joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add allowHeaders to Options (#6044)

Browse Source 
* feat: add allowHeaders to Options

This allows developers to use custom headers in their API requests, and they will be accepted by their mounted app.

* refactor: convert allowCrossDomain to generator to add appId in scope

This is necessary as the middleware may run in OPTIONS request that do not contain the appId within the header.

* chore: update Definitions and docs

* fix: update test to use new allowCrossDomain params

* chore: add tests for allowCustomDomain middleware re: allowHeadrs
This commit is contained in:
Omair Vaiyani
2019-09-12 22:03:57 +01:00
committed by Antonio Davi Macedo Coelho de Castro
parent 1361bb3020
commit eef530b1e3
7 changed files with 113 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
src/middlewares.js
View File

@@ -5,6 +5,15 @@ import Config from './Config';
import ClientSDK from './ClientSDK';
import defaultLogger from './logger';
export const DEFAULT_ALLOWED_HEADERS =
'X-Parse-Master-Key, X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, Content-Type, Pragma, Cache-Control';
const getMountForRequest = function(req) {
const mountPathLength = req.originalUrl.length - req.url.length;
const mountPath = req.originalUrl.slice(0, mountPathLength);
return req.protocol + '://' + req.get('host') + mountPath;
};
// Checks that the request is authorized for this app and checks user
// auth too.
// The bodyparser should run before this middleware.
@@ -12,9 +21,7 @@ import defaultLogger from './logger';
// req.config - the Config for this app
// req.auth - the Auth for this request
export function handleParseHeaders(req, res, next) {
var mountPathLength = req.originalUrl.length - req.url.length;
var mountPath = req.originalUrl.slice(0, mountPathLength);
var mount = req.protocol + '://' + req.get('host') + mountPath;
var mount = getMountForRequest(req);
var info = {
appId: req.get('X-Parse-Application-Id'),
@@ -279,23 +286,27 @@ function decodeBase64(str) {
return Buffer.from(str, 'base64').toString();
}
export function allowCrossDomain(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
res.header(
'Access-Control-Allow-Headers',
'X-Parse-Master-Key, X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, Content-Type, Pragma, Cache-Control'
);
res.header(
'Access-Control-Expose-Headers',
'X-Parse-Job-Status-Id, X-Parse-Push-Status-Id'
);
// intercept OPTIONS method
if ('OPTIONS' == req.method) {
res.sendStatus(200);
} else {
next();
}
export function allowCrossDomain(appId) {
return (req, res, next) => {
const config = Config.get(appId, getMountForRequest(req));
let allowHeaders = DEFAULT_ALLOWED_HEADERS;
if (config && config.allowHeaders) {
allowHeaders += `, ${config.allowHeaders.join(', ')}`;
}
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
res.header('Access-Control-Allow-Headers', allowHeaders);
res.header(
'Access-Control-Expose-Headers',
'X-Parse-Job-Status-Id, X-Parse-Push-Status-Id'
);
// intercept OPTIONS method
if ('OPTIONS' == req.method) {
res.sendStatus(200);
} else {
next();
}
};
}
export function allowMethodOverride(req, res, next) {