feat: cors support for api resource in aws

nitrictech · Oct 24, 2023 · d4d7842 · d4d7842
1 parent 87e7468
commit d4d7842
Show file tree

Hide file tree

Showing 9 changed files with 684 additions and 306 deletions.
diff --git a/cloud/aws/deploy/api/apigateway.go b/cloud/aws/deploy/api/apigateway.go
@@ -28,14 +28,17 @@ import (
 
 	"github.com/nitrictech/nitric/cloud/aws/deploy/config"
 	"github.com/nitrictech/nitric/cloud/aws/deploy/exec"
+	"github.com/nitrictech/nitric/cloud/common/deploy/cors"
 	common "github.com/nitrictech/nitric/cloud/common/deploy/tags"
+	v1 "github.com/nitrictech/nitric/core/pkg/api/nitric/v1"
 )
 
 type AwsApiGatewayArgs struct {
 	OpenAPISpec     *openapi3.T
 	LambdaFunctions map[string]*exec.LambdaExecUnit
 	StackID         pulumi.StringInput
 	Config          *config.ApiConfig
+	Cors            *v1.ApiCorsDefinition
 }
 
 type AwsApiGateway struct {
@@ -130,11 +133,29 @@ func NewAwsApiGateway(ctx *pulumi.Context, name string, args *AwsApiGatewayArgs,
 		return string(b), nil
 	}).(pulumi.StringOutput)
 
+	var awsCorsConfig *apigatewayv2.ApiCorsConfigurationArgs
+
+	if args.Cors != nil {
+		corsConfig, err := cors.GetCorsConfig(args.Cors)
+		if err != nil {
+			return nil, err
+		}
+
+		awsCorsConfig = &apigatewayv2.ApiCorsConfigurationArgs{}
+		awsCorsConfig.AllowCredentials = pulumi.Bool(corsConfig.GetAllowCredentials())
+		awsCorsConfig.AllowOrigins = toPulumiStrArray(corsConfig.GetAllowOrigins())
+		awsCorsConfig.AllowHeaders = toPulumiStrArray(corsConfig.GetAllowHeaders())
+		awsCorsConfig.AllowMethods = toPulumiStrArray(corsConfig.GetAllowMethods())
+		awsCorsConfig.ExposeHeaders = toPulumiStrArray(corsConfig.GetExposeHeaders())
+		awsCorsConfig.MaxAge = pulumi.Int(corsConfig.GetMaxAge())
+	}
+
 	res.Api, err = apigatewayv2.NewApi(ctx, name, &apigatewayv2.ApiArgs{
-		Body:           doc,
-		ProtocolType:   pulumi.String("HTTP"),
-		Tags:           common.Tags(ctx, args.StackID, name),
-		FailOnWarnings: pulumi.Bool(true),
+		Body:              doc,
+		ProtocolType:      pulumi.String("HTTP"),
+		Tags:              common.Tags(ctx, args.StackID, name),
+		FailOnWarnings:    pulumi.Bool(true),
+		CorsConfiguration: awsCorsConfig,
 	}, opts...)
 	if err != nil {
 		return nil, err
@@ -219,3 +240,13 @@ func awsOperation(op *openapi3.Operation, funcs map[string]string) *openapi3.Ope
 
 	return op
 }
+
+func toPulumiStrArray(strs []string) pulumi.StringArray {
+	arr := pulumi.StringArray{}
+
+	for _, v := range strs {
+		arr = append(arr, pulumi.String(v))
+	}
+
+	return arr
+}
diff --git a/cloud/aws/deploy/up.go b/cloud/aws/deploy/up.go
@@ -279,13 +279,16 @@ func (d *DeployServer) Up(request *deploy.DeployUpRequest, stream deploy.DeployS
 					return fmt.Errorf("invalid document suppled for api: %s", res.Name)
 				}
 
+				cors := t.Api.GetCors()
+
 				config, _ := config.Apis[res.Name]
 
 				_, err = api.NewAwsApiGateway(ctx, res.Name, &api.AwsApiGatewayArgs{
 					LambdaFunctions: execs,
 					StackID:         stackID,
 					OpenAPISpec:     doc,
 					Config:          config,
+					Cors:            cors,
 				})
 				if err != nil {
 					return err

diff --git a/cloud/common/deploy/cors/cors.go b/cloud/common/deploy/cors/cors.go
@@ -0,0 +1,23 @@
+package cors
+
+import (
+	"github.com/imdario/mergo"
+	v1 "github.com/nitrictech/nitric/core/pkg/api/nitric/v1"
+)
+
+func GetCorsConfig(vals *v1.ApiCorsDefinition) (*v1.ApiCorsDefinition, error) {
+	defaultVal := &v1.ApiCorsDefinition{
+		AllowCredentials: false,
+		AllowOrigins:     []string{"*"},
+		AllowHeaders:     []string{"Content-Type", "Authorization"},
+		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
+		ExposeHeaders:    []string{},
+		MaxAge:           300,
+	}
+
+	if err := mergo.Merge(defaultVal, vals, mergo.WithOverride); err != nil {
+		return nil, err
+	}
+
+	return defaultVal, nil
+}
diff --git a/contracts/proto/deploy/v1/deploy.proto b/contracts/proto/deploy/v1/deploy.proto
@@ -185,6 +185,8 @@ message Api {
         // This document will contain extensions that hint of execution units that should be targeted as part of the deployment
         string openapi = 1;
     }
+    // cors config
+    nitric.resource.v1.ApiCorsDefinition cors = 2;
 }
 
 // Declare a new websocket

diff --git a/contracts/proto/resource/v1/resource.proto b/contracts/proto/resource/v1/resource.proto
@@ -84,12 +84,23 @@ message ApiScopes {
   repeated string scopes = 1;
 }
 
+message ApiCorsDefinition { 
+  bool allow_credentials = 1; 
+  repeated string allow_headers = 2;
+  repeated string allow_methods = 3;
+  repeated string allow_origins = 4;
+  repeated string expose_headers = 5;
+  int32 max_age = 6;
+}
+
 message ApiResource {
   // Security definitions for the api
   // These may be used by registered routes and operations on the API
   map<string, ApiSecurityDefinition> security_definitions = 1;
   // root level security for this api
   map<string, ApiScopes>  security = 2;
+  // cors configuration for this api
+  ApiCorsDefinition cors = 3;
 }
 
 enum Action {

diff --git a/core/pkg/api/nitric/deploy/v1/deploy.pb.go b/core/pkg/api/nitric/deploy/v1/deploy.pb.go
diff --git a/core/pkg/api/nitric/deploy/v1/deploy.pb.validate.go b/core/pkg/api/nitric/deploy/v1/deploy.pb.validate.go