add cors
This commit is contained in:
parent
0a471443ce
commit
b7c0155444
8
modules/middleware/cors.go
Normal file
8
modules/middleware/cors.go
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
package middleware
|
||||||
|
|
||||||
|
import "github.com/gin-gonic/gin"
|
||||||
|
|
||||||
|
// CORS middleware
|
||||||
|
func CORS(c *gin.Context) {
|
||||||
|
|
||||||
|
}
|
@ -6,6 +6,7 @@ import (
|
|||||||
"git.trj.tw/golang/go-gallery/modules/middleware"
|
"git.trj.tw/golang/go-gallery/modules/middleware"
|
||||||
"git.trj.tw/golang/go-gallery/routers/account"
|
"git.trj.tw/golang/go-gallery/routers/account"
|
||||||
"git.trj.tw/golang/go-gallery/routers/album"
|
"git.trj.tw/golang/go-gallery/routers/album"
|
||||||
|
"github.com/gin-contrib/cors"
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -14,6 +15,7 @@ func NewServ() *gin.Engine {
|
|||||||
r := gin.New()
|
r := gin.New()
|
||||||
r.Use(gin.Logger())
|
r.Use(gin.Logger())
|
||||||
r.Use(gin.Recovery())
|
r.Use(gin.Recovery())
|
||||||
|
r.Use(cors.Default())
|
||||||
return r
|
return r
|
||||||
}
|
}
|
||||||
|
|
||||||
|
21
vendor/github.com/gin-contrib/cors/LICENSE
generated
vendored
Normal file
21
vendor/github.com/gin-contrib/cors/LICENSE
generated
vendored
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
MIT License
|
||||||
|
|
||||||
|
Copyright (c) 2016 Gin-Gonic
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
91
vendor/github.com/gin-contrib/cors/README.md
generated
vendored
Normal file
91
vendor/github.com/gin-contrib/cors/README.md
generated
vendored
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
# CORS gin's middleware
|
||||||
|
|
||||||
|
[![Build Status](https://travis-ci.org/gin-contrib/cors.svg)](https://travis-ci.org/gin-contrib/cors)
|
||||||
|
[![codecov](https://codecov.io/gh/gin-contrib/cors/branch/master/graph/badge.svg)](https://codecov.io/gh/gin-contrib/cors)
|
||||||
|
[![Go Report Card](https://goreportcard.com/badge/github.com/gin-contrib/cors)](https://goreportcard.com/report/github.com/gin-contrib/cors)
|
||||||
|
[![GoDoc](https://godoc.org/github.com/gin-contrib/cors?status.svg)](https://godoc.org/github.com/gin-contrib/cors)
|
||||||
|
[![Join the chat at https://gitter.im/gin-gonic/gin](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/gin-gonic/gin)
|
||||||
|
|
||||||
|
Gin middleware/handler to enable CORS support.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
### Start using it
|
||||||
|
|
||||||
|
Download and install it:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
$ go get github.com/gin-contrib/cors
|
||||||
|
```
|
||||||
|
|
||||||
|
Import it in your code:
|
||||||
|
|
||||||
|
```go
|
||||||
|
import "github.com/gin-contrib/cors"
|
||||||
|
```
|
||||||
|
|
||||||
|
### Canonical example:
|
||||||
|
|
||||||
|
```go
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/gin-contrib/cors"
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
router := gin.Default()
|
||||||
|
// CORS for https://foo.com and https://github.com origins, allowing:
|
||||||
|
// - PUT and PATCH methods
|
||||||
|
// - Origin header
|
||||||
|
// - Credentials share
|
||||||
|
// - Preflight requests cached for 12 hours
|
||||||
|
router.Use(cors.New(cors.Config{
|
||||||
|
AllowOrigins: []string{"https://foo.com"},
|
||||||
|
AllowMethods: []string{"PUT", "PATCH"},
|
||||||
|
AllowHeaders: []string{"Origin"},
|
||||||
|
ExposeHeaders: []string{"Content-Length"},
|
||||||
|
AllowCredentials: true,
|
||||||
|
AllowOriginFunc: func(origin string) bool {
|
||||||
|
return origin == "https://github.com"
|
||||||
|
},
|
||||||
|
MaxAge: 12 * time.Hour,
|
||||||
|
}))
|
||||||
|
router.Run()
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Using DefaultConfig as start point
|
||||||
|
|
||||||
|
```go
|
||||||
|
func main() {
|
||||||
|
router := gin.Default()
|
||||||
|
// - No origin allowed by default
|
||||||
|
// - GET,POST, PUT, HEAD methods
|
||||||
|
// - Credentials share disabled
|
||||||
|
// - Preflight requests cached for 12 hours
|
||||||
|
config := cors.DefaultConfig()
|
||||||
|
config.AllowOrigins = []string{"http://google.com"}
|
||||||
|
