Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-13 00:01:51 -05:00
Code Issues Activity

Allow CORS backend option and fix frontend to allow it

Browse source
This commit is contained in:
alonso.torres 2021-10-20 11:09:30 +02:00
parent f32f13069f
commit 007728819b
9 changed files with 80 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
backend/src/app/config.clj
View file

@ -83,8 +83,7 @@
:ldap-attrs-photo "jpegPhoto" :ldap-attrs-photo "jpegPhoto"
;; a server prop key where initial project is stored. ;; a server prop key where initial project is stored.
:initial-project-skey "initial-project" :initial-project-skey "initial-project"})
})
(s/def ::flags ::us/words) (s/def ::flags ::us/words)

3
backend/src/app/http.clj
View file

@ -141,7 +141,8 @@
["/webhooks" ["/webhooks"
["/sns" {:post (:sns-webhook cfg)}]] ["/sns" {:post (:sns-webhook cfg)}]]
["/api" {:middleware [[middleware/etag] ["/api" {:middleware [[middleware/cors]
[middleware/etag]
[middleware/format-response-body] [middleware/format-response-body]
[middleware/params] [middleware/params]
[middleware/multipart-params] [middleware/multipart-params]

27
backend/src/app/http/middleware.clj
View file

@ -8,6 +8,7 @@
(:require (:require
[app.common.logging :as l] [app.common.logging :as l]
[app.common.transit :as t] [app.common.transit :as t]
[app.config :as cf]
[app.metrics :as mtx] [app.metrics :as mtx]
[app.util.json :as json] [app.util.json :as json]
[buddy.core.codecs :as bc] [buddy.core.codecs :as bc]
@ -176,3 +177,29 @@
:uri (str (:uri request) (when qstring (str "?" qstring))) :uri (str (:uri request) (when qstring (str "?" qstring)))
:method (name (:request-method request))) :method (name (:request-method request)))
(handler request))))) (handler request)))))
(defn- wrap-cors
[handler]
(if-not (contains? cf/flags :cors)
handler
(letfn [(add-cors-headers [response request]
(-> response
(update
:headers
(fn [headers]
(-> headers
(assoc "access-control-allow-origin" (get-in request [:headers "origin"]))
(assoc "access-control-allow-methods" "GET,POST,DELETE,OPTIONS,PUT,HEAD,PATCH")
(assoc "access-control-allow-credentials" "true")
(assoc "access-control-expose-headers" "x-requested-with, content-type, cookie")
(assoc "access-control-allow-headers" "x-frontend-version, content-type, accept, x-requested-width"))))))]
(fn [request]
(if (= (:request-method request) :options)
(-> {:status 200 :body ""}
(add-cors-headers request))
(let [response (handler request)]
(add-cors-headers response request)))))))
(def cors
{:name ::cors
:compile (constantly wrap-cors)})

5
frontend/src/app/config.cljs
View file

@ -93,7 +93,8 @@
(when (false? registration) (when (false? registration)
(swap! flags disj :registration))) (swap! flags disj :registration)))
(def public-uri (defn get-public-uri
[]
(let [uri (u/uri (or (obj/get global "penpotPublicURI") (let [uri (u/uri (or (obj/get global "penpotPublicURI")
(.-origin ^js location)))] (.-origin ^js location)))]
;; Ensure that the path always ends with "/"; this ensures that ;; Ensure that the path always ends with "/"; this ensures that
@ -102,6 +103,8 @@
(not (str/ends-with? (:path uri) "/")) (not (str/ends-with? (:path uri) "/"))
(update :path #(str % "/"))))) (update :path #(str % "/")))))
(def public-uri (get-public-uri))
;; --- Helper Functions ;; --- Helper Functions
(defn ^boolean check-browser? [candidate] (defn ^boolean check-browser? [candidate]

