Added middleware component for CORS

Stefan923 · Jan 26, 2024 · e40c2ad · e40c2ad
1 parent dd9c92b
commit e40c2ad
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 2 deletions.
diff --git a/backend/src/api/api.go b/backend/src/api/api.go
@@ -2,6 +2,7 @@ package api
 
 import (
 	"fmt"
+	"github.com/Stefan923/go-estate-market/api/middleware"
 	"github.com/Stefan923/go-estate-market/api/router"
 	validator2 "github.com/Stefan923/go-estate-market/api/validator"
 	"github.com/Stefan923/go-estate-market/config"
@@ -15,6 +16,8 @@ func StartServer(config *config.Config) {
 	gin.SetMode(config.Server.RunningMode)
 	engine := gin.New()
 
+	engine.Use(middleware.CreateCorsMiddleware(config))
+
 	registerRoutes(engine, config)
 	registerValidators()
 

diff --git a/backend/src/api/middleware/cors.go b/backend/src/api/middleware/cors.go
@@ -0,0 +1,23 @@
+package middleware
+
+import (
+	"github.com/Stefan923/go-estate-market/config"
+	"github.com/gin-gonic/gin"
+)
+
+func CreateCorsMiddleware(cfg *config.Config) gin.HandlerFunc {
+	return func(context *gin.Context) {
+		context.Writer.Header().Set("Access-Control-Allow-Origin", cfg.Server.Cors.AllowedOrigins)
+		context.Header("Access-Control-Allow-Credentials", cfg.Server.Cors.AllowCredentials)
+		context.Header("Access-Control-Allow-Headers", cfg.Server.Cors.AllowedHeaders)
+		context.Header("Access-Control-Allow-Methods", cfg.Server.Cors.AllowedMethods)
+		context.Header("Access-Control-Max-Age", cfg.Server.Cors.MaxAge)
+		context.Set("content-type", cfg.Server.Cors.ContentType)
+		if context.Request.Method == "OPTIONS" {
+			context.AbortWithStatus(204)
+			return
+		}
+
+		context.Next()
+	}
+}
diff --git a/backend/src/config/config.go b/backend/src/config/config.go
@@ -52,6 +52,16 @@ type ServerConfig struct {
 	RunningMode  string
 	InternalPort string
 	ExternalPort string
+	Cors         CorsConfig
+}
+
+type CorsConfig struct {
+	AllowedOrigins   string
+	AllowedHeaders   string
+	AllowedMethods   string
+	AllowCredentials string
+	ContentType      string
+	MaxAge           string
 }
 
 func GetConfig() *Config {

diff --git a/backend/src/config/development-config.yml b/backend/src/config/development-config.yml
@@ -25,4 +25,11 @@ auth:
 server:
   internalPort: 5000
   externalPort: 5000
-  runningMode: debug
+  runningMode: debug
+  cors:
+    allowedOrigins: "*"
+    allowedHeaders: "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With"
+    allowedMethods: "POST , GET, OPTIONS, PUT, DELETE, UPDATE"
+    allowCredentials: "true"
+    contentType: "application/json"
+    maxAge: "21600"
diff --git a/backend/src/config/docker-config.yml b/backend/src/config/docker-config.yml
@@ -25,4 +25,11 @@ auth:
 server:
   internalPort: 5000
   externalPort: 5000
-  runningMode: debug
+  runningMode: debug
+  cors:
+    allowedOrigins: "*"
+    allowedHeaders: "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With"
+    allowedMethods: "POST , GET, OPTIONS, PUT, DELETE, UPDATE"
+    allowCredentials: "true"
+    contentType: "application/json"
+    maxAge: "21600"