Restructuring, Only set CORS headers if origin header set
This commit is contained in:
parent
d38cb1f9db
commit
24a9cdc8cf
3 changed files with 33 additions and 26 deletions
|
@ -2,7 +2,7 @@ module main
|
|||
|
||||
[table: 'Score']
|
||||
struct ScoreRes {
|
||||
pub mut:
|
||||
mut:
|
||||
id i64 [primary; sql: serial]
|
||||
player string [nonull]
|
||||
score int [nonull]
|
||||
|
@ -19,9 +19,9 @@ fn (mut app App) insert_score(score ScoreRes) ScoreRes {
|
|||
sql app.db {
|
||||
insert score into ScoreRes
|
||||
}
|
||||
last_row_id := app.db.last_insert_rowid()
|
||||
last_id := app.db.last_id() as int
|
||||
return sql app.db {
|
||||
select from ScoreRes where id == last_row_id
|
||||
select from ScoreRes where id == last_id
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -7,10 +7,11 @@ import os
|
|||
|
||||
struct App {
|
||||
vweb.Context
|
||||
pub mut:
|
||||
db sqlite.DB
|
||||
mut:
|
||||
config shared Config
|
||||
is_admin bool
|
||||
pub mut:
|
||||
db sqlite.DB
|
||||
}
|
||||
|
||||
fn main() {
|
||||
|
|
48
src/web.v
48
src/web.v
|
@ -69,27 +69,6 @@ pub fn (mut app App) score_submit() vweb.Result {
|
|||
return app.json(score)
|
||||
}
|
||||
|
||||
pub fn (mut app App) add_cors_headers() {
|
||||
origin := app.get_header('origin')
|
||||
mut origins := []string{}
|
||||
rlock app.config {
|
||||
origins = app.config.origins.clone()
|
||||
}
|
||||
default_origin := origins[0] or { '*' }
|
||||
allowed_origin := if origins.any(it == origin) { origin } else { default_origin }
|
||||
|
||||
app.add_header('Access-Control-Allow-Origin', allowed_origin)
|
||||
app.add_header('Access-Control-Allow-Methods', 'OPTIONS, HEAD, GET, POST')
|
||||
app.add_header('Access-Control-Allow-Headers', 'Authorization, Content-Type')
|
||||
app.add_header('Access-Control-Max-Age', '86400')
|
||||
}
|
||||
|
||||
pub fn (mut app App) handle_cors() vweb.Result {
|
||||
app.set_status(204, '')
|
||||
app.add_cors_headers()
|
||||
return app.ok('')
|
||||
}
|
||||
|
||||
['/api/v1/score/list'; options]
|
||||
pub fn (mut app App) handle_score_list_cors() vweb.Result {
|
||||
return app.handle_cors()
|
||||
|
@ -100,6 +79,33 @@ pub fn (mut app App) handle_score_submit_cors() vweb.Result {
|
|||
return app.handle_cors()
|
||||
}
|
||||
|
||||
fn (mut app App) handle_cors() vweb.Result {
|
||||
app.set_status(204, '')
|
||||
app.add_cors_headers()
|
||||
return app.ok('')
|
||||
}
|
||||
|
||||
fn (mut app App) add_cors_headers() {
|
||||
origin := app.get_header('origin')
|
||||
|
||||
// Only return headers if actual cross-origin request
|
||||
if origin.len == 0 {
|
||||
return
|
||||
}
|
||||
|
||||
rlock app.config {
|
||||
origins := app.config.origins
|
||||
|
||||
default_origin := origins[0] or { '*' }
|
||||
allowed_origin := if origins.any(it == origin) { origin } else { default_origin }
|
||||
|
||||
app.add_header('Access-Control-Allow-Origin', allowed_origin)
|
||||
}
|
||||
app.add_header('Access-Control-Allow-Methods', 'OPTIONS, HEAD, GET, POST')
|
||||
app.add_header('Access-Control-Allow-Headers', 'Authorization, Content-Type')
|
||||
app.add_header('Access-Control-Max-Age', '86400')
|
||||
}
|
||||
|
||||
fn (mut app App) auth() bool {
|
||||
auth_header := app.get_header('Authorization')
|
||||
token := auth_header.after('Bearer ')
|
||||
|
|
Loading…
Reference in a new issue