Merge pull request #1998 from Shruti3004/master

feat(restAPI): Added options request and verification function Reviewed-by: mishra.gaurav@siemens.com Tested-by: mishra.gaurav@siemens.com
fossology · May 25, 2021 · e779fb0 · e779fb0
2 parents 84a1897 + 1d7f5f9
commit e779fb0
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 2 deletions.
diff --git a/src/lib/php/common-sysconfig.php b/src/lib/php/common-sysconfig.php
@@ -211,6 +211,13 @@ function Populate_sysconfig()
     "group_order", "description", "validation_function", "option_value");
   $valueArray = array();
 
+  /*  CorsOrigin */
+  $variable = "CorsOrigins";
+  $prompt = _('Allowed origins for REST API');
+  $desc = _('[scheme]://[hostname]:[port], "*" for anywhere');
+  $valueArray[$variable] = array("'$variable'", "'localhost:3000'", "'$prompt'",
+    strval(CONFIG_TYPE_TEXT), "'PAT'", "3", "'$desc'", "null", "null");
+
   /*  Email */
   $variable = "SupportEmailLabel";
   $supportEmailLabelPrompt = _('Support Email Label');

diff --git a/src/www/ui/api/Controllers/AuthController.php b/src/www/ui/api/Controllers/AuthController.php
@@ -55,7 +55,15 @@ public function getAuthHeaders($request, $response, $args)
     return $response->withHeader('Warning', $warningMessage)->withJson(
       $returnVal->getArray(), $returnVal->getCode());
   }
-
+  public function optionsVerification($request, $response, $args)
+  {
+    global $SysConf;
+    return $response->withStatus(204)
+      ->withHeader('Access-Control-Allow-Origin', $SysConf['SYSCONFIG']['CorsOrigins'])
+      ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
+      ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS')
+      ->withHeader('Access-Control-Allow-Credentials', 'true');
+  }
   /**
    * Get the JWT authentication headers for the user
    *

diff --git a/src/www/ui/api/Middlewares/RestAuthMiddleware.php b/src/www/ui/api/Middlewares/RestAuthMiddleware.php
@@ -49,7 +49,9 @@ class RestAuthMiddleware
   public function __invoke($request, $response, $next)
   {
     $requestUri = $request->getUri();
-    if (stristr($requestUri->getPath(), "/auth") !== false) {
+    if (stristr($request->getMethod(), "options") !== false) {
+      $response = $next($request, $response);
+    } elseif (stristr($requestUri->getPath(), "/auth") !== false) {
       $response = $next($request, $response);
     } elseif (stristr($requestUri->getPath(), "/version") !== false) {
       $response = $next($request, $response);

diff --git a/src/www/ui/api/index.php b/src/www/ui/api/index.php
@@ -97,6 +97,9 @@
 // Middleware for authentication
 $app->add(new RestAuthMiddleware());
 
+//////////////////////////OPTIONS/////////////////////
+$app->options(VERSION_1 . '{routes:.+}', AuthController::class . ':optionsVerification');
+
 //////////////////////////AUTH/////////////////////
 $app->get(VERSION_1 . 'auth', AuthController::class . ':getAuthHeaders');
 $app->post(VERSION_1 . 'tokens', AuthController::class . ':createNewJwtToken');