✨Request Bank: Fixed AMP CORs and Multipart form data (#20879)

* Fixed AMP CORs and Multipart form data for Request Bank * Made requested changes
ampproject · Feb 21, 2019 · 96b2b53 · 96b2b53
1 parent ed6f907
commit 96b2b53
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 30 deletions.
diff --git a/build-system/amp-cors.js b/build-system/amp-cors.js
@@ -0,0 +1,36 @@
+/**
+ * Copyright 2019 The AMP HTML Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS-IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+function enableCors(req, res, origin, opt_exposeHeaders) {
+  res.setHeader('Access-Control-Allow-Credentials', 'true');
+
+  if (!origin && req.headers.origin) {
+    origin = req.headers.origin;
+  }
+
+  if (origin) {
+    res.setHeader('Access-Control-Allow-Origin', origin);
+  }
+  res.setHeader('Access-Control-Expose-Headers',
+      ['AMP-Access-Control-Allow-Source-Origin']
+          .concat(opt_exposeHeaders || []).join(', '));
+  if (req.query.__amp_source_origin) {
+    res.setHeader('AMP-Access-Control-Allow-Source-Origin',
+        req.query.__amp_source_origin);
+  }
+}
+
+module.exports = enableCors;
diff --git a/build-system/amp4test.js b/build-system/amp4test.js
@@ -16,10 +16,13 @@
 'use strict';
 
 const app = require('express').Router();
+const enableCors = require('./amp-cors');
 const minimist = require('minimist');
 const argv = minimist(
     process.argv.slice(2), {boolean: ['strictBabelTransform']});
+const multer = require('multer');
 
+const upload = multer();
 
 /* eslint-disable max-len */
 
@@ -101,26 +104,31 @@ const bank = {};
  * Deposit a request. An ID has to be specified. Will override previous request
  * if the same ID already exists.
  */
-app.use('/request-bank/:bid/deposit/:id/', (req, res) => {
-  if (!bank[req.params.bid]) {
-    bank[req.params.bid] = {};
-  }
-  const key = req.params.id;
-  log('SERVER-LOG [DEPOSIT]: ', key);
-  if (typeof bank[req.params.bid][key] === 'function') {
-    bank[req.params.bid][key](req);
-  } else {
-    bank[req.params.bid][key] = req;
-  }
-  res.end();
-});
+app.use(
+    '/request-bank/:bid/deposit/:id/',
+    upload.array(),
+    (req, res) => {
+      enableCors(req, res);
+      if (!bank[req.params.bid]) {
+        bank[req.params.bid] = {};
+      }
+      const key = req.params.id;
+      log('SERVER-LOG [DEPOSIT]: ', key);
+      if (typeof bank[req.params.bid][key] === 'function') {
+        bank[req.params.bid][key](req);
+      } else {
+        bank[req.params.bid][key] = req;
+      }
+      res.end();
+    });
 
 /**
  * Withdraw a request. If the request of the given ID is already in the bank,
  * return it immediately. Otherwise wait until it gets deposited
  * The same request cannot be withdrawn twice at the same time.
  */
 app.use('/request-bank/:bid/withdraw/:id/', (req, res) => {
+  enableCors(req, res);
   if (!bank[req.params.bid]) {
     bank[req.params.bid] = {};
   }

diff --git a/build-system/app.js b/build-system/app.js
@@ -24,6 +24,7 @@ const bacon = require('baconipsum');
 const BBPromise = require('bluebird');
 const bodyParser = require('body-parser');
 const devDashboard = require('./app-index/index');
+const enableCors = require('./amp-cors');
 const formidable = require('formidable');
 const fs = BBPromise.promisifyAll(require('fs'));
 const jsdom = require('jsdom');
@@ -36,7 +37,7 @@ const runVideoTestBench = require('./app-video-testbench');
 const {
   recaptchaFrameRequestHandler,
   recaptchaRouter,
-} = require('./recaptcha-router.js');
+} = require('./recaptcha-router');
 const {renderShadowViewer} = require('./shadow-viewer');
 const {replaceUrls} = require('./app-utils');
 
@@ -1386,18 +1387,6 @@ function addQueryParam(url, param, value) {
   return url;
 }
 
-function enableCors(req, res, origin, opt_exposeHeaders) {
-  res.setHeader('Access-Control-Allow-Credentials', 'true');
-  res.setHeader('Access-Control-Allow-Origin', origin);
-  res.setHeader('Access-Control-Expose-Headers',
-      ['AMP-Access-Control-Allow-Source-Origin']
-          .concat(opt_exposeHeaders || []).join(', '));
-  if (req.query.__amp_source_origin) {
-    res.setHeader('AMP-Access-Control-Allow-Source-Origin',
-        req.query.__amp_source_origin);
-  }
-}
-
 function assertCors(req, res, opt_validMethods, opt_exposeHeaders,
   opt_ignoreMissingSourceOrigin) {
   // Allow disable CORS check (iframe fixtures have origin 'about:srcdoc').

diff --git a/build-system/recaptcha-router.js b/build-system/recaptcha-router.js
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 
+const enableCors = require('./amp-cors');
 const pc = process;
 const BBPromise = require('bluebird');
 const fs = BBPromise.promisifyAll(require('fs'));
@@ -48,10 +49,7 @@ recaptchaRouter.post(
     '/submit',
     upload.array(),
     (req, res) => {
-      const sourceOrigin = req.query['__amp_source_origin'];
-      if (sourceOrigin) {
-        res.setHeader('AMP-Access-Control-Allow-Source-Origin', sourceOrigin);
-      }
+      enableCors(req, res);
 
       const responseJson = {
         message: 'Success!',