Add better cors for core

2023-11-24 01:10:33 +01:00 · 2023-11-24 01:10:33 +01:00 · 9f64075f5a
commit 9f64075f5a
parent 32c75ad73a
5 changed files with 39 additions and 7 deletions
--- a/emgauwa-core/src/main.rs
+++ b/emgauwa-core/src/main.rs
@ -1,4 +1,5 @@
 use std::str::FromStr;
+use actix_cors::Cors;

 use actix_web::middleware::TrailingSlash;
 use actix_web::{middleware, web, App, HttpServer};
@ -12,7 +13,7 @@ mod settings;
 async fn main() -> std::io::Result<()> {
 	let settings = settings::init();

-	let log_level: LevelFilter = log::LevelFilter::from_str(&settings.logging.level)
+	let log_level: LevelFilter = LevelFilter::from_str(&settings.logging.level)
 		.unwrap_or_else(|_| panic!("Error parsing log level."));
 	trace!("Log level set to {:?}", log_level);

@ -25,13 +26,22 @@ async fn main() -> std::io::Result<()> {

 	log::info!("Starting server on {}:{}", settings.host, settings.port);
 	HttpServer::new(move || {
+
+		let cors = Cors::default()
+			.allow_any_method()
+			.allow_any_header()
+			.max_age(3600);
+
+		let origins = settings.origins.clone();
+		let cors = match settings.origins.is_empty() {
+			true => cors.allow_any_origin(),
+			false => cors.allowed_origin_fn(move |origin, _req_head| {
+				origins.contains(&origin.to_str().unwrap_or_default().to_string())
+			}),
+		};
+
 		App::new()
-			.wrap(
-				middleware::DefaultHeaders::new()
-					.add(("Access-Control-Allow-Origin", "*"))
-					.add(("Access-Control-Allow-Headers", "*"))
-					.add(("Access-Control-Allow-Methods", "*")),
-			)
+			.wrap(cors)
 			.wrap(middleware::Logger::default())
 			.wrap(middleware::NormalizePath::new(TrailingSlash::Trim))
 			.app_data(web::JsonConfig::default().error_handler(handlers::json_error_handler))