From 1e96ccb3078a9e54156b29a8ee03bcd3889b48d2 Mon Sep 17 00:00:00 2001 From: projectmoon Date: Tue, 8 Jun 2021 14:38:21 +0000 Subject: [PATCH] Fix CORS issues with API --- Cargo.lock | 66 ++++++++++++++++++++++++++++++++++++++----------- Cargo.toml | 7 +++++- api/Cargo.toml | 1 + api/Rocket.toml | 1 + api/src/main.rs | 31 ++++++++++++++++++++--- 5 files changed, 86 insertions(+), 20 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 460a1a6..ab1e456 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -994,9 +994,9 @@ dependencies = [ [[package]] name = "generator" -version = "0.6.25" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "061d3be1afec479d56fa3bd182bf966c7999ec175fcfdb87ac14d417241366c6" +checksum = "c1d9279ca822891c1a4dae06d185612cf8fc6acfe5dff37781b41297811b12ee" dependencies = [ "cc", "libc", @@ -1465,8 +1465,8 @@ dependencies = [ [[package]] name = "juniper" -version = "0.15.5" -source = "git+https://github.com/graphql-rust/juniper?branch=master#84a07c4a93f96d4352a9a6a23732c46eae486be6" +version = "0.15.6" +source = "git+https://github.com/graphql-rust/juniper?branch=master#ae199387fcf3a46888ef8464acb6011a149268c1" dependencies = [ "async-trait", "bson", @@ -1486,8 +1486,8 @@ dependencies = [ [[package]] name = "juniper_codegen" -version = "0.15.5" -source = "git+https://github.com/graphql-rust/juniper?branch=master#84a07c4a93f96d4352a9a6a23732c46eae486be6" +version = "0.15.6" +source = "git+https://github.com/graphql-rust/juniper?branch=master#ae199387fcf3a46888ef8464acb6011a149268c1" dependencies = [ "proc-macro-error", "proc-macro2", @@ -1498,7 +1498,7 @@ dependencies = [ [[package]] name = "juniper_rocket_async" version = "0.5.1" -source = "git+https://github.com/graphql-rust/juniper?branch=master#84a07c4a93f96d4352a9a6a23732c46eae486be6" +source = "git+https://github.com/graphql-rust/juniper?branch=master#ae199387fcf3a46888ef8464acb6011a149268c1" dependencies = [ "futures", "juniper", @@ -1568,11 +1568,11 @@ dependencies = [ [[package]] name = "loom" -version = "0.3.6" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0e8460f2f2121162705187214720353c517b97bdfb3494c0b1e33d83ebe4bed" +checksum = "7aa5348dc45fa5f2419b6dd4ea20345e6b01b1fcc9d176a322eada1ac3f382ba" dependencies = [ - "cfg-if 0.1.10", + "cfg-if 1.0.0", "generator", "scoped-tls", "serde", @@ -2572,7 +2572,7 @@ dependencies = [ [[package]] name = "rocket" version = "0.5.0-dev" -source = "git+https://github.com/SergioBenitez/Rocket?branch=master#0d53e23bf6cb86f9136fa8b37a92ba8076aacf67" +source = "git+https://github.com/SergioBenitez/Rocket?branch=master#7595450adc1aa3892004f02b606706597eb924e9" dependencies = [ "async-stream", "async-trait", @@ -2609,7 +2609,7 @@ dependencies = [ [[package]] name = "rocket_codegen" version = "0.5.0-dev" -source = "git+https://github.com/SergioBenitez/Rocket?branch=master#0d53e23bf6cb86f9136fa8b37a92ba8076aacf67" +source = "git+https://github.com/SergioBenitez/Rocket?branch=master#7595450adc1aa3892004f02b606706597eb924e9" dependencies = [ "devise", "glob", @@ -2621,10 +2621,25 @@ dependencies = [ "unicode-xid", ] +[[package]] +name = "rocket_cors" +version = "0.5.2" +source = "git+https://git.agnos.is/projectmoon/rocket_cors?branch=sync-rocket-version#a25ba220140030e4553936a8ae130af0d89318dd" +dependencies = [ + "log", + "regex", + "rocket", + "serde", + "serde_derive", + "unicase", + "unicase_serde", + "url", +] + [[package]] name = "rocket_http" version = "0.5.0-dev" -source = "git+https://github.com/SergioBenitez/Rocket?branch=master#0d53e23bf6cb86f9136fa8b37a92ba8076aacf67" +source = "git+https://github.com/SergioBenitez/Rocket?branch=master#7595450adc1aa3892004f02b606706597eb924e9" dependencies = [ "cookie", "either", @@ -3255,8 +3270,9 @@ dependencies = [ [[package]] name = "state" -version = "0.4.2" -source = "git+https://github.com/SergioBenitez/state.git?rev=8f94dc#8f94dce673b7d4b0e7b96c808a84f5e2a4be4a60" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b54c22963194db84a59ee48e1fa9ed6c1fa9909ad5db92a700aa6fe956d632b" dependencies = [ "loom", ] @@ -3429,6 +3445,7 @@ dependencies = [ "log", "prost", "rocket", + "rocket_cors", "tenebrous-rpc", "tonic", "tracing-subscriber", @@ -3872,6 +3889,25 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eeba86d422ce181a719445e51872fa30f1f7413b62becb52e95ec91aa262d85c" +[[package]] +name = "unicase" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50f37be617794602aabbeee0be4f259dc1778fabe05e2d67ee8f79326d5cb4f6" +dependencies = [ + "version_check", +] + +[[package]] +name = "unicase_serde" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ef53697679d874d69f3160af80bc28de12730a985d57bdf2b47456ccb8b11f1" +dependencies = [ + "serde", + "unicase", +] + [[package]] name = "unicode-bidi" version = "0.3.5" diff --git a/Cargo.toml b/Cargo.toml index 04c250c..d1de7e8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,4 +5,9 @@ members = [ "rpc", "api", "web-ui/crate", -] \ No newline at end of file +] + +# Necessary to keep it in sync with current rocket master, as they do +# not update fast enough. +[patch.'https://github.com/lawliet89/rocket_cors'] +rocket_cors = { git = 'https://git.agnos.is/projectmoon/rocket_cors', branch = 'sync-rocket-version' } \ No newline at end of file diff --git a/api/Cargo.toml b/api/Cargo.toml index 716883e..1fd256d 100644 --- a/api/Cargo.toml +++ b/api/Cargo.toml @@ -13,3 +13,4 @@ tenebrous-rpc = { path = "../rpc" } juniper = { git = "https://github.com/graphql-rust/juniper", branch = "master" } juniper_rocket_async = { git = "https://github.com/graphql-rust/juniper", branch = "master" } rocket = { git = "https://github.com/SergioBenitez/Rocket", branch = "master" } +rocket_cors = { git = "https://github.com/lawliet89/rocket_cors", branch = "master" } diff --git a/api/Rocket.toml b/api/Rocket.toml index 85ac186..76e0755 100644 --- a/api/Rocket.toml +++ b/api/Rocket.toml @@ -6,3 +6,4 @@ read_timeout = 5 write_timeout = 5 log = "normal" limits = { forms = 32768 } +origins = [ "http://localhost:8000" ] diff --git a/api/src/main.rs b/api/src/main.rs index a25625b..f424ebd 100644 --- a/api/src/main.rs +++ b/api/src/main.rs @@ -1,4 +1,7 @@ +use log::info; +use rocket::http::Method; use rocket::{response::content, Rocket, State}; +use rocket_cors::AllowedOrigins; use std::env; use tenebrous_api::schema::{self, Context, Schema}; use tracing_subscriber::filter::EnvFilter; @@ -31,7 +34,7 @@ pub async fn main() -> Result<(), Box> { let filter = if env::var("RUST_LOG").is_ok() { EnvFilter::from_default_env() } else { - EnvFilter::new("tenebrous_api=info,tonic=info,rocket=info") + EnvFilter::new("tenebrous_api=info,tonic=info,rocket=info,rocket_cors=info") }; tracing_subscriber::fmt().with_env_filter(filter).init(); @@ -45,13 +48,33 @@ pub async fn main() -> Result<(), Box> { let schema = schema::schema(); - Rocket::build() - .manage(context) - .manage(schema) + let rocket = Rocket::build(); + let figment = rocket.figment(); + + let allowed_origins: Vec = figment.extract_inner("origins").expect("origins"); + info!("Allowed CORS origins: {}", allowed_origins.join(",")); + + let allowed_origins = AllowedOrigins::some_exact(&allowed_origins); + + let cors = rocket_cors::CorsOptions { + allowed_origins, + allowed_methods: vec![Method::Get, Method::Post] + .into_iter() + .map(From::from) + .collect(), + allow_credentials: true, + ..Default::default() + } + .to_cors()?; + + rocket .mount( "/", rocket::routes![graphiql, get_graphql_handler, post_graphql_handler], ) + .attach(cors) + .manage(context) + .manage(schema) .launch() .await .expect("server to launch");