Added initial support for CORS properties

akclace · akclace · commit 5db6df069189 · 2024-08-22T15:02:37.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,4 @@ logs/
 .DS_Store
 run/
 config/
+internal/server/appspecs/
diff --git a/cmd/clace/app_cmds.go b/cmd/clace/app_cmds.go
@@ -80,6 +80,13 @@ func appCreateCommand(commonFlags []cli.Flag, clientConfig *types.ClientConfig)
 			Usage:   "Set an argument for building the container image. Format is argKey=argValue",
 		})
 
+	flags = append(flags,
+		&cli.StringSliceFlag{
+			Name:    "app-config",
+			Aliases: []string{"config"},
+			Usage:   "Set an default config option for the app. Format is configKey=configValue",
+		})
+
 	flags = append(flags, dryRunFlag())
 
 	return &cli.Command{
@@ -143,6 +150,16 @@ Examples:
 				cargMap[key] = value
 			}
 
+			appDefaults := cCtx.StringSlice("app-config")
+			defMap := make(map[string]string)
+			for _, def := range appDefaults {
+				key, value, ok := strings.Cut(def, "=")
+				if !ok {
+					return fmt.Errorf("invalid app default format: %s", def)
+				}
+				defMap[key] = value
+			}
+
 			body := types.CreateAppRequest{
 				SourceUrl:        cCtx.Args().Get(0),
 				IsDev:            cCtx.Bool("dev"),
@@ -154,6 +171,7 @@ Examples:
 				ParamValues:      paramValues,
 				ContainerOptions: coptMap,
 				ContainerArgs:    cargMap,
+				AppDefaults:      defMap,
 			}
 			var createResult types.AppCreateResponse
 			err := client.Post("/_clace/app", values, body, &createResult)
diff --git a/internal/app/app.go b/internal/app/app.go
@@ -13,10 +13,12 @@ import (
 	"net/http"
 	"path"
 	"path/filepath"
+	"strings"
 	"sync"
 	"sync/atomic"
 	"time"
 
+	"github.com/BurntSushi/toml"
 	"github.com/Masterminds/sprig/v3"
 	"github.com/claceio/clace/internal/app/appfs"
 	"github.com/claceio/clace/internal/app/apptype"
@@ -71,6 +73,7 @@ type App struct {
 	sseListeners  []chan SSEMessage
 	funcMap       template.FuncMap
 	starlarkCache map[string]*starlarkCacheEntry
+	appDefaults   types.AppDefaults
 }
 
 type starlarkCacheEntry struct {
@@ -85,7 +88,7 @@ type SSEMessage struct {
 
 func NewApp(sourceFS *appfs.SourceFs, workFS *appfs.WorkFs, logger *types.Logger,
 	appEntry *types.AppEntry, systemConfig *types.SystemConfig,
-	plugins map[string]types.PluginSettings) *App {
+	plugins map[string]types.PluginSettings, appDefaults types.AppDefaults) (*App, error) {
 	newApp := &App{
 		sourceFS:      sourceFS,
 		Logger:        logger,
@@ -94,6 +97,10 @@ func NewApp(sourceFS *appfs.SourceFs, workFS *appfs.WorkFs, logger *types.Logger
 		starlarkCache: map[string]*starlarkCacheEntry{},
 	}
 	newApp.plugins = NewAppPlugins(newApp, plugins, appEntry.Metadata.Accounts)
+	newApp.appDefaults = appDefaults
+	if err := newApp.updateAppDefaults(); err != nil {
+		return nil, err
+	}
 
 	if appEntry.IsDev {
 		newApp.appDev = dev.NewAppDev(logger, &appfs.WritableSourceFs{SourceFs: sourceFS}, workFS, systemConfig)
@@ -119,7 +126,7 @@ func NewApp(sourceFS *appfs.SourceFs, workFS *appfs.WorkFs, logger *types.Logger
 	delete(funcMap, "expandenv")
 
 	newApp.funcMap = funcMap
-	return newApp
+	return newApp, nil
 }
 
 func (a *App) Initialize(dryRun DryRun) error {
@@ -694,3 +701,19 @@ func (a *App) loadStarlark(thread *starlark.Thread, module string, cache map[str
 	}
 	return cacheEntry.globals, cacheEntry.err
 }
+
+// updateAppDefaults updates the app defaults from the metadata
+// It creates a TOML intermediate string so that the TOML parsing can be used
+func (a *App) updateAppDefaults() error {
+	if len(a.Metadata.AppDefaults) == 0 {
+		return nil
+	}
+
+	buf := strings.Builder{}
+	for key, value := range a.Metadata.AppDefaults {
+		buf.WriteString(fmt.Sprintf("%s=\"%s\"\n", key, value))
+	}
+
+	_, err := toml.Decode(buf.String(), &a.appDefaults)
+	return err
+}
diff --git a/internal/app/setup.go b/internal/app/setup.go
@@ -5,6 +5,7 @@ package app
 
