From e503468660a13760010a94ecda5f0625c6f47f87 Mon Sep 17 00:00:00 2001 From: Ricardo Date: Fri, 13 Oct 2023 14:12:03 +0200 Subject: Server re-build with latest AdonisJS framework & Typescript (#47) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: setup first basis structure * chore: ensure styling is loaded correctly * chore: comply to new routing syntax by replace . with / in routes/resource locations * chore: add login controller * chore: correctly use views with slash instead of dot * chore: working login + tests * chore: clean up tests * chore: add password-forgot endpoint and matching test * chore: add delete page test * chore: add logout test * chore: add reset-password route and tests * chore: remove obsolete comment * chore: add account-page and tests * chore: add data page & first step of the test * chore: add transfer/import data feature and tests * chore: add export and basic test * chore: add all static api routes with tests * Regenerate 'pnpm-lock.json' and fix bad merge conflict WIP: - Tests have been commented out since they dont work - Server doesn't start * easier dev and test runs * - remove --require-pragma from reformat-files so formatting works properly - run pnpm reformat-files over codebase - remove .json files from .eslintignore - add invalid.json file to .eslintignore - configure prettier properly in eslint config - add type jsdoc to prettier config - run adonis generate:manifest command to regenerate ace-manifest.json - specify volta in package.json - introduce typecheck npm script - remove unused .mjs extension from npm scripts - install missing type definition dependencies - add pnpm.allowedDeprecatedVersions to package.json - fix invalid extends in tsconfig.json causing TS issues throughout codebase - remove @ts-ignore throughout codebase which is not relevant anymore - enable some of the tsconfig options - remove outdated eslint-disable from codebase - change deprecated faker.company.companyName() to faker.company.name() - fix TS issues inside transfer.spec.ts * - update to latest node and pnpm versions - upgrade all non-major dependencies to latest - install missing @types/luxon dependency - add cuid to pnpm.allowedDeprecatedVersions - add esModuleInterop config option to tsconfig - migrate more deprecated faker methods to new ones - add more temporary ts-ignore to code * - update eslint config - remove trailingComma: all since default in prettier v3 - add typecheck command to prepare-code npm script - upgrade various dependencies to latest major version - update tsconfig to include only useful config options - disable some lint issues and fix others * - add test command to prepare-code - disable strictPropertyInitialization flag in tsconfig which creates issues with adonis models - update precommit hook to excute pnpm prepare-code - remove ts-ignore statements from all models * fix node and pnpm dependency update * add cross env (so that we can develop on windows) * add signup endpoint (TODO: JWT auth) * Add login endpoint * Add me and updateMe endpoints * Add service endpoint * refactor: change endpoints to use jwt * add recipes endpoint * add workspaces endpoint * fix web controllors for login and post import * Update node deps * Change auth middleware (for web) and exempt api from CSRF * Add import endpoint (franz import) * Fix export/import logic * Fix service and workspace data in user/data * Fix partial lint * chore: workaround lint issues * fix: migration naming had two . * Sync back node with recipes repo * Temporarily ignore typescript * Fix adonisrc to handle public folder static assets * Fix issue with production database * add Legacy Password Provider * Fix lint errors * Fix issue on login errors frontend * add Legacy Password Provider * Fix issue with customIcons * Fix issue with auth tokens * Update 'node' to '18.18.0' * make docker work * improve docker entrypoint (test api performance) * Add migration database script * NODE_ENV on recipes * prefer @ts-expect-error over @ts-ignore * small fixes * Update 'pnpm' to '8.7.6' * fix error catch * Automatically generate JWT Public and Private keys * Use custom Adonis5-jwt * Update code to use secret (old way, no breaking changes) * Normalize appKey * Trick to make JWT tokens on client work with new version * Fix error with new JWT logic * Change migration and how we store JWT * Fix 500 response code (needs to be 401) * Improve logic and fix bugs * Fix build and entrypoint logic * Catch error if appKey changes * Add newToken logic * Fix lint (ignore any errors) * Add build for PRs * pnpm reformat-files result * Fix some tests * Fix reset password not working (test failing) * Restore csrfTokens (disabled by accident) * Fix pnpm start command with .env * Disable failing tests on the transfer endpoint (TODO) * Add tests to PR