feat: enable cors in nginx (#276)

* feat: enable cors in nginx * chore: update * chore: fix ci
2024-01-29 13:14:50 +08:00 · 2024-01-29 13:14:50 +08:00 · e1b35a1a24
parent 56615e2274
commit e1b35a1a24
8 changed files with 44 additions and 17 deletions
--- a/.github/workflows/integration_test.yml
+++ b/.github/workflows/integration_test.yml
@ -43,6 +43,12 @@ jobs:
          # expose port for sqlx tests
          sed -i '38s/$/\n    ports:\n      - 5432:5432/' docker-compose.yml

+      - name: Update Nginx Configuration
+        run: |
+          # the wasm-pack headless tests will run on random ports, so we need to allow all origins
+          sed -i 's/http:\/\/127\.0\.0\.1:8000/http:\/\/127.0.0.1/g' nginx/nginx.conf
+        
+
      - name: Disable appflowyinc images
        run: |
          sed -i '/image: appflowyinc\/appflowy_cloud:/d' docker-compose.yml
--- a/libs/client-api-test-util/src/client.rs
+++ b/libs/client-api-test-util/src/client.rs
@ -24,6 +24,7 @@ lazy_static! {
    Cow::Owned("http://localhost/gotrue".to_string());
 }

+#[allow(dead_code)]
 fn get_env_var<'default>(key: &str, default: &'default str) -> Cow<'default, str> {
  dotenv().ok();
  match env::var(key) {
--- a/libs/client-api/src/wasm/ping.rs
+++ b/libs/client-api/src/wasm/ping.rs
@ -1,5 +1,4 @@
-use crate::platform_spawn;
-use crate::ws::{ConnectState, ConnectStateNotify};
+use crate::ws::ConnectStateNotify;
 use std::sync::Arc;
 use std::time::Duration;
 use tokio::sync::broadcast::Sender;
--- a/libs/wasm-test/README.md
+++ b/libs/wasm-test/README.md
@ -1,12 +1,12 @@

 ## Run test

-before running the test, it requires to install the [chrome driver](https://chromedriver.chromium.org/downloads).
-for mac user, you can install it by brew.
-
-```shell
-brew install chromedriver
-```
+> Before executing the test, you need to install the [Chrome Driver](https://chromedriver.chromium.org/downloads). If
+> you are using a Mac, you can easily install it using Homebrew.
+>
+> ```shell
+> brew install chromedriver
+> ```

 then run the test

--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -60,11 +60,36 @@ http {
        }

        # AppFlowy-Cloud
+        # created a separate location block for handling CORS preflight (OPTIONS) requests specifically for the /api endpoint.
+        location = /api/options {
+            if ($http_origin ~* (http://127.0.0.1:8000)) {
+                add_header 'Access-Control-Allow-Origin' $http_origin;
+            }
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE, PATCH';
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version';
+            add_header 'Access-Control-Max-Age' 3600;
+            add_header 'Content-Type' 'text/plain; charset=utf-8';
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+
        location /api {
            set $appflowy_cloud appflowy_cloud;
            proxy_pass http://$appflowy_cloud:8000;

            proxy_set_header X-Request-Id $request_id;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Set CORS headers for other requests
+            if ($http_origin ~* (http://127.0.0.1:8000)) {
+                add_header 'Access-Control-Allow-Origin' $http_origin always;
+            }
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version' always;
+            add_header 'Access-Control-Max-Age' 3600 always;
        }

        # Minio Web UI
@ -110,7 +135,7 @@ http {
        }

        # Portainer
-	# Optional Module, comment this section if you are did not deploy portainer in docker-compose.yml
+	    # Optional Module, comment this section if you are did not deploy portainer in docker-compose.yml
        location /portainer/ {
            set $portainer portainer;
            proxy_pass http://$portainer:9000;
@ -119,7 +144,7 @@ http {
        }

        # Admin Frontend
-	# Optional Module, comment this section if you are did not deploy admin_frontend in docker-compose.yml
+	    # Optional Module, comment this section if you are did not deploy admin_frontend in docker-compose.yml
        location / {
            set $admin_frontend admin_frontend;
            proxy_pass http://$admin_frontend:3000;
--- a/src/application.rs
+++ b/src/application.rs
@ -3,7 +3,6 @@ use crate::biz::casbin::adapter::PgAdapter;
 use crate::biz::casbin::MODEL_CONF;
 use crate::component::auth::HEADER_TOKEN;
 use crate::config::config::{Config, DatabaseSetting, GoTrueSetting, S3Setting};
-use crate::middleware::cors_mw::default_cors;
 use crate::middleware::request_id::RequestIdMiddleware;
 use crate::self_signed::create_self_signed_certificate;
 use crate::state::AppState;
@ -119,7 +118,6 @@ pub async fn run(
          .cookie_name(HEADER_TOKEN.to_string())
          .build(),
      )
-      .wrap(default_cors())
      // .wrap(DecryptPayloadMiddleware)
      .wrap(RequestIdMiddleware)
      .wrap(access_control.clone())
--- a/src/middleware/cors_mw.rs
+++ b/src/middleware/cors_mw.rs
@ -1,10 +1,8 @@
 use actix_cors::Cors;
 use actix_web::http;

-// https://javascript.info/fetch-crossorigin#cors-for-safe-requests
-// https://docs.rs/actix-cors/0.5.4/actix_cors/index.html
-// http://www.ruanyifeng.com/blog/2016/04/cors.html
-// Cors short for Cross-Origin Resource Sharing.
+// Deprecated
+// AppFlowy Cloud uses nginx to configure CORS
 pub fn default_cors() -> Cors {
  Cors::default() // allowed_origin return access-control-allow-origin: * by default
    .allow_any_origin()
--- a/src/middleware/mod.rs
+++ b/src/middleware/mod.rs
@ -1,5 +1,5 @@
 pub mod access_control_mw;
-pub mod cors_mw;
+// pub mod cors_mw;
 pub mod encrypt_mw;
 pub mod metrics_mw;
 pub mod request_id;