 import (
 	"bytes"
+	"cmp"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -600,11 +601,35 @@ func (a *App) addProxyConfig(count int, router *chi.Mux, proxyDef *starlarkstruc
 			// disabled in proxy config
 			req.Host = url.Host
 		}
+
 	}
 
 	permsHandler := func(p *httputil.ReverseProxy) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			// If write APi, check if preview/stage app is allowed access
+
+			if a.appDefaults.CORS.Setting == "strict" || a.appDefaults.CORS.Setting == "lax" {
+				origin := "*"
+				if a.appDefaults.CORS.Setting == "strict" {
+					origin = getRequestUrl(r)
+				}
+				if r.Method == http.MethodOptions {
+					w.Header().Set("Access-Control-Allow-Origin", cmp.Or(a.appDefaults.CORS.AllowOrigin, origin))
+					w.Header().Set("Access-Control-Allow-Methods", a.appDefaults.CORS.AllowMethods)
+					w.Header().Set("Access-Control-Allow-Headers", a.appDefaults.CORS.AllowHeaders)
+					w.Header().Set("Access-Control-Allow-Credentials", a.appDefaults.CORS.AllowCredentials)
+					w.Header().Set("Access-Control-Max-Age", a.appDefaults.CORS.MaxAge)
+					w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+					w.Header().Set("Content-Length", "0")
+					w.WriteHeader(http.StatusNoContent)
+					return
+				} else {
+					w.Header().Set("Access-Control-Allow-Origin", cmp.Or(a.appDefaults.CORS.AllowOrigin, origin))
+					w.Header().Set("Access-Control-Allow-Methods", a.appDefaults.CORS.AllowMethods)
+					w.Header().Set("Access-Control-Allow-Headers", a.appDefaults.CORS.AllowHeaders)
+				}
+			}
+
+			// If write API, check if preview/stage app is allowed access
 			isWriteReques := r.Method == http.MethodPost || r.Method == http.MethodPut || r.Method == http.MethodDelete
 			if isWriteReques {
 				if strings.HasPrefix(string(a.Id), types.ID_PREFIX_APP_PREVIEW) && !a.Settings.PreviewWriteAccess {
diff --git a/internal/app/tests/app_test_helper.go b/internal/app/tests/app_test_helper.go
@@ -91,8 +91,11 @@ func CreateTestAppInt(logger *types.Logger, path string, fileData map[string]str
 		ParamValues: params,
 	}
 	workFS := appfs.NewWorkFs("", &TestWriteFS{TestReadFS: &TestReadFS{fileData: map[string]string{}}})
-	a := app.NewApp(sourceFS, workFS, logger,
-		createTestAppEntry(id, path, isDev, metadata), &systemConfig, pluginConfig)
+	a, err := app.NewApp(sourceFS, workFS, logger,
+		createTestAppEntry(id, path, isDev, metadata), &systemConfig, pluginConfig, types.AppDefaults{})
+	if err != nil {
+		return nil, nil, err
+	}
 	err = a.Initialize(app.DryRunFalse)
 	return a, workFS, err
 }
diff --git a/internal/server/app_apis.go b/internal/server/app_apis.go
@@ -94,6 +94,7 @@ func (s *Server) CreateApp(ctx context.Context, appPath string, approve, dryRun
 	appEntry.Metadata.ParamValues = appRequest.ParamValues
 	appEntry.Metadata.ContainerOptions = appRequest.ContainerOptions
 	appEntry.Metadata.ContainerArgs = appRequest.ContainerArgs
+	appEntry.Metadata.AppDefaults = appRequest.AppDefaults
 
 	auditResult, err := s.createApp(ctx, &appEntry, approve, dryRun, appRequest.GitBranch, appRequest.GitCommit, appRequest.GitAuthName)
 	if err != nil {
@@ -293,9 +294,7 @@ func (s *Server) setupApp(appEntry *types.AppEntry, tx types.Transaction) (*app.
 		&appfs.DiskWriteFS{
 			DiskReadFS: appfs.NewDiskReadFS(&appLogger, appPath, *appEntry.Metadata.SpecFiles),
 		})
-	application := app.NewApp(sourceFS, workFS, &appLogger, appEntry, &s.config.System, s.config.Plugins)
-
-	return application, nil
+	return app.NewApp(sourceFS, workFS, &appLogger, appEntry, &s.config.System, s.config.Plugins, s.config.AppDefaults)
 }
 
 func (s *Server) GetAppApi(ctx context.Context, appPath string) (*types.AppGetResponse, error) {
diff --git a/internal/system/clace.default.toml b/internal/system/clace.default.toml
@@ -54,3 +54,12 @@ container_command = "auto"          # "auto" or "docker" or "podman"
 
