Restructuring, Only set CORS headers if origin header set

This commit is contained in:
Manuel 2023-01-15 20:00:00 +01:00
parent d38cb1f9db
commit 24a9cdc8cf
Signed by: Manuel
GPG key ID: 4085037435E1F07A
3 changed files with 33 additions and 26 deletions

View file

@ -2,7 +2,7 @@ module main
[table: 'Score']
struct ScoreRes {
pub mut:
mut:
id i64 [primary; sql: serial]
player string [nonull]
score int [nonull]
@ -19,9 +19,9 @@ fn (mut app App) insert_score(score ScoreRes) ScoreRes {
sql app.db {
insert score into ScoreRes
}
last_row_id := app.db.last_insert_rowid()
last_id := app.db.last_id() as int
return sql app.db {
select from ScoreRes where id == last_row_id
select from ScoreRes where id == last_id
}
}

View file

@ -7,10 +7,11 @@ import os
struct App {
vweb.Context
pub mut:
db sqlite.DB
mut:
config shared Config
is_admin bool
pub mut:
db sqlite.DB
}
fn main() {

View file

@ -69,27 +69,6 @@ pub fn (mut app App) score_submit() vweb.Result {
return app.json(score)
}
pub fn (mut app App) add_cors_headers() {
origin := app.get_header('origin')
mut origins := []string{}
rlock app.config {
origins = app.config.origins.clone()
}
default_origin := origins[0] or { '*' }
allowed_origin := if origins.any(it == origin) { origin } else { default_origin }
app.add_header('Access-Control-Allow-Origin', allowed_origin)
app.add_header('Access-Control-Allow-Methods', 'OPTIONS, HEAD, GET, POST')
app.add_header('Access-Control-Allow-Headers', 'Authorization, Content-Type')
app.add_header('Access-Control-Max-Age', '86400')
}
pub fn (mut app App) handle_cors() vweb.Result {
app.set_status(204, '')
app.add_cors_headers()
return app.ok('')
}
['/api/v1/score/list'; options]
pub fn (mut app App) handle_score_list_cors() vweb.Result {
return app.handle_cors()
@ -100,6 +79,33 @@ pub fn (mut app App) handle_score_submit_cors() vweb.Result {
return app.handle_cors()
}
fn (mut app App) handle_cors() vweb.Result {
app.set_status(204, '')
app.add_cors_headers()
return app.ok('')
}
fn (mut app App) add_cors_headers() {
origin := app.get_header('origin')
// Only return headers if actual cross-origin request
if origin.len == 0 {
return
}
rlock app.config {
origins := app.config.origins
default_origin := origins[0] or { '*' }
allowed_origin := if origins.any(it == origin) { origin } else { default_origin }
app.add_header('Access-Control-Allow-Origin', allowed_origin)
}
app.add_header('Access-Control-Allow-Methods', 'OPTIONS, HEAD, GET, POST')
app.add_header('Access-Control-Allow-Headers', 'Authorization, Content-Type')
app.add_header('Access-Control-Max-Age', '86400')
}
fn (mut app App) auth() bool {
auth_header := app.get_header('Authorization')
token := auth_header.after('Bearer ')