Added CORSMiddleware and TrustedHostMiddleware as default application middlewares

Author: eadwinCode

ellar/core/conf/app_settings_models.py

@@ -81,6 +81,18 @@ class Config:
 
     STATIC_MOUNT_PATH: str = "/static"
 
+    CORS_ALLOW_ORIGINS: t.List[str] = []
+    CORS_ALLOW_METHODS: t.List[str] = ["GET"]
+    CORS_ALLOW_HEADERS: t.List[str] = []
+
+    CORS_ALLOW_CREDENTIALS: bool = False
+    CORS_ALLOW_ORIGIN_REGEX: t.Optional[str] = None
+    CORS_EXPOSE_HEADERS: t.Sequence[str] = ()
+    CORS_MAX_AGE: int = 600
+
+    ALLOWED_HOSTS: t.List[str] = ["*"]
+    REDIRECT_HOST: bool = True
+
     MIDDLEWARE: t.List[TMiddleware] = []
 
     _APP_EXCEPTION_HANDLERS: t.Dict[t.Union[int, t.Type[Exception]], t.Callable] = {

ellar/core/conf/mixins.py

@@ -1,11 +1,11 @@
 import typing as t
 
-from starlette.middleware import Middleware
 from starlette.responses import JSONResponse
 from starlette.types import ASGIApp
 
 from ellar.constants import LOG_LEVELS as log_levels
 from ellar.core.events import EventHandler
+from ellar.core.middleware import Middleware
 from ellar.core.versioning import BaseAPIVersioning
 
 if t.TYPE_CHECKING:  # pragma: no cover
@@ -125,3 +125,17 @@ class ConfigDefaultTypesMixin:
 
     # logging Level
     LOG_LEVEL: t.Optional[log_levels]
+
+    # CORS Middleware setup (ellar.core.middleware.CORSMiddleware)
+    CORS_ALLOW_ORIGINS: t.List[str]
+    CORS_ALLOW_METHODS: t.List[str]
+    CORS_ALLOW_HEADERS: t.List[str]
+    CORS_ALLOW_CREDENTIALS: bool
+
+    CORS_ALLOW_ORIGIN_REGEX: t.Optional[str]
+    CORS_EXPOSE_HEADERS: t.Sequence[str]
+    CORS_MAX_AGE: int
+
+    # TrustHostMiddleware setup
+    ALLOWED_HOSTS: t.List[str]
+    REDIRECT_HOST: bool

ellar/core/main.py

@@ -10,10 +10,12 @@
 from ellar.core.events import EventHandler, RouterEventManager
 from ellar.core.guard import GuardCanActivate
 from ellar.core.middleware import (
+    CORSMiddleware,
     ExceptionMiddleware,
     Middleware,
     RequestServiceProviderMiddleware,
     RequestVersioningMiddleware,
+    TrustedHostMiddleware,
 )
 from ellar.core.modules import ModuleBase, ModuleTemplateRef
 from ellar.core.modules.ref import create_module_ref_factor
@@ -134,7 +136,7 @@ def install_module(
             module, container=self.injector.container, config=self.config, **init_kwargs
         )
         self.injector.add_module(module_ref)
-        self.middleware_stack = self.build_middleware_stack()
+        self.rebuild_middleware_stack()
 
         if isinstance(module_ref, ModuleTemplateRef):
             module_ref.run_module_register_services()
@@ -182,6 +184,21 @@ def build_middleware_stack(self) -> ASGIApp:
 
         middleware = (
             [
+                Middleware(
+                    CORSMiddleware,
+                    allow_origins=self.config.CORS_ALLOW_ORIGINS,
+                    allow_credentials=self.config.CORS_ALLOW_CREDENTIALS,
+                    allow_methods=self.config.CORS_ALLOW_METHODS,
+                    allow_headers=self.config.CORS_ALLOW_HEADERS,
+                    allow_origin_regex=self.config.CORS_ALLOW_ORIGIN_REGEX,
+                    expose_headers=self.config.CORS_EXPOSE_HEADERS,
+                    max_age=self.config.CORS_MAX_AGE,
+                ),
+                Middleware(
+                    TrustedHostMiddleware,
+                    allowed_hosts=self.config.ALLOWED_HOSTS,
+                    www_redirect=self.config.REDIRECT_HOST,
+                ),
                 Middleware(
                     RequestServiceProviderMiddleware,
                     debug=self.debug,
@@ -262,3 +279,6 @@ def decorator(func: t.Callable) -> t.Callable:
             return func
 
         return decorator
+
+    def rebuild_middleware_stack(self) -> None:
+        self.middleware_stack = self.build_middleware_stack()