From 55fbe1b70aa1c004d9693b21eed536215c42cda4 Mon Sep 17 00:00:00 2001 From: Juanma Hidalgo Date: Tue, 23 Apr 2024 08:54:11 +0200 Subject: [PATCH] Revert "feat: Add granular CORS (#741)" This reverts commit f70ab2dac0151ea395cd007dc055438e11869b09. --- src/Analytics/Analytics.router.ts | 14 +-------- src/App/App.router.ts | 12 +------- src/Asset/Asset.router.ts | 12 +------- src/AssetPack/AssetPack.router.ts | 13 --------- src/Collection/Collection.router.ts | 23 --------------- src/Committee/Committee.router.ts | 12 +------- src/Curation/Curation.router.ts | 22 -------------- src/Deployment/Deployment.router.ts | 11 ------- src/Forum/Forum.router.ts | 7 ----- src/Item/Item.router.ts | 22 -------------- src/LAND/LAND.router.ts | 9 ------ src/Manifest/Manifest.router.ts | 17 ----------- src/NFT/NFT.router.ts | 10 +------ src/Newsletter/Newsletter.router.ts | 25 ++-------------- src/Pool/Pool.router.ts | 9 ------ src/PoolGroup/PoolGroup.router.ts | 12 +------- src/PoolLike/PoolLike.router.ts | 8 ----- src/Project/Project.router.ts | 44 ++++------------------------ src/Rarity/Rarity.router.ts | 19 ++---------- src/S3/S3Router.ts | 29 ++----------------- src/Share/Share.router.ts | 7 ----- src/ThirdParty/ThirdParty.router.ts | 11 ------- src/Tiers/Tiers.router.ts | 12 +------- src/common/ExpressApp.ts | 20 +++++++++++++ src/middleware/cors/cors.ts | 45 ----------------------------- src/middleware/cors/index.ts | 1 - src/server.ts | 24 ++++++++++++++- 27 files changed, 63 insertions(+), 387 deletions(-) delete mode 100644 src/middleware/cors/cors.ts delete mode 100644 src/middleware/cors/index.ts diff --git a/src/Analytics/Analytics.router.ts b/src/Analytics/Analytics.router.ts index d355f48d..af8f660c 100644 --- a/src/Analytics/Analytics.router.ts +++ b/src/Analytics/Analytics.router.ts @@ -1,35 +1,23 @@ import cacheControl from 'express-cache-controller' import { server } from 'decentraland-server' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { Analytics } from './Analytics.model' import { Request } from 'express' export class AnalyticsRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/analytics/weekly', withCors) - this.router.options('/analytics/status', withCors) - /** * Get weekly stats */ this.router.get( '/analytics/weekly', - withCors, cacheControl({ maxAge: 43200, public: true }), server.handleRequest(this.getWeekly) ), /** * Get status */ - this.router.get( - '/analytics/status', - withCors, - server.handleRequest(this.getStatus) - ) + this.router.get('/analytics/status', server.handleRequest(this.getStatus)) } async getWeekly(req: Request) { diff --git a/src/App/App.router.ts b/src/App/App.router.ts index 8d597caa..845a9e10 100644 --- a/src/App/App.router.ts +++ b/src/App/App.router.ts @@ -2,20 +2,10 @@ import { server } from 'decentraland-server' import { env } from 'decentraland-commons' import { Router } from '../common/Router' -import { withPermissiveCors } from '../middleware/cors' export class AppRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/info', withPermissiveCors) - - this.router.get( - '/info', - withPermissiveCors, - server.handleRequest(this.getVersion) - ) + this.router.get('/info', server.handleRequest(this.getVersion)) } getVersion() { diff --git a/src/Asset/Asset.router.ts b/src/Asset/Asset.router.ts index 182b8490..a518cb05 100644 --- a/src/Asset/Asset.router.ts +++ b/src/Asset/Asset.router.ts @@ -2,7 +2,6 @@ import { Request } from 'express' import { server } from 'decentraland-server' import { hashV1 } from '@dcl/hashing' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { withModelExists, asMiddleware, @@ -22,19 +21,11 @@ export class AssetRouter extends Router { 'assetPackId' ) - /** - * CORS for the OPTIONS header - */ - this.router.options('/assetPacks/:assetPackId/assets/:id/files', withCors) - this.router.options('/assets/:id', withCors) - this.router.options('/assets', withCors) - /** * Upload the files for each asset in an asset pack */ this.router.post( '/assetPacks/:assetPackId/assets/:id/files', - withCors, withAuthentication, withAssetPackExists, withAssetPackAuthorization, @@ -53,7 +44,6 @@ export class AssetRouter extends Router { */ this.router.get( '/assets/:id', - withCors, withAssetExists, server.handleRequest(this.getAsset) ) @@ -61,7 +51,7 @@ export class AssetRouter extends Router { /** * Get a multiple assets */ - this.router.get('/assets', withCors, server.handleRequest(this.getAssets)) + this.router.get('/assets', server.handleRequest(this.getAssets)) } async assetBelongsToPackMiddleware(req: Request) { diff --git a/src/AssetPack/AssetPack.router.ts b/src/AssetPack/AssetPack.router.ts index b9fcb819..0ceb3f30 100644 --- a/src/AssetPack/AssetPack.router.ts +++ b/src/AssetPack/AssetPack.router.ts @@ -4,7 +4,6 @@ import { v4 as uuidv4 } from 'uuid' import express from 'express' import { ILoggerComponent } from '@well-known-components/interfaces' -import { withCors } from '../middleware/cors' import { Router } from '../common/Router' import { HTTPError, STATUS_CODES } from '../common/HTTPError' import { getValidator } from '../utils/validator' @@ -59,19 +58,11 @@ export class AssetPackRouter extends Router { const withAssetPackExists = withModelExists(AssetPack) const withAssetPackAuthorization = withModelAuthorization(AssetPack) - /** - * CORS for the OPTIONS header - */ - this.router.options('/assetPacks', withCors) - this.router.options('/assetPacks/:id', withCors) - this.router.options('/assetPacks/:id/thumbnail', withCors) - /** * Get all asset packs */ this.router.get( '/assetPacks', - withCors, withPermissiveAuthentication, withLowercaseQueryParams(['owner']), asyncHandler(this.getAssetPacks) @@ -82,7 +73,6 @@ export class AssetPackRouter extends Router { */ this.router.get( '/assetPacks/:id', - withCors, withPermissiveAuthentication, server.handleRequest(this.getAssetPack) ) @@ -92,7 +82,6 @@ export class AssetPackRouter extends Router { */ this.router.put( '/assetPacks/:id', - withCors, withAuthentication, server.handleRequest(this.upsertAssetPack) ) @@ -102,7 +91,6 @@ export class AssetPackRouter extends Router { */ this.router.delete( '/assetPacks/:id', - withCors, withAuthentication, withAssetPackExists, withAssetPackAuthorization, @@ -114,7 +102,6 @@ export class AssetPackRouter extends Router { */ this.router.post( '/assetPacks/:id/thumbnail', - withCors, withAuthentication, withAssetPackExists, withAssetPackAuthorization, diff --git a/src/Collection/Collection.router.ts b/src/Collection/Collection.router.ts index 92ee80fb..4e214b59 100644 --- a/src/Collection/Collection.router.ts +++ b/src/Collection/Collection.router.ts @@ -1,7 +1,6 @@ import { Request, Response } from 'express' import { server } from 'decentraland-server' import { omit } from 'decentraland-commons/dist/utils' -import { withCors } from '../middleware/cors' import { Router } from '../common/Router' import { HTTPError, STATUS_CODES } from '../common/HTTPError' import { getValidator } from '../utils/validator' @@ -87,24 +86,11 @@ export class CollectionRouter extends Router { ) const withLowercasedAddress = withLowercasedParams(['address']) - /** - * CORS for the OPTIONS header - */ - this.router.options('/collections', withCors) - this.router.options('/:address/collections', withCors) - this.router.options('/collections/:id', withCors) - this.router.options('/collections/:id/publish', withCors) - this.router.options('/collections/:id/tos', withCors) - this.router.options('/collections/:id/lock', withCors) - this.router.options('/collections/:id/approvalData', withCors) - this.router.options('/addresses', withCors) - /** * Returns all collections */ this.router.get( '/collections', - withCors, withPermissiveAuthentication, server.handleRequest(this.getCollections) ) @@ -114,7 +100,6 @@ export class CollectionRouter extends Router { */ this.router.get( '/:address/collections', - withCors, withAuthentication, withLowercasedAddress, server.handleRequest(this.getAddressCollections) @@ -125,7 +110,6 @@ export class CollectionRouter extends Router { */ this.router.get( '/collections/:id', - withCors, withAuthentication, withCollectionExists, server.handleRequest(this.getCollection) @@ -136,7 +120,6 @@ export class CollectionRouter extends Router { */ this.router.post( '/collections/:id/publish', - withCors, withAuthentication, withCollectionExists, server.handleRequest(this.publishCollection) @@ -147,7 +130,6 @@ export class CollectionRouter extends Router { */ this.router.post( '/collections/:id/tos', - withCors, withAuthentication, withCollectionExists, server.handleRequest(this.saveTOS) @@ -158,7 +140,6 @@ export class CollectionRouter extends Router { */ this.router.post( '/collections/:id/lock', - withCors, withAuthentication, withCollectionExists, withCollectionAuthorization, @@ -170,7 +151,6 @@ export class CollectionRouter extends Router { */ this.router.get( '/collections/:id/approvalData', - withCors, withAuthentication, withCollectionExists, server.handleRequest(this.getApprovalData) @@ -182,7 +162,6 @@ export class CollectionRouter extends Router { */ this.router.put( '/collections/:id', - withCors, withAuthentication, withSchemaValidation(upsertCollectionSchema), server.handleRequest(this.upsertCollection) @@ -193,7 +172,6 @@ export class CollectionRouter extends Router { */ this.router.delete( '/collections/:id', - withCors, withAuthentication, withCollectionExists, withCollectionAuthorization, @@ -205,7 +183,6 @@ export class CollectionRouter extends Router { */ this.router.get( '/addresses', - withCors, server.handleRequest(this.getAddressesCollections) ) } diff --git a/src/Committee/Committee.router.ts b/src/Committee/Committee.router.ts index d9a95d0d..0e53605a 100644 --- a/src/Committee/Committee.router.ts +++ b/src/Committee/Committee.router.ts @@ -2,24 +2,14 @@ import { utils } from 'decentraland-commons' import { server } from 'decentraland-server' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { collectionAPI } from '../ethereum/api/collection' export class CommitteeRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/committee', withCors) - /** * Returns the addresses for the