spacedeck-open/middlewares/cors.js
2017-04-07 01:29:05 +02:00

49 lines
1.5 KiB
JavaScript

'use strict';
require('../models/schema');
const config = require('config');
const url = require('url');
function respond(origin, req, res, next) {
res.header('Access-Control-Allow-Origin', origin);
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Max-Age', 60 * 60 * 24);
res.header('Access-Control-Expose-Headers', 'Accepts, Content-Type, X-Spacedeck-Space-Role, X-Spacedeck-Channel, X-Spacedeck-Spacepassword, X-Spacedeck-Auth, X-Spacedeck-Space-Auth');
res.header('Access-Control-Allow-Headers', 'Accepts, Accept-Language, Accept-Encoding, Accept-Language, Content-Type, X-Spacedeck-Space-Auth, X-Spacedeck-Space-Role, X-Spacedeck-Channel, X-Spacedeck-Spacepassword, X-Spacedeck-Auth');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
if (req.method == 'OPTIONS') {
res.sendStatus(204);
} else {
next();
}
}
module.exports = (req, res, next) => {
const origin = req.headers.origin;
if (origin) {
const parsedUrl = url.parse(origin, true, true);
// FIXME
if (parsedUrl.hostname == "cdn.spacedeck.com") {
res.header('Cache-Control', "max-age");
res.header('Expires', "30d");
res.removeHeader("Pragma");
respond(origin, req, res, next);
} else {
Team.getTeamForHost(parsedUrl.hostname, (err, team, subdomain) => {
if (team) {
respond(origin, req, res, next);
} else {
next();
}
});
}
} else {
next();
}
}