feat: cors support for api resource in aws

nitrictech · Oct 24, 2023 · 135b8df · 135b8df
1 parent 1bb84b4
commit 135b8df
Show file tree

Hide file tree

Showing 9 changed files with 688 additions and 306 deletions.
diff --git a/cloud/aws/deploy/api/apigateway.go b/cloud/aws/deploy/api/apigateway.go
@@ -30,14 +30,17 @@ import (
 
 	"github.com/nitrictech/nitric/cloud/aws/deploy/config"
 	"github.com/nitrictech/nitric/cloud/aws/deploy/exec"
+	"github.com/nitrictech/nitric/cloud/common/deploy/cors"
 	common "github.com/nitrictech/nitric/cloud/common/deploy/tags"
+	v1 "github.com/nitrictech/nitric/core/pkg/api/nitric/v1"
 )
 
 type AwsApiGatewayArgs struct {
 	OpenAPISpec     *openapi3.T
 	LambdaFunctions map[string]*exec.LambdaExecUnit
 	StackID         string
 	Config          *config.ApiConfig
+	Cors            *v1.ApiCorsDefinition
 }
 
 type AwsApiGateway struct {
@@ -132,11 +135,29 @@ func NewAwsApiGateway(ctx *pulumi.Context, name string, args *AwsApiGatewayArgs,
 		return string(b), nil
 	}).(pulumi.StringOutput)
 
+	var awsCorsConfig *apigatewayv2.ApiCorsConfigurationArgs
+
+	if args.Cors != nil {
+		corsConfig, err := cors.GetCorsConfig(args.Cors)
+		if err != nil {
+			return nil, err
+		}
+
+		awsCorsConfig = &apigatewayv2.ApiCorsConfigurationArgs{}
+		awsCorsConfig.AllowCredentials = pulumi.Bool(corsConfig.GetAllowCredentials())
+		awsCorsConfig.AllowOrigins = pulumi.ToStringArray(corsConfig.GetAllowOrigins())
+		awsCorsConfig.AllowHeaders = pulumi.ToStringArray(corsConfig.GetAllowHeaders())
+		awsCorsConfig.AllowMethods = pulumi.ToStringArray(corsConfig.GetAllowMethods())
+		awsCorsConfig.ExposeHeaders = pulumi.ToStringArray(corsConfig.GetExposeHeaders())
+		awsCorsConfig.MaxAge = pulumi.Int(corsConfig.GetMaxAge())
+	}
+
 	res.Api, err = apigatewayv2.NewApi(ctx, name, &apigatewayv2.ApiArgs{
-		Body:           doc,
-		ProtocolType:   pulumi.String("HTTP"),
-		Tags:           pulumi.ToStringMap(common.Tags(args.StackID, name, resources.API)),
-		FailOnWarnings: pulumi.Bool(true),
+		Body:              doc,
+		ProtocolType:      pulumi.String("HTTP"),
+		Tags:              pulumi.ToStringMap(common.Tags(args.StackID, name, resources.API)),
+		FailOnWarnings:    pulumi.Bool(true),
+		CorsConfiguration: awsCorsConfig,
 	}, opts...)
 	if err != nil {
 		return nil, err

diff --git a/cloud/aws/deploy/up.go b/cloud/aws/deploy/up.go
@@ -288,13 +288,16 @@ func (d *DeployServer) Up(request *deploy.DeployUpRequest, stream deploy.DeployS
 					return fmt.Errorf("invalid document suppled for api: %s", res.Name)
 				}
 
+				cors := t.Api.GetCors()
+
 				config, _ := config.Apis[res.Name]
 
 				_, err = api.NewAwsApiGateway(ctx, res.Name, &api.AwsApiGatewayArgs{
 					LambdaFunctions: execs,
 					StackID:         stackID,
 					OpenAPISpec:     doc,
 					Config:          config,
+					Cors:            cors,
 				})
 				if err != nil {
 					return err

diff --git a/cloud/common/deploy/cors/cors.go b/cloud/common/deploy/cors/cors.go
@@ -0,0 +1,37 @@
+// Copyright 2021 Nitric Technologies Pty Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cors
+
+import (
+	"github.com/imdario/mergo"
+	v1 "github.com/nitrictech/nitric/core/pkg/api/nitric/v1"
+)
+
+func GetCorsConfig(vals *v1.ApiCorsDefinition) (*v1.ApiCorsDefinition, error) {
+	defaultVal := &v1.ApiCorsDefinition{
+		AllowCredentials: false,
+		AllowOrigins:     []string{"*"},
+		AllowHeaders:     []string{"Content-Type", "Authorization"},
+		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
+		ExposeHeaders:    []string{},
+		MaxAge:           300,
+	}
+
+	if err := mergo.Merge(defaultVal, vals, mergo.WithOverride); err != nil {
+		return nil, err
+	}
+
+	return defaultVal, nil
+}
diff --git a/contracts/proto/deploy/v1/deploy.proto b/contracts/proto/deploy/v1/deploy.proto
@@ -185,6 +185,8 @@ message Api {
         // This document will contain extensions that hint of execution units that should be targeted as part of the deployment
         string openapi = 1;
     }
+    // cors config
+    nitric.resource.v1.ApiCorsDefinition cors = 2;
 }
 
 // Declare a new websocket

diff --git a/contracts/proto/resource/v1/resource.proto b/contracts/proto/resource/v1/resource.proto
@@ -84,12 +84,23 @@ message ApiScopes {
   repeated string scopes = 1;
 }
 
+message ApiCorsDefinition { 
+  bool allow_credentials = 1; 
+  repeated string allow_headers = 2;
+  repeated string allow_methods = 3;
+  repeated string allow_origins = 4;
+  repeated string expose_headers = 5;
+  int32 max_age = 6;
+}
+
 message ApiResource {
   // Security definitions for the api
   // These may be used by registered routes and operations on the API
   map<string, ApiSecurityDefinition> security_definitions = 1;
   // root level security for this api
   map<string, ApiScopes>  security = 2;
+  // cors configuration for this api
+  ApiCorsDefinition cors = 3;
 }
 
 enum Action {