From c6b8aff2a90b5627b8257b7d37de09d6e005916b Mon Sep 17 00:00:00 2001 From: dhax Date: Sat, 9 Mar 2019 14:42:08 +0100 Subject: [PATCH] make using CORS configurable by environment var, defaults to false --- README.md | 9 ++++++++- api/api.go | 6 ++++-- api/server.go | 2 +- cmd/gendoc.go | 2 +- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index af4ee00..e01df15 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,14 @@ Besides /auth/* the API provides to main routes /api/* and /admin/* to distingui Check [routes.md](routes.md) file for an overview of the provided API routes. + +### Client API Access and CORS +The server is configured to serve a Progressive Web App (PWA) client from it's "public" folder. this is where you put the contents of your client's build "dist" folder into. In this case enabling CORS is not required, because the client is served from the same host as the api. + +If you want to access the api from a client that is serverd from a different host, including e.g. a development live reloading server, you must enable CORS on the server first by setting an environment variable ENABLE_CORS=true for the server to acceept api connections from clients serverd by other hosts. + #### Demo client application -For demonstration of the login and account management features this API also serves a [Vue.js](https://vuejs.org) Progressive Web App (PWA). The client's source code can be found [here](https://github.com/dhax/go-base-vue). +For demonstration of the login and account management features this API serves a demo [Vue.js](https://vuejs.org) PWA. The client's source code can be found [here](https://github.com/dhax/go-base-vue). If no valid email smtp settings are provided by environment variables, emails will be print to stdout showing the login token. Use one of the following bootstrapped users for login: - admin@boot.io (has access to admin panel) @@ -69,6 +75,7 @@ EMAIL_SMTP_USER | string || email smtp username EMAIL_SMTP_PASSWORD | string || email smtp password EMAIL_FROM_ADDRESS | string || from address used in sending emails EMAIL_FROM_NAME | string || from name used in sending emails +ENABLE_CORS | bool | false | enable CORS requests ### Contributing diff --git a/api/api.go b/api/api.go index eb3de06..9815404 100644 --- a/api/api.go +++ b/api/api.go @@ -22,7 +22,7 @@ import ( ) // New configures application resources and routes. -func New() (*chi.Mux, error) { +func New(enableCORS bool) (*chi.Mux, error) { logger := logging.NewLogger() db, err := database.DBConn() @@ -67,7 +67,9 @@ func New() (*chi.Mux, error) { r.Use(render.SetContentType(render.ContentTypeJSON)) // use CORS middleware if client is not served by this api, e.g. from other domain or CDN - // r.Use(corsConfig().Handler) + if enableCORS { + r.Use(corsConfig().Handler) + } r.Mount("/auth", authResource.Router()) r.Group(func(r chi.Router) { diff --git a/api/server.go b/api/server.go index 93348bf..7b8965d 100644 --- a/api/server.go +++ b/api/server.go @@ -19,7 +19,7 @@ type Server struct { // NewServer creates and configures an APIServer serving all application routes. func NewServer() (*Server, error) { log.Println("configuring server...") - api, err := New() + api, err := New(viper.GetBool("enable_cors")) if err != nil { return nil, err } diff --git a/cmd/gendoc.go b/cmd/gendoc.go index 07e47df..9324a83 100644 --- a/cmd/gendoc.go +++ b/cmd/gendoc.go @@ -47,7 +47,7 @@ func init() { } func genRoutesDoc() { - api, _ := api.New() + api, _ := api.New(false) fmt.Print("generating routes markdown file: ") md := docgen.MarkdownRoutesDoc(api, docgen.MarkdownOpts{ ProjectPath: "github.com/dhax/go-base",