// config.AllowOrigins == []string{"http://google.com", "http://facebook.com"}
|
||||||
|
|
||||||
|
router.Use(cors.New(config))
|
||||||
|
router.Run()
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Default() allows all origins
|
||||||
|
|
||||||
|
```go
|
||||||
|
func main() {
|
||||||
|
router := gin.Default()
|
||||||
|
// same as
|
||||||
|
// config := cors.DefaultConfig()
|
||||||
|
// config.AllowAllOrigins = true
|
||||||
|
// router.Use(cors.New(config))
|
||||||
|
router.Use(cors.Default())
|
||||||
|
router.Run()
|
||||||
|
}
|
||||||
|
```
|
83
vendor/github.com/gin-contrib/cors/config.go
generated
vendored
Normal file
83
vendor/github.com/gin-contrib/cors/config.go
generated
vendored
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
package cors
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
)
|
||||||
|
|
||||||
|
type cors struct {
|
||||||
|
allowAllOrigins bool
|
||||||
|
allowCredentials bool
|
||||||
|
allowOriginFunc func(string) bool
|
||||||
|
allowOrigins []string
|
||||||
|
exposeHeaders []string
|
||||||
|
normalHeaders http.Header
|
||||||
|
preflightHeaders http.Header
|
||||||
|
}
|
||||||
|
|
||||||
|
func newCors(config Config) *cors {
|
||||||
|
if err := config.Validate(); err != nil {
|
||||||
|
panic(err.Error())
|
||||||
|
}
|
||||||
|
return &cors{
|
||||||
|
allowOriginFunc: config.AllowOriginFunc,
|
||||||
|
allowAllOrigins: config.AllowAllOrigins,
|
||||||
|
allowCredentials: config.AllowCredentials,
|
||||||
|
allowOrigins: normalize(config.AllowOrigins),
|
||||||
|
normalHeaders: generateNormalHeaders(config),
|
||||||
|
preflightHeaders: generatePreflightHeaders(config),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (cors *cors) applyCors(c *gin.Context) {
|
||||||
|
origin := c.Request.Header.Get("Origin")
|
||||||
|
if len(origin) == 0 {
|
||||||
|
// request is not a CORS request
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if !cors.validateOrigin(origin) {
|
||||||
|
c.AbortWithStatus(http.StatusForbidden)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.Request.Method == "OPTIONS" {
|
||||||
|
cors.handlePreflight(c)
|
||||||
|
defer c.AbortWithStatus(200)
|
||||||
|
} else {
|
||||||
|
cors.handleNormal(c)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !cors.allowAllOrigins {
|
||||||
|
c.Header("Access-Control-Allow-Origin", origin)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (cors *cors) validateOrigin(origin string) bool {
|
||||||
|
if cors.allowAllOrigins {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
for _, value := range cors.allowOrigins {
|
||||||
|
if value == origin {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if cors.allowOriginFunc != nil {
|
||||||
|
return cors.allowOriginFunc(origin)
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func (cors *cors) handlePreflight(c *gin.Context) {
|
||||||
|
header := c.Writer.Header()
|
||||||
|
for key, value := range cors.preflightHeaders {
|
||||||
|
header[key] = value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (cors *cors) handleNormal(c *gin.Context) {
|
||||||
|
header := c.Writer.Header()
|
||||||
|
for key, value := range cors.normalHeaders {
|
||||||
|
header[key] = value
|
||||||
|
}
|
||||||
|
}
|
100
vendor/github.com/gin-contrib/cors/cors.go
generated
vendored
Normal file
100
vendor/github.com/gin-contrib/cors/cors.go
generated
vendored
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
package cors
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Config represents all available options for the middleware.
|
||||||
|
type Config struct {
|
||||||
|
AllowAllOrigins bool
|
||||||
|
|
||||||
|
// AllowedOrigins is a list of origins a cross-domain request can be executed from.
|
||||||
|
// If the special "*" value is present in the list, all origins will be allowed.
|
||||||
|
// Default value is []
|
||||||
|
AllowOrigins []string
|
||||||
|
|
||||||
|
// AllowOriginFunc is a custom function to validate the origin. It take the origin
|
||||||
|
// as argument and returns true if allowed or false otherwise. If this option is
|
||||||
|
// set, the content of AllowedOrigins is ignored.
