feat(cors): make cors middleware from config

Author: LeoBorai

fixtures/config.toml

@@ -1,10 +1,21 @@
 # Server configuration is also provided by specifying a TOML file with the
 # following values
-host = "0.0.0.0"
-port = 5800
-verbose = true
-root_dir = "~/Desktop"
 
-[tls]
-cert = "cert.pem"
-key = "key.pem"
+host = "127.0.0.1"
+port = 7878
+verbose = false
+root_dir = "./"
+
+# [tls]
+# cert = "cert.pem"
+# key = "key.pem"
+
+[cors]
+allow_credentials = false
+allow_headers = ["content-type", "authorization", "content-length"]
+allow_methods = ["GET", "PATCH", "POST", "PUT", "DELETE"]
+allow_origin = "example.com"
+expose_headers = ["*", "authorization"]
+max_age = 600
+request_headers = ["x-app-version"]
+request_method = "GET"

src/config/cors.rs

@@ -29,24 +29,24 @@ pub struct CorsConfig {
     /// its value to false).
     ///
     /// Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
-    allow_credentials: bool,
+    pub(crate) allow_credentials: bool,
     /// The Access-Control-Allow-Headers response header is used in response to a
     /// preflight request which includes the Access-Control-Request-Headers to
     /// indicate which HTTP headers can be used during the actual request.
     ///
     /// Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
-    allow_headers: Option<Vec<String>>,
+    pub(crate) allow_headers: Option<Vec<String>>,
     /// The Access-Control-Allow-Methods response header specifies the method or
     /// methods allowed when accessing the resource in response to a preflight
     /// request.
     ///
     /// Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
-    allow_methods: Option<Vec<String>>,
+    pub(crate) allow_methods: Option<Vec<String>>,
     /// The Access-Control-Allow-Origin response header indicates whether the
     /// response can be shared with requesting code from the given origin.
     ///
     /// Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
-    allow_origin: Option<String>,
+    pub(crate) allow_origin: Option<String>,
     /// The Access-Control-Expose-Headers response header allows a server to
     /// indicate which response headers should be made available to scripts
     /// running in the browser, in response to a cross-origin request.
@@ -56,28 +56,28 @@ pub struct CorsConfig {
     /// using the Access-Control-Expose-Headers header.
     ///
     /// Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
-    expose_headers: Option<Vec<String>>,
+    pub(crate) expose_headers: Option<Vec<String>>,
     /// The Access-Control-Max-Age response header indicates how long the results
     /// of a preflight request (that is the information contained in the
     /// Access-Control-Allow-Methods and Access-Control-Allow-Headers headers)
     /// can be cached.
     ///
     /// Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
-    max_age: Option<Duration>,
+    pub(crate) max_age: Option<u64>,
     /// The Access-Control-Request-Headers request header is used by browsers
     /// when issuing a preflight request, to let the server know which HTTP
     /// headers the client might send when the actual request is made (such as
     /// with setRequestHeader()). This browser side header will be answered by
     /// the complementary server side header of Access-Control-Allow-Headers.
     ///
     /// Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers
-    request_headers: Option<Vec<String>>,
+    pub(crate) request_headers: Option<Vec<String>>,
     /// The Access-Control-Request-Method request header is used by browsers when
     /// issuing a preflight request, to let the server know which HTTP method will
     /// be used when the actual request is made. This header is necessary as the
     /// preflight request is always an OPTIONS and doesn't use the same method as
     /// the actual request.
-    request_method: Option<String>,
+    pub(crate) request_method: Option<String>,
 }
 
 impl CorsConfig {
@@ -104,7 +104,7 @@ impl CorsConfig {
                 "Content-Type".to_string(),
             ]),
             allow_credentials: false,
-            max_age: Some(Duration::from_secs(43200)),
+            max_age: Some(43200),
             expose_headers: None,
             request_headers: None,
             request_method: None,
@@ -153,7 +153,7 @@ impl CorsConfigBuilder {
         self
     }
 