current committee */ - this.router.get( - '/committee', - withCors, - server.handleRequest(this.getCommittee) - ) + this.router.get('/committee', server.handleRequest(this.getCommittee)) } async getCommittee() { diff --git a/src/Curation/Curation.router.ts b/src/Curation/Curation.router.ts index 75e55d64..7a527f42 100644 --- a/src/Curation/Curation.router.ts +++ b/src/Curation/Curation.router.ts @@ -4,7 +4,6 @@ import { Router } from '../common/Router' import { HTTPError, STATUS_CODES } from '../common/HTTPError' import { withAuthentication, AuthRequest } from '../middleware' import { isCommitteeMember } from '../Committee' -import { withCors } from '../middleware/cors' import { collectionAPI } from '../ethereum/api/collection' import { thirdPartyAPI } from '../ethereum/api/thirdParty' import { getValidator } from '../utils/validator' @@ -41,83 +40,62 @@ export class CurationRouter extends Router { // - /collections/:id/curation -> /collectionCurations/:id // - /items/:id/curation -> /itemCurations/:id // - etc - - /** - * CORS for the OPTIONS header - */ - this.router.options('/curations', withCors) - this.router.options('/collectionCuration/:id/itemsStats', withCors) - this.router.options('/collections/:id/itemCurations', withCors) - this.router.options('/collections/:id/curation', withCors) - this.router.options('/collections/:id/curation/post', withCors) - this.router.options('/items/:id/curation', withCors) - this.router.get( '/curations', - withCors, withAuthentication, server.handleRequest(this.getCollectionCurations) ) this.router.get( '/collectionCuration/:id/itemsStats', - withCors, withAuthentication, server.handleRequest(this.getCollectionCurationItemStats) ) this.router.get( '/collections/:id/itemCurations', - withCors, withAuthentication, server.handleRequest(this.getCollectionItemCurations) ) this.router.get( '/collections/:id/curation', - withCors, withAuthentication, server.handleRequest(this.getCollectionCuration) ) this.router.patch( '/collections/:id/curation', - withCors, withAuthentication, server.handleRequest(this.updateCollectionCuration) ) this.router.post( '/collections/:id/curation', - withCors, withAuthentication, server.handleRequest(this.insertCollectionCuration) ) this.router.post( '/collections/:id/curation/post', - withCors, withAuthentication, server.handleRequest(this.createCurationNewAssigneePost) ) this.router.get( '/items/:id/curation', - withCors, withAuthentication, server.handleRequest(this.getItemCuration) ) this.router.patch( '/items/:id/curation', - withCors, withAuthentication, server.handleRequest(this.updateItemCuration) ) this.router.post( '/items/:id/curation', - withCors, withAuthentication, server.handleRequest(this.insertItemCuration) ) diff --git a/src/Deployment/Deployment.router.ts b/src/Deployment/Deployment.router.ts index efbebfc1..3689dd67 100644 --- a/src/Deployment/Deployment.router.ts +++ b/src/Deployment/Deployment.router.ts @@ -1,7 +1,6 @@ import { server } from 'decentraland-server' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { HTTPError } from '../common/HTTPError' import { getValidator } from '../utils/validator' import { @@ -24,18 +23,11 @@ const withDeploymentAuthorization = withModelAuthorization(Deployment) export class DeploymentRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/deployments', withCors) - this.router.options('/projects/:id/deployment', withCors) - /** * Get all deployments */ this.router.get( '/deployments', - withCors, withAuthentication, server.handleRequest(this.getDeployments) ) @@ -45,7 +37,6 @@ export class DeploymentRouter extends Router { */ this.router.get( '/projects/:id/deployment', - withCors, withAuthentication, withProjectExists, withProjectAuthorization, @@ -57,7 +48,6 @@ export class DeploymentRouter extends Router { */ this.router.put( '/projects/:id/deployment', - withCors, withAuthentication, withProjectExists, withProjectAuthorization, @@ -69,7 +59,6 @@ export class DeploymentRouter extends Router { */ this.router.delete( '/projects/:id/deployment', - withCors, withAuthentication, withProjectExists, withProjectAuthorization, diff --git a/src/Forum/Forum.router.ts b/src/Forum/Forum.router.ts index 10ac6408..214a3c8f 100644 --- a/src/Forum/Forum.router.ts +++ b/src/Forum/Forum.router.ts @@ -3,7 +3,6 @@ import { Router } from '../common/Router' import { HTTPError, STATUS_CODES } from '../common/HTTPError' import { getValidator } from '../utils/validator' import { withModelExists, withModelAuthorization } from '../middleware' -import { withCors } from '../middleware/cors' import { withAuthentication, AuthRequest } from '../middleware/authentication' import { isErrorWithMessage } from '../utils/errors' import { @@ -42,17 +41,11 @@ export class ForumRouter extends Router { this.modelAuthorizationCheck ) - /** - * CORS for the OPTIONS header - */ - this.router.options('/collections/:id/post', withCors) - /** * Post a new thread to the forum */ this.router.post( '/collections/:id/post', - withCors, withAuthentication, withCollectionExists, withCollectionAuthorization, diff --git a/src/Item/Item.router.ts b/src/Item/Item.router.ts index 25d9f86c..c6d968ba 100644 --- a/src/Item/Item.router.ts +++ b/src/Item/Item.router.ts @@ -4,7 +4,6 @@ import { server } from 'decentraland-server' import { env } from 'decentraland-commons' import { omit } from 'decentraland-commons/dist/utils' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { HTTPError, STATUS_CODES } from '../common/HTTPError' import { collectionAPI } from '../ethereum/api/collection' import { Bridge } from '../ethereum/api/Bridge' @@ -86,24 +85,11 @@ export class ItemRouter extends Router { ) const withLowercasedAddress = withLowercasedParams(['address']) - /** - * CORS for the OPTIONS header - */ - this.router.options('/items', withCors) - this.router.options('/:address/items', withCors) - this.router.options('/items/:id', withCors) - this.router.options('/collections/:id/items', withCors) - this.router.options('/items/:idOrURN', withCors) - this.router.options('/items/:id/files', withCors) - this.router.options('/items/:id/videos', withCors) - this.router.options('/items/:collectionAddress/:itemId/contents', withCors) - /** * Returns all items */ this.router.get( '/items', - withCors, withAuthentication, server.handleRequest(this.getItems) ) @@ -113,7 +99,6 @@ export class ItemRouter extends Router { */ this.router.get( '/:address/items', - withCors, withAuthentication, withLowercasedAddress, server.handleRequest(this.getAddressItems) @@ -124,7 +109,6 @@ export class ItemRouter extends Router { */ this.router.get( '/items/:id', - withCors, withAuthentication, withItemExists, server.handleRequest(this.getItem) @@ -135,7 +119,6 @@ export class ItemRouter extends Router { */ this.router.get( '/collections/:id/items', - withCors, withAuthentication, withCollectionExist, server.handleRequest(this.getCollectionItems) @@ -147,7 +130,6 @@ export class ItemRouter extends Router { */ this.router.put( '/items/:idOrURN', - withCors, withAuthentication, withSchemaValidation(upsertItemSchema), server.handleRequest(this.upsertItem) @@ -158,7 +140,6 @@ export class ItemRouter extends Router { */ this.router.delete( '/items/:id', - withCors, withAuthentication, withItemExists, withItemAuthorization, @@ -170,7 +151,6 @@ export class ItemRouter extends Router { */ this.router.post( '/items/:id/files', - withCors, withAuthentication, withItemExists, withItemAuthorization, @@ -185,7 +165,6 @@ export class ItemRouter extends Router { */ this.router.post( '/items/:id/videos', - withCors, withAuthentication, withItemExists, withItemAuthorization, @@ -198,7 +177,6 @@ export class ItemRouter extends Router { this.router.get( '/items/:collectionAddress/:itemId/contents', - withCors, withLowercasedParams(['collectionAddress', 'itemId']), withValidContractAddress('collectionAddress'), withValidItemId('itemId'), diff --git a/src/LAND/LAND.router.ts b/src/LAND/LAND.router.ts index 7588fca7..3edda0a0 100644 --- a/src/LAND/LAND.router.ts +++ b/src/LAND/LAND.router.ts @@ -4,7 +4,6 @@ import { Request } from 'express' //@ts-ignore import * as contentHash from 'content-hash' import fetch, { Response as FetchResponse } from 'node-fetch' -import { withCors } from '../middleware/cors' import { HTTPError, STATUS_CODES } from '../common/HTTPError' import { Router } from '../common/Router' import { getCID } from '../utils/cid' @@ -19,21 +18,13 @@ const INDEX_FILE = 'index.html' export class LANDRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/lands/redirectionHashes', withCors) - this.router.options('/lands/:coords/redirection', withCors) - this.router.get( '/lands/redirectionHashes', - withCors, server.handleRequest(this.getRedirectionHashes) ) this.router.post( '/lands/:coords/redirection', - withCors, server.handleRequest(this.uploadRedirection) ) } diff --git a/src/Manifest/Manifest.router.ts b/src/Manifest/Manifest.router.ts index 337b50f9..73a12ebb 100644 --- a/src/Manifest/Manifest.router.ts +++ b/src/Manifest/Manifest.router.ts @@ -2,7 +2,6 @@ import { server } from 'decentraland-server' import { Request, Response } from 'express' import { Router } from '../common/Router' -import { withCors, withPermissiveCors } from '../middleware/cors' import { addInmutableCacheControlHeader } from '../common/headers' import { HTTPError, STATUS_CODES } from '../common/HTTPError' import { getValidator } from '../utils/validator' @@ -40,21 +39,11 @@ export class ManifestRouter extends Router { template_status: TemplateStatus.ACTIVE, }) - /** - * CORS for the OPTIONS header - */ - this.router.options('/projects/:id/manifest', withPermissiveCors) - this.router.options('/manifests', withCors) - this.router.options('/publics/:id/manifest', withPermissiveCors) - this.router.options('/templates/:id/manifest', withPermissiveCors) - this.router.options('/pools/:id/manifest', withPermissiveCors) - /** * Returns the manifest of a project */ this.router.get( '/projects/:id/manifest', - withPermissiveCors, withAuthentication, withProjectExists, withProjectAuthorization, @@ -66,7 +55,6 @@ export class ManifestRouter extends Router { */ this.router.get( '/manifests', - withCors, withAuthentication, server.handleRequest(this.getManifests) ) @@ -76,7 +64,6 @@ export class ManifestRouter extends Router { */ this.router.get( '/publics/:id/manifest', - withPermissiveCors, withProjectExists, this.getProjectManifest ) @@ -86,7 +73,6 @@ export class ManifestRouter extends Router { */ this.router.get( '/templates/:id/manifest', - withPermissiveCors, withTemplateExists, this.getProjectManifest ) @@ -96,7 +82,6 @@ export class ManifestRouter extends Router { */ this.router.get( '/pools/:id/manifest', - withPermissiveCors, withPublishedProjectExists, this.getPoolManifest ) @@ -107,7 +92,6 @@ export class ManifestRouter extends Router { */ this.router.put( '/projects/:id/manifest', - withPermissiveCors, withAuthentication, server.handleRequest(this.upsertManifest) ) @@ -117,7 +101,6 @@ export class ManifestRouter extends Router { */ this.router.delete( '/projects/:id/manifest', - withPermissiveCors, withAuthentication, withProjectAuthorization, server.handleRequest(this.deleteManifest) diff --git a/src/NFT/NFT.router.ts b/src/NFT/NFT.router.ts index 5cfc7808..caac436c 100644 --- a/src/NFT/NFT.router.ts +++ b/src/NFT/NFT.router.ts @@ -2,7 +2,6 @@ import { server } from 'decentraland-server' import { Request } from 'express' import Ajv from 'ajv' import { HTTPError, STATUS_CODES } from '../common/HTTPError' -import { withCors } from '../middleware/cors' import { Router } from '../common/Router' import { NFTService } from './NFT.service' import { GetNFTsResponse, NFT } from './NFT.types' @@ -11,16 +10,9 @@ export class NFTRouter extends Router { private readonly nftService = new NFTService() mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/nfts', withCors) - this.router.options('/nfts/:contractAddress/:tokenId', withCors) - - this.router.get('/nfts', withCors, server.handleRequest(this.getNFTs)) + this.router.get('/nfts', server.handleRequest(this.getNFTs)) this.router.get( '/nfts/:contractAddress/:tokenId', - withCors, server.handleRequest(this.getNFT) ) } diff --git a/src/Newsletter/Newsletter.router.ts b/src/Newsletter/Newsletter.router.ts index 1e6fe9b7..943f5881 100644 --- a/src/Newsletter/Newsletter.router.ts +++ b/src/Newsletter/Newsletter.router.ts @@ -1,32 +1,13 @@ import { Request } from 'express' import { server } from 'decentraland-server' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { Newsletter } from './Newsletter.model' export class NewsletterRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/newsletter', withCors) - this.router.options('/newsletter/:subscriptionId', withCors) - - this.router.post( - '/newsletter', - withCors, - server.handleRequest(this.subscribe) - ) - this.router.delete( - '/newsletter/:subscriptionId', - withCors, - server.handleRequest(this.deleteSubscription) - ) - this.router.get( - '/newsletter/:subscriptionId', - withCors, - server.handleRequest(this.getSubscription) - ) + this.router.post('/newsletter', server.handleRequest(this.subscribe)) + this.router.delete('/newsletter/:subscriptionId', server.handleRequest(this.deleteSubscription)) + this.router.get('/newsletter/:subscriptionId', server.handleRequest(this.getSubscription)) } async subscribe(req: Request) { diff --git a/src/Pool/Pool.router.ts b/src/Pool/Pool.router.ts index 068f9aca..290205c7 100644 --- a/src/Pool/Pool.router.ts +++ b/src/Pool/Pool.router.ts @@ -9,7 +9,6 @@ import { withAuthentication, withModelAuthorization, } from '../middleware' -import { withCors } from '../middleware/cors' import { S3Project, MANIFEST_FILENAME, POOL_FILENAME, ACL } from '../S3' import { RequestParameters } from '../RequestParameters' import { Project, ProjectAttributes } from '../Project' @@ -34,18 +33,12 @@ export class PoolRouter extends Router { is_deleted: false, }) const withProjectAuthorization = withModelAuthorization(Project) - /** - * CORS for the OPTIONS header - */ - this.router.options('/pools', withCors) - this.router.options('/projects/:id/pool', withCors) /** * Get all pools */ this.router.get( '/pools', - withCors, withPermissiveAuthentication, server.handleRequest(this.getPools) ) @@ -55,7 +48,6 @@ export class PoolRouter extends Router { */ this.router.get( '/projects/:id/pool', - withCors, withPermissiveAuthentication, server.handleRequest(this.getPool) ) @@ -65,7 +57,6 @@ export class PoolRouter extends Router { */ this.router.put( '/projects/:id/pool', - withCors, withAuthentication, withProjectExists, withProjectAuthorization, diff --git a/src/PoolGroup/PoolGroup.router.ts b/src/PoolGroup/PoolGroup.router.ts index d2c0dc2b..24ff5ab3 100644 --- a/src/PoolGroup/PoolGroup.router.ts +++ b/src/PoolGroup/PoolGroup.router.ts @@ -1,26 +1,16 @@ import { server } from 'decentraland-server' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { RequestParameters } from '../RequestParameters' import { PoolGroup } from './PoolGroup.model' import { Request } from 'express' export class PoolGroupRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/pools/groups', withCors) - /** * Get all pool groups */ - this.router.get( - '/pools/groups', - withCors, - server.handleRequest(this.getPoolGroups) - ) + this.router.get('/pools/groups', server.handleRequest(this.getPoolGroups)) } async getPoolGroups(req: Request) { diff --git a/src/PoolLike/PoolLike.router.ts b/src/PoolLike/PoolLike.router.ts index 98160512..d058c618 100644 --- a/src/PoolLike/PoolLike.router.ts +++ b/src/PoolLike/PoolLike.router.ts @@ -2,7 +2,6 @@ import { server } from 'decentraland-server' import { Router } from '../common/Router' import { withAuthentication, withModelExists, AuthRequest } from '../middleware' -import { withCors } from '../middleware/cors' import { RequestParameters } from '../RequestParameters' import { PoolLike } from './PoolLike.model' import { Pool } from '../Pool' @@ -11,17 +10,12 @@ import { PoolLikeCount } from './PoolLike.types' export class PoolLikeRouter extends Router { mount() { const withProjectExists = withModelExists(Pool, 'id') - /** - * CORS for the OPTIONS header - */ - this.router.options('/pools/:id/likes', withCors) /** * Returns the total likes of a pool */ this.router.get( '/pools/:id/likes', - withCors, withProjectExists, server.handleRequest(this.countLikes) ) @@ -31,7 +25,6 @@ export class PoolLikeRouter extends Router { */ this.router.put( '/pools/:id/likes', - withCors, withAuthentication, withProjectExists, server.handleRequest(this.likePool) @@ -42,7 +35,6 @@ export class PoolLikeRouter extends Router { */ this.router.delete( '/pools/:id/likes', - withCors, withAuthentication, withProjectExists, server.handleRequest(this.dislikePool) diff --git a/src/Project/Project.router.ts b/src/Project/Project.router.ts index b0d28b04..5a632b38 100644 --- a/src/Project/Project.router.ts +++ b/src/Project/Project.router.ts @@ -3,7 +3,6 @@ import { server } from 'decentraland-server' import mimeTypes from 'mime-types' import path from 'path' import { Router } from '../common/Router' -import { withCors, withPermissiveCors } from '../middleware/cors' import { addInmutableCacheControlHeader } from '../common/headers' import { HTTPError, STATUS_CODES } from '../common/HTTPError' import { getValidator } from '../utils/validator' @@ -51,35 +50,16 @@ export class ProjectRouter extends Router { }) const withProjectAuthorization = withModelAuthorization(Project) - /** - * CORS for the OPTIONS header - */ - this.router.options('/templates', withCors) - this.router.options('/projects', withCors) - this.router.options('/projects/:id', withCors) - this.router.options('/projects/:coords/coords', withCors) - this.router.options('/projects/:id/public', withCors) - this.router.options('/projects/:id/media/:filename', withPermissiveCors) - this.router.options('/projects/:id/media', withCors) - this.router.options('/projects/:id/contents/:content', withPermissiveCors) - this.router.options('/projects/:id/about', withCors) - this.router.options('/projects/:id/crdt', withPermissiveCors) - /** * Get all templates */ - this.router.get( - '/templates', - withCors, - server.handleRequest(this.getTemplates) - ) + this.router.get('/templates', server.handleRequest(this.getTemplates)) /** * Get all projects */ this.router.get( '/projects', - withCors, withAuthentication, server.handleRequest(this.getProjects) ) @@ -89,7 +69,6 @@ export class ProjectRouter extends Router { */ this.router.get( '/projects/:id', - withCors, withAuthentication, withProjectExists, withProjectAuthorization, @@ -102,7 +81,6 @@ export class ProjectRouter extends Router { */ this.router.put( '/projects/:id', - withCors, withAuthentication, server.handleRequest(this.upsertProject) ) @@ -112,7 +90,6 @@ export class ProjectRouter extends Router { */ this.router.delete( '/projects/:id', - withCors, withAuthentication, withProjectExists, withProjectAuthorization, @@ -124,14 +101,12 @@ export class ProjectRouter extends Router { */ this.router.delete( '/projects/:coords/coords', - withCors, withAuthentication, server.handleRequest(this.removeCoordsFromProjects) ) this.router.get( '/projects/:id/public', - withCors, withProjectExistsAndIsPublic, server.handleRequest(this.getPublicProject) ) @@ -139,18 +114,13 @@ export class ProjectRouter extends Router { /** * Get a project media attachment */ - this.router.get( - '/projects/:id/media/:filename', - withPermissiveCors, - this.getMedia - ) + this.router.get('/projects/:id/media/:filename', this.getMedia) /** * Upload a project media attachment */ this.router.post( '/projects/:id/media', - withCors, withAuthentication, withProjectExists, withProjectAuthorization, @@ -175,21 +145,18 @@ export class ProjectRouter extends Router { this.router.get( '/projects/:id/contents/:content', - withPermissiveCors, withProjectExists, this.getContents ) this.router.get( '/projects/:id/about', - withCors, withProjectExists, this.getPreviewAbout ) this.router.put( '/projects/:id/crdt', - withCors, withAuthentication, withProjectExists, withProjectAuthorization, @@ -204,7 +171,6 @@ export class ProjectRouter extends Router { this.router.get( '/projects/:id/crdt', - withPermissiveCors, withAuthentication, withProjectExists, withProjectAuthorization, @@ -395,12 +361,12 @@ export class ProjectRouter extends Router { `urn:decentraland:entity:${ENTITY_HASH}?