build * Fix build * Remove unnecessary assertStatus * Add typecheck * hash password on UserFactory (fix build) * Add JWT_USE_PEM true by default (increase security) * fix name of github action --------- Co-authored-by: Vijay A Co-authored-by: Balaji Vijayakumar Co-authored-by: MCMXC <16797721+mcmxcdev@users.noreply.github.com> Co-authored-by: André Oliveira --- config/cors.ts | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 config/cors.ts (limited to 'config/cors.ts') diff --git a/config/cors.ts b/config/cors.ts new file mode 100644 index 0000000..dc0e3f6 --- /dev/null +++ b/config/cors.ts @@ -0,0 +1,134 @@ +/** + * Config source: https://git.io/JfefC + * + * Feel free to let us know via PR, if you find something broken in this config + * file. + */ + +import { CorsConfig } from '@ioc:Adonis/Core/Cors'; + +const corsConfig: CorsConfig = { + /* + |-------------------------------------------------------------------------- + | Enabled + |-------------------------------------------------------------------------- + | + | A boolean to enable or disable CORS integration from your AdonisJs + | application. + | + | Setting the value to `true` will enable the CORS for all HTTP request. However, + | you can define a function to enable/disable it on per request basis as well. + | + */ + enabled: false, + + // You can also use a function that return true or false. + // enabled: (request) => request.url().startsWith('/api') + + /* + |-------------------------------------------------------------------------- + | Origin + |-------------------------------------------------------------------------- + | + | Set a list of origins to be allowed for `Access-Control-Allow-Origin`. + | The value can be one of the following: + | + | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin + | + | Boolean (true) - Allow current request origin. + | Boolean (false) - Disallow all. + | String - Comma separated list of allowed origins. + | Array - An array of allowed origins. + | String (*) - A wildcard (*) to allow all request origins. + | Function - Receives the current origin string and should return + | one of the above values. + | + */ + origin: true, + + /* + |-------------------------------------------------------------------------- + | Methods + |-------------------------------------------------------------------------- + | + | An array of allowed HTTP methods for CORS. The `Access-Control-Request-Method` + | is checked against the following list. + | + | Following is the list of default methods. Feel free to add more. + */ + methods: ['GET', 'HEAD', 'POST', 'PUT', 'DELETE'], + + /* + |-------------------------------------------------------------------------- + | Headers + |-------------------------------------------------------------------------- + | + | List of headers to be allowed for `Access-Control-Allow-Headers` header. + | The value can be one of the following: + | + | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers + | + | Boolean(true) - Allow all headers mentioned in `Access-Control-Request-Headers`. + | Boolean(false) - Disallow all headers. + | String - Comma separated list of allowed headers. + | Array - An array of allowed headers. + | Function - Receives the current header and should return one of the above values. + | + */ + headers: true, + + /* + |-------------------------------------------------------------------------- + | Expose Headers + |-------------------------------------------------------------------------- + | + | A list of headers to be exposed by setting `Access-Control-Expose-Headers`. + | header. By default following 6 simple response headers are exposed. + | + | Cache-Control + | Content-Language + | Content-Type + | Expires + | Last-Modified + | Pragma + | + | In order to add more headers, simply define them inside the following array. + | + | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers + | + */ + exposeHeaders: [ + 'cache-control', + 'content-language', + 'content-type', + 'expires', + 'last-modified', + 'pragma', + ], + + /* + |-------------------------------------------------------------------------- + | Credentials + |-------------------------------------------------------------------------- + | + | Toggle `Access-Control-Allow-Credentials` header. If value is set to `true`, + | then header will be set, otherwise not. + | + | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials + | + */ + credentials: true, + + /* + |-------------------------------------------------------------------------- + | MaxAge + |-------------------------------------------------------------------------- + | + | Define `Access-Control-Max-Age` header in seconds. + | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age + | + */ + maxAge: 90, +}; + +export default corsConfig; -- cgit v1.2.3-70-g09d2