gateway: support cors

ElysaSrc · ElysaSrc · commit 30ce4512b75c · 2024-11-15T13:10:21.000+01:00
Signed-off-by: Élyse Viard &lt;elysasrc@proton.me&gt;
diff --git a/docker/gateway.dev.simple.toml b/docker/gateway.dev.simple.toml
@@ -5,6 +5,7 @@
 secret_key = "NOT+A+SECRET++NOT+A+SECRET++NOT+A+SECRET++NOT+A+SECRET++NOT+A+SECRET++NOT+A+SECRET++NOT+A+SECRET"
 
 listen_addr = "0.0.0.0"
+allowed_origins = ["http://localhost:3000"]
 
 [telemetry.tracing]
 enable = true
diff --git a/gateway/Cargo.lock b/gateway/Cargo.lock
diff --git a/gateway/Cargo.toml b/gateway/Cargo.toml
@@ -22,6 +22,7 @@ smallvec = "1.13.2"
 thiserror = "1.0.69"
 
 # main crate
+actix-cors = "0.7.0"
 actix-files = "0.6"
 actix-session = "0.9"
 actix-web = "4.9"
@@ -71,6 +72,7 @@ humantime-serde.workspace = true
 serde.workspace = true
 
 # web server
+actix-cors.workspace = true
 actix-files.workspace = true
 actix-session = { workspace = true, features = ["cookie-session"] }
 actix-web.workspace = true
diff --git a/gateway/src/config.rs b/gateway/src/config.rs
@@ -173,6 +173,8 @@ pub struct ProxyConfig {
     pub auth: AuthConfig,
     /// Telemetry configuration
     pub telemetry: Telemetry,
+    /// Allowed origins for CORS (when empty, CORS is disabled entirely)
+    pub allowed_origins: Option<Vec<String>>,
 }
 
 #[derive(Deserialize, Serialize, Clone)]
@@ -199,6 +201,7 @@ impl Default for ProxyConfig {
             telemetry: Telemetry {
                 tracing: TracingTelemetry::None,
             },
+            allowed_origins: None,
         }
     }
 }
diff --git a/gateway/src/main.rs b/gateway/src/main.rs
@@ -61,6 +61,9 @@ async fn main() -> std::io::Result<()> {
     // Enable telemetry
     config.telemetry.enable();
 
+    // CORS configuration
+    let allowed_origins = config.allowed_origins.clone();
+
     // Start server
     HttpServer::new(move || {
         let session_middleware =
@@ -71,7 +74,18 @@ async fn main() -> std::io::Result<()> {
                 .cookie_name("gateway".to_string())
                 .build();
 
+        let cors = if let Some(allowed_origins) = &allowed_origins {
+            let mut cors = actix_cors::Cors::default();
+            for origin in allowed_origins {
+                cors = cors.allowed_origin(origin);
+            }
+            cors.allow_any_method().allow_any_header().max_age(3600)
+        } else {
+            actix_cors::Cors::default()
+        };
+
         let mut app = App::new()
+            .wrap(cors)
             .wrap(RequestTracing::new())
             .wrap(Compress::default()) // enable compress
             .route("/health", web::get().to(|| async { "OK" }))

Original file line number	Diff line number	Diff line change
`@@ -173,6 +173,8 @@ pub struct ProxyConfig {`
`173`	`173`	`pub auth: AuthConfig,`
`174`	`174`	`/// Telemetry configuration`
`175`	`175`	`pub telemetry: Telemetry,`
	`176`	`+ /// Allowed origins for CORS (when empty, CORS is disabled entirely)`
	`177`	`+ pub allowed_origins: Option<Vec<String>>,`
`176`	`178`	`}`
`177`	`179`
`178`	`180`	`#[derive(Deserialize, Serialize, Clone)]`
`@@ -199,6 +201,7 @@ impl Default for ProxyConfig {`
`199`	`201`	`telemetry: Telemetry {`
`200`	`202`	`tracing: TracingTelemetry::None,`
`201`	`203`	`},`
	`204`	`+ allowed_origins: None,`
`202`	`205`	`}`
`203`	`206`	`}`
`204`	`207`	`}`