From e1b35a1a24eb95ae5cda8fad064e897f0fd7f45a Mon Sep 17 00:00:00 2001
From: "Nathan.fooo" <86001920+appflowy@users.noreply.github.com>
Date: Mon, 29 Jan 2024 13:14:50 +0800
Subject: [PATCH] feat: enable cors in nginx (#276)

* feat: enable cors in nginx

* chore: update

* chore: fix ci
---
 .github/workflows/integration_test.yml  |  6 +++++
 libs/client-api-test-util/src/client.rs |  1 +
 libs/client-api/src/wasm/ping.rs        |  3 +--
 libs/wasm-test/README.md                | 12 +++++-----
 nginx/nginx.conf                        | 29 +++++++++++++++++++++++--
 src/application.rs                      |  2 --
 src/middleware/cors_mw.rs               |  6 ++---
 src/middleware/mod.rs                   |  2 +-
 8 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml
index 223b5ef4..7cc574a5 100644
--- a/.github/workflows/integration_test.yml
+++ b/.github/workflows/integration_test.yml
@@ -43,6 +43,12 @@ jobs:
           # expose port for sqlx tests
           sed -i '38s/$/\n    ports:\n      - 5432:5432/' docker-compose.yml
 
+      - name: Update Nginx Configuration
+        run: |
+          # the wasm-pack headless tests will run on random ports, so we need to allow all origins
+          sed -i 's/http:\/\/127\.0\.0\.1:8000/http:\/\/127.0.0.1/g' nginx/nginx.conf
+        
+
       - name: Disable appflowyinc images
         run: |
           sed -i '/image: appflowyinc\/appflowy_cloud:/d' docker-compose.yml
diff --git a/libs/client-api-test-util/src/client.rs b/libs/client-api-test-util/src/client.rs
index 3f7b52f1..10da1a25 100644
--- a/libs/client-api-test-util/src/client.rs
+++ b/libs/client-api-test-util/src/client.rs
@@ -24,6 +24,7 @@ lazy_static! {
     Cow::Owned("http://localhost/gotrue".to_string());
 }
 
+#[allow(dead_code)]
 fn get_env_var<'default>(key: &str, default: &'default str) -> Cow<'default, str> {
   dotenv().ok();
   match env::var(key) {
diff --git a/libs/client-api/src/wasm/ping.rs b/libs/client-api/src/wasm/ping.rs
index 086cb923..eef246af 100644
--- a/libs/client-api/src/wasm/ping.rs
+++ b/libs/client-api/src/wasm/ping.rs
@@ -1,5 +1,4 @@
-use crate::platform_spawn;
-use crate::ws::{ConnectState, ConnectStateNotify};
+use crate::ws::ConnectStateNotify;
 use std::sync::Arc;
 use std::time::Duration;
 use tokio::sync::broadcast::Sender;
diff --git a/libs/wasm-test/README.md b/libs/wasm-test/README.md
index 830054f9..6337619f 100644
--- a/libs/wasm-test/README.md
+++ b/libs/wasm-test/README.md
@@ -1,12 +1,12 @@
 
 ## Run test
 
-before running the test, it requires to install the [chrome driver](https://chromedriver.chromium.org/downloads).
-for mac user, you can install it by brew.
-
-```shell
-brew install chromedriver
-```
+> Before executing the test, you need to install the [Chrome Driver](https://chromedriver.chromium.org/downloads). If
+> you are using a Mac, you can easily install it using Homebrew.
+>
+> ```shell
+> brew install chromedriver
+> ```
 
 then run the test
 
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 04313527..b286c1b3 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -60,11 +60,36 @@ http {
         }
 
         # AppFlowy-Cloud
+        # created a separate location block for handling CORS preflight (OPTIONS) requests specifically for the /api endpoint.
+        location = /api/options {
+            if ($http_origin ~* (http://127.0.0.1:8000)) {
+                add_header 'Access-Control-Allow-Origin' $http_origin;
+            }
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE, PATCH';
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version';
+            add_header 'Access-Control-Max-Age' 3600;
+            add_header 'Content-Type' 'text/plain; charset=utf-8';
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+
         location /api {
             set $appflowy_cloud appflowy_cloud;
             proxy_pass http://$appflowy_cloud:8000;
 
             proxy_set_header X-Request-Id $request_id;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Set CORS headers for other requests
+            if ($http_origin ~* (http://127.0.0.1:8000)) {
+                add_header 'Access-Control-Allow-Origin' $http_origin always;
+            }
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version' always;
+            add_header 'Access-Control-Max-Age' 3600 always;
         }
 
         # Minio Web UI
@@ -110,7 +135,7 @@ http {
         }
 
         # Portainer
-	# Optional Module, comment this section if you are did not deploy portainer in docker-compose.yml
+	    # Optional Module, comment this section if you are did not deploy portainer in docker-compose.yml
         location /portainer/ {
             set $portainer portainer;
             proxy_pass http://$portainer:9000;
@@ -119,7 +144,7 @@ http {
         }
 
         # Admin Frontend
-	# Optional Module, comment this section if you are did not deploy admin_frontend in docker-compose.yml
+	    # Optional Module, comment this section if you are did not deploy admin_frontend in docker-compose.yml
         location / {
             set $admin_frontend admin_frontend;
             proxy_pass http://$admin_frontend:3000;
diff --git a/src/application.rs b/src/application.rs
index d31ed52b..73626f1f 100644
--- a/src/application.rs
+++ b/src/application.rs
@@ -3,7 +3,6 @@ use crate::biz::casbin::adapter::PgAdapter;
 use crate::biz::casbin::MODEL_CONF;
 use crate::component::auth::HEADER_TOKEN;
 use crate::config::config::{Config, DatabaseSetting, GoTrueSetting, S3Setting};
-use crate::middleware::cors_mw::default_cors;
 use crate::middleware::request_id::RequestIdMiddleware;
 use crate::self_signed::create_self_signed_certificate;
 use crate::state::AppState;
@@ -119,7 +118,6 @@ pub async fn run(
           .cookie_name(HEADER_TOKEN.to_string())
           .build(),
       )
-      .wrap(default_cors())
       // .wrap(DecryptPayloadMiddleware)
       .wrap(RequestIdMiddleware)
       .wrap(access_control.clone())
diff --git a/src/middleware/cors_mw.rs b/src/middleware/cors_mw.rs
index 43659d54..faec4c28 100644
--- a/src/middleware/cors_mw.rs
+++ b/src/middleware/cors_mw.rs
@@ -1,10 +1,8 @@
 use actix_cors::Cors;
 use actix_web::http;
 
-// https://javascript.info/fetch-crossorigin#cors-for-safe-requests
-// https://docs.rs/actix-cors/0.5.4/actix_cors/index.html
-// http://www.ruanyifeng.com/blog/2016/04/cors.html
-// Cors short for Cross-Origin Resource Sharing.
+// Deprecated
+// AppFlowy Cloud uses nginx to configure CORS
 pub fn default_cors() -> Cors {
   Cors::default() // allowed_origin return access-control-allow-origin: * by default
     .allow_any_origin()
diff --git a/src/middleware/mod.rs b/src/middleware/mod.rs
index 43a6c049..6b1181f0 100644
--- a/src/middleware/mod.rs
+++ b/src/middleware/mod.rs
@@ -1,5 +1,5 @@
 pub mod access_control_mw;
-pub mod cors_mw;
+// pub mod cors_mw;
 pub mod encrypt_mw;
 pub mod metrics_mw;
 pub mod request_id;