From 2670a05d53f1a60da8e2586cf4a876320f7d945f Mon Sep 17 00:00:00 2001 From: vincentsarago Date: Mon, 18 Nov 2024 15:52:41 +0000 Subject: [PATCH] [backport] add CORS configuration via env variables --- CHANGES.md | 6 +++++- stac_fastapi/pgstac/app.py | 12 ++++++++++++ stac_fastapi/pgstac/config.py | 15 ++++++++++++++- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index dd70a316..99aa8635 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -10,6 +10,9 @@ - update `pypgstac` requirement to `>=0.8,<0.10` - set `pypgstac==0.9.*` for test requirements +## [3.0.1] - 2024-11-14 +- Enable runtime `CORS` configuration using environment variables (`CORS_ORIGIN="https://...,https://..."`, `CORS_METHODS="PUT,OPTIONS"`) (https://github.com/stac-utils/stac-fastapi-pgstac/pull/168) + ## [3.0.0] - 2024-08-02 - Enable filter extension for `GET /items` requests and add `Queryables` links in `/collections` and `/collections/{collection_id}` responses ([#89](https://github.com/stac-utils/stac-fastapi-pgstac/pull/89)) @@ -341,7 +344,8 @@ As a part of this release, this repository was extracted from the main - First PyPi release! -[Unreleased]: +[Unreleased]: +[3.0.1]: [3.0.0]: [2.5.0]: [2.4.11]: diff --git a/stac_fastapi/pgstac/app.py b/stac_fastapi/pgstac/app.py index 9ba27e08..a8f52fbb 100644 --- a/stac_fastapi/pgstac/app.py +++ b/stac_fastapi/pgstac/app.py @@ -7,8 +7,10 @@ import os +from brotli_asgi import BrotliMiddleware from fastapi.responses import ORJSONResponse from stac_fastapi.api.app import StacApi +from stac_fastapi.api.middleware import CORSMiddleware, ProxyHeaderMiddleware from stac_fastapi.api.models import ( EmptyRequest, ItemCollectionUri, @@ -25,6 +27,7 @@ ) from stac_fastapi.extensions.core.collection_search import CollectionSearchExtension from stac_fastapi.extensions.third_party import BulkTransactionExtension +from starlette.middleware import Middleware from stac_fastapi.pgstac.config import Settings from stac_fastapi.pgstac.core import CoreCrudClient @@ -107,6 +110,15 @@ search_get_request_model=get_request_model, search_post_request_model=post_request_model, collections_get_request_model=collections_get_request_model, + middlewares=[ + Middleware(BrotliMiddleware), + Middleware(ProxyHeaderMiddleware), + Middleware( + CORSMiddleware, + allow_origins=settings.cors_origins, + allow_methods=settings.cors_methods, + ), + ], ) app = api.app diff --git a/stac_fastapi/pgstac/config.py b/stac_fastapi/pgstac/config.py index 2c3b7783..7b1e65d9 100644 --- a/stac_fastapi/pgstac/config.py +++ b/stac_fastapi/pgstac/config.py @@ -3,7 +3,7 @@ from typing import List, Type from urllib.parse import quote_plus as quote -from pydantic import BaseModel +from pydantic import BaseModel, field_validator from pydantic_settings import SettingsConfigDict from stac_fastapi.types.config import ApiSettings @@ -75,8 +75,21 @@ class Settings(ApiSettings): base_item_cache: Type[BaseItemCache] = DefaultBaseItemCache invalid_id_chars: List[str] = DEFAULT_INVALID_ID_CHARS + cors_origins: str = "*" + cors_methods: str = "GET,POST,OPTIONS" + testing: bool = False + @field_validator("cors_origins") + def parse_cors_origin(cls, v): + """Parse CORS origins.""" + return [origin.strip() for origin in v.split(",")] + + @field_validator("cors_methods") + def parse_cors_methods(cls, v): + """Parse CORS methods.""" + return [method.strip() for method in v.split(",")] + @property def reader_connection_string(self): """Create reader psql connection string."""