Cors

InseeFrLab · Mar 21, 2024 · 7baf611 · 7baf611
1 parent c9c1afd
commit 7baf611
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 1 deletion.
diff --git a/go.mod b/go.mod
@@ -52,6 +52,7 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/gin-contrib/cors v1.7.0 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect

diff --git a/go.sum b/go.sum
@@ -118,6 +118,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gin-contrib/cors v1.7.0 h1:wZX2wuZ0o7rV2/1i7gb4Jn+gW7HBqaP91fizJkBUJOA=
+github.com/gin-contrib/cors v1.7.0/go.mod h1:cI+h6iOAyxKRtUtC6iF/Si1KSFvGm/gK+kshxlCi8ro=
 github.com/gin-contrib/gzip v0.0.6 h1:NjcunTcGAj5CO1gn4N8jHOSIeRFHIbn51z6K+xaN4d4=
 github.com/gin-contrib/gzip v0.0.6/go.mod h1:QOJlmV2xmayAjkNS2Y8NQsMneuRShOU/kjovCXNuzzk=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=

diff --git a/internal/configuration/config.yaml b/internal/configuration/config.yaml
@@ -7,6 +7,9 @@ oidc:
   username-claim: 
   groups-claim: 
   extra-query-params:
+security:
+  cors:
+    allowed_origins: 
 rootPath: /api
 regions:
 - id: kub

diff --git a/internal/configuration/configuration.go b/internal/configuration/configuration.go
@@ -4,13 +4,22 @@ type Configuration struct {
 	Authentication Authentication
 	RootPath       string
 	Regions        []Region
-	OIDC           OIDC `json:"oidc"`
+	OIDC           OIDC     `json:"oidc"`
+	Security       Security `json:"security"`
 }
 
 type Authentication struct {
 	Mode string `json:"mode"`
 }
 
+type Security struct {
+	CORS CORS `json:"cors"`
+}
+
+type CORS struct {
+	AllowedOrigins string `json:"allowed_origins"`
+}
+
 type OIDC struct {
 	IssuerURI        string `json:"issuer-uri"`
 	ClientID         string `json:"clientID"`

diff --git a/main.go b/main.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	oidc "github.com/coreos/go-oidc/v3/oidc"
+	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 	cmd "github.com/inseefrlab/onyxia-api/cmd"
 	_ "github.com/inseefrlab/onyxia-api/docs"
@@ -58,5 +59,16 @@ func main() {
 
 	cmd.RegisterPrivateHandlers(privateRoutes)
 	cmd.RegisterPublicHandlers(publicRoutes)
+
+	if configuration.Config.Security.CORS.AllowedOrigins != "" {
+		r.Use(cors.New(cors.Config{
+			AllowOrigins:     []string{configuration.Config.Security.CORS.AllowedOrigins},
+			AllowMethods:     []string{"*"},
+			AllowHeaders:     []string{"Origin"},
+			ExposeHeaders:    []string{"Content-Length"},
+			AllowCredentials: true,
+			MaxAge:           12 * time.Hour,
+		}))
+	}
 	r.Run()
 }