11
frontend/src/app/main/repo.cljs
View file

@ -48,6 +48,7 @@
[id params] [id params]
(->> (http/send! {:method :get (->> (http/send! {:method :get
:uri (u/join base-uri "api/rpc/query/" (name id)) :uri (u/join base-uri "api/rpc/query/" (name id))
:credentials "include"
:query params}) :query params})
(rx/map http/conditional-decode-transit) (rx/map http/conditional-decode-transit)
(rx/mapcat handle-response))) (rx/mapcat handle-response)))
@ -58,6 +59,7 @@
[id params] [id params]
(->> (http/send! {:method :post (->> (http/send! {:method :post
:uri (u/join base-uri "api/rpc/mutation/" (name id)) :uri (u/join base-uri "api/rpc/mutation/" (name id))
:credentials "include"
:body (http/transit-data params)}) :body (http/transit-data params)})
(rx/map http/conditional-decode-transit) (rx/map http/conditional-decode-transit)
(rx/mapcat handle-response))) (rx/mapcat handle-response)))
@ -87,7 +89,10 @@
[_ {:keys [provider] :as params}] [_ {:keys [provider] :as params}]
(let [uri (u/join base-uri "api/auth/oauth/" (d/name provider)) (let [uri (u/join base-uri "api/auth/oauth/" (d/name provider))
params (dissoc params :provider)] params (dissoc params :provider)]
(->> (http/send! {:method :post :uri uri :query params}) (->> (http/send! {:method :post
:uri uri
:credentials "include"
:query params})
(rx/map http/conditional-decode-transit) (rx/map http/conditional-decode-transit)
(rx/mapcat handle-response)))) (rx/mapcat handle-response))))
@ -95,6 +100,7 @@
[_ params] [_ params]
(->> (http/send! {:method :post (->> (http/send! {:method :post
:uri (u/join base-uri "api/feedback") :uri (u/join base-uri "api/feedback")
:credentials "include"
:body (http/transit-data params)}) :body (http/transit-data params)})
(rx/map http/conditional-decode-transit) (rx/map http/conditional-decode-transit)
(rx/mapcat handle-response))) (rx/mapcat handle-response)))
@ -104,6 +110,7 @@
(->> (http/send! {:method :post (->> (http/send! {:method :post
:uri (u/join base-uri "export") :uri (u/join base-uri "export")
:body (http/transit-data params) :body (http/transit-data params)
:credentials "include"
:response-type :blob}) :response-type :blob})
(rx/mapcat handle-response))) (rx/mapcat handle-response)))
@ -112,6 +119,7 @@
(->> (http/send! {:method :post (->> (http/send! {:method :post
:uri (u/join base-uri "export-frames") :uri (u/join base-uri "export-frames")
:body (http/transit-data params) :body (http/transit-data params)
:credentials "include"
:response-type :blob}) :response-type :blob})
(rx/mapcat handle-response))) (rx/mapcat handle-response)))
@ -123,6 +131,7 @@
[id params] [id params]
(->> (http/send! {:method :post (->> (http/send! {:method :post
:uri (u/join base-uri "api/rpc/mutation/" (name id)) :uri (u/join base-uri "api/rpc/mutation/" (name id))
:credentials "include"
:body (http/form-data params)}) :body (http/form-data params)})
(rx/map http/conditional-decode-transit) (rx/map http/conditional-decode-transit)
(rx/mapcat handle-response))) (rx/mapcat handle-response)))

9
frontend/src/app/util/http.cljs
View file

@ -54,8 +54,10 @@
{"x-frontend-version" (:full @cfg/version)}) {"x-frontend-version" (:full @cfg/version)})
(defn fetch (defn fetch
[{:keys [method uri query headers body mode omit-default-headers] [{:keys [method uri query headers body mode omit-default-headers credentials]
:or {mode :cors headers {}}}] :or {mode :cors
headers {}
credentials "same-origin"}}]
(rx/Observable.create (rx/Observable.create
(fn [subscriber] (fn [subscriber]
(let [controller (js/AbortController.) (let [controller (js/AbortController.)
@ -83,7 +85,7 @@
:body body :body body
:mode (d/name mode) :mode (d/name mode)
:redirect "follow" :redirect "follow"
:credentials "same-origin" :credentials credentials
:referrerPolicy "no-referrer" :referrerPolicy "no-referrer"
:signal signal}] :signal signal}]
(-> (js/fetch (str uri) params) (-> (js/fetch (str uri) params)
@ -165,7 +167,6 @@
:uri uri :uri uri
:response-type :blob :response-type :blob
:omit-default-headers true}) :omit-default-headers true})
(rx/filter #(= 200 (:status %))) (rx/filter #(= 200 (:status %)))
(rx/map :body) (rx/map :body)
(rx/mapcat wapi/read-file-as-data-url) (rx/mapcat wapi/read-file-as-data-url)