 [plugin."store.in"]
 db_connection = "sqlite:$CL_HOME/clace_app.db"
+
+[appdefaults]
+cors.setting = "strict"
+cors.allow_origin = "" # if empty, set to * for lax and origin host for strict
+cors.allow_methods = "GET, POST, PUT, DELETE, PATCH, OPTIONS"
+cors.allow_headers = """DNT,User-Agent,X-Requested-With,If-Modified-Since,
+Cache-Control,Content-Type,Range,Authorization,X-Requested-With"""
+cors.allow_credentials = "true"
+cors.max_age = "2678400" # 31 days
diff --git a/internal/system/config_test.go b/internal/system/config_test.go
@@ -57,6 +57,9 @@ func TestServerConfig(t *testing.T) {
 
 	// Container Settings
 	testutil.AssertEqualsString(t, "command", "auto", c.System.ContainerCommand)
+
+	// App default Settings
+	testutil.AssertEqualsString(t, "cors setting", "strict", c.AppDefaults.CORS.Setting)
 }
 
 func TestClientConfig(t *testing.T) {
diff --git a/internal/types/api.go b/internal/types/api.go
@@ -40,6 +40,7 @@ type CreateAppRequest struct {
 	ParamValues      map[string]string `json:"param_values"`
 	ContainerOptions map[string]string `json:"container_options"`
 	ContainerArgs    map[string]string `json:"container_args"`
+	AppDefaults      map[string]string `json:"appdefaults"`
 }
 
 // UpdateAppRequest is the request body for updating an app settings
diff --git a/internal/types/types.go b/internal/types/types.go
@@ -59,10 +59,24 @@ type ServerConfig struct {
 	Plugins     map[string]PluginSettings `toml:"plugin"`
 	Auth        map[string]AuthConfig     `toml:"auth"`
 	ProfileMode string                    `toml:"profile_mode"`
+	AppDefaults AppDefaults               `toml:"appdefaults"`
 }
 
 type PluginSettings map[string]any
 
+type AppDefaults struct {
+	CORS CORS `toml:"cors"`
+}
+
+type CORS struct {
+	Setting          string `toml:"setting"`
+	AllowOrigin      string `toml:"allow_origin"`
+	AllowMethods     string `toml:"allow_methods"`
+	AllowHeaders     string `toml:"allow_headers"`
+	AllowCredentials string `toml:"allow_credentials"`
+	MaxAge           string `toml:"max_age"`
+}
+
 type PluginContext struct {
 	Logger    *Logger
 	AppId     AppId
@@ -268,6 +282,7 @@ type AppMetadata struct {
 	SpecFiles        *SpecFiles        `json:"spec_files"`
 	ContainerOptions map[string]string `json:"container_options"`
 	ContainerArgs    map[string]string `json:"container_args"`
+	AppDefaults      map[string]string `json:"appdefaults"`
 }
 
 // AppSettings contains the settings for an app. Settings are not version controlled.

Original file line number	Diff line number	Diff line change
`@@ -91,8 +91,11 @@ func CreateTestAppInt(logger *types.Logger, path string, fileData map[string]str`
`91`	`91`	`ParamValues: params,`
`92`	`92`	`}`
`93`	`93`	`workFS := appfs.NewWorkFs("", &TestWriteFS{TestReadFS: &TestReadFS{fileData: map[string]string{}}})`
`94`		`- a := app.NewApp(sourceFS, workFS, logger,`
`95`		`- createTestAppEntry(id, path, isDev, metadata), &systemConfig, pluginConfig)`
	`94`	`+ a, err := app.NewApp(sourceFS, workFS, logger,`
	`95`	`+ createTestAppEntry(id, path, isDev, metadata), &systemConfig, pluginConfig, types.AppDefaults{})`
	`96`	`+ if err != nil {`
	`97`	`+ return nil, nil, err`
	`98`	`+ }`
`96`	`99`	`err = a.Initialize(app.DryRunFalse)`
`97`	`100`	`return a, workFS, err`
`98`	`101`	`}`
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,9 @@ func TestServerConfig(t *testing.T) {`
`57`	`57`
`58`	`58`	`// Container Settings`
`59`	`59`	`testutil.AssertEqualsString(t, "command", "auto", c.System.ContainerCommand)`
	`60`	`+`
	`61`	`+ // App default Settings`
	`62`	`+ testutil.AssertEqualsString(t, "cors setting", "strict", c.AppDefaults.CORS.Setting)`
`60`	`63`	`}`
`61`	`64`
`62`	`65`	`func TestClientConfig(t *testing.T) {`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ type CreateAppRequest struct {`
`40`	`40`	ParamValues map[string]string `json:"param_values"`
`41`	`41`	ContainerOptions map[string]string `json:"container_options"`
`42`	`42`	ContainerArgs map[string]string `json:"container_args"`
	`43`	+ AppDefaults map[string]string `json:"appdefaults"`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`// UpdateAppRequest is the request body for updating an app settings`