SunRed
/
highscore-server
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

Restructuring, Only set CORS headers if origin header set

This commit is contained in:
Manuel 2023-01-15 20:00:00 +01:00
parent d38cb1f9db
commit 24a9cdc8cf
Signed by: SunRed
GPG Key ID: 4085037435E1F07A
3 changed files with 33 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/database.v
View File

@ -2,7 +2,7 @@ module main
[table: 'Score'] [table: 'Score']
struct ScoreRes { struct ScoreRes {
pub mut: mut:
id i64 [primary; sql: serial] id i64 [primary; sql: serial]
player string [nonull] player string [nonull]
score int [nonull] score int [nonull]
@ -19,9 +19,9 @@ fn (mut app App) insert_score(score ScoreRes) ScoreRes {
sql app.db { sql app.db {
insert score into ScoreRes insert score into ScoreRes
} }
last_row_id := app.db.last_insert_rowid() last_id := app.db.last_id() as int
return sql app.db { return sql app.db {
select from ScoreRes where id == last_row_id select from ScoreRes where id == last_id
} }
} }

5
src/main.v
View File

@ -7,10 +7,11 @@ import os
struct App { struct App {
vweb.Context vweb.Context
pub mut: mut:
db sqlite.DB
config shared Config config shared Config
is_admin bool is_admin bool
pub mut:
db sqlite.DB
} }
fn main() { fn main() {

48
src/web.v
View File

@ -69,27 +69,6 @@ pub fn (mut app App) score_submit() vweb.Result {
return app.json(score) return app.json(score)
} }
pub fn (mut app App) add_cors_headers() {
origin := app.get_header('origin')
mut origins := []string{}
rlock app.config {
origins = app.config.origins.clone()
}
default_origin := origins[0] or { '*' }
allowed_origin := if origins.any(it == origin) { origin } else { default_origin }
app.add_header('Access-Control-Allow-Origin', allowed_origin)
app.add_header('Access-Control-Allow-Methods', 'OPTIONS, HEAD, GET, POST')
app.add_header('Access-Control-Allow-Headers', 'Authorization, Content-Type')
app.add_header('Access-Control-Max-Age', '86400')
}
pub fn (mut app App) handle_cors() vweb.Result {
app.set_status(204, '')
app.add_cors_headers()
return app.ok('')
}
['/api/v1/score/list'; options] ['/api/v1/score/list'; options]
pub fn (mut app App) handle_score_list_cors() vweb.Result { pub fn (mut app App) handle_score_list_cors() vweb.Result {
return app.handle_cors() return app.handle_cors()
@ -100,6 +79,33 @@ pub fn (mut app App) handle_score_submit_cors() vweb.Result {
return app.handle_cors() return app.handle_cors()
} }
fn (mut app App) handle_cors() vweb.Result {
app.set_status(204, '')
app.add_cors_headers()
return app.ok('')
}
fn (mut app App) add_cors_headers() {
origin := app.get_header('origin')
// Only return headers if actual cross-origin request
if origin.len == 0 {
return
}
rlock app.config {
origins := app.config.origins
default_origin := origins[0] or { '*' }
allowed_origin := if origins.any(it == origin) { origin } else { default_origin }
app.add_header('Access-Control-Allow-Origin', allowed_origin)
}
app.add_header('Access-Control-Allow-Methods', 'OPTIONS, HEAD, GET, POST')
app.add_header('Access-Control-Allow-Headers', 'Authorization, Content-Type')
app.add_header('Access-Control-Max-Age', '86400')
}
fn (mut app App) auth() bool { fn (mut app App) auth() bool {
auth_header := app.get_header('Authorization') auth_header := app.get_header('Authorization')
token := auth_header.after('Bearer ') token := auth_header.after('Bearer ')