feat: Add CORS support to oAuth, Express, Koa and generated application (#2744)

daffl · web-flow · commit fd218f289f8c · 2022-09-12T08:52:44.000+02:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/authentication-oauth/src/strategy.ts b/packages/authentication-oauth/src/strategy.ts
@@ -68,7 +68,7 @@ export class OAuthStrategy extends AuthenticationBaseStrategy {
   }
 
   async getAllowedOrigin(params?: Params) {
-    const { redirect, origins } = this.authentication.configuration.oauth
+    const { redirect, origins = this.app.get('origins') } = this.authentication.configuration.oauth
 
     if (Array.isArray(origins)) {
       const referer = params?.headers?.referer || ''
diff --git a/packages/cli/src/app/index.ts b/packages/cli/src/app/index.ts
@@ -171,7 +171,7 @@ export const generate = (ctx: AppGeneratorArguments) =>
         }
 
         if (framework === 'express') {
-          dependencies.push('@feathersjs/express', 'compression', 'helmet')
+          dependencies.push('@feathersjs/express', 'compression')
         }
 
         return addVersions(dependencies, dependencyVersions)
diff --git a/packages/cli/src/app/templates/app.tpl.ts b/packages/cli/src/app/templates/app.tpl.ts
@@ -6,7 +6,7 @@ const tsKoaApp = ({ transports }: AppGeneratorContext) =>
   `import serveStatic from 'koa-static'
 import { feathers } from '@feathersjs/feathers'
 import configuration from '@feathersjs/configuration'
-import { koa, rest, bodyParser, errorHandler, parseAuthentication } from '@feathersjs/koa'
+import { koa, rest, bodyParser, errorHandler, parseAuthentication, cors } from '@feathersjs/koa'
 ${transports.includes('websockets') ? "import socketio from '@feathersjs/socketio'" : ''}
 
 import type { Application } from './declarations'
@@ -23,12 +23,21 @@ app.configure(configuration(configurationSchema))
 // Set up Koa middleware
 app.use(serveStatic(app.get('public')))
 app.use(errorHandler())
+app.use(cors())
 app.use(parseAuthentication())
 app.use(bodyParser())
 
 // Configure services and transports
 app.configure(rest())
-${transports.includes('websockets') ? 'app.configure(socketio())' : ''}
+${
+  transports.includes('websockets')
+    ? `app.configure(socketio({
+  cors: {
+    origin: app.get('origins')
+  }
+}))`
+    : ''
+}
 app.configure(services)
 app.configure(channels)
 
@@ -52,11 +61,10 @@ export { app }
 
 const tsExpressApp = ({ transports }: AppGeneratorContext) =>
   `import compress from 'compression'
-import helmet from 'helmet'
 
 import { feathers } from '@feathersjs/feathers'
 import express, {
-  rest, json, urlencoded,
+  rest, json, urlencoded, cors,
   serveStatic, notFound, errorHandler
 } from '@feathersjs/express'
 import configuration from '@feathersjs/configuration'
@@ -72,7 +80,7 @@ const app: Application = express(feathers())
 
 // Load app configuration
 app.configure(configuration(configurationSchema))
-app.use(helmet())
+app.use(cors())
 app.use(compress())
 app.use(json())
 app.use(urlencoded({ extended: true }))
@@ -81,7 +89,15 @@ app.use('/', serveStatic(app.get('public')))
 
 // Configure services and real-time functionality
 app.configure(rest())
-${transports.includes('websockets') ? 'app.configure(socketio())' : ''}
+${
+  transports.includes('websockets')
+    ? `app.configure(socketio({
+  cors: {
+    origin: app.get('origins')
+  }
+}))`
+    : ''
+}
 app.configure(services)
 app.configure(channels)
 
diff --git a/packages/cli/src/app/templates/config.tpl.ts b/packages/cli/src/app/templates/config.tpl.ts
@@ -5,6 +5,7 @@ const defaultConfig = ({}: AppGeneratorContext) => ({
   host: 'localhost',
   port: 3030,
   public: './public/',
+  origins: ['http://localhost:3030'],
   paginate: {
     default: 10,
     max: 50
diff --git a/packages/cli/src/app/templates/configuration.tpl.ts b/packages/cli/src/app/templates/configuration.tpl.ts
@@ -18,6 +18,12 @@ export const configurationSchema = schema(
       port: { type: 'number' },
       public: { type: 'string' },
       authentication: authenticationSettingsSchema,
+      origins: {
+        type: 'array',
+        items: {
+          type: 'string'
+        }
+      },
       paginate: {
         type: 'object',
         additionalProperties: false,
diff --git a/packages/cli/src/authentication/templates/config.tpl.ts b/packages/cli/src/authentication/templates/config.tpl.ts
@@ -31,19 +31,14 @@ export const generate = (ctx: AuthenticationGeneratorContext) =>
       const oauthStrategies = authStrategies.filter((name) => name !== 'local')
 
