Skip to content

Commit

Permalink
fix(cors): allowOriginStringMatch & allowMethods are required
Browse files Browse the repository at this point in the history
Signed-off-by: spacewander <[email protected]>
  • Loading branch information
spacewander committed Dec 13, 2024
1 parent a065daf commit 2032aa3
Show file tree
Hide file tree
Showing 4 changed files with 125 additions and 3 deletions.
2 changes: 1 addition & 1 deletion site/content/en/docs/reference/plugins/cors.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ The `cors` plugin handles Cross-Origin Resource Sharing requests by leveraging E

## Configuration

See the corresponding [Envoy documentation](https://www.envoyproxy.io/docs/envoy/v1.29.5/configuration/http/http_filters/cors_filter).
See the corresponding [Envoy documentation](https://www.envoyproxy.io/docs/envoy/v1.29.5/configuration/http/http_filters/cors_filter). Unlike the configuration in Envoy, the `allowOriginStringMatch` and `allowMethods` here are required.

## Usage

Expand Down
2 changes: 1 addition & 1 deletion site/content/zh-hans/docs/reference/plugins/cors.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ title: CORS

## 配置

请参阅相应的 [Envoy 文档](https://www.envoyproxy.io/docs/envoy/v1.29.5/configuration/http/http_filters/cors_filter)
请参阅相应的 [Envoy 文档](https://www.envoyproxy.io/docs/envoy/v1.29.5/configuration/http/http_filters/cors_filter)注意和 Envoy 默认配置不同,`allowOriginStringMatch``allowMethods` 是必须的。

## 用法

Expand Down
25 changes: 24 additions & 1 deletion types/plugins/cors/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
package cors

import (
"fmt"

cors "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3"

"mosn.io/htnn/api/pkg/filtermanager/api"
Expand Down Expand Up @@ -44,6 +46,27 @@ func (p *Plugin) Order() plugins.PluginOrder {
}
}

type CustomConfig struct {
cors.CorsPolicy
}

func (conf *CustomConfig) Validate() error {
err := conf.CorsPolicy.Validate()
if err != nil {
return err
}

if len(conf.CorsPolicy.GetAllowOriginStringMatch()) == 0 {
return fmt.Errorf("cors allowOriginStringMatch is required")
}

if len(conf.CorsPolicy.GetAllowMethods()) == 0 {
return fmt.Errorf("cors allowMethods is required")
}

return nil
}

func (p *Plugin) Config() api.PluginConfig {
return &cors.CorsPolicy{}
return &CustomConfig{}

Check warning on line 71 in types/plugins/cors/config.go

View check run for this annotation

Codecov / codecov/patch

types/plugins/cors/config.go#L71

Added line #L71 was not covered by tests
}
99 changes: 99 additions & 0 deletions types/plugins/cors/config_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
// Copyright The HTNN Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package cors

import (
"testing"

"github.com/stretchr/testify/assert"
"google.golang.org/protobuf/encoding/protojson"
)

func TestConfig(t *testing.T) {
tests := []struct {
name string
input string
err string
}{
{
name: "validate allowOriginStringMatch",
input: `
{
"allowMethods": "POST"
}
`,
err: "cors allowOriginStringMatch is required",
},
{
name: "validate field inside allowOriginStringMatch",
input: `
{
"allowOriginStringMatch": [
{
"safeRegex": {}
}
],
"allowMethods": "POST"
}
`,
err: "value length must be at least 1 runes",
},
{
name: "validate allowMethods",
input: `
{
"allowOriginStringMatch": [
{
"safeRegex": {
"regex": ".*\\.default\\.local"
}
}
]
}
`,
err: "cors allowMethods is required",
},
{
name: "sanity",
input: `
{
"allowOriginStringMatch": [
{
"safeRegex": {
"regex": ".*\\.default\\.local"
}
}
],
"allowMethods": "POST"
}
`,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
conf := &CustomConfig{}
err := protojson.Unmarshal([]byte(tt.input), conf)
if err == nil {
err = conf.Validate()
}
if tt.err == "" {
assert.Nil(t, err)
} else {
assert.ErrorContains(t, err, tt.err)
}
})
}
}

0 comments on commit 2032aa3

Please sign in to comment.