fix: Append env cors to make it backward compatible with db cors list (#385)

* fix: Append env cors list to make it backward compatible with db cors list

* fix auth length check

* clean up types around getWebhook since it doesn't return undefined

* simplify cache get logic

Author: arcoraven

src/db/configuration/getConfiguration.ts

@@ -185,9 +185,7 @@ export const getConfiguration = async (): Promise<Config> => {
         authDomain: "thirdweb.com",
         authWalletEncryptedJson: await createAuthWalletEncryptedJson(),
         minWalletBalance: "20000000000000000",
-        accessControlAllowOrigin: !!process.env.ACCESS_CONTROL_ALLOW_ORIGIN
-          ? process.env.ACCESS_CONTROL_ALLOW_ORIGIN
-          : mandatoryAllowedCorsUrls.join(","),
+        accessControlAllowOrigin: mandatoryAllowedCorsUrls.join(","),
         clearCacheCronSchedule: "*/30 * * * * *",
       },
       update: {},
@@ -200,9 +198,7 @@ export const getConfiguration = async (): Promise<Config> => {
     });
   } else if (!config.accessControlAllowOrigin) {
     config = await updateConfiguration({
-      accessControlAllowOrigin: !!process.env.ACCESS_CONTROL_ALLOW_ORIGIN
-        ? process.env.ACCESS_CONTROL_ALLOW_ORIGIN
-        : mandatoryAllowedCorsUrls.join(","),
+      accessControlAllowOrigin: mandatoryAllowedCorsUrls.join(","),
     });
   }
 

src/server/middleware/auth.ts

@@ -301,7 +301,7 @@ export const withAuth = async (server: FastifyInstance) => {
       }
 
       const authWebhooks = await getWebhook(WebhooksEventTypes.AUTH);
-      if (authWebhooks) {
+      if (authWebhooks.length > 0) {
         const authResponses = await Promise.all(
           authWebhooks.map((webhook) =>
             sendWebhookRequest(webhook, {

src/server/middleware/cors/cors.ts

@@ -143,7 +143,14 @@ export const fastifyCors = async (
 ) => {
   const config = await getConfig();
 
-  const originArray = config.accessControlAllowOrigin.split(",") as string[];
+  const corsListConfig = config.accessControlAllowOrigin.split(",");
+  /**
+   * @deprecated
+   * Future versions will remove this env var.
+   */
+  const corsListEnv = process.env.ACCESS_CONTROL_ALLOW_ORIGIN?.split(",") ?? [];
+  const originArray = [...corsListConfig, ...corsListEnv];
+
   opts.origin = originArray.map(sanitizeOrigin);
 
   let hideOptionsRoute = true;

src/server/utils/webhook.ts

@@ -122,7 +122,7 @@ export const sendWebhooks = async (webhooks: WebhookData[]) => {
 
     const webhookConfigs = await Promise.all([
       ...((await getWebhook(WebhooksEventTypes.ALL_TX)) || []),
-      ...(webhookStatus ? (await getWebhook(webhookStatus)) || [] : []),
+      ...(webhookStatus ? await getWebhook(webhookStatus) : []),
     ]);
 
     await Promise.all(
@@ -161,11 +161,11 @@ export const sendBalanceWebhook = async (
       return;
     }
 
-    const webhookConfig = await getWebhook(
+    const webhooks = await getWebhook(
       WebhooksEventTypes.BACKEND_WALLET_BALANCE,
     );
 
-    if (!webhookConfig) {
+    if (webhooks.length === 0) {
       logger({
         service: "server",
         level: "debug",
@@ -175,7 +175,7 @@ export const sendBalanceWebhook = async (
       return;
     }
 
-    webhookConfig.map(async (config) => {
+    webhooks.map(async (config) => {
       if (!config || !config.active) {
         logger({
           service: "server",

src/utils/cache/getWebhook.ts

@@ -9,13 +9,11 @@ export const webhookCache = new Map<string, SanitizedWebHooksSchema[]>();
 export const getWebhook = async (
   eventType: WebhooksEventTypes,
   retrieveFromCache = true,
-): Promise<SanitizedWebHooksSchema[] | undefined> => {
+): Promise<SanitizedWebHooksSchema[]> => {
   const cacheKey = eventType;
 
-  if (retrieveFromCache) {
-    if (webhookCache.has(cacheKey) && webhookCache.get(cacheKey)) {
-      return webhookCache.get(cacheKey) as SanitizedWebHooksSchema[];
-    }
+  if (retrieveFromCache && webhookCache.has(cacheKey)) {
+    return webhookCache.get(cacheKey) as SanitizedWebHooksSchema[];
   }
 
   const webhookConfig = await getAllWebhooks();