       if (oauthStrategies.length) {
-        authentication.oauth = oauthStrategies.reduce(
-          (oauth, name) => {
-            oauth[name] = {
-              key: '<Client ID>',
-              secret: '<Client secret>'
-            }
+        authentication.oauth = oauthStrategies.reduce((oauth, name) => {
+          oauth[name] = {
+            key: '<Client ID>',
+            secret: '<Client secret>'
+          }
 
-            return oauth
-          },
-          {
-            redirect: '/'
-          } as any
-        )
+          return oauth
+        }, {} as any)
       }
 
       return { authentication }
diff --git a/packages/express/package.json b/packages/express/package.json
@@ -59,6 +59,7 @@
     "@feathersjs/transport-commons": "^5.0.0-pre.28",
     "@types/express": "^4.17.13",
     "@types/express-serve-static-core": "^4.17.30",
+    "cors": "^2.8.5",
     "express": "^4.18.1"
   },
   "devDependencies": {
diff --git a/packages/express/src/index.ts b/packages/express/src/index.ts
@@ -2,6 +2,7 @@ import express, { Express } from 'express'
 import { Application as FeathersApplication, defaultServiceMethods } from '@feathersjs/feathers'
 import { routing } from '@feathersjs/transport-commons'
 import { createDebug } from '@feathersjs/commons'
+import cors from 'cors'
 
 import { rest, RestOptions, formatter } from './rest'
 import { errorHandler, notFound, ErrorHandlerOptions } from './handlers'
@@ -28,7 +29,8 @@ export {
   ExpressOverrides,
   AuthenticationSettings,
   parseAuthentication,
-  authenticate
+  authenticate,
+  cors
 }
 
 const debug = createDebug('@feathersjs/express')
diff --git a/packages/express/test/rest.test.ts b/packages/express/test/rest.test.ts
@@ -87,6 +87,7 @@ describe('@feathersjs/express/rest provider', () => {
 
     before(async () => {
       app = expressify(feathers())
+        .use(express.cors())
         .use(express.json())
         .configure(rest(express.formatter))
         .use('codes', {
diff --git a/packages/koa/package.json b/packages/koa/package.json
@@ -53,9 +53,11 @@
     "@feathersjs/commons": "^5.0.0-pre.28",
     "@feathersjs/errors": "^5.0.0-pre.28",
     "@feathersjs/transport-commons": "^5.0.0-pre.28",
+    "@koa/cors": "^3.4.1",
     "@types/koa": "^2.13.5",
     "@types/koa-bodyparser": "^4.3.7",
     "@types/koa-qs": "^2.0.0",
+    "@types/koa__cors": "^3.3.0",
     "koa": "^2.13.4",
     "koa-bodyparser": "^4.3.0",
     "koa-compose": "^4.1.0",
diff --git a/packages/koa/src/index.ts b/packages/koa/src/index.ts
@@ -4,9 +4,11 @@ import { Application as FeathersApplication } from '@feathersjs/feathers'
 import { routing } from '@feathersjs/transport-commons'
 import { createDebug } from '@feathersjs/commons'
 import bodyParser from 'koa-bodyparser'
+import cors from '@koa/cors'
+
 import { Application } from './declarations'
 
-export { Koa, bodyParser }
+export { Koa, bodyParser, cors }
 export * from './authentication'
 export * from './declarations'
 export * from './handlers'
diff --git a/packages/koa/test/app.fixture.ts b/packages/koa/test/app.fixture.ts
@@ -3,13 +3,14 @@ import { feathers, Params, HookContext } from '@feathersjs/feathers'
 import { authenticate, AuthenticationService, JWTStrategy } from '@feathersjs/authentication'
 import { LocalStrategy, hooks } from '@feathersjs/authentication-local'
 
-import { koa, rest, bodyParser, errorHandler } from '../src'
+import { koa, rest, bodyParser, errorHandler, cors } from '../src'
 
 const { protect, hashPassword } = hooks
 const app