IcyNetwork
/
icynet-auth-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cors for api

This commit is contained in:
Evert Prants 2022-09-15 19:21:05 +03:00
parent 70fd84dd0f
commit bfdfb2550c
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
8 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
package-lock.json generated
View File

@ -21,6 +21,7 @@
"class-validator": "^0.13.2", "class-validator": "^0.13.2",
"connect-redis": "^6.1.3", "connect-redis": "^6.1.3",
"cookie-parser": "^1.4.6", "cookie-parser": "^1.4.6",
"cors": "^2.8.5",
"cropperjs": "^1.5.12", "cropperjs": "^1.5.12",
"csrf": "^3.1.0", "csrf": "^3.1.0",
"dotenv": "^16.0.1", "dotenv": "^16.0.1",
@ -55,6 +56,7 @@
"@types/bcrypt": "^5.0.0", "@types/bcrypt": "^5.0.0",
"@types/connect-redis": "^0.0.18", "@types/connect-redis": "^0.0.18",
"@types/cookie-parser": "^1.4.3", "@types/cookie-parser": "^1.4.3",
"@types/cors": "^2.8.12",
"@types/express": "^4.17.13", "@types/express": "^4.17.13",
"@types/express-session": "^1.17.5", "@types/express-session": "^1.17.5",
"@types/express-useragent": "^1.0.2", "@types/express-useragent": "^1.0.2",
@ -3407,6 +3409,12 @@
"integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==", "integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==",
"dev": true "dev": true
}, },
"node_modules/@types/cors": {
"version": "2.8.12",
"resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz",
"integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
"dev": true
},
"node_modules/@types/eslint": { "node_modules/@types/eslint": {
"version": "8.4.1", "version": "8.4.1",
"resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz", "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz",
@ -15128,6 +15136,12 @@
"integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==", "integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==",
"dev": true "dev": true
}, },
"@types/cors": {
"version": "2.8.12",
"resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz",
"integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
"dev": true
},
"@types/eslint": { "@types/eslint": {
"version": "8.4.1", "version": "8.4.1",
"resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz", "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz",

2
package.json
View File

@ -36,6 +36,7 @@
"class-validator": "^0.13.2", "class-validator": "^0.13.2",
"connect-redis": "^6.1.3", "connect-redis": "^6.1.3",
"cookie-parser": "^1.4.6", "cookie-parser": "^1.4.6",
"cors": "^2.8.5",
"cropperjs": "^1.5.12", "cropperjs": "^1.5.12",
"csrf": "^3.1.0", "csrf": "^3.1.0",
"dotenv": "^16.0.1", "dotenv": "^16.0.1",
@ -70,6 +71,7 @@
"@types/bcrypt": "^5.0.0", "@types/bcrypt": "^5.0.0",
"@types/connect-redis": "^0.0.18", "@types/connect-redis": "^0.0.18",
"@types/cookie-parser": "^1.4.3", "@types/cookie-parser": "^1.4.3",
"@types/cors": "^2.8.12",
"@types/express": "^4.17.13", "@types/express": "^4.17.13",
"@types/express-session": "^1.17.5", "@types/express-session": "^1.17.5",
"@types/express-useragent": "^1.0.2", "@types/express-useragent": "^1.0.2",

1
src/main.ts
View File

@ -16,6 +16,7 @@ dotenv.config();
async function bootstrap() { async function bootstrap() {
const app = await NestFactory.create<NestExpressApplication>(AppModule); const app = await NestFactory.create<NestExpressApplication>(AppModule);
app.enableCors({ origin: false });
const config = app.get(ConfigurationService); const config = app.get(ConfigurationService);
const docBuilder = new DocumentBuilder() const docBuilder = new DocumentBuilder()

2
src/modules/api/admin/admin.module.ts
View File

@ -25,7 +25,7 @@ import { AuditAdminController } from './audit-admin.controller';
OAuth2Module, OAuth2Module,
MulterModule.registerAsync({ MulterModule.registerAsync({
imports: [ConfigurationModule], imports: [ConfigurationModule],
useFactory: async (config: ConfigurationService) => { useFactory: async () => {
return { return {
storage: multer.diskStorage({ storage: multer.diskStorage({
destination: (req, file, cb) => { destination: (req, file, cb) => {

