@rpcbase/server 0.212.0 → 0.213.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/boot/index.js +0 -3
- package/express/custom_cors.js +74 -0
- package/express/index.js +2 -49
- package/package.json +1 -1
- package/src/sessions/index.js +0 -2
package/boot/index.js
CHANGED
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
/* @flow */
|
|
2
|
+
const debug = require("debug")
|
|
3
|
+
const cors = require("cors")
|
|
4
|
+
|
|
5
|
+
const is_production = process.env.IS_PRODUCTION === "yes"
|
|
6
|
+
|
|
7
|
+
const {RB_SKIP_CORS_PATHS, APP_DOMAIN, CLIENT_PORT} = process.env
|
|
8
|
+
|
|
9
|
+
const custom_cors = (app) => {
|
|
10
|
+
|
|
11
|
+
const skip_paths = (RB_SKIP_CORS_PATHS || "").split(",")
|
|
12
|
+
|
|
13
|
+
// CORS
|
|
14
|
+
const cors_origins = is_production ?
|
|
15
|
+
// https://stackoverflow.com/questions/14003332/access-control-allow-origin-wildcard-subdomains-ports-and-protocols
|
|
16
|
+
// production
|
|
17
|
+
[
|
|
18
|
+
`https://www.${APP_DOMAIN}`,
|
|
19
|
+
`https://${APP_DOMAIN}`,
|
|
20
|
+
`https://admin.${APP_DOMAIN}`,
|
|
21
|
+
// This is used for the posthog player to retrieve the css and assets files
|
|
22
|
+
`https://app.posthog.com`,
|
|
23
|
+
`https://eu.posthog.com`,
|
|
24
|
+
] :
|
|
25
|
+
// local dev origins
|
|
26
|
+
// TODO: fixme, make this dynamic!
|
|
27
|
+
[
|
|
28
|
+
`http://127.0.0.1:${CLIENT_PORT}`,
|
|
29
|
+
`http://localhost:${CLIENT_PORT}`,
|
|
30
|
+
// `http://192.168.1.83:${CLIENT_PORT}`,
|
|
31
|
+
// `http://192.168.1.140:${CLIENT_PORT}`,
|
|
32
|
+
`http://admin.localhost:${CLIENT_PORT}`,
|
|
33
|
+
// TODO: WARNING: TMP hardcoded port
|
|
34
|
+
"http://127.0.0.1:8090", // TMP: used by inspected app from admin
|
|
35
|
+
"http://127.0.0.1:8091", // TMP: used by inspected app from admin
|
|
36
|
+
"http://127.0.0.1:9292", // TMP
|
|
37
|
+
// disgusting, sort this out
|
|
38
|
+
"http://localhost:8090", // TMP: used by inspected app from admin
|
|
39
|
+
"http://localhost:8091", // TMP: used by inspected app from admin
|
|
40
|
+
"http://localhost:9292", // TMP
|
|
41
|
+
// posthog
|
|
42
|
+
`https://app.posthog.com`,
|
|
43
|
+
`https://eu.posthog.com`,
|
|
44
|
+
]
|
|
45
|
+
|
|
46
|
+
if (APP_DOMAIN) {
|
|
47
|
+
cors_origins.push(`http://${APP_DOMAIN}`)
|
|
48
|
+
cors_origins.push(`https://${APP_DOMAIN}`)
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
|
|
52
|
+
console.log("setting up cors with origins", JSON.stringify(cors_origins))
|
|
53
|
+
|
|
54
|
+
const cors_middleware = cors({
|
|
55
|
+
origin: cors_origins,
|
|
56
|
+
methods: ["GET", "POST"],
|
|
57
|
+
credentials: true // IMPORTANT: required to enable set-cookie
|
|
58
|
+
})
|
|
59
|
+
|
|
60
|
+
app.use((req, res, next) => {
|
|
61
|
+
for (const skip_path of skip_paths) {
|
|
62
|
+
if (req.url.startsWith(skip_path)) {
|
|
63
|
+
console.log("SKIPPING CORS FOR:", req.url)
|
|
64
|
+
next()
|
|
65
|
+
return