-    pub fn max_age(mut self, duration: Duration) -> Self {
+    pub fn max_age(mut self, duration: u64) -> Self {
         self.config.max_age = Some(duration);
         self
     }
@@ -188,7 +188,7 @@ pub struct CorsConfigFile {
     pub allow_methods: Option<Vec<String>>,
     pub allow_origin: Option<String>,
     pub expose_headers: Option<Vec<String>>,
-    pub max_age: Option<f64>,
+    pub max_age: Option<u64>,
     pub request_headers: Option<Vec<String>>,
     pub request_method: Option<String>,
 }
@@ -220,7 +220,7 @@ impl TryFrom<CorsConfigFile> for CorsConfig {
         }
 
         if let Some(max_age) = file_config.max_age {
-            cors_config_builder = cors_config_builder.max_age(Duration::from_secs_f64(max_age));
+            cors_config_builder = cors_config_builder.max_age(max_age);
         }
 
         if let Some(request_headers) = file_config.request_headers {
@@ -308,7 +308,7 @@ mod tests {
             ])
         );
         assert_eq!(cors_config.allow_credentials, false);
-        assert_eq!(cors_config.max_age, Some(Duration::from_secs(43200)));
+        assert_eq!(cors_config.max_age, Some(43200));
         assert_eq!(cors_config.expose_headers, None);
         assert_eq!(cors_config.request_headers, None);
         assert_eq!(cors_config.request_method, None);
@@ -324,7 +324,7 @@ mod tests {
         let allow_mehtods = vec!["GET".to_string(), "POST".to_string(), "PUT".to_string()];
         let allow_origin = String::from("github.com");
         let expose_headers = vec!["content-type".to_string(), "request-id".to_string()];
-        let max_age = 5400.;
+        let max_age = 5400;
         let request_headers = vec![
             "content-type".to_string(),
             "content-length".to_string(),
@@ -347,7 +347,7 @@ mod tests {
             allow_methods: Some(allow_mehtods),
             allow_origin: Some(allow_origin),
             expose_headers: Some(expose_headers),
-            max_age: Some(Duration::from_secs_f64(max_age)),
+            max_age: Some(max_age),
             request_headers: Some(request_headers),
             request_method: Some(request_method),
         };

src/config/file.rs

@@ -208,7 +208,7 @@ mod tests {
             ]),
             allow_origin: Some(String::from("example.com")),
             expose_headers: Some(vec!["*".to_string(), "authorization".to_string()]),
-            max_age: Some(2800_f64),
+            max_age: Some(2800),
             request_headers: Some(vec!["x-app-version".to_string()]),
             request_method: Some(String::from("GET")),
         };

src/server/handler/mod.rs

@@ -2,7 +2,7 @@ mod file_explorer;
 
 use anyhow::Result;
 use hyper::{Body, Request, Response};
-use std::sync::Arc;
+use std::{convert::TryFrom, sync::Arc};
 
 use crate::Config;
 
@@ -29,7 +29,8 @@ impl HttpHandler {
 impl From<Config> for HttpHandler {
     fn from(config: Config) -> Self {
         let file_explorer = Arc::new(FileExplorer::new(config.root_dir()));
-        let middleware = Arc::new(Middleware::default());
+        let middleware = Middleware::try_from(config).unwrap();
+        let middleware = Arc::new(middleware);
 
