From 731e5d5b7c981d91962598a5bb8e409b2a758281 Mon Sep 17 00:00:00 2001 From: Marshall Polaris Date: Sat, 30 Apr 2022 13:30:49 -0700 Subject: [PATCH] Apply permissive CORS headers to API (#115) * Take cors package as dependency * Apply permissive CORS headers to all API routes --- web/lib/api/cors.ts | 20 ++++++++++++++++++++ web/package.json | 1 + web/pages/api/v0/market/[id].ts | 2 ++ web/pages/api/v0/markets.ts | 2 ++ web/pages/api/v0/slug/[slug].ts | 2 ++ 5 files changed, 27 insertions(+) create mode 100644 web/lib/api/cors.ts diff --git a/web/lib/api/cors.ts b/web/lib/api/cors.ts new file mode 100644 index 00000000..976a0ffc --- /dev/null +++ b/web/lib/api/cors.ts @@ -0,0 +1,20 @@ +import Cors from 'cors' +import { NextApiRequest, NextApiResponse } from 'next' + +export function applyCorsHeaders( + req: NextApiRequest, + res: NextApiResponse, + params: object +) { + // This cors module is made as express.js middleware, so it's easier to promisify it for ourselves. + return new Promise((resolve, reject) => { + Cors(params)(req, res, (result) => { + if (result instanceof Error) { + return reject(result) + } + return resolve(result) + }) + }) +} + +export const CORS_UNRESTRICTED = {} diff --git a/web/package.json b/web/package.json index 0e770f96..d29a01b5 100644 --- a/web/package.json +++ b/web/package.json @@ -22,6 +22,7 @@ "@nivo/core": "0.74.0", "@nivo/line": "0.74.0", "clsx": "1.1.1", + "cors": "^2.8.5", "daisyui": "1.16.4", "dayjs": "1.10.7", "firebase": "9.6.0", diff --git a/web/pages/api/v0/market/[id].ts b/web/pages/api/v0/market/[id].ts index c6dee26a..2faa9c57 100644 --- a/web/pages/api/v0/market/[id].ts +++ b/web/pages/api/v0/market/[id].ts @@ -3,11 +3,13 @@ import { Bet, listAllBets } from '../../../../lib/firebase/bets' import { listAllComments } from '../../../../lib/firebase/comments' import { getContractFromId } from '../../../../lib/firebase/contracts' import { FullMarket, ApiError, toLiteMarket } from '../_types' +import { applyCorsHeaders, CORS_UNRESTRICTED } from '../../../../lib/api/cors' export default async function handler( req: NextApiRequest, res: NextApiResponse ) { + await applyCorsHeaders(req, res, CORS_UNRESTRICTED) const { id } = req.query const contractId = id as string diff --git a/web/pages/api/v0/markets.ts b/web/pages/api/v0/markets.ts index 5bda56f6..a27fd27a 100644 --- a/web/pages/api/v0/markets.ts +++ b/web/pages/api/v0/markets.ts @@ -2,6 +2,7 @@ import type { NextApiRequest, NextApiResponse } from 'next' import { listAllContracts } from '../../../lib/firebase/contracts' import { toLiteMarket } from './_types' +import { applyCorsHeaders, CORS_UNRESTRICTED } from '../../../lib/api/cors' type Data = any[] @@ -9,6 +10,7 @@ export default async function handler( req: NextApiRequest, res: NextApiResponse ) { + await applyCorsHeaders(req, res, CORS_UNRESTRICTED) const contracts = await listAllContracts() // Serve from Vercel cache, then update. see https://vercel.com/docs/concepts/functions/edge-caching res.setHeader('Cache-Control', 's-maxage=1, stale-while-revalidate') diff --git a/web/pages/api/v0/slug/[slug].ts b/web/pages/api/v0/slug/[slug].ts index 07c39a91..c4bba82a 100644 --- a/web/pages/api/v0/slug/[slug].ts +++ b/web/pages/api/v0/slug/[slug].ts @@ -3,11 +3,13 @@ import { Bet, listAllBets } from '../../../../lib/firebase/bets' import { listAllComments } from '../../../../lib/firebase/comments' import { getContractFromSlug } from '../../../../lib/firebase/contracts' import { FullMarket, ApiError, toLiteMarket } from '../_types' +import { applyCorsHeaders, CORS_UNRESTRICTED } from '../../../../lib/api/cors' export default async function handler( req: NextApiRequest, res: NextApiResponse ) { + await applyCorsHeaders(req, res, CORS_UNRESTRICTED) const { slug } = req.query const contract = await getContractFromSlug(slug as string)