#84: optionally enable CORS

ForNeVeR · ForNeVeR · commit 321ecf473883 · 2017-05-09T15:28:01.000+07:00
diff --git a/scalajvm/app/controllers/api/Quotes.scala b/scalajvm/app/controllers/api/Quotes.scala
@@ -1,33 +1,37 @@
 package controllers.api
 
-import helpers.ActionWithTx
+import helpers.{ActionWithTx, Cors, RequestWithSession}
 import models.queries.{QuoteFilter, QuoteOrdering, QuoteQueries}
 import models.data.Quote
 import play.api.mvc._
 import ru.org.codingteam.loglist.dto.QuoteDTO
 import ru.org.codingteam.loglist.QuoteCount
 
 object Quotes extends Controller {
-  def getQuote(id: Long) = ActionWithTx { request =>
+  private def action[AnyContent](responseAction: RequestWithSession[AnyContent] => Result) = ActionWithTx { request =>
+    val response = responseAction(request)
+    val headers = Cors.headers(request.headers)
+    response.withHeaders(headers: _*)
+  }
+
+  def getQuote(id: Long) = action { request =>
     import request.dbSession
     prepareResponse(QuoteQueries().getQuoteById(id))
   }
 
-  def getRandomQuote = ActionWithTx { request =>
+  def getRandomQuote = action { request =>
     import request.dbSession
     prepareResponse(QuoteQueries().getRandomQuote)
   }
 
-  def getCount(filter: QuoteFilter.Value) =
-    ActionWithTx { request =>
+  def getCount(filter: QuoteFilter.Value) = action { request =>
       import request.dbSession
       val count = QuoteQueries().countQuotes(filter)
       val response = QuoteCount(count)
       json(upickle.write(response))
     }
 
-  def getList(limit: Int, page: Int, order: QuoteOrdering.Value, filter: QuoteFilter.Value) =
-    ActionWithTx { request =>
+  def getList(limit: Int, page: Int, order: QuoteOrdering.Value, filter: QuoteFilter.Value) = action { request =>
       import request.dbSession
 
       val pageSize = if (0 <= limit && limit <= 1000) limit else 50
diff --git a/scalajvm/app/controllers/api/Voting.scala b/scalajvm/app/controllers/api/Voting.scala
diff --git a/scalajvm/app/global/Options.scala b/scalajvm/app/global/Options.scala
@@ -0,0 +1,10 @@
+package global
+
+import helpers.Cors
+import play.api.mvc._
+
+object Options extends Controller {
+  def corsSupport(url: String) = Action { request =>
+    NoContent.withHeaders(Cors.headers(request.headers): _*)
+  }
+}
diff --git a/scalajvm/app/helpers/Cors.scala b/scalajvm/app/helpers/Cors.scala
@@ -0,0 +1,26 @@
+package helpers
+
+import global.Options.ORIGIN
+import play.api.Play.current
+import play.api.mvc.Headers
+
+object Cors {
+  private lazy val corsHosts: Set[String] = {
+    val config = current.configuration.getString("cors.allowedOrigins")
+    config.map(_.split(' ').toSet).getOrElse(Set())
+  }
+
+  def headers(requestHeaders: Headers): List[(String, String)] = {
+    requestHeaders.get(ORIGIN) match {
+      case Some(origin) if corsHosts.contains(origin) =>
+        List (
+          "Access-Control-Allow-Origin" -> origin,
+          "Access-Control-Allow-Methods" -> "GET, POST, OPTIONS, DELETE, PUT",
+          "Access-Control-Max-Age" -> "3600",
+          "Access-Control-Allow-Headers" -> "Origin, Content-Type, Accept, Authorization",
+          "Access-Control-Allow-Credentials" -> "true"
+        )
+      case _ => List()
+    }
+  }
+}
diff --git a/scalajvm/conf/application.conf b/scalajvm/conf/application.conf
@@ -82,3 +82,6 @@ basicAuth.password = ${BASIC_AUTH_PASSWORD}
 approval.smtpHost = ${APPROVAL_SMTP_HOST}
 approval.email = ${APPROVAL_EMAIL}
 approval.emailPassword = ${APPROVAL_EMAIL_PASSWORD}
+
+# CORS Settings (enter multiple origins delimited by space)
+# cors.allowedOrigins = "http://codingteam.org.ru http://localhost:9000"
diff --git a/scalajvm/conf/routes b/scalajvm/conf/routes
@@ -24,5 +24,8 @@ GET           /api/quote/random                  controllers.api.Quotes.getRando
 GET           /api/quote/count                   controllers.api.Quotes.getCount(filter: models.queries.QuoteFilter.Value ?= models.queries.QuoteFilter.None)
 GET           /api/quote/list                    controllers.api.Quotes.getList(limit: Int ?= 50, page: Int ?= 0, order: models.queries.QuoteOrdering.Value ?= models.queries.QuoteOrdering.Time, filter: models.queries.QuoteFilter.Value ?= models.queries.QuoteFilter.None)
 
+# CORS support
+OPTIONS       /api/*url                          global.Options.corsSupport(url: String)
+
 # Map static resources from the /public folder to the /assets URL path
 GET           /assets/*file                      controllers.Assets.at(path="/public", file)
