cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Allow CORS policy to be configured (#485)

Browse source
This commit is contained in:
Kory Prince 2023-11-16 04:08:25 -06:00 committed by GitHub
parent b0be181b1f
commit dd5b1ca368
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

25
pkg/op/op.go
View file

@ -90,9 +90,19 @@ type OpenIDProvider interface {
type HttpInterceptor func(http.Handler) http.Handler type HttpInterceptor func(http.Handler) http.Handler
type corsOptioner interface {
CORSOptions() *cors.Options
}
func CreateRouter(o OpenIDProvider, interceptors ...HttpInterceptor) *mux.Router { func CreateRouter(o OpenIDProvider, interceptors ...HttpInterceptor) *mux.Router {
router := mux.NewRouter() router := mux.NewRouter()
if co, ok := o.(corsOptioner); ok {
if opts := co.CORSOptions(); opts != nil {
router.Use(cors.New(*opts).Handler)
}
} else {
router.Use(cors.New(defaultCORSOptions).Handler) router.Use(cors.New(defaultCORSOptions).Handler)
}
router.Use(intercept(o.IssuerFromRequest, interceptors...)) router.Use(intercept(o.IssuerFromRequest, interceptors...))
router.HandleFunc(healthEndpoint, healthHandler) router.HandleFunc(healthEndpoint, healthHandler)
router.HandleFunc(readinessEndpoint, readyHandler(o.Probes())) router.HandleFunc(readinessEndpoint, readyHandler(o.Probes()))
@ -186,6 +196,7 @@ func newProvider(config *Config, storage Storage, issuer func(bool) (IssuerFromR
storage: storage, storage: storage,
endpoints: DefaultEndpoints, endpoints: DefaultEndpoints,
timer: make(<-chan time.Time), timer: make(<-chan time.Time),
corsOpts: &defaultCORSOptions,
} }
for _, optFunc := range opOpts { for _, optFunc := range opOpts {
@ -229,6 +240,7 @@ type Provider struct {
timer <-chan time.Time timer <-chan time.Time
accessTokenVerifierOpts []AccessTokenVerifierOpt accessTokenVerifierOpts []AccessTokenVerifierOpt
idTokenHintVerifierOpts []IDTokenHintVerifierOpt idTokenHintVerifierOpts []IDTokenHintVerifierOpt
corsOpts *cors.Options
} }
func (o *Provider) IssuerFromRequest(r *http.Request) string { func (o *Provider) IssuerFromRequest(r *http.Request) string {
@ -387,6 +399,10 @@ func (o *Provider) Probes() []ProbesFn {
} }
} }
func (o *Provider) CORSOptions() *cors.Options {
return o.corsOpts
}
func (o *Provider) HttpHandler() http.Handler { func (o *Provider) HttpHandler() http.Handler {
return o.httpHandler return o.httpHandler
} }
@ -534,12 +550,19 @@ func WithIDTokenHintVerifierOpts(opts ...IDTokenHintVerifierOpt) Option {
} }
} }
func WithCORSOptions(opts *cors.Options) Option {
return func(o *Provider) error {
o.corsOpts = opts
return nil
}
}
func intercept(i IssuerFromRequest, interceptors ...HttpInterceptor) func(handler http.Handler) http.Handler { func intercept(i IssuerFromRequest, interceptors ...HttpInterceptor) func(handler http.Handler) http.Handler {
issuerInterceptor := NewIssuerInterceptor(i) issuerInterceptor := NewIssuerInterceptor(i)
return func(handler http.Handler) http.Handler { return func(handler http.Handler) http.Handler {
for i := len(interceptors) - 1; i >= 0; i-- { for i := len(interceptors) - 1; i >= 0; i-- {
handler = interceptors[i](handler) handler = interceptors[i](handler)
} }
return cors.New(defaultCORSOptions).Handler(issuerInterceptor.Handler(handler)) return issuerInterceptor.Handler(handler)
} }
} }