|
||||||
|
AllowOriginFunc func(origin string) bool
|
||||||
|
|
||||||
|
// AllowedMethods is a list of methods the client is allowed to use with
|
||||||
|
// cross-domain requests. Default value is simple methods (GET and POST)
|
||||||
|
AllowMethods []string
|
||||||
|
|
||||||
|
// AllowedHeaders is list of non simple headers the client is allowed to use with
|
||||||
|
// cross-domain requests.
|
||||||
|
AllowHeaders []string
|
||||||
|
|
||||||
|
// AllowCredentials indicates whether the request can include user credentials like
|
||||||
|
// cookies, HTTP authentication or client side SSL certificates.
|
||||||
|
AllowCredentials bool
|
||||||
|
|
||||||
|
// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
|
||||||
|
// API specification
|
||||||
|
ExposeHeaders []string
|
||||||
|
|
||||||
|
// MaxAge indicates how long (in seconds) the results of a preflight request
|
||||||
|
// can be cached
|
||||||
|
MaxAge time.Duration
|
||||||
|
}
|
||||||
|
|
||||||
|
// AddAllowMethods is allowed to add custom methods
|
||||||
|
func (c *Config) AddAllowMethods(methods ...string) {
|
||||||
|
c.AllowMethods = append(c.AllowMethods, methods...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// AddAllowHeaders is allowed to add custom headers
|
||||||
|
func (c *Config) AddAllowHeaders(headers ...string) {
|
||||||
|
c.AllowHeaders = append(c.AllowHeaders, headers...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// AddExposeHeaders is allowed to add custom expose headers
|
||||||
|
func (c *Config) AddExposeHeaders(headers ...string) {
|
||||||
|
c.ExposeHeaders = append(c.ExposeHeaders, headers...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate is check configuration of user defined.
|
||||||
|
func (c Config) Validate() error {
|
||||||
|
if c.AllowAllOrigins && (c.AllowOriginFunc != nil || len(c.AllowOrigins) > 0) {
|
||||||
|
return errors.New("conflict settings: all origins are allowed. AllowOriginFunc or AllowedOrigins is not needed")
|
||||||
|
}
|
||||||
|
if !c.AllowAllOrigins && c.AllowOriginFunc == nil && len(c.AllowOrigins) == 0 {
|
||||||
|
return errors.New("conflict settings: all origins disabled")
|
||||||
|
}
|
||||||
|
for _, origin := range c.AllowOrigins {
|
||||||
|
if origin != "*" && !strings.HasPrefix(origin, "http://") && !strings.HasPrefix(origin, "https://") {
|
||||||
|
return errors.New("bad origin: origins must either be '*' or include http:// or https://")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// DefaultConfig returns a generic default configuration mapped to localhost.
|
||||||
|
func DefaultConfig() Config {
|
||||||
|
return Config{
|
||||||
|
AllowMethods: []string{"GET", "POST", "PUT", "HEAD"},
|
||||||
|
AllowHeaders: []string{"Origin", "Content-Length", "Content-Type"},
|
||||||
|
AllowCredentials: false,
|
||||||
|
MaxAge: 12 * time.Hour,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Default returns the location middleware with default configuration.
|
||||||
|
func Default() gin.HandlerFunc {
|
||||||
|
config := DefaultConfig()
|
||||||
|
config.AllowAllOrigins = true
|
||||||
|
return New(config)
|
||||||
|
}
|
||||||
|
|
||||||
|
// New returns the location middleware with user-defined custom configuration.
