go-kite/middleware/cors.go

package middleware

import (
	"fmt"
	"net/http"
	"strings"

	"git.trcreatives.at/trcreatives/go-kite"
)

type CORSConfig struct {
	AllowedOrigins   []string
	AllowedMethods   []string
	AllowedHeaders   []string
	ExposedHeaders   []string
	AllowCredentials bool
	MaxAge           int
}

func CORS(allowedOrigins ...string) kite.Middleware {
	return CORSWithConfig(CORSConfig{AllowedOrigins: allowedOrigins})
}

func CORSWithConfig(cfg CORSConfig) kite.Middleware {
	if len(cfg.AllowedOrigins) == 0 {
		cfg.AllowedOrigins = []string{"*"}
	}

	if len(cfg.AllowedMethods) == 0 {
		cfg.AllowedMethods = []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD", "CONNECT", "TRACE"}
	}

	if len(cfg.AllowedHeaders) == 0 {
		cfg.AllowedHeaders = []string{"Content-Type", "Authorization"}
	}

	origins := strings.Join(cfg.AllowedOrigins, ", ")
	methods := strings.Join(cfg.AllowedMethods, ", ")
	headers := strings.Join(cfg.AllowedHeaders, ", ")
	exposed := strings.Join(cfg.ExposedHeaders, ", ")

	return func(h kite.Handler) kite.Handler {
		return func(ctx *kite.Context) error {
			ctx.SetHeader("Access-Control-Allow-Origin", origins)
			ctx.SetHeader("Access-Control-Allow-Methods", methods)
			ctx.SetHeader("Access-Control-Allow-Headers", headers)

			if exposed != "" {
				ctx.SetHeader("Access-Control-Expose-Headers", exposed)
			}

			if cfg.AllowCredentials {
				ctx.SetHeader("Access-Control-Allow-Credentials", "true")
			}

			if cfg.MaxAge > 0 {
				ctx.SetHeader("Access-Control-Max-Age", fmt.Sprintf("%d", cfg.MaxAge))
			}

			if ctx.IsMethod(http.MethodOptions) {
				return ctx.WriteNoContent()
			}

			return h(ctx)
		}
	}
}