initial commit.

middlewares/cors.js

@@ -0,0 +1,48 @@
+'use strict';
+
+require('../models/schema');
+const config = require('config');
+const url = require('url');
+
+function respond(origin, req, res, next) {
+  res.header('Access-Control-Allow-Origin', origin);
+  res.header('Access-Control-Allow-Credentials', true);
+  res.header('Access-Control-Max-Age', 60 * 60 * 24);
+  res.header('Access-Control-Expose-Headers', 'Accepts, Content-Type, X-Spacedeck-Space-Role, X-Spacedeck-Channel, X-Spacedeck-Spacepassword, X-Spacedeck-Auth, X-Spacedeck-Space-Auth');
+  res.header('Access-Control-Allow-Headers', 'Accepts, Accept-Language, Accept-Encoding, Accept-Language, Content-Type, X-Spacedeck-Space-Auth, X-Spacedeck-Space-Role, X-Spacedeck-Channel, X-Spacedeck-Spacepassword, X-Spacedeck-Auth');
+  res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
+
+  if (req.method == 'OPTIONS') {
+    res.sendStatus(204);
+  } else {
+    next();
+  }
+}
+
+module.exports = (req, res, next) => {
+  const origin = req.headers.origin;
+
+  if (origin) {
+    const parsedUrl = url.parse(origin, true, true);
+
+    // FIXME
+    if (parsedUrl.hostname == "cdn.spacedeck.com") {      
+      res.header('Cache-Control', "max-age");
+      res.header('Expires', "30d");
+      res.removeHeader("Pragma");
+
+      respond(origin, req, res, next);
+    } else {
+      Team.getTeamForHost(parsedUrl.hostname, (err, team, subdomain) => {
+        if (team) {
+          respond(origin, req, res, next);
+        } else {
+          next();
+        }
+      });
+    }
+
+  } else {
+    next();
+  }
+}