|
||||||
|
func New(config Config) gin.HandlerFunc {
|
||||||
|
cors := newCors(config)
|
||||||
|
return func(c *gin.Context) {
|
||||||
|
cors.applyCors(c)
|
||||||
|
}
|
||||||
|
}
|
85
vendor/github.com/gin-contrib/cors/utils.go
generated
vendored
Normal file
85
vendor/github.com/gin-contrib/cors/utils.go
generated
vendored
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
package cors
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
type converter func(string) string
|
||||||
|
|
||||||
|
func generateNormalHeaders(c Config) http.Header {
|
||||||
|
headers := make(http.Header)
|
||||||
|
if c.AllowCredentials {
|
||||||
|
headers.Set("Access-Control-Allow-Credentials", "true")
|
||||||
|
}
|
||||||
|
if len(c.ExposeHeaders) > 0 {
|
||||||
|
exposeHeaders := convert(normalize(c.ExposeHeaders), http.CanonicalHeaderKey)
|
||||||
|
headers.Set("Access-Control-Expose-Headers", strings.Join(exposeHeaders, ","))
|
||||||
|
}
|
||||||
|
if c.AllowAllOrigins {
|
||||||
|
headers.Set("Access-Control-Allow-Origin", "*")
|
||||||
|
} else {
|
||||||
|
headers.Set("Vary", "Origin")
|
||||||
|
}
|
||||||
|
return headers
|
||||||
|
}
|
||||||
|
|
||||||
|
func generatePreflightHeaders(c Config) http.Header {
|
||||||
|
headers := make(http.Header)
|
||||||
|
if c.AllowCredentials {
|
||||||
|
headers.Set("Access-Control-Allow-Credentials", "true")
|
||||||
|
}
|
||||||
|
if len(c.AllowMethods) > 0 {
|
||||||
|
allowMethods := convert(normalize(c.AllowMethods), strings.ToUpper)
|
||||||
|
value := strings.Join(allowMethods, ",")
|
||||||
|
headers.Set("Access-Control-Allow-Methods", value)
|
||||||
|
}
|
||||||
|
if len(c.AllowHeaders) > 0 {
|
||||||
|
allowHeaders := convert(normalize(c.AllowHeaders), http.CanonicalHeaderKey)
|
||||||
|
value := strings.Join(allowHeaders, ",")
|
||||||
|
headers.Set("Access-Control-Allow-Headers", value)
|
||||||
|
}
|
||||||
|
if c.MaxAge > time.Duration(0) {
|
||||||
|
value := strconv.FormatInt(int64(c.MaxAge/time.Second), 10)
|
||||||
|
headers.Set("Access-Control-Max-Age", value)
|
||||||
|
}
|
||||||
|
if c.AllowAllOrigins {
|
||||||
|
headers.Set("Access-Control-Allow-Origin", "*")
|
||||||
|
} else {
|
||||||
|
// Always set Vary headers
|
||||||
|
// see https://github.com/rs/cors/issues/10,
|
||||||
|
// https://github.com/rs/cors/commit/dbdca4d95feaa7511a46e6f1efb3b3aa505bc43f#commitcomment-12352001
|
||||||
|
|
||||||
|
headers.Add("Vary", "Origin")
|
||||||
|
headers.Add("Vary", "Access-Control-Request-Method")
|
||||||
|
headers.Add("Vary", "Access-Control-Request-Headers")
|
||||||
|
}
|
||||||
|
return headers
|
||||||
|
}
|
||||||
|
|
||||||
|
func normalize(values []string) []string {
|
||||||
|
if values == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
distinctMap := make(map[string]bool, len(values))
|
||||||
|
normalized := make([]string, 0, len(values))
|
||||||
|
for _, value := range values {
|
||||||
|
value = strings.TrimSpace(value)
|
||||||
|
value = strings.ToLower(value)
|
||||||
|
if _, seen := distinctMap[value]; !seen {
|
||||||
|
normalized = append(normalized, value)
|
||||||
|
distinctMap[value] = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return normalized
|
||||||
|
}
|
||||||
|
|
||||||
|
func convert(s []string, c converter) []string {
|
||||||
|
var out []string
|
||||||
|
for _, i := range s {
|
||||||
|
out = append(out, c(i))
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
6
vendor/vendor.json
vendored
6
vendor/vendor.json
vendored
@ -8,6 +8,12 @@
|
|||||||
"revision": "4749bdbad30363c8938cffb864637876403a7a38",
|
"revision": "4749bdbad30363c8938cffb864637876403a7a38",
|
||||||
"revisionTime": "2018-04-20T06:34:49Z"
|
"revisionTime": "2018-04-20T06:34:49Z"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"checksumSHA1": "8682CypcUWdUlGSK8C2DGB/CcTk=",
|
||||||
|
"path": "github.com/gin-contrib/cors",
|
||||||
|
"revision": "df6cfb7ff4a38d694dfebd0868ecb3e956171366",
|
||||||
|
"revisionTime": "2018-02-25T15:46:31Z"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"checksumSHA1": "QeKwBtN2df+j+4stw3bQJ6yO4EY=",
|
"checksumSHA1": "QeKwBtN2df+j+4stw3bQJ6yO4EY=",
|
||||||
"path": "github.com/gin-contrib/sse",
|
"path": "github.com/gin-contrib/sse",
|
||||||
|
Loading…
Reference in New Issue
Block a user