Skip to content

Commit

Permalink
fix: enable CORS with hot-reloaded origins (#3601)
Browse files Browse the repository at this point in the history
  • Loading branch information
zepatrik authored Aug 16, 2023
1 parent a547a74 commit 6f592fc
Show file tree
Hide file tree
Showing 4 changed files with 376 additions and 60 deletions.
34 changes: 19 additions & 15 deletions cmd/server/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (

"github.com/ory/x/servicelocatorx"

"github.com/ory/x/corsx"
"github.com/ory/x/httprouterx"

"github.com/ory/analytics-go/v5"
Expand Down Expand Up @@ -50,24 +49,29 @@ import (

var _ = &consent.Handler{}

func EnhanceMiddleware(ctx context.Context, sl *servicelocatorx.Options, d driver.Registry, n *negroni.Negroni, address string, router *httprouter.Router, enableCORS bool, iface config.ServeInterface) http.Handler {
func EnhanceMiddleware(ctx context.Context, sl *servicelocatorx.Options, d driver.Registry, n *negroni.Negroni, address string, router *httprouter.Router, iface config.ServeInterface) http.Handler {
if !networkx.AddressIsUnixSocket(address) {
n.UseFunc(x.RejectInsecureRequests(d, d.Config().TLS(ctx, iface)))
}

for _, mw := range sl.HTTPMiddlewares() {
n.UseFunc(mw)
}
n.UseFunc(func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
cfg, enabled := d.Config().CORS(r.Context(), iface)
if !enabled {
next(w, r)
return
}
cors.New(cfg).ServeHTTP(w, r, next)
})

n.UseHandler(router)
corsx.ContextualizedMiddleware(func(ctx context.Context) (opts cors.Options, enabled bool) {
return d.Config().CORS(ctx, iface)
})

return n
}

func isDSNAllowed(ctx context.Context, r driver.Registry) {
func ensureNoMemoryDSN(r driver.Registry) {
if r.Config().DSN() == "memory" {
r.Logger().Fatalf(`When using "hydra serve admin" or "hydra serve public" the DSN can not be set to "memory".`)
}
Expand All @@ -78,11 +82,11 @@ func RunServeAdmin(slOpts []servicelocatorx.Option, dOpts []driver.OptionsModifi
ctx := cmd.Context()
sl := servicelocatorx.NewOptions(slOpts...)

d, err := driver.New(cmd.Context(), sl, append(dOpts, driver.WithOptions(configx.WithFlags(cmd.Flags()))))
d, err := driver.New(cmd.Context(), sl, append(dOpts, driver.WithOptions(append(cOpts, configx.WithFlags(cmd.Flags()))...)))
if err != nil {
return err
}
isDSNAllowed(ctx, d)
ensureNoMemoryDSN(d)

admin, _, adminmw, _ := setup(ctx, d, cmd)
d.PrometheusManager().RegisterRouter(admin.Router)
Expand All @@ -96,7 +100,7 @@ func RunServeAdmin(slOpts []servicelocatorx.Option, dOpts []driver.OptionsModifi
cmd,
&wg,
config.AdminInterface,
EnhanceMiddleware(ctx, sl, d, adminmw, d.Config().ListenOn(config.AdminInterface), admin.Router, true, config.AdminInterface),
EnhanceMiddleware(ctx, sl, d, adminmw, d.Config().ListenOn(config.AdminInterface), admin.Router, config.AdminInterface),
d.Config().ListenOn(config.AdminInterface),
d.Config().SocketPermission(config.AdminInterface),
)
Expand All @@ -111,11 +115,11 @@ func RunServePublic(slOpts []servicelocatorx.Option, dOpts []driver.OptionsModif
ctx := cmd.Context()
sl := servicelocatorx.NewOptions(slOpts...)

d, err := driver.New(cmd.Context(), sl, append(dOpts, driver.WithOptions(configx.WithFlags(cmd.Flags()))))
d, err := driver.New(cmd.Context(), sl, append(dOpts, driver.WithOptions(append(cOpts, configx.WithFlags(cmd.Flags()))...)))
if err != nil {
return err
}
isDSNAllowed(ctx, d)
ensureNoMemoryDSN(d)

_, public, _, publicmw := setup(ctx, d, cmd)
d.PrometheusManager().RegisterRouter(public.Router)
Expand All @@ -129,7 +133,7 @@ func RunServePublic(slOpts []servicelocatorx.Option, dOpts []driver.OptionsModif
cmd,
&wg,
config.PublicInterface,
EnhanceMiddleware(ctx, sl, d, publicmw, d.Config().ListenOn(config.PublicInterface), public.Router, false, config.PublicInterface),
EnhanceMiddleware(ctx, sl, d, publicmw, d.Config().ListenOn(config.PublicInterface), public.Router, config.PublicInterface),
d.Config().ListenOn(config.PublicInterface),
d.Config().SocketPermission(config.PublicInterface),
)
Expand All @@ -144,7 +148,7 @@ func RunServeAll(slOpts []servicelocatorx.Option, dOpts []driver.OptionsModifier
ctx := cmd.Context()
sl := servicelocatorx.NewOptions(slOpts...)

d, err := driver.New(cmd.Context(), sl, append(dOpts, driver.WithOptions(configx.WithFlags(cmd.Flags()))))
d, err := driver.New(cmd.Context(), sl, append(dOpts, driver.WithOptions(append(cOpts, configx.WithFlags(cmd.Flags()))...)))
if err != nil {
return err
}
Expand All @@ -163,7 +167,7 @@ func RunServeAll(slOpts []servicelocatorx.Option, dOpts []driver.OptionsModifier
cmd,
&wg,
config.PublicInterface,
EnhanceMiddleware(ctx, sl, d, publicmw, d.Config().ListenOn(config.PublicInterface), public.Router, false, config.PublicInterface),
EnhanceMiddleware(ctx, sl, d, publicmw, d.Config().ListenOn(config.PublicInterface), public.Router, config.PublicInterface),
d.Config().ListenOn(config.PublicInterface),
d.Config().SocketPermission(config.PublicInterface),
)
Expand All @@ -174,7 +178,7 @@ func RunServeAll(slOpts []servicelocatorx.Option, dOpts []driver.OptionsModifier
cmd,
&wg,
config.AdminInterface,
EnhanceMiddleware(ctx, sl, d, adminmw, d.Config().ListenOn(config.AdminInterface), admin.Router, true, config.AdminInterface),
EnhanceMiddleware(ctx, sl, d, adminmw, d.Config().ListenOn(config.AdminInterface), admin.Router, config.AdminInterface),
d.Config().ListenOn(config.AdminInterface),
d.Config().SocketPermission(config.AdminInterface),
)
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ require (
github.com/ory/hydra-client-go/v2 v2.1.1
github.com/ory/jsonschema/v3 v3.0.8
github.com/ory/kratos-client-go v0.13.1
github.com/ory/x v0.0.577
github.com/ory/x v0.0.580
github.com/pborman/uuid v1.2.1
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.16.0
Expand Down
Loading

0 comments on commit 6f592fc

Please sign in to comment.