Added CORS middleware

Signed-off-by: Tom Wright <tom@inflatablecookie.com>
decodelabs · Dec 8, 2023 · ba37406 · ba37406
1 parent a9f8792
commit ba37406
Show file tree

Hide file tree

Showing 3 changed files with 121 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+* Added CORS Middleware
+* Added priority ordering to incoming Middleware
+
 ## v0.2.11 (2023-11-28)
 * Improved ob_flush handling in transport
 

diff --git a/src/Middleware/Cors.php b/src/Middleware/Cors.php
@@ -0,0 +1,106 @@
+<?php
+
+/**
+ * @package Harvest
+ * @license http://opensource.org/licenses/MIT
+ */
+
+declare(strict_types=1);
+
+namespace DecodeLabs\Harvest\Middleware;
+
+use DecodeLabs\Genesis;
+use DecodeLabs\Harvest\PriorityProvider;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\MiddlewareInterface as Middleware;
+use Psr\Http\Server\RequestHandlerInterface as Handler;
+
+class Cors implements
+    Middleware,
+    PriorityProvider
+{
+    /**
+     * @var array<string>
+     */
+    protected array $allow = [];
+
+    /**
+     * Init with allow list
+     *
+     * @param array<string> $allow
+     */
+    public function __construct(
+        array $allow = []
+    ) {
+        $this->allow = $allow;
+    }
+
+    /**
+     * Get default priority
+     */
+    public function getPriority(): int
+    {
+        return -1;
+    }
+
+    /**
+     * Process middleware
+     */
+    public function process(
+        Request $request,
+        Handler $next
+    ): Response {
+        $response = $next->handle($request);
+
+        // Check header
+        if ($response->hasHeader('Access-Control-Allow-Origin')) {
+            return $response;
+        }
+
+        // Env mode
+        if (class_exists(Genesis::class)) {
+            $development = Genesis::$environment->isDevelopment();
+        } else {
+            $development = false;
+        }
+
+        // Check origin
+        $allow = false;
+        $origin = $request->getHeaderLine('Origin');
+
+        if (empty($this->allow)) {
+            if (!$development) {
+                return $response;
+            }
+
+            $allow = true;
+        } else {
+            if (empty($origin)) {
+                return $response;
+            }
+
+            foreach ($this->allow as $allow) {
+                if ($allow === '*') {
+                    $allow = true;
+                    break;
+                }
+
+                if ($allow === $origin) {
+                    $allow = true;
+                    break;
+                }
+            }
+        }
+
+        // Add header
+        if ($allow) {
+            $response = $response->withHeader(
+                'Access-Control-Allow-Origin',
+                $origin
+            );
+        }
+
+        return $response;
+    }
+}
diff --git a/src/Middleware/Https.php b/src/Middleware/Https.php
@@ -11,13 +11,24 @@
 
 use DecodeLabs\Genesis;
 use DecodeLabs\Harvest;
+use DecodeLabs\Harvest\PriorityProvider;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Server\MiddlewareInterface as Middleware;
 use Psr\Http\Server\RequestHandlerInterface as Handler;
 
-class Https implements Middleware
+class Https implements
+    Middleware,
+    PriorityProvider
 {
+    /**
+     * Get default priority
+     */
+    public function getPriority(): int
+    {
+        return -1;
+    }
+
     /**
      * Process middleware
      */