add cors feature

Author: horike37

lib/deploy/events/apiGateway/cors.js

@@ -0,0 +1,89 @@
+'use strict';
+
+const _ = require('lodash');
+const BbPromise = require('bluebird');
+
+module.exports = {
+
+  compileCors() {
+    _.forEach(this.pluginhttpValidated.corsPreflight, (config, path) => {
+      const resourceName = this.getResourceName(path);
+      const resourceRef = this.getResourceId(path);
+      const corsMethodLogicalId = this.provider.naming
+        .getMethodLogicalId(resourceName, 'options');
+
+      let origin = config.origin;
+      if (config.origins && config.origins.length) {
+        origin = config.origins.join(',');
+      }
+
+      const preflightHeaders = {
+        'Access-Control-Allow-Origin': `'${origin}'`,
+        'Access-Control-Allow-Headers': `'${config.headers.join(',')}'`,
+        'Access-Control-Allow-Methods': `'${config.methods.join(',')}'`,
+        'Access-Control-Allow-Credentials': `'${config.allowCredentials}'`,
+      };
+
+      if (_.includes(config.methods, 'ANY')) {
+        preflightHeaders['Access-Control-Allow-Methods'] =
+          preflightHeaders['Access-Control-Allow-Methods']
+            .replace('ANY', 'DELETE,GET,HEAD,PATCH,POST,PUT');
+      }
+
+      _.merge(this.serverless.service.provider.compiledCloudFormationTemplate.Resources, {
+        [corsMethodLogicalId]: {
+          Type: 'AWS::ApiGateway::Method',
+          Properties: {
+            AuthorizationType: 'NONE',
+            HttpMethod: 'OPTIONS',
+            MethodResponses: this.generateCorsMethodResponses(preflightHeaders),
+            RequestParameters: {},
+            Integration: {
+              Type: 'MOCK',
+              RequestTemplates: {
+                'application/json': '{statusCode:200}',
+              },
+              IntegrationResponses: this.generateCorsIntegrationResponses(preflightHeaders),
+            },
+            ResourceId: resourceRef,
+            RestApiId: { Ref: this.apiGatewayRestApiLogicalId },
+          },
+        },
+      });
+    });
+
+    return BbPromise.resolve();
+  },
+
+  generateCorsMethodResponses(preflightHeaders) {
+    const methodResponseHeaders = {};
+
+    _.forEach(preflightHeaders, (value, header) => {
+      methodResponseHeaders[`method.response.header.${header}`] = true;
+    });
+
+    return [
+      {
+        StatusCode: '200',
+        ResponseParameters: methodResponseHeaders,
+        ResponseModels: {},
+      },
+    ];
+  },
+
+  generateCorsIntegrationResponses(preflightHeaders) {
+    const responseParameters = _.mapKeys(preflightHeaders,
+      (value, header) => `method.response.header.${header}`);
+
+    return [
+      {
+        StatusCode: '200',
+        ResponseParameters: responseParameters,
+        ResponseTemplates: {
+          'application/json': '',
+        },
+      },
+    ];
+  },
+
+};

lib/deploy/events/apiGateway/methods.js

@@ -24,8 +24,8 @@ module.exports = {
       };
 
       _.merge(template,
-        this.getMethodIntegration(event.stateMachineName, stateMachineObj.name),
-        this.getMethodResponses()
+        this.getMethodIntegration(event.stateMachineName, stateMachineObj.name, event.http),
+        this.getMethodResponses(event.http)
       );
 
       const methodLogicalId = this.provider.naming
@@ -41,7 +41,7 @@ module.exports = {
     return BbPromise.resolve();
   },
 
-  getMethodIntegration(stateMachineName, customName) {
+  getMethodIntegration(stateMachineName, customName, http) {
     const stateMachineLogicalId = this.getStateMachineLogicalId(stateMachineName, customName);
     const apiToStepFunctionsIamRoleLogicalId = this.getApiToStepFunctionsIamRoleLogicalId();
     const integration = {
@@ -92,6 +92,9 @@ module.exports = {
           ],
         },
       },
+    };
+
+    const integrationResponse = {
       IntegrationResponses: [
         {
           StatusCode: 200,
@@ -108,15 +111,30 @@ module.exports = {
       ],
     };
 
