http.NewServeMux()
247-
mux.Handle("/", transcoder)
262+
mux.Handle("/", withCORS(transcoder, allowedOrigins))
248263

249264
// add grpc reflection support for tools like `buf curl` or `grpcurl`
250265
mux.Handle(grpcreflect.NewHandlerV1(grpcreflect.NewStaticReflector(authv1connect.AuthServiceName, contextv1connect.ContextServiceName)))
@@ -255,6 +270,22 @@ func newApp(db storage.Database, logger *zap.Logger) *gin.Engine {
255270
return r
256271
}
257272

273+
// withCORS adds CORS support to a Connect HTTP handler.
274+
func withCORS(h http.Handler, origins []string) http.Handler {
275+
middleware := cors2.New(cors2.Options{
276+
AllowedOrigins: origins,
277+
AllowCredentials: true,
278+
AllowedMethods: connectcors.AllowedMethods(),
279+
AllowedHeaders: connectcors.AllowedHeaders(),
280+
ExposedHeaders: connectcors.ExposedHeaders(),
281+
AllowOriginFunc: func(origin string) bool {
282+
slog.Info("Trying origin check", "origin", origin, "allowedOrigin", origins)
283+
return true
284+
},
285+
})
286+
return middleware.Handler(h)
287+
}
288+
258289
func auditLogStore(logger *zap.Logger) auditlog.Store {
259290
stores := auditlog.Stores{auditlogstore.NewLog(auditlogstore.LogConfig{Verbosity: 5}, logger)}
260291
if redisURL := env.Getenv("REDIS_URL", ""); redisURL != "" {

0 commit comments

Comments
 (0)