=&baseUrl=${BUILDER_SERVER_URL}/v1/projects/${projectId}/contents/`, ], minimap: { - enabled: false, + enabled: false }, skybox: { - fixedHour: 36000, + fixedHour: 36000 }, - realmName: `web-editor-${projectId.split('-').slice(-1)}`, + realmName: `web-editor-${projectId.split('-').slice(-1)}` }, content: { healthy: true, diff --git a/src/Rarity/Rarity.router.ts b/src/Rarity/Rarity.router.ts index efb367a3..8a1c810e 100644 --- a/src/Rarity/Rarity.router.ts +++ b/src/Rarity/Rarity.router.ts @@ -1,7 +1,6 @@ import { server } from 'decentraland-server' import { Request } from 'express' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { collectionAPI } from '../ethereum/api/collection' import { RarityFragment } from '../ethereum/api/fragments' import { HTTPError, STATUS_CODES } from '../common/HTTPError' @@ -10,25 +9,11 @@ import { Currency, Rarity } from './types' export class RarityRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/rarities', withCors) - this.router.options('/rarities/:name', withCors) - // Returns the available rarities. - this.router.get( - '/rarities', - withCors, - server.handleRequest(this.getRarities) - ) + this.router.get('/rarities', server.handleRequest(this.getRarities)) // Returns a single rarity according to the rarity name provided. - this.router.get( - '/rarities/:name', - withCors, - server.handleRequest(this.getRarity) - ) + this.router.get('/rarities/:name', server.handleRequest(this.getRarity)) } getRarities = async (): Promise => { diff --git a/src/S3/S3Router.ts b/src/S3/S3Router.ts index 05dcf191..afda54e8 100644 --- a/src/S3/S3Router.ts +++ b/src/S3/S3Router.ts @@ -4,7 +4,6 @@ import { hashV1 } from '@dcl/hashing' import { server } from 'decentraland-server' import { Router } from '../common/Router' -import { withCors, withPermissiveCors } from '../middleware/cors' import { addInmutableCacheControlHeader } from '../common/headers' import { getBucketURL } from './s3' import { S3AssetPack } from './S3AssetPack' @@ -15,47 +14,26 @@ import { getUploader } from './uploads' export class S3Router extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/storage/assetPacks/:filename', withPermissiveCors) - this.router.options('/storage/contents/:filename', withPermissiveCors) - this.router.options('/storage/contents/:filename/exists', withCors) - this.router.options('/storage/upload', withCors) - /** * Get an asset pack file by file id */ - this.router.get( - '/storage/assetPacks/:filename', - withPermissiveCors, - this.handleAssetPacks - ) + this.router.get('/storage/assetPacks/:filename', this.handleAssetPacks) /** * Get an asset file by file id (also contains items) */ - this.router.get( - '/storage/contents/:filename', - withPermissiveCors, - this.handleContents - ) + this.router.get('/storage/contents/:filename', this.handleContents) /** * Get the response headers for a file */ - this.router.head( - '/storage/contents/:filename', - withPermissiveCors, - this.handleContents - ) + this.router.head('/storage/contents/:filename', this.handleContents) /** * Return whether a file exists or not in the content server without downloading it */ this.router.get( '/storage/contents/:filename/exists', - withCors, server.handleRequest(this.handleExists) ) @@ -64,7 +42,6 @@ export class S3Router extends Router { */ this.router.post( '/storage/upload', - withCors, withAuthentication, getUploader({ getFileStreamKey: async (file) => { diff --git a/src/Share/Share.router.ts b/src/Share/Share.router.ts index 73d0b81d..9540f89d 100644 --- a/src/Share/Share.router.ts +++ b/src/Share/Share.router.ts @@ -5,7 +5,6 @@ import { env } from 'decentraland-commons' import { Router } from '../common/Router' import { Project } from '../Project/Project.model' -import { withPermissiveCors } from '../middleware/cors' import { withSocialUserAgentDetector, SocialRequest } from '../middleware/share' import { Params, ElementType } from './Share.types' import { Pool, PoolAttributes } from '../Pool' @@ -19,17 +18,11 @@ const BUILDER_SHARE_URL = env.get('BUILDER_SHARE_URL', BUILDER_URL) export class ShareRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/share/:type(scene|pool)/:id', withPermissiveCors) - /** * Redirect to scene */ this.router.get( '/share/:type(scene|pool)/:id', - withPermissiveCors, withSocialUserAgentDetector, asyncHandler(this.redirectToBuilder) ) diff --git a/src/ThirdParty/ThirdParty.router.ts b/src/ThirdParty/ThirdParty.router.ts index 2fac3ddb..9d855c81 100644 --- a/src/ThirdParty/ThirdParty.router.ts +++ b/src/ThirdParty/ThirdParty.router.ts @@ -1,7 +1,6 @@ import { server } from 'decentraland-server' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { HTTPError, STATUS_CODES } from '../common/HTTPError' import { AuthRequest, withAuthentication } from '../middleware/authentication' import { thirdPartyAPI } from '../ethereum/api/thirdParty' @@ -12,19 +11,11 @@ import { NonExistentThirdPartyError } from './ThirdParty.errors' export class ThirdPartyRouter extends Router { private thirdPartyService = new ThirdPartyService() mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/thirdParties', withCors) - this.router.options('/thirdParties/:id', withCors) - this.router.options('/thirdParties/:id/slots', withCors) - /** * Get third party records */ this.router.get( '/thirdParties', - withCors, withAuthentication, server.handleRequest(this.getThirdParties) ) @@ -33,7 +24,6 @@ export class ThirdPartyRouter extends Router { */ this.router.get( '/thirdParties/:id/slots', - withCors, withAuthentication, server.handleRequest(this.getThirdPartyAvailableSlots) ) @@ -42,7 +32,6 @@ export class ThirdPartyRouter extends Router { */ this.router.get( '/thirdParties/:id', - withCors, server.handleRequest(this.getThirdParty) ) } diff --git a/src/Tiers/Tiers.router.ts b/src/Tiers/Tiers.router.ts index 776ba69d..d3e52ced 100644 --- a/src/Tiers/Tiers.router.ts +++ b/src/Tiers/Tiers.router.ts @@ -1,24 +1,14 @@ import { server } from 'decentraland-server' import { Router } from '../common/Router' -import { withCors } from '../middleware/cors' import { TierFragment } from '../ethereum/api/fragments' import { thirdPartyAPI } from '../ethereum/api/thirdParty' export class TiersRouter extends Router { mount() { - /** - * CORS for the OPTIONS header - */ - this.router.options('/tiers/thirdParty', withCors) - /** * Get all third party tiers */ - this.router.get( - '/tiers/thirdParty', - withCors, - server.handleRequest(this.getTiers) - ) + this.router.get('/tiers/thirdParty', server.handleRequest(this.getTiers)) } getTiers(): Promise { diff --git a/src/common/ExpressApp.ts b/src/common/ExpressApp.ts index 4f6797f4..ffbd5c89 100644 --- a/src/common/ExpressApp.ts +++ b/src/common/ExpressApp.ts @@ -1,4 +1,5 @@ import express from 'express' +import cors, { CorsOptions } from 'cors' import { collectDefaultMetrics } from 'prom-client' import { createTestMetricsComponent } from '@well-known-components/metrics' import { getDefaultHttpMetrics } from '@well-known-components/metrics/dist/http' @@ -20,6 +21,25 @@ export class ExpressApp { return this } + useCORS(origin: CorsOptions['origin'], method: string) { + const corsOptions: CorsOptions = { + origin, + methods: method, + allowedHeaders: '*', + exposedHeaders: [ + 'ETag', + 'Cache-Control', + 'Content-Language', + 'Content-Type', + 'Expires', + 'Last-Modified', + 'Pragma', + ], + } + this.app.use(cors(corsOptions)) + return this + } + useVersion(version: string) { this.app.use(`/${version}`, this.router) return this diff --git a/src/middleware/cors/cors.ts b/src/middleware/cors/cors.ts deleted file mode 100644 index 9aedfa98..00000000 --- a/src/middleware/cors/cors.ts +++ /dev/null @@ -1,45 +0,0 @@ -import { env } from 'decentraland-commons' -import cors, { CorsOptions } from 'cors' - -let CORS_ORIGIN: string | RegExp | (string | RegExp)[] = env.get( - 'CORS_ORIGIN', - '*' -) -const CORS_METHOD = env.get('CORS_METHOD', '*') - -if (CORS_ORIGIN.split(';').length > 1) { - CORS_ORIGIN = CORS_ORIGIN.split(';') - .map((origin) => origin.trim()) - .map((origin) => - origin.startsWith('regex:') - ? new RegExp(origin.replace('regex:', '')) - : origin - ) -} else if (CORS_ORIGIN.startsWith('regex:')) { - CORS_ORIGIN = new RegExp(CORS_ORIGIN.replace('regex:', '')) -} - -const corsOptions: CorsOptions = { - origin: CORS_ORIGIN, - methods: CORS_METHOD, - allowedHeaders: '*', - exposedHeaders: [ - 'ETag', - 'Cache-Control', - 'Content-Language', - 'Content-Type', - 'Expires', - 'Last-Modified', - 'Pragma', - ], -} - -console.log('CORS OPTIONS', corsOptions) - -export const withCors = cors(corsOptions) -export const withPermissiveCors = cors({ - origin: '*', - methods: '*', - allowedHeaders: '*', - exposedHeaders: '*', -}) diff --git a/src/middleware/cors/index.ts b/src/middleware/cors/index.ts deleted file mode 100644 index ffce4f68..00000000 --- a/src/middleware/cors/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './cors' diff --git a/src/server.ts b/src/server.ts index 5198e039..e3260e49 100644 --- a/src/server.ts +++ b/src/server.ts @@ -32,11 +32,33 @@ import { errorHandler } from './common/errorHandler' const SERVER_PORT = env.get('SERVER_PORT', '5000') const API_VERSION = env.get('API_VERSION', 'v1') +let CORS_ORIGIN: string | RegExp | (string | RegExp)[] = env.get( + 'CORS_ORIGIN', + '*' +) +const CORS_METHOD = env.get('CORS_METHOD', '*') + +if (CORS_ORIGIN.split(';').length > 1) { + CORS_ORIGIN = CORS_ORIGIN.split(';') + .map((origin) => origin.trim()) + .map((origin) => + origin.startsWith('regex:') + ? new RegExp(origin.replace('regex:', '')) + : origin + ) +} else if (CORS_ORIGIN.startsWith('regex:')) { + CORS_ORIGIN = new RegExp(CORS_ORIGIN.replace('regex:', '')) +} export const app = new ExpressApp() const logs = createConsoleLogComponent() -app.use(withLogger()).useJSON().useVersion(API_VERSION).useMetrics() +app + .useCORS(CORS_ORIGIN, CORS_METHOD) + .use(withLogger()) + .useJSON() + .useVersion(API_VERSION) + .useMetrics() // Mount routers new AppRouter(app).mount()