Added CORS support and opened for origin=*

src/ct/rest/__init__.py

@@ -4,12 +4,13 @@
 from flask import jsonify
 from flask import url_for
 
-from .auth import requires_auth
 from . import v1
+from .decorators import crossdomain
 
 api = Blueprint('api', __name__)
 
 @api.route('/')
+@crossdomain(origin='*')
 def index():
     return jsonify({
         "description": "REST API for CT",

src/ct/rest/auth.py

@@ -1,6 +1,5 @@
 from __future__ import absolute_import
 
-from functools import wraps
 from hashlib import sha256
 from flask import request, Response
 from flask import session, g
@@ -62,16 +61,3 @@ def authenticate():
     'Could not verify your access level for that URL.\n'
     'You have to login with proper credentials', 401,
     get_auth_headers())
-
-
-def requires_auth(f):
-    @wraps(f)
-    def decorated(*args, **kwargs):
-        auth = request.authorization
-        if not auth or not check_auth(auth.username, auth.password):
-            return authenticate()
-
-        g.ct = get_ct_object(auth.username, auth.password)
-
-        return f(*args, **kwargs)
-    return decorated

src/ct/rest/decorators.py

@@ -0,0 +1,64 @@
+from __future__ import absolute_import
+
+from functools import wraps
+from datetime import timedelta
+from flask import make_response, request, current_app, g
+from functools import update_wrapper
+
+from . import auth
+
+
+def requires_auth(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        user = request.authorization
+        if not user or not auth.check_auth(user.username, user.password):
+            return auth.authenticate()
+
+        g.ct = auth.get_ct_object(user.username, user.password)
+
+        return f(*args, **kwargs)
+    return decorated
+
+
+# Source: http://flask.pocoo.org/snippets/56/
+def crossdomain(origin=None, methods=None, headers=None,
+                max_age=21600, attach_to_all=True,
+                automatic_options=True):
+    if methods is not None:
+        methods = ', '.join(sorted(x.upper() for x in methods))
+    if headers is not None and not isinstance(headers, basestring):
+        headers = ', '.join(x.upper() for x in headers)
+    if not isinstance(origin, basestring):
+        origin = ', '.join(origin)
+    if isinstance(max_age, timedelta):
+        max_age = max_age.total_seconds()
+
+    def get_methods():
+        if methods is not None:
+            return methods
+
+        options_resp = current_app.make_default_options_response()
+        return options_resp.headers['allow']
+
+    def decorator(f):
+        def wrapped_function(*args, **kwargs):
+            if automatic_options and request.method == 'OPTIONS':
+                resp = current_app.make_default_options_response()
+            else:
+                resp = make_response(f(*args, **kwargs))
+            if not attach_to_all and request.method != 'OPTIONS':
+                return resp
+
+            h = resp.headers
+
+            h['Access-Control-Allow-Origin'] = origin
+            h['Access-Control-Allow-Methods'] = get_methods()
+            h['Access-Control-Max-Age'] = str(max_age)
+            if headers is not None:
+                h['Access-Control-Allow-Headers'] = headers
+            return resp
+
+        f.provide_automatic_options = False
+        return update_wrapper(wrapped_function, f)
+    return decorator

src/ct/rest/v1.py

@@ -3,13 +3,14 @@
 from flask import jsonify
 from flask import request
 
-from .auth import requires_auth
+from .decorators import requires_auth, crossdomain
 from . import ct
 from . import url
 from . import dates
 
 
 @requires_auth
+@crossdomain(origin='*')
 def index():
     return jsonify({
         "description": "REST API for CT version 1.0",
@@ -29,6 +30,7 @@ def index():
 
 
 @requires_auth
+@crossdomain(origin='*')
 def get_current_week():
     if request.method == "PUT":
         year, week = dates.get_current_week()
@@ -38,6 +40,7 @@ def get_current_week():
 
 
 @requires_auth
+@crossdomain(origin='*')
 def get_projects():
     return jsonify(get_projects_data())