         HttpHandler {
             file_explorer,

src/server/middleware/make_cors_middleware.rs

@@ -0,0 +1,97 @@
+use hyper::header::{self, HeaderName, HeaderValue};
+use hyper::{Body, Response};
+
+use crate::config::Config;
+
+use super::MiddlewareAfter;
+
+/// Creates a CORS middleware with the configuration provided and returns it.
+/// The configured headers will be appended to every HTTP Response before
+/// sending such response back to the client (After Middleware)
+///
+/// CORS headers for every response are built on server initialization and
+/// then are "appended" to Response headers on every response.
+///
+/// # Panics
+///
+/// Panics if a CORS config is not defined for the `Config` instance provided.
+/// (`Config.cors` is `None`).
+/// `make_cors_middlware` should only be called when a `CorsConfig` is defined.
+///
+/// Also panics if any CORS header value is not a valid UTF-8 string
+pub fn make_cors_middleware(config: Config) -> MiddlewareAfter {
+    let cors_config = config.cors().unwrap();
+    let mut cors_headers: Vec<(HeaderName, HeaderValue)> = Vec::new();
+
+    if cors_config.allow_credentials {
+        cors_headers.push((
+            header::ACCESS_CONTROL_ALLOW_CREDENTIALS,
+            HeaderValue::from_str("true").unwrap(),
+        ));
+    }
+
+    if let Some(allow_headers) = cors_config.allow_headers {
+        let allow_headers = allow_headers.join(", ");
+
+        cors_headers.push((
+            header::ACCESS_CONTROL_ALLOW_HEADERS,
+            HeaderValue::from_str(allow_headers.as_str()).unwrap(),
+        ));
+    }
+
+    if let Some(allow_methods) = cors_config.allow_methods {
+        let allow_methods = allow_methods.join(", ");
+
+        cors_headers.push((
+            header::ACCESS_CONTROL_ALLOW_METHODS,
+            HeaderValue::from_str(allow_methods.as_str()).unwrap(),
+        ));
+    }
+
+    if let Some(allow_origin) = cors_config.allow_origin {
+        cors_headers.push((
+            header::ACCESS_CONTROL_ALLOW_ORIGIN,
+            HeaderValue::from_str(allow_origin.as_str()).unwrap(),
+        ));
+    }
+
+    if let Some(expose_headers) = cors_config.expose_headers {
+        let expose_headers = expose_headers.join(", ");
+
+        cors_headers.push((
+            header::ACCESS_CONTROL_EXPOSE_HEADERS,
+            HeaderValue::from_str(expose_headers.as_str()).unwrap(),
+        ));
+    }
+
+    if let Some(max_age) = cors_config.max_age {
+        cors_headers.push((
+            header::ACCESS_CONTROL_MAX_AGE,
+            HeaderValue::from_str(max_age.to_string().as_str()).unwrap(),
+        ));
+    }
+
+    if let Some(request_headers) = cors_config.request_headers {
+        let request_headers = request_headers.join(", ");
+
+        cors_headers.push((
+            header::ACCESS_CONTROL_REQUEST_HEADERS,
+            HeaderValue::from_str(request_headers.as_str()).unwrap(),
+        ));
+    }
+
+    if let Some(request_method) = cors_config.request_method {
+        cors_headers.push((
+            header::ACCESS_CONTROL_REQUEST_METHOD,
+            HeaderValue::from_str(request_method.as_str()).unwrap(),
+        ));
+    }
+
+    Box::new(move |response: &mut Response<Body>| {
+        let headers = response.headers_mut();
+
+        cors_headers.iter().for_each(|(header, value)| {
+            headers.append(header, value.to_owned());
+        });
+    })
+}

src/server/middleware/mod.rs

@@ -1,9 +1,16 @@
+pub mod make_cors_middleware;
 pub mod with_cors_allow_all;
 
+use anyhow::Error;
 use futures::Future;
 use hyper::{Body, Request, Response};
+use std::convert::TryFrom;
 use std::pin::Pin;
 
+use crate::config::Config;
+
+use self::make_cors_middleware::make_cors_middleware;
+
 pub type MiddlewareBefore = Box<dyn Fn(&mut Request<Body>) + Send + Sync>;
 pub type MiddlewareAfter = Box<dyn Fn(&mut Response<Body>) + Send + Sync>;
 pub type Handler = Box<
@@ -60,6 +67,22 @@ impl Default for Middleware {
     }
 }
 
+impl TryFrom<Config> for Middleware {
+    type Error = Error;
+
+    fn try_from(config: Config) -> Result<Self, Self::Error> {
+        let mut middleware = Middleware::default();
+
+        if config.cors().is_some() {
+            let func = make_cors_middleware(config.clone());
+
+            middleware.after(func);
+        }
+
+        Ok(middleware)
+    }
+}
+
 // mod tests {
 //     use std::str::FromStr;