+    if (http.cors) {
+      let origin = http.cors.origin;
+      if (http.cors.origins && http.cors.origins.length) {
+        origin = http.cors.origins.join(',');
+      }
+
+      integrationResponse.IntegrationResponses.forEach((val, i) => {
+        integrationResponse.IntegrationResponses[i].ResponseParameters = {
+          'method.response.header.Access-Control-Allow-Origin': `'${origin}'`,
+        };
+      });
+    }
+
+    _.merge(integration, integrationResponse);
+
     return {
       Properties: {
         Integration: integration,
       },
     };
   },
 
-  getMethodResponses() {
-    return {
+  getMethodResponses(http) {
+    const methodResponse = {
       Properties: {
         MethodResponses: [
           {
@@ -132,5 +150,20 @@ module.exports = {
         ],
       },
     };
+
+    if (http.cors) {
+      let origin = http.cors.origin;
+      if (http.cors.origins && http.cors.origins.length) {
+        origin = http.cors.origins.join(',');
+      }
+
+      methodResponse.Properties.MethodResponses.forEach((val, i) => {
+        methodResponse.Properties.MethodResponses[i].ResponseParameters = {
+          'method.response.header.Access-Control-Allow-Origin': `'${origin}'`,
+        };
+      });
+    }
+
+    return methodResponse;
   },
 };

lib/deploy/events/apiGateway/validate.js

@@ -112,15 +112,50 @@ module.exports = {
       'X-Amz-User-Agent',
     ];
 
-    const cors = {
+    let cors = {
       origins: ['*'],
       origin: '*',
       methods: ['OPTIONS'],
       headers,
       allowCredentials: false,
     };
 
-    cors.methods.push(http.method.toUpperCase());
+    if (typeof http.cors === 'object') {
+      cors = http.cors;
+      cors.methods = cors.methods || [];
+      cors.allowCredentials = Boolean(cors.allowCredentials);
+
+      if (cors.origins && cors.origin) {
+        const errorMessage = [
+          'You can only use "origin" or "origins",',
+          ' but not both at the same time to configure CORS.',
+          ' Please check the docs for more info.',
+        ].join('');
+        throw new this.serverless.classes.Error(errorMessage);
+      }
+
+      if (cors.headers) {
+        if (!Array.isArray(cors.headers)) {
+          const errorMessage = [
+            'CORS header values must be provided as an array.',
+            ' Please check the docs for more info.',
+          ].join('');
+          throw new this.serverless.classes.Error(errorMessage);
+        }
+      } else {
+        cors.headers = headers;
+      }
+
+      if (cors.methods.indexOf('OPTIONS') === NOT_FOUND) {
+        cors.methods.push('OPTIONS');
+      }
+
+      if (cors.methods.indexOf(http.method.toUpperCase()) === NOT_FOUND) {
+        cors.methods.push(http.method.toUpperCase());
+      }
+    } else {
+      cors.methods.push(http.method.toUpperCase());
+    }
 
     return cors;
   },

lib/index.js

@@ -7,6 +7,7 @@ const compileIamRole = require('./deploy/stepFunctions/compileIamRole');
 const httpValidate = require('./deploy/events/apiGateway/validate');
 const httpResources = require('./deploy/events/apiGateway/resources');
 const httpMethods = require('./deploy/events/apiGateway/methods');
+const httpCors = require('./deploy/events/apiGateway/cors');
 const httpIamRole = require('./deploy/events/apiGateway/iamRole');
 const httpDeployment = require('./deploy/events/apiGateway/deployment');
 const httpRestApi = require('./deploy/events/apiGateway/restApi');
@@ -36,6 +37,7 @@ class ServerlessStepFunctions {
       httpValidate,
       httpResources,
       httpMethods,
+      httpCors,
       httpIamRole,
       httpDeployment,
       invoke,
@@ -100,6 +102,7 @@ class ServerlessStepFunctions {
           .then(this.compileRestApi)
           .then(this.compileResources)
           .then(this.compileMethods)
+          .then(this.compileCors)
           .then(this.compileHttpIamRole)
           .then(this.compileDeployment);
       },