19
frontend/src/app/util/worker.cljs
View file

@ -9,6 +9,8 @@
(:require (:require
[app.common.transit :as t] [app.common.transit :as t]
[app.common.uuid :as uuid] [app.common.uuid :as uuid]
[app.util.globals :refer [global]]
[app.util.object :as obj]
[beicon.core :as rx])) [beicon.core :as rx]))
(declare handle-response) (declare handle-response)
@ -28,11 +30,13 @@
data (t/encode-str message) data (t/encode-str message)
instance (:instance worker)] instance (:instance worker)]
(.postMessage instance data) (if (some? instance)
(->> (:stream worker) (do (.postMessage instance data)
(rx/filter #(= (:reply-to %) sender-id)) (->> (:stream worker)
(take-messages) (rx/filter #(= (:reply-to %) sender-id))
(rx/map handle-response))))) (take-messages)
(rx/map handle-response)))
(rx/empty)))))
(defn ask! (defn ask!
[worker message] [worker message]
@ -79,6 +83,11 @@
(.addEventListener instance "message" handle-message) (.addEventListener instance "message" handle-message)
(.addEventListener instance "error" handle-error) (.addEventListener instance "error" handle-error)
(ask! worker
{:cmd :configure
:params
{"penpotPublicURI" (obj/get global "penpotPublicURI")}})
worker)) worker))
(defn- handle-response (defn- handle-response

7
frontend/src/app/worker/impl.cljs
View file

@ -7,6 +7,8 @@
(ns app.worker.impl (ns app.worker.impl
(:require (:require
[app.common.pages.changes :as ch] [app.common.pages.changes :as ch]
[app.util.globals :refer [global]]
[app.util.object :as obj]
[okulary.core :as l])) [okulary.core :as l]))
(enable-console-print!) (enable-console-print!)
@ -50,3 +52,8 @@
(assoc :cmd :selection/update-index))) (assoc :cmd :selection/update-index)))
(handler (-> message (handler (-> message
(assoc :cmd :snaps/update-index)))))) (assoc :cmd :snaps/update-index))))))
(defmethod handler :configure
[{:keys [params]}]
(doseq [[param-key param-value] params]
(obj/set! global param-key param-value)))

14
frontend/src/app/worker/thumbnails.cljs
View file

@ -7,6 +7,8 @@
(ns app.worker.thumbnails (ns app.worker.thumbnails
(:require (:require
["react-dom/server" :as rds] ["react-dom/server" :as rds]
[app.common.uri :as u]
[app.config :as cfg]
[app.main.exports :as exports] [app.main.exports :as exports]
[app.main.fonts :as fonts] [app.main.fonts :as fonts]
[app.util.http :as http] [app.util.http :as http]
@ -29,11 +31,15 @@
(defn- request-page (defn- request-page
[file-id page-id] [file-id page-id]
(let [uri "/api/rpc/query/page"] (let [uri (u/join (cfg/get-public-uri) "api/rpc/query/page")
params {:file-id file-id
:id page-id
:strip-thumbnails true}]
(->> (http/send! (->> (http/send!
{:uri uri {:method :get
:query {:file-id file-id :id page-id :strip-thumbnails true} :uri uri
:method :get}) :credentials "include"
:query params})
(rx/map http/conditional-decode-transit) (rx/map http/conditional-decode-transit)
(rx/mapcat handle-response)))) (rx/mapcat handle-response))))