1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
package headers
import (
"net/http"
"strconv"
"github.com/spiral/errors"
"github.com/spiral/roadrunner/v2/plugins/config"
)
// ID contains default service name.
const PluginName = "headers"
const RootPluginName = "http"
// Service serves headers files. Potentially convert into middleware?
type Plugin struct {
// server configuration (location, forbidden files and etc)
cfg *Config
}
// Init must return configure service and return true if service hasStatus enabled. Must return error in case of
// misconfiguration. Services must not be used without proper configuration pushed first.
func (s *Plugin) Init(cfg config.Configurer) error {
const op = errors.Op("headers_plugin_init")
if !cfg.Has(RootPluginName) {
return errors.E(op, errors.Disabled)
}
err := cfg.UnmarshalKey(RootPluginName, &s.cfg)
if err != nil {
return errors.E(op, errors.Disabled, err)
}
if s.cfg.Headers == nil {
return errors.E(op, errors.Disabled)
}
return nil
}
// middleware must return true if request/response pair is handled within the middleware.
func (s *Plugin) Middleware(next http.Handler) http.Handler {
// Define the http.HandlerFunc
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if s.cfg.Headers.Request != nil {
for k, v := range s.cfg.Headers.Request {
r.Header.Add(k, v)
}
}
if s.cfg.Headers.Response != nil {
for k, v := range s.cfg.Headers.Response {
w.Header().Set(k, v)
}
}
if s.cfg.Headers.CORS != nil {
if r.Method == http.MethodOptions {
s.preflightRequest(w)
return
}
s.corsHeaders(w)
}
next.ServeHTTP(w, r)
})
}
func (s *Plugin) Name() string {
return PluginName
}
// configure OPTIONS response
func (s *Plugin) preflightRequest(w http.ResponseWriter) {
headers := w.Header()
headers.Add("Vary", "Origin")
headers.Add("Vary", "Access-Control-Request-Method")
headers.Add("Vary", "Access-Control-Request-Headers")
if s.cfg.Headers.CORS.AllowedOrigin != "" {
headers.Set("Access-Control-Allow-Origin", s.cfg.Headers.CORS.AllowedOrigin)
}
if s.cfg.Headers.CORS.AllowedHeaders != "" {
headers.Set("Access-Control-Allow-Headers", s.cfg.Headers.CORS.AllowedHeaders)
}
if s.cfg.Headers.CORS.AllowedMethods != "" {
headers.Set("Access-Control-Allow-Methods", s.cfg.Headers.CORS.AllowedMethods)
}
if s.cfg.Headers.CORS.AllowCredentials != nil {
headers.Set("Access-Control-Allow-Credentials", strconv.FormatBool(*s.cfg.Headers.CORS.AllowCredentials))
}
if s.cfg.Headers.CORS.MaxAge > 0 {
headers.Set("Access-Control-Max-Age", strconv.Itoa(s.cfg.Headers.CORS.MaxAge))
}
w.WriteHeader(http.StatusOK)
}
// configure CORS headers
func (s *Plugin) corsHeaders(w http.ResponseWriter) {
headers := w.Header()
headers.Add("Vary", "Origin")
if s.cfg.Headers.CORS.AllowedOrigin != "" {
headers.Set("Access-Control-Allow-Origin", s.cfg.Headers.CORS.AllowedOrigin)
}
if s.cfg.Headers.CORS.AllowedHeaders != "" {
headers.Set("Access-Control-Allow-Headers", s.cfg.Headers.CORS.AllowedHeaders)
}
if s.cfg.Headers.CORS.ExposedHeaders != "" {
headers.Set("Access-Control-Expose-Headers", s.cfg.Headers.CORS.ExposedHeaders)
}
if s.cfg.Headers.CORS.AllowCredentials != nil {
headers.Set("Access-Control-Allow-Credentials", strconv.FormatBool(*s.cfg.Headers.CORS.AllowCredentials))
}
}
|
