Converted static CORS into middleware, and added to all routers (#161)

* Added CORS stuff * Format + Lint
HackIllinois · Jan 21, 2024 · faa7bf5 · faa7bf5
1 parent 9f3b44c
commit faa7bf5
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 34 deletions.
diff --git a/src/app.ts b/src/app.ts
@@ -19,11 +19,12 @@ import { ErrorHandler } from "./middleware/error-handler.js";
 import { StatusCode } from "status-code-enum";
 import Config from "./config.js";
 import database from "./middleware/database.js";
+import corsSelector from "./middleware/cors-selector.js";
 
 const app: Application = express();
 
 // Utility packages (detailed in the readme)
-// app.use(helmet({ crossOriginResourcePolicy: false }));
+app.use(corsSelector);
 
 // Enable request output when not a test
 if (!Config.TEST) {

diff --git a/src/config.ts b/src/config.ts
@@ -83,7 +83,7 @@ const Config = {
 
     JWT_SECRET: requireEnv("JWT_SECRET"),
 
-    NEWSLETTER_CORS: {
+    CORS: {
         PROD_REGEX: requireEnv("PROD_REGEX"),
         DEPLOY_REGEX: requireEnv("DEPLOY_REGEX"),
     },

diff --git a/src/middleware/cors-selector.ts b/src/middleware/cors-selector.ts
@@ -0,0 +1,24 @@
+import cors, { CorsOptions } from "cors";
+import Config from "../config.js";
+
+// Only allow a certain set of regexes to be allowed via CORS
+const allowedOrigins: RegExp[] = [new RegExp(Config.CORS.PROD_REGEX), new RegExp(Config.CORS.DEPLOY_REGEX)];
+
+function regexPasses(target: string, patterns: RegExp[]): boolean {
+    return patterns.some((pattern: RegExp) => {
+        return pattern.test(target);
+    });
+}
+
+// CORS options configuration
+const corsOptions: CorsOptions = {
+    origin: (origin: string | undefined, callback: (error: Error | null, allow?: boolean) => void) => {
+        if (!origin || regexPasses(origin, allowedOrigins)) {
+            callback(null, true);
+        } else {
+            callback(new Error("Not allowed by CORS"));
+        }
+    },
+};
+
+export default cors(corsOptions);
diff --git a/src/services/newsletter/newsletter-lib.ts b/src/services/newsletter/newsletter-lib.ts
diff --git a/src/services/newsletter/newsletter-router.ts b/src/services/newsletter/newsletter-router.ts
@@ -1,35 +1,14 @@
 import { Request, Response, Router } from "express";
-import { regexPasses } from "./newsletter-lib.js";
-import cors, { CorsOptions } from "cors";
-
 import { SubscribeRequest } from "./newsletter-formats.js";
 import { NewsletterSubscription } from "../../database/newsletter-db.js";
 import Models from "../../database/models.js";
 import { UpdateQuery } from "mongoose";
 import { StatusCode } from "status-code-enum";
-import Config from "../../config.js";
 import { RouterError } from "../../middleware/error-handler.js";
 import { NextFunction } from "express-serve-static-core";
 
 const newsletterRouter: Router = Router();
 
-// Only allow a certain set of regexes to be allowed via CORS
-const allowedOrigins: RegExp[] = [new RegExp(Config.NEWSLETTER_CORS.PROD_REGEX), new RegExp(Config.NEWSLETTER_CORS.DEPLOY_REGEX)];
-
-// CORS options configuration
-const corsOptions: CorsOptions = {
-    origin: (origin: string | undefined, callback: (error: Error | null, allow?: boolean) => void) => {
-        if (!origin || regexPasses(origin, allowedOrigins)) {
-            callback(null, true);
-        } else {
-            callback(new Error("Not allowed by CORS"));
-        }
-    },
-};
-
-// Use CORS for exclusively the newsletter - public access
-newsletterRouter.use(cors(corsOptions));
-
 /**
  * @api {post} /newsletter/subscribe/ POST /newsletter/subscribe/
  * @apiGroup Newsletter