allow specifying origins for functions

Author: keithwhor

lib/gateway.js

@@ -256,6 +256,23 @@ class Gateway extends EventEmitter {
     );
   }
 
+  __originError__ (req, res, origin, headers = {}) {
+    headers = this.__createHeaders__(req, headers);
+    headers['content-type'] = 'application/json';
+    return this.__endRequest__(
+      403,
+      this.__formatHeaders__(headers),
+      req,
+      res,
+      JSON.stringify({
+        error: {
+          type: 'OriginError',
+          message: `Provided origin "${origin}" can not access this resource`,
+        }
+      })
+    );
+  }
+
   __debugError__ (req, res, message, headers = {}) {
     message = message || `You do not have permission to debug this endpoint`;
     headers = this.__createHeaders__(req, headers);
@@ -1165,12 +1182,6 @@ class Gateway extends EventEmitter {
       this.log(req, `Request Received (Size ${buffer.length})`);
       this.resolve(req, res, buffer, (err, definition, data, buffer, proxyParameters) => {
 
-        let headers = {};
-        headers['x-execution-uuid'] = req._uuid;
-        if (definition && definition.allowOrigin) {
-          headers['access-control-allow-origin'] = definition.allowOrigin;
-        }
-
         if (err) {
           if (err.accessSourceError) {
             return this.__accessSourceError__(req, res, err.message);
@@ -1203,6 +1214,20 @@ class Gateway extends EventEmitter {
           return this.__clientError__(req, res, err.message, err.statusCode || 400);
         }
 
+        let headers = {};
+        headers['x-execution-uuid'] = req._uuid;
+        if (definition.origins) {
+          if (
+            req.headers['origin'] &&
+            definition.origins.indexOf(req.headers['origin']) !== -1
+          ) {
+            headers['access-control-allow-origin'] = req.headers['origin'];
+          } else {
+            headers['access-control-allow-origin'] = '!';
+            return this.__originError__(req, res, req.headers['origin'], headers);
+          }
+        }
+
         let [contentType, ...contentTypeParameters] = (req.method === 'GET' || req.method === 'DELETE')
           ? ['application/x-www-form-urlencoded']
           : (req.headers['content-type'] || '').split(';');

lib/parser/function_parser.js

@@ -268,6 +268,9 @@ FunctionParser.definitionFields = {
   },
   'description': description => typeof description === 'string',
   'metadata': metadata => typeof metadata === 'object' && metadata !== null,
+  'origins': origins => {
+    return origins === null || origins === void 0 || Array.isArray(origins);
+  },
   'background': background => {
     if (background) {
       return background &&

lib/parser/nodejs/comment_definition_parser.js

@@ -4,6 +4,7 @@ const validateParameterName = require('./validate_parameter_name.js');
 
 const DEFAULT_DEFINITION_FIELD = 'description';
 const DEFINITION_FIELDS = [
+  'origin',
   'background',
   'keys',
   'charge',
@@ -121,6 +122,27 @@ class CommentDefinitionParser {
     }, acl);
   }
 
+  getOrigin (values) {
+    let value = values.join(' ').trim();
+    let origins = [];
+    if (!value.match(/^(https?:\/\/)?([a-z0-9\-]{0,255}\.)*?([a-z0-9\-]{1,255})(:[0-9]{1,5})?$/gi)) {
+      throw new Error([
+        `Invalid origin: "${value}".`,
+        ` Must be a valid hostname consisting of alphanumeric characters or "-"`,
+        ` separated by ".".`,
+        ` Supported protocols are "http://" and "https://", if left absent both`,
+        ` will be enabled.`
+      ].join(''));
+    }
+    if (!value.match(/^https?:\/\//gi)) {
+      origins.push(`https://${value}`);
+      origins.push(`http://${value}`);
+    } else {
+      origins.push(value);
+    }
+    return origins;
+  }
+
   getBackground (values) {
     values = values.join(' ').split(' ');
     let mode = values[0].trim() || backgroundValidator.defaultMode;
@@ -129,8 +151,8 @@ class CommentDefinitionParser {
     if (modes.indexOf(mode) === -1) {
       throw new Error([
         `Invalid Background mode: "${mode}". Please specify \`@background MODE\``,
-        `where MODE is one of: "${modes.join('", "')}" (without quotes).`,
-        `If no mode is provided, the default "${backgroundValidator.defaultMode}" will be used.`
+        ` where MODE is one of: "${modes.join('", "')}" (without quotes).`,
+        ` If no mode is provided, the default "${backgroundValidator.defaultMode}" will be used.`
       ].join(''));
     }
     return {
@@ -365,6 +387,12 @@ class CommentDefinitionParser {
         });
       } else if (field === 'returns') {
         definition.returns = this.getParameter(values, textSchema);
+      } else if (field === 'origin') {
+        definition.origins = definition.origins || [];
+        definition.origins = [].concat(
+          definition.origins,
+          this.getOrigin(values)
+        );
       } else if (field === 'background') {
         definition.background = this.getBackground(values);
       } else if (field === 'acl') {
@@ -397,6 +425,7 @@ class CommentDefinitionParser {
         {
           name: name,
           description: '',
+          origins: null,
           acl: null,
           background: null,
           keys: [],

lib/parser/nodejs/exported_function_parser.js

@@ -290,6 +290,7 @@ class ExportedFunctionParser {
     let functionDefinition = this.parseParamsFromFunctionExpression(functionExpression);
 
     let description = commentDefinition.description || '';
+    let origins = commentDefinition.origins || null;
     let background = commentDefinition.background || null;
     let charge = isNaN(commentDefinition.charge) ? 1 : commentDefinition.charge;
     let streams = commentDefinition.streams || null;
@@ -311,6 +312,7 @@ class ExportedFunctionParser {
       },
       description: description,
       metadata: {},
+      origins: origins,
       background: background,
       acl: acl,
       keys: keys,

lib/parser/static/static_parser.js

@@ -24,6 +24,7 @@ class StaticParser {
         contentType: mime.getType(filename),
         contentLength: buffer.byteLength,
       },
+      origins: null,
       background: null,
       keys: [],
       charge: 0,

tests/files/cases/function_invalid_origin.js

@@ -0,0 +1,10 @@
+/**
+* Function with an invalid origin
+* @origin *.autocode.com
+* @returns {string}
+*/
+module.exports = (callback) => {
+
+  return callback(null, 'origin');
+
+};

tests/files/cases/function_invalid_origin_asterisk.js

@@ -0,0 +1,10 @@
+/**
+* Function with an invalid origin
+* @origin *
+* @returns {string}
+*/
+module.exports = (callback) => {
+
+  return callback(null, 'origin');
+
+};

tests/files/cases/function_invalid_origin_bad_protocol.js

@@ -0,0 +1,10 @@
+/**
+* Function with an invalid origin
+* @origin file://www.autocode.com
+* @returns {string}
+*/
+module.exports = (callback) => {
+
+  return callback(null, 'origin');
+
+};

tests/files/cases/function_valid_origin.js

@@ -0,0 +1,10 @@
+/**
+* Function with an valid origin
+* @origin autocode.com
+* @returns {string}
+*/
+module.exports = (callback) => {
+
+  return callback(null, 'origin');
+
+};

tests/files/cases/function_valid_origin_http_port_subdomain.js

@@ -0,0 +1,10 @@
+/**
+* Function with an valid origin
+* @origin http://x.y.z.localhost:8000
+* @returns {string}
+*/
+module.exports = (callback) => {
+
+  return callback(null, 'origin');
+
+};