mirror of https://github.com/Lissy93/dashy.git
✨ Writes a CORS proxy, to secure widget requests
This commit is contained in:
Alicia Sykes
parent
58cb439086
commit
676d1cb106
|
|
@ -26,6 +26,7 @@ const saveConfig = require('./services/save-config'); // Saves users new conf.ym
|
||||||
const rebuild = require('./services/rebuild-app'); // A script to programmatically trigger a build
|
const rebuild = require('./services/rebuild-app'); // A script to programmatically trigger a build
|
||||||
const systemInfo = require('./services/system-info'); // Basic system info, for resource widget
|
const systemInfo = require('./services/system-info'); // Basic system info, for resource widget
|
||||||
const sslServer = require('./services/ssl-server'); // TLS-enabled web server
|
const sslServer = require('./services/ssl-server'); // TLS-enabled web server
|
||||||
|
const corsProxy = require('./services/cors-proxy'); // Enables API requests to CORS-blocked services
|
||||||
|
|
||||||
/* Helper functions, and default config */
|
/* Helper functions, and default config */
|
||||||
const printMessage = require('./services/print-message'); // Function to print welcome msg on start
|
const printMessage = require('./services/print-message'); // Function to print welcome msg on start
|
||||||
|
|
@ -102,6 +103,14 @@ const app = express()
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
res.end(JSON.stringify({ success: false, message: e }));
|
res.end(JSON.stringify({ success: false, message: e }));
|
||||||
}
|
}
|
||||||
|
})
|
||||||
|
// GET for accessing non-CORS API services
|
||||||
|
.use(ENDPOINTS.corsProxy, (req, res) => {
|
||||||
|
try {
|
||||||
|
corsProxy(req, res);
|
||||||
|
} catch (e) {
|
||||||
|
res.end(JSON.stringify({ success: false, message: e }));
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
/* Create HTTP server from app on port, and print welcome message */
|
/* Create HTTP server from app on port, and print welcome message */
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,47 @@
|
||||||
|
/**
|
||||||
|
* A simple CORS proxy, for accessing API services which aren't CORS-enabled.
|
||||||
|
* Receives requests from frontend, applies correct access control headers,
|
||||||
|
* makes request to endpoint, then responds to the frontend with the response
|
||||||
|
*/
|
||||||
|
|
||||||
|
const axios = require('axios');
|
||||||
|
|
||||||
|
module.exports = (req, res) => {
|
||||||
|
// Apply allow-all response headers
|
||||||
|
res.header('Access-Control-Allow-Origin', '*');
|
||||||
|
res.header('Access-Control-Allow-Methods', 'GET, PUT, PATCH, POST, DELETE');
|
||||||
|
if (req.header('access-control-request-headers')) {
|
||||||
|
res.header('Access-Control-Allow-Headers', req.header('access-control-request-headers'));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Pre-flight
|
||||||
|
if (req.method === 'OPTIONS') {
|
||||||
|
res.send();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get desired URL, from Target-URL header
|
||||||
|
const targetURL = req.header('Target-URL');
|
||||||
|
if (!targetURL) {
|
||||||
|
res.send(500, { error: 'There is no Target-Endpoint header in the request' });
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// Apply any custom headers, if needed
|
||||||
|
const headers = req.header('CustomHeaders') ? JSON.parse(req.header('CustomHeaders')) : {};
|
||||||
|
|
||||||
|
// Prepare the request
|
||||||
|
const requestConfig = {
|
||||||
|
method: req.method,
|
||||||
|
url: targetURL + req.url,
|
||||||
|
json: req.body,
|
||||||
|
headers,
|
||||||
|
};
|
||||||
|
|
||||||
|
// Make the request, and respond with result
|
||||||
|
axios.request(requestConfig)
|
||||||
|
.then((response) => {
|
||||||
|
res.send(200, response.data);
|
||||||
|
}).catch((error) => {
|
||||||
|
res.send(500, { error });
|
||||||
|
});
|
||||||
|
};
|
||||||
Loading…
Reference in New Issue