From e3976aa3591d3f8262769bc6f3b6ba3f5e34e5ca Mon Sep 17 00:00:00 2001 From: zhengkunwang223 Date: Fri, 17 Feb 2023 10:21:53 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=88=A0=E9=99=A4=20CORS=20=E7=9B=B8?= =?UTF-8?q?=E5=85=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/configs/config.go | 1 - backend/configs/cors.go | 14 --------- backend/middleware/cors.go | 64 -------------------------------------- 3 files changed, 79 deletions(-) delete mode 100644 backend/configs/cors.go delete mode 100644 backend/middleware/cors.go diff --git a/backend/configs/config.go b/backend/configs/config.go index bb179f767..a4c237ad7 100644 --- a/backend/configs/config.go +++ b/backend/configs/config.go @@ -4,5 +4,4 @@ type ServerConfig struct { BaseDir string `mapstructure:"base_dir"` System System `mapstructure:"system"` LogConfig LogConfig `mapstructure:"log"` - CORS CORS `mapstructure:"cors"` } diff --git a/backend/configs/cors.go b/backend/configs/cors.go deleted file mode 100644 index 1a2889f47..000000000 --- a/backend/configs/cors.go +++ /dev/null @@ -1,14 +0,0 @@ -package configs - -type CORS struct { - Mode string `mapstructure:"mode"` - WhiteList []CORSWhiteList `mapstructure:"whitelist"` -} - -type CORSWhiteList struct { - AllowOrigin string `mapstructure:"allow-origin"` - AllowMethods string `mapstructure:"allow-methods"` - AllowHeaders string `mapstructure:"allow-headers"` - ExposeHeaders string `mapstructure:"expose-headers"` - AllowCredentials bool `mapstructure:"allow-credentials"` -} diff --git a/backend/middleware/cors.go b/backend/middleware/cors.go deleted file mode 100644 index 5ee3d0141..000000000 --- a/backend/middleware/cors.go +++ /dev/null @@ -1,64 +0,0 @@ -package middleware - -import ( - "net/http" - - "github.com/1Panel-dev/1Panel/backend/configs" - "github.com/1Panel-dev/1Panel/backend/global" - - "github.com/gin-gonic/gin" -) - -func Cors() gin.HandlerFunc { - return func(c *gin.Context) { - method := c.Request.Method - origin := c.Request.Header.Get("Origin") - c.Header("Access-Control-Allow-Origin", origin) - c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id") - c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE,PUT") - c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type, New-Token, New-Expires-At") - c.Header("Access-Control-Allow-Credentials", "true") - - if method == "OPTIONS" { - c.AbortWithStatus(http.StatusNoContent) - } - c.Next() - } -} - -func CorsByRules() gin.HandlerFunc { - mode := global.CONF.CORS.Mode - if mode == "allow-all" { - return Cors() - } - return func(c *gin.Context) { - whitelist := checkCors(c.GetHeader("origin")) - if whitelist != nil { - c.Header("Access-Control-Allow-Origin", whitelist.AllowOrigin) - c.Header("Access-Control-Allow-Headers", whitelist.AllowHeaders) - c.Header("Access-Control-Allow-Methods", whitelist.AllowMethods) - c.Header("Access-Control-Expose-Headers", whitelist.ExposeHeaders) - if whitelist.AllowCredentials { - c.Header("Access-Control-Allow-Credentials", "true") - } - } - if whitelist == nil && mode == "strict-whitelist" && !(c.Request.Method == "GET" && c.Request.URL.Path == "/health") { - c.AbortWithStatus(http.StatusForbidden) - } else { - if c.Request.Method == "OPTIONS" { - c.AbortWithStatus(http.StatusNoContent) - } - } - - c.Next() - } -} - -func checkCors(currentOrigin string) *configs.CORSWhiteList { - for _, whitelist := range global.CONF.CORS.WhiteList { - if currentOrigin == whitelist.AllowOrigin { - return &whitelist - } - } - return nil -}