From 24a9cdc8cf660e2fdbf6ccdf2461cc7fa44e088a Mon Sep 17 00:00:00 2001 From: Manuel Date: Sun, 15 Jan 2023 20:00:00 +0100 Subject: [PATCH] Restructuring, Only set CORS headers if origin header set --- src/database.v | 6 +++--- src/main.v | 5 +++-- src/web.v | 48 +++++++++++++++++++++++++++--------------------- 3 files changed, 33 insertions(+), 26 deletions(-) diff --git a/src/database.v b/src/database.v index b61645a..c7ef6d7 100644 --- a/src/database.v +++ b/src/database.v @@ -2,7 +2,7 @@ module main [table: 'Score'] struct ScoreRes { -pub mut: +mut: id i64 [primary; sql: serial] player string [nonull] score int [nonull] @@ -19,9 +19,9 @@ fn (mut app App) insert_score(score ScoreRes) ScoreRes { sql app.db { insert score into ScoreRes } - last_row_id := app.db.last_insert_rowid() + last_id := app.db.last_id() as int return sql app.db { - select from ScoreRes where id == last_row_id + select from ScoreRes where id == last_id } } diff --git a/src/main.v b/src/main.v index 1787694..1960312 100644 --- a/src/main.v +++ b/src/main.v @@ -7,10 +7,11 @@ import os struct App { vweb.Context -pub mut: - db sqlite.DB +mut: config shared Config is_admin bool +pub mut: + db sqlite.DB } fn main() { diff --git a/src/web.v b/src/web.v index fece7a5..e2fdb5c 100644 --- a/src/web.v +++ b/src/web.v @@ -69,27 +69,6 @@ pub fn (mut app App) score_submit() vweb.Result { return app.json(score) } -pub fn (mut app App) add_cors_headers() { - origin := app.get_header('origin') - mut origins := []string{} - rlock app.config { - origins = app.config.origins.clone() - } - default_origin := origins[0] or { '*' } - allowed_origin := if origins.any(it == origin) { origin } else { default_origin } - - app.add_header('Access-Control-Allow-Origin', allowed_origin) - app.add_header('Access-Control-Allow-Methods', 'OPTIONS, HEAD, GET, POST') - app.add_header('Access-Control-Allow-Headers', 'Authorization, Content-Type') - app.add_header('Access-Control-Max-Age', '86400') -} - -pub fn (mut app App) handle_cors() vweb.Result { - app.set_status(204, '') - app.add_cors_headers() - return app.ok('') -} - ['/api/v1/score/list'; options] pub fn (mut app App) handle_score_list_cors() vweb.Result { return app.handle_cors() @@ -100,6 +79,33 @@ pub fn (mut app App) handle_score_submit_cors() vweb.Result { return app.handle_cors() } +fn (mut app App) handle_cors() vweb.Result { + app.set_status(204, '') + app.add_cors_headers() + return app.ok('') +} + +fn (mut app App) add_cors_headers() { + origin := app.get_header('origin') + + // Only return headers if actual cross-origin request + if origin.len == 0 { + return + } + + rlock app.config { + origins := app.config.origins + + default_origin := origins[0] or { '*' } + allowed_origin := if origins.any(it == origin) { origin } else { default_origin } + + app.add_header('Access-Control-Allow-Origin', allowed_origin) + } + app.add_header('Access-Control-Allow-Methods', 'OPTIONS, HEAD, GET, POST') + app.add_header('Access-Control-Allow-Headers', 'Authorization, Content-Type') + app.add_header('Access-Control-Max-Age', '86400') +} + fn (mut app App) auth() bool { auth_header := app.get_header('Authorization') token := auth_header.after('Bearer ')