Rooba
/
Mango
mirror of https://github.com/getmango/Mango.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow CORS

This commit is contained in:
Alex Ling 2022-03-20 09:57:36 +00:00
parent 703e6d076b
commit 2091053221
5 changed files with 51 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/handlers/auth_handler.cr
View File

@ -59,6 +59,10 @@ class AuthHandler < Kemal::Handler
end
def call(env)
# OPTIONS requests do not require authentication
if env.request.method === "OPTIONS"
return call_next(env)
end
# Skip all authentication if requesting /login, /logout, /api/login,
# or a static file
if request_path_startswith(env, ["/login", "/logout", "/api/login"]) ||

8
src/handlers/cors_handler.cr Normal file
View File

@ -0,0 +1,8 @@
class CORSHandler < Kemal::Handler
def call(env)
if request_path_startswith env, ["/api"]
env.response.headers["Access-Control-Allow-Origin"] = "*"
end
call_next env
end
end

25
src/routes/api.cr
View File

@ -63,6 +63,11 @@ struct APIRouter
"username" => String,
"password" => String,
}
Koa.response 200, schema: {
"success" => Bool,
"error" => String?,
"token" => String?,
}
Koa.tag "users"
post "/api/login" do |env|
begin
@ -71,11 +76,17 @@ struct APIRouter
token = Storage.default.verify_user(username, password).not_nil!
env.session.string "token", token
"Authenticated"
send_json env, {
"success" => true,
"token" => token,
}.to_json
rescue e
Logger.error e
env.response.status_code = 403
e.message
send_json env, {
"success" => false,
"error" => e.message,
}.to_json
end
end
@ -114,7 +125,7 @@ struct APIRouter
rescue e
Logger.error e
env.response.status_code = 500
e.message
send_text env, e.message
end
end
@ -151,7 +162,7 @@ struct APIRouter
rescue e
Logger.error e
env.response.status_code = 500
e.message
send_text env, e.message
end
end
@ -191,7 +202,7 @@ struct APIRouter
rescue e
Logger.error e
env.response.status_code = 404
e.message
send_text env, e.message
end
end
@ -250,6 +261,7 @@ struct APIRouter
spawn do
Library.default.generate_thumbnails
end
send_text env, ""
end
Koa.describe "Deletes a user with `username`"
@ -675,7 +687,7 @@ struct APIRouter
e_tag = "W/#{file_hash}"
if e_tag == prev_e_tag
env.response.status_code = 304
""
send_text env, ""
else
sizes = entry.page_dimensions
env.response.headers["ETag"] = e_tag
@ -709,6 +721,7 @@ struct APIRouter
rescue e
Logger.error e
env.response.status_code = 404
send_text env, e.message
end
end

6
src/server.cr
View File

@ -23,7 +23,11 @@ class Server
AdminRouter.new
ReaderRouter.new
APIRouter.new
OPDSRouter.new
options "/api/*" do |env|
cors
halt env
end
Kemal.config.logging = false
add_handler LogHandler.new

15
src/util/web.cr
View File

@ -39,6 +39,7 @@ macro send_error_page(msg)
end
macro send_img(env, img)
cors
send_file {{env}}, {{img}}.data, {{img}}.mime
end
@ -57,12 +58,26 @@ macro get_username(env)
end
end
macro cors
env.response.headers["Allow"] = "HEAD,GET,PUT,POST,DELETE,OPTIONS"
env.response.headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept, Authorization"
env.response.headers["Access-Control-Allow-Origin"] = "*"
end
def send_json(env, json)
cors
env.response.content_type = "application/json"
env.response.print json
end
def send_text(env, text)
cors
env.response.content_type = "text/plain"
env.response.print text
end
def send_attachment(env, path)
cors
send_file env, path, filename: File.basename(path), disposition: "attachment"
end