make origin a config change api sync url

2026-06-06 02:36:49 +00:00 · 2024-06-02 11:59:07 +02:00 · 2024-06-02 11:59:07 +02:00 · 8c4a1554ca
commit 8c4a1554ca
parent c3c52cfbf7
4 changed files with 19 additions and 5 deletions
--- a/internal/server/handle_api_extension.go
+++ b/internal/server/handle_api_extension.go
@ -0,0 +1 @@
+package server
--- a/internal/server/routes.go
+++ b/internal/server/routes.go
@ -12,6 +12,8 @@ func (s Server) MountHandlers() {
 	s.Router.GET("/debug/pprof/*", echo.WrapHandler(http.DefaultServeMux))
 	s.Router.GET("/", handleLoginPage())
 	s.Router.POST("/", handleLogin(s.as))
+	// TODO: turn it to private using an API key?
+	s.Router.POST("/api/sync", handleSync())
 	// admin
 	g := s.Router.Group("")
 	g.Use(MakeAuthMiddleware())
--- a/internal/server/server.go
+++ b/internal/server/server.go
@ -40,6 +40,7 @@ type options struct {
 	fs        *embed.FS
 	debug     *bool
 	secretKey *string
+	origins   []string
 }

 type Option func(*options) error
@ -75,6 +76,13 @@ func WithSecretKey(secretKey string) Option {
 	}
 }

+func WithOrigins(origins []string) Option {
+	return func(o *options) error {
+		o.origins = origins
+		return nil
+	}
+}
+
 func New(bs *booking.Service, as *auth.Service, ps *pdf.PdfService, hc *config.Host, opts ...Option) (*Server, error) {
 	option := new(options)
 	for _, opt := range opts {
@ -85,7 +93,7 @@ func New(bs *booking.Service, as *auth.Service, ps *pdf.PdfService, hc *config.H
 	}

 	s := &Server{
-		Router:    NewRouter(*option.fs, *option.debug, *option.secretKey),
+		Router:    NewRouter(*option.fs, *option.debug, *option.secretKey, option.origins),
 		bs:        bs,
 		as:        as,
 		ps:        ps,
@ -127,7 +135,7 @@ func renderTempl(c echo.Context, status int, t templ.Component) error {
 	return nil
 }

-func NewRouter(fs embed.FS, debug bool, secret string) *echo.Echo {
+func NewRouter(fs embed.FS, debug bool, secret string, origins []string) *echo.Echo {
 	e := echo.New()
 	// config
 	e.HideBanner = true
@ -155,7 +163,7 @@ func NewRouter(fs embed.FS, debug bool, secret string) *echo.Echo {
 	e.Use(middleware.Recover())
 	e.Use(middleware.Secure())
 	e.Use(middleware.Gzip())
-	// e.Use(middleware.CSRF())
+	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{AllowOrigins: origins}))
 	e.Use(sentryecho.New(sentryecho.Options{}))
 	e.Use(SentryTracingMiddleware)
 	e.Use(session.Middleware(sessions.NewCookieStore([]byte(secret))))
--- a/main.go
+++ b/main.go
@ -62,7 +62,7 @@ func run(ctx context.Context, getEnv func(string) string) error {
 		return fmt.Errorf("error starting pdf service %s", err)
 	}

-	as := auth.NewService(os.Getenv("SESSION_SECRET"), getEnv("ADMIN"), getEnv("ADMIN_SECRET"))
+	as := auth.NewService(getEnv("SESSION_SECRET"), getEnv("ADMIN"), getEnv("ADMIN_SECRET"))

 	p := getEnv("PORT")
 	port, err := strconv.Atoi(p)
@ -70,9 +70,12 @@ func run(ctx context.Context, getEnv func(string) string) error {
 		return fmt.Errorf("error parsing PORT env %s", err)
 	}

+	ogs := getEnv("ORIGINS")
+	origins := strings.Split(ogs, ",")
+
 	srv, err := server.New(
 		booking.NewService(db), as, ps, config.NewHost(),
-		server.WithPort(port), server.WithFileSystem(static), server.WithDebug(strings.ToLower(getEnv("DEBUG")) == "true"), server.WithSecretKey(getEnv("SECRET_KEY")))
+		server.WithPort(port), server.WithFileSystem(static), server.WithDebug(strings.ToLower(getEnv("DEBUG")) == "true"), server.WithSecretKey(getEnv("SECRET_KEY")), server.WithOrigins(origins))
 	if err != nil {
 		return fmt.Errorf("error starting server %s", err)
 	}