4
src/modules/api/api.module.ts
View File

@ -1,4 +1,5 @@
import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common'; import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
import * as cors from 'cors';
import { ConfigurationModule } from '../config/config.module'; import { ConfigurationModule } from '../config/config.module';
import { JWTModule } from '../jwt/jwt.module'; import { JWTModule } from '../jwt/jwt.module';
import { OAuth2Module } from '../oauth2/oauth2.module'; import { OAuth2Module } from '../oauth2/oauth2.module';
@ -18,9 +19,12 @@ import { ApiController } from './api.controller';
], ],
}) })
export class ApiModule implements NestModule { export class ApiModule implements NestModule {
private corsOpts = cors({ origin: true, credentials: true });
constructor(private _service: OAuth2Service) {} constructor(private _service: OAuth2Service) {}
configure(consumer: MiddlewareConsumer) { configure(consumer: MiddlewareConsumer) {
consumer.apply(this._service.oauth.express()).forRoutes('/api*'); consumer.apply(this._service.oauth.express()).forRoutes('/api*');
consumer.apply(this.corsOpts).forRoutes(ApiController);
} }
} }

6
src/modules/oauth2/oauth2.service.ts
View File

@ -69,9 +69,9 @@ export class OAuth2Service {
public clientService: OAuth2ClientService, public clientService: OAuth2ClientService,
public tokenService: OAuth2TokenService, public tokenService: OAuth2TokenService,
) { ) {
// if (process.env.NODE_ENV === 'development') { if (process.env.NODE_ENV === 'development') {
// this.oauth.logger.setLogLevel('debug'); this.oauth.logger.setLogLevel('debug');
// } }
} }
public splitScope(scope: string | string[]): string[] { public splitScope(scope: string | string[]): string[] {

1
src/modules/static-front-end/oauth2-router/oauth2-router.controller.ts
View File

@ -65,7 +65,6 @@ export class OAuth2Controller {
} }
// User information endpoint // User information endpoint
// TODO: Move to API
@ApiBearerAuth() @ApiBearerAuth()
@Get('user') @Get('user')

10
src/modules/static-front-end/oauth2-router/oauth2-router.module.ts
View File

@ -1,4 +1,5 @@
import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common'; import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
// import * as cors from 'cors';
import { AuthMiddleware } from 'src/middleware/auth.middleware'; import { AuthMiddleware } from 'src/middleware/auth.middleware';
import { CSRFMiddleware } from 'src/middleware/csrf.middleware'; import { CSRFMiddleware } from 'src/middleware/csrf.middleware';
import { UserMiddleware } from 'src/middleware/user.middleware'; import { UserMiddleware } from 'src/middleware/user.middleware';
@ -13,10 +14,11 @@ import { OAuth2Controller } from './oauth2-router.controller';
imports: [OAuth2Module, UserModule], imports: [OAuth2Module, UserModule],
}) })
export class OAuth2RouterModule implements NestModule { export class OAuth2RouterModule implements NestModule {
// private corsOpts = cors({ origin: true, credentials: true });
constructor(private _service: OAuth2Service) {} constructor(private _service: OAuth2Service) {}
configure(consumer: MiddlewareConsumer) { configure(consumer: MiddlewareConsumer) {
consumer.apply(this._service.oauth.express()).forRoutes('oauth2/*');
consumer consumer
.apply( .apply(
CSRFMiddleware, CSRFMiddleware,
@ -25,5 +27,11 @@ export class OAuth2RouterModule implements NestModule {
ValidateCSRFMiddleware, ValidateCSRFMiddleware,
) )
.forRoutes('oauth2/authorize'); .forRoutes('oauth2/authorize');
// consumer
// .apply(this.corsOpts)
// .forRoutes('oauth2/token', 'oauth2/introspect', 'oauth2/user');
consumer.apply(this._service.oauth.express()).forRoutes(OAuth2Controller);
} }
} }