CORS Origin : Regex Support (#378)

farhanW3 · web-flow · commit 7c6adea57698 · 2024-01-12T12:37:58.000+05:30
* santinized origins config

* fixed test case with exporting func
diff --git a/src/server/middleware/cors/cors.ts b/src/server/middleware/cors/cors.ts
@@ -102,6 +102,32 @@ const defaultOptions = {
   strictPreflight: true,
 };
 
+export const sanitizeOrigin = (data: string): string | RegExp => {
+  if (data.startsWith("/") && data.endsWith("/")) {
+    return new RegExp(data.slice(1, -1));
+  }
+
+  if (data.startsWith("*.")) {
+    const regex = data.replace("*.", ".*.");
+    return new RegExp(regex);
+  }
+
+  if (data.includes("thirdweb-preview.com")) {
+    return new RegExp(/^https?:\/\/.*\.thirdweb-preview\.com$/);
+  }
+  if (data.includes("thirdweb-dev.com")) {
+    return new RegExp(/^https?:\/\/.*\.thirdweb-dev\.com$/);
+  }
+
+  // Remove trailing slashes.
+  // The origin header does not include a trailing slash.
+  if (data.endsWith("/")) {
+    return data.slice(0, -1);
+  }
+
+  return data;
+};
+
 export const fastifyCors = async (
   fastify: FastifyInstance,
   req: FastifyRequest,
@@ -112,7 +138,7 @@ export const fastifyCors = async (
   const config = await getConfig();
 
   const originArray = config.accessControlAllowOrigin.split(",") as string[];
-  opts.origin = originArray;
+  opts.origin = originArray.map(sanitizeOrigin);
 
   let hideOptionsRoute = true;
   if (opts.hideOptionsRoute !== undefined) {
diff --git a/src/server/middleware/cors/index.ts b/src/server/middleware/cors/index.ts
@@ -14,29 +14,3 @@ export const withCors = async (server: FastifyInstance) => {
     );
   });
 };
-
-export const sanitizeOrigin = (data: string): string | RegExp => {
-  if (data.startsWith("/") && data.endsWith("/")) {
-    return new RegExp(data.slice(1, -1));
-  }
-
-  if (data.startsWith("*.")) {
-    const regex = data.replace("*.", ".*.");
-    return new RegExp(regex);
-  }
-
-  if (data.includes("thirdweb-preview.com")) {
-    return new RegExp(/^https?:\/\/.*\.thirdweb-preview\.com$/);
-  }
-  if (data.includes("thirdweb-dev.com")) {
-    return new RegExp(/^https?:\/\/.*\.thirdweb-dev\.com$/);
-  }
-
-  // Remove trailing slashes.
-  // The origin header does not include a trailing slash.
-  if (data.endsWith("/")) {
-    return data.slice(0, -1);
-  }
-
-  return data;
-};
diff --git a/src/server/routes/configuration/cors/remove.ts b/src/server/routes/configuration/cors/remove.ts
@@ -48,7 +48,7 @@ export async function removeUrlToCorsConfiguration(fastify: FastifyInstance) {
       );
       if (containsMandatoryUrl) {
         throw new Error(
-          `Cannot remove mandatory URLs: ${mandatoryAllowedCorsUrls.join(",")}`,
+          `Cannot remove URLs: ${mandatoryAllowedCorsUrls.join(",")}`,
         );
       }
 
diff --git a/src/tests/cors.test.ts b/src/tests/cors.test.ts
@@ -1,4 +1,4 @@
-import { sanitizeOrigin } from "../server/middleware/cors";
+import { sanitizeOrigin } from "../server/middleware/cors/cors";
 
 describe("sanitizeOrigin", () => {
   it("with leading and trailing slashes", () => {

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ export async function removeUrlToCorsConfiguration(fastify: FastifyInstance) {`
`48`	`48`	`);`
`49`	`49`	`if (containsMandatoryUrl) {`
`50`	`50`	`throw new Error(`
`51`		- `Cannot remove mandatory URLs: ${mandatoryAllowedCorsUrls.join(",")}`,
	`51`	+ `Cannot remove URLs: ${mandatoryAllowedCorsUrls.join(",")}`,
`52`	`52`	`);`
`53`	`53`	`}`
`54`	`54`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-import { sanitizeOrigin } from "../server/middleware/cors";`
	`1`	`+import { sanitizeOrigin } from "../server/middleware/cors/cors";`
`2`	`2`
`3`	`3`	`describe("sanitizeOrigin", () => {`
`4`	`4`	`it("with leading and trailing slashes", () => {`