add CORS from github.com/rs/cors

.github/workflows/go.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.18.x, 1.19.x]
+        go-version: [1.21.x]
         os: [ubuntu-latest]
     steps:
       - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}

go.mod

@@ -3,8 +3,10 @@ module github.com/harshavardhana/s3www
 go 1.21
 
 require (
+	github.com/IGLOU-EU/go-wildcard/v2 v2.0.2
 	github.com/caddyserver/certmagic v0.19.2
 	github.com/minio/minio-go/v7 v7.0.64
+	github.com/rs/cors v1.10.0
 )
 
 require (

go.sum

@@ -1,3 +1,5 @@
+github.com/IGLOU-EU/go-wildcard/v2 v2.0.2 h1:eQ0nOlEyGfM0NiemevUK55JoNu3IW9R8eRFZMc/apyU=
+github.com/IGLOU-EU/go-wildcard/v2 v2.0.2/go.mod h1:/sUMQ5dk2owR0ZcjRI/4AZ+bUFF5DxGCQrDMNBXUf5o=
 github.com/caddyserver/certmagic v0.19.2 h1:HZd1AKLx4592MalEGQS39DKs2ZOAJCEM/xYPMQ2/ui0=
 github.com/caddyserver/certmagic v0.19.2/go.mod h1:fsL01NomQ6N+kE2j37ZCnig2MFosG+MIO4ztnmG/zz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -35,6 +37,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rs/cors v1.10.0 h1:62NOS1h+r8p1mW6FM0FSB0exioXLhd/sh15KpjWBZ+8=
+github.com/rs/cors v1.10.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=

main.go

@@ -31,6 +31,8 @@ import (
 	"github.com/minio/minio-go/v7"
 	"github.com/minio/minio-go/v7/pkg/credentials"
 	"github.com/minio/minio-go/v7/pkg/s3utils"
+	"github.com/IGLOU-EU/go-wildcard/v2"
+	"github.com/rs/cors"
 )
 
 // S3 - A S3 implements FileSystem using the minio client
@@ -119,18 +121,19 @@ func getObject(ctx context.Context, s3 *S3, name string) (*minio.Object, error)
 }
 
 var (
-	endpoint      string
-	accessKey     string
-	accessKeyFile string
-	secretKey     string
-	secretKeyFile string
-	address       string
-	bucket        string
-	bucketPath    string
-	tlsCert       string
-	tlsKey        string
-	spaFile       string
-	letsEncrypt   bool
+	endpoint            string
+	accessKey           string
+	accessKeyFile       string
+	secretKey           string
+	secretKeyFile       string
+	address             string
+	bucket              string
+	bucketPath          string
+	tlsCert             string
+	tlsKey              string
+	spaFile             string
+	allowedCorsOrigin   string
+	letsEncrypt         bool
 )
 
 func init() {
@@ -146,6 +149,7 @@ func init() {
 	flag.StringVar(&accessKeyFile, "accessKeyFile", defaultEnvString("S3WWW_ACCESS_KEY_FILE", ""), "file which contains the access key")
 	flag.StringVar(&secretKeyFile, "secretKeyFile", defaultEnvString("S3WWW_SECRET_KEY_FILE", ""), "file which contains the secret key")
 	flag.StringVar(&spaFile, "spaFile", defaultEnvString("S3WWW_SPA_FILE", ""), "if working with SPA (Single Page Application), use this key the set the absolute path of the file to call whenever a file dosen't exist")
+	flag.StringVar(&allowedCorsOrigin, "allowed-cors-origins", defaultEnvString("S3WWW_ALLOWED_CORS_ORIGINS", ""), "a list of origins a cross-domain request can be executed from")
 }
 
 func defaultEnvString(key string, defaultVal string) string {
@@ -255,14 +259,43 @@ func main() {
 	}
 
 	mux := http.FileServer(&S3{client, bucket, bucketPath})
+
+	// Wrap the existing mux with the CORS middleware.
+	opts := cors.Options{
+		AllowOriginFunc: func(origin string) bool {
+			if allowedCorsOrigin == "" {
+				return true
+			}
+			for _, allowedOrigin := range strings.Split(allowedCorsOrigin, ",") {
+				if wildcard.Match(allowedOrigin, origin) {
+					return true
+				}
+			}
+			return false
+		},
+		AllowedMethods: []string{
+			http.MethodGet,
+			http.MethodPut,
+			http.MethodHead,
+			http.MethodPost,
+			http.MethodDelete,
+			http.MethodOptions,
+			http.MethodPatch,
+		},
+		AllowedHeaders:   []string{"*"},
+		ExposedHeaders:   []string{"*"},
+		AllowCredentials: true,
+	}
+	muxHandler := cors.New(opts).Handler(mux)
+
 	if letsEncrypt {
 		log.Printf("Started listening on https://%s\n", address)
-		certmagic.HTTPS([]string{address}, mux)
+		certmagic.HTTPS([]string{address}, muxHandler)
 	} else if tlsCert != "" && tlsKey != "" {
 		log.Printf("Started listening on https://%s\n", address)
-		log.Fatalln(http.ListenAndServeTLS(address, tlsCert, tlsKey, mux))
+		log.Fatalln(http.ListenAndServeTLS(address, tlsCert, tlsKey, muxHandler))
 	} else {
 		log.Printf("Started listening on http://%s\n", address)
-		log.Fatalln(http.ListenAndServe(address, mux))
+		log.Fatalln(http.ListenAndServe(address, muxHandler))
 	}
 }