cors for api

This commit is contained in:
Evert Prants 2022-09-15 19:21:05 +03:00
parent 70fd84dd0f
commit bfdfb2550c
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
8 changed files with 34 additions and 6 deletions

14
package-lock.json generated
View File

@ -21,6 +21,7 @@
"class-validator": "^0.13.2",
"connect-redis": "^6.1.3",
"cookie-parser": "^1.4.6",
"cors": "^2.8.5",
"cropperjs": "^1.5.12",
"csrf": "^3.1.0",
"dotenv": "^16.0.1",
@ -55,6 +56,7 @@
"@types/bcrypt": "^5.0.0",
"@types/connect-redis": "^0.0.18",
"@types/cookie-parser": "^1.4.3",
"@types/cors": "^2.8.12",
"@types/express": "^4.17.13",
"@types/express-session": "^1.17.5",
"@types/express-useragent": "^1.0.2",
@ -3407,6 +3409,12 @@
"integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==",
"dev": true
},
"node_modules/@types/cors": {
"version": "2.8.12",
"resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz",
"integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
"dev": true
},
"node_modules/@types/eslint": {
"version": "8.4.1",
"resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz",
@ -15128,6 +15136,12 @@
"integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==",
"dev": true
},
"@types/cors": {
"version": "2.8.12",
"resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz",
"integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
"dev": true
},
"@types/eslint": {
"version": "8.4.1",
"resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz",

View File

@ -36,6 +36,7 @@
"class-validator": "^0.13.2",
"connect-redis": "^6.1.3",
"cookie-parser": "^1.4.6",
"cors": "^2.8.5",
"cropperjs": "^1.5.12",
"csrf": "^3.1.0",
"dotenv": "^16.0.1",
@ -70,6 +71,7 @@
"@types/bcrypt": "^5.0.0",
"@types/connect-redis": "^0.0.18",
"@types/cookie-parser": "^1.4.3",
"@types/cors": "^2.8.12",
"@types/express": "^4.17.13",
"@types/express-session": "^1.17.5",
"@types/express-useragent": "^1.0.2",

View File

@ -16,6 +16,7 @@ dotenv.config();
async function bootstrap() {
const app = await NestFactory.create<NestExpressApplication>(AppModule);
app.enableCors({ origin: false });
const config = app.get(ConfigurationService);
const docBuilder = new DocumentBuilder()

View File

@ -25,7 +25,7 @@ import { AuditAdminController } from './audit-admin.controller';
OAuth2Module,
MulterModule.registerAsync({
imports: [ConfigurationModule],
useFactory: async (config: ConfigurationService) => {
useFactory: async () => {
return {
storage: multer.diskStorage({
destination: (req, file, cb) => {

View File

@ -1,4 +1,5 @@
import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
import * as cors from 'cors';
import { ConfigurationModule } from '../config/config.module';
import { JWTModule } from '../jwt/jwt.module';
import { OAuth2Module } from '../oauth2/oauth2.module';
@ -18,9 +19,12 @@ import { ApiController } from './api.controller';
],
})
export class ApiModule implements NestModule {
private corsOpts = cors({ origin: true, credentials: true });
constructor(private _service: OAuth2Service) {}
configure(consumer: MiddlewareConsumer) {
consumer.apply(this._service.oauth.express()).forRoutes('/api*');
consumer.apply(this.corsOpts).forRoutes(ApiController);
}
}

View File

@ -69,9 +69,9 @@ export class OAuth2Service {
public clientService: OAuth2ClientService,
public tokenService: OAuth2TokenService,
) {
// if (process.env.NODE_ENV === 'development') {
// this.oauth.logger.setLogLevel('debug');
// }
if (process.env.NODE_ENV === 'development') {
this.oauth.logger.setLogLevel('debug');
}
}
public splitScope(scope: string | string[]): string[] {

View File

@ -65,7 +65,6 @@ export class OAuth2Controller {
}
// User information endpoint
// TODO: Move to API
@ApiBearerAuth()
@Get('user')

View File

@ -1,4 +1,5 @@
import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
// import * as cors from 'cors';
import { AuthMiddleware } from 'src/middleware/auth.middleware';
import { CSRFMiddleware } from 'src/middleware/csrf.middleware';
import { UserMiddleware } from 'src/middleware/user.middleware';
@ -13,10 +14,11 @@ import { OAuth2Controller } from './oauth2-router.controller';
imports: [OAuth2Module, UserModule],
})
export class OAuth2RouterModule implements NestModule {
// private corsOpts = cors({ origin: true, credentials: true });
constructor(private _service: OAuth2Service) {}
configure(consumer: MiddlewareConsumer) {
consumer.apply(this._service.oauth.express()).forRoutes('oauth2/*');
consumer
.apply(
CSRFMiddleware,
@ -25,5 +27,11 @@ export class OAuth2RouterModule implements NestModule {
ValidateCSRFMiddleware,
)
.forRoutes('oauth2/authorize');
// consumer
// .apply(this.corsOpts)
// .forRoutes('oauth2/token', 'oauth2/introspect', 'oauth2/user');
consumer.apply(this._service.oauth.express()).forRoutes(OAuth2Controller);
}
}