refactor: refactor cors headers

axetroy · Oct 7, 2019 · 7f169d2 · 7f169d2
1 parent 96869a0
commit 7f169d2
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 6 deletions.
diff --git a/src/controller/transfer/to.go b/src/controller/transfer/to.go
@@ -11,6 +11,7 @@ import (
 	"github.com/axetroy/go-server/src/exception"
 	"github.com/axetroy/go-server/src/helper"
 	"github.com/axetroy/go-server/src/logger"
+	"github.com/axetroy/go-server/src/middleware"
 	"github.com/axetroy/go-server/src/model"
 	"github.com/axetroy/go-server/src/schema"
 	"github.com/axetroy/go-server/src/service/database"
@@ -261,7 +262,7 @@ func ToRouter(c *gin.Context) {
 	}
 
 	// 获取数据签名
-	signature := c.GetHeader("X-Signature")
+	signature := c.GetHeader(middleware.SignatureHeader)
 
 	res = To(controller.NewContext(c), input, signature)
 }
diff --git a/src/controller/transfer/to_test.go b/src/controller/transfer/to_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/axetroy/go-server/src/controller/user"
 	"github.com/axetroy/go-server/src/controller/wallet"
 	"github.com/axetroy/go-server/src/exception"
+	"github.com/axetroy/go-server/src/middleware"
 	"github.com/axetroy/go-server/src/model"
 	"github.com/axetroy/go-server/src/schema"
 	"github.com/axetroy/go-server/src/service/database"
@@ -155,7 +156,7 @@ func TestToRouter(t *testing.T) {
 
 		signature, err := util.Signature(string(body))
 
-		header["X-Signature"] = signature
+		header[middleware.SignatureHeader] = signature
 
 		assert.Nil(t, err)
 

diff --git a/src/middleware/cors.go b/src/middleware/cors.go
@@ -1,16 +1,44 @@
 package middleware
 
-import "github.com/gin-gonic/gin"
+import (
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"strings"
+)
+
+var (
+	allowHeaders = strings.Join([]string{
+		"accept",
+		"origin",
+		"Authorization",
+		"Content-Type",
+		"Content-Length",
+		"Content-Length",
+		"Accept-Encoding",
+		"Cache-Control",
+		"X-CSRF-Token",
+		"X-Requested-With",
+		SignatureHeader,
+		PayPasswordHeader,
+	}, ",")
+	allowMethods = strings.Join([]string{
+		http.MethodOptions,
+		http.MethodGet,
+		http.MethodPost,
+		http.MethodPut,
+		http.MethodDelete,
+	}, ",")
+)
 
 func CORS() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		origin := c.GetHeader("Origin")
 		c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
 		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
-		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With, X-Signature, X-Pay-Password")
-		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")
+		c.Writer.Header().Set("Access-Control-Allow-Headers", allowHeaders)
+		c.Writer.Header().Set("Access-Control-Allow-Methods", allowMethods)
 
-		if c.Request.Method == "OPTIONS" {
+		if c.Request.Method == http.MethodOptions {
 			c.AbortWithStatus(204)
 			return
 		}

diff --git a/src/middleware/trade_password.go b/src/middleware/trade_password.go
@@ -15,6 +15,7 @@ import (
 
 var (
 	PayPasswordHeader = "X-Pay-Password"
+	SignatureHeader   = "X-Signature"
 )
 
 // 交易密码的验证中间件
-Original file line number
+Diff line change
@@ Expand Up / @@ -15,6 +15,7 @@ import ( @@
     var (
     	PayPasswordHeader = "X-Pay-Password"
+    	SignatureHeader   = "X-Signature"
     )
     // 交易密码的验证中间件
@@ Expand Down @@