add cors middleware

2023-01-30 11:44:34 +08:00
parent 3ab579fed7
commit 16f80cc297
4 changed files with 105 additions and 1 deletions
--- a/config.toml
+++ b/config.toml
@@ -8,6 +8,25 @@ HttpsCert = ""
 HttpKey = ""
 Port = 8088
 [Http.Cors]
 # 跨域配置
 # 需要配合 server/initialize/router.go#L32 使用
 # 放行模式: Allow-all, 放行全部; whitelist, 白名单模式, 来自白名单内域名的请求添加 cors 头; strict-whitelist 严格白名单模式, 白名单外的请求一律拒绝
 Mode="strict-whitelist" 
 [[Http.Cors.Whitelist]]
 AllowOrigin = "example1.com"
 AllowHeaders = "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id"
 AllowMethods = "POST, GET"
 ExposeHeaders = "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type"
 AllowCredentials = true
 [[Http.Cors.Whitelist]]
 AllowOrigin = "example2.com"
 AllowHeaders = "content-type"
 AllowMethods = "GET, POST"
 ExposeHeaders = "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type"
 AllowCredentials = true
 [Log]
 Level = "debug"
--- a/middleware/cors.go
+++ b/middleware/cors.go
@@ -0,0 +1,73 @@
 package middleware
 import (
 	"atom/providers/config"
 	"net/http"
 	"github.com/gin-gonic/gin"
 )
 // Cors 直接放行所有跨域请求并放行所有 OPTIONS 方法
 func Cors() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		method := c.Request.Method
 		origin := c.Request.Header.Get("Origin")
 		c.Header("Access-Control-Allow-Origin", origin)
 		c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id")
 		c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE,PUT")
 		c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type, New-Token, New-Expires-At")
 		c.Header("Access-Control-Allow-Credentials", "true")
 		// 放行所有OPTIONS方法
 		if method == "OPTIONS" {
 			c.AbortWithStatus(http.StatusNoContent)
 		}
 		// 处理请求
 		c.Next()
 	}
 }
 // CorsByRules 按照配置处理跨域请求
 func CorsByRules(config *config.Config) gin.HandlerFunc {
 	// 放行全部
 	if config.Http.Cors.Mode == "allow-all" {
 		return Cors()
 	}
 	return func(c *gin.Context) {
 		whitelist := checkCors(config, c.GetHeader("origin"))
 		// 通过检查, 添加请求头
 		if whitelist != nil {
 			c.Header("Access-Control-Allow-Origin", whitelist.AllowOrigin)
 			c.Header("Access-Control-Allow-Headers", whitelist.AllowHeaders)
 			c.Header("Access-Control-Allow-Methods", whitelist.AllowMethods)
 			c.Header("Access-Control-Expose-Headers", whitelist.ExposeHeaders)
 			if whitelist.AllowCredentials {
 				c.Header("Access-Control-Allow-Credentials", "true")
 			}
 		}
 		// 严格白名单模式且未通过检查，直接拒绝处理请求
 		if whitelist == nil && config.Http.Cors.Mode == "strict-whitelist" && !(c.Request.Method == "GET" && c.Request.URL.Path == "/health") {
 			c.AbortWithStatus(http.StatusForbidden)
 		} else {
 			// 非严格白名单模式，无论是否通过检查均放行所有 OPTIONS 方法
 			if c.Request.Method == http.MethodOptions {
 				c.AbortWithStatus(http.StatusNoContent)
 			}
 		}
 		// 处理请求
 		c.Next()
 	}
 }
 func checkCors(conf *config.Config, currentOrigin string) *config.Whitelist {
 	for _, whitelist := range conf.Http.Cors.Whitelist {
 		// 遍历配置中的跨域头，寻找匹配项
 		if currentOrigin == whitelist.AllowOrigin {
 			return &whitelist
 		}
 	}
 	return nil
 }
--- a/modules/system/dao/dao_test.go
+++ b/modules/system/dao/dao_test.go
@@ -8,7 +8,7 @@ import (
 	"atom/providers/config"
 	_ "atom/providers/database"
 	_ "atom/providers/http"
-	_ "atom/providers/logger"
+	_ "atom/providers/log"
 	"go.uber.org/dig"
 	"gorm.io/gorm"
--- a/providers/config/section_http.go
+++ b/providers/config/section_http.go
@@ -9,6 +9,18 @@ type Http struct {
 	Https     bool
 	HttpsCert string
 	HttpKey   string
 	Cors      struct {
 		Mode      string
 		Whitelist []Whitelist
 	}
 }
 type Whitelist struct {
 	AllowOrigin      string
 	AllowHeaders     string
 	AllowMethods     string
 	ExposeHeaders    string
 	AllowCredentials bool
 }
 func (h Http) Address() string {