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
cors_middleware(req, res, next)
|
|
70
|
+
})
|
|
71
|
+
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
module.exports = custom_cors
|
package/express/index.js
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
/* @flow */
|
|
2
2
|
const debug = require("debug")
|
|
3
|
-
const cors = require("cors")
|
|
4
3
|
const express = require("express")
|
|
5
4
|
const body_parser = require("body-parser")
|
|
6
5
|
const request_ip = require("request-ip")
|
|
@@ -10,7 +9,7 @@ const auth = require("../src/auth")
|
|
|
10
9
|
const sessions = require("../src/sessions")
|
|
11
10
|
|
|
12
11
|
const dev_save_coverage = require("./dev_save_coverage")
|
|
13
|
-
|
|
12
|
+
const custom_cors = require("./custom_cors")
|
|
14
13
|
|
|
15
14
|
const log = debug("rb:server")
|
|
16
15
|
|
|
@@ -43,53 +42,7 @@ module.exports = () => {
|
|
|
43
42
|
next()
|
|
44
43
|
})
|
|
45
44
|
|
|
46
|
-
|
|
47
|
-
// CORS
|
|
48
|
-
const cors_origins = is_production ?
|
|
49
|
-
// https://stackoverflow.com/questions/14003332/access-control-allow-origin-wildcard-subdomains-ports-and-protocols
|
|
50
|
-
// production
|
|
51
|
-
[
|
|
52
|
-
`https://www.${APP_DOMAIN}`,
|
|
53
|
-
`https://${APP_DOMAIN}`,
|
|
54
|
-
`https://admin.${APP_DOMAIN}`,
|
|
55
|
-
`https://app.posthog.com`,
|
|
56
|
-
`https://eu.posthog.com`,
|
|
57
|
-
] :
|
|
58
|
-
// local dev origins
|
|
59
|
-
// TODO: fixme, make this dynamic!
|
|
60
|
-
[
|
|
61
|
-
`http://127.0.0.1:${CLIENT_PORT}`,
|
|
62
|
-
`http://localhost:${CLIENT_PORT}`,
|
|
63
|
-
// `http://192.168.1.83:${CLIENT_PORT}`,
|
|
64
|
-
// `http://192.168.1.140:${CLIENT_PORT}`,
|
|
65
|
-
`http://admin.localhost:${CLIENT_PORT}`,
|
|
66
|
-
// TODO: WARNING: TMP hardcoded port
|
|
67
|
-
"http://127.0.0.1:8090", // TMP: used by inspected app from admin
|
|
68
|
-
"http://127.0.0.1:8091", // TMP: used by inspected app from admin
|
|
69
|
-
"http://127.0.0.1:9292", // TMP
|
|
70
|
-
// disgusting, sort this out
|
|
71
|
-
"http://localhost:8090", // TMP: used by inspected app from admin
|
|
72
|
-
"http://localhost:8091", // TMP: used by inspected app from admin
|
|
73
|
-
"http://localhost:9292", // TMP
|
|
74
|
-
// posthog
|
|
75
|
-
`https://app.posthog.com`,
|
|
76
|
-
`https://eu.posthog.com`,
|
|
77
|
-
]
|
|
78
|
-
|
|
79
|
-
if (APP_DOMAIN) {
|
|
80
|
-
cors_origins.push(`http://${APP_DOMAIN}`)
|
|
81
|
-
cors_origins.push(`https://${APP_DOMAIN}`)
|
|
82
|
-
}
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
log("setting up cors with origins", JSON.stringify(cors_origins))
|
|
86
|
-
|
|
87
|
-
app.use(cors({
|
|
88
|
-
origin: cors_origins,
|
|
89
|
-
methods: ["GET", "POST"],
|
|
90
|
-
credentials: true // IMPORTANT: required to enable set-cookie
|
|
91
|
-
}))
|
|
92
|
-
|
|
45
|
+
custom_cors(app)
|
|
93
46
|
|
|
94
47
|
sessions(app)
|
|
95
48
|
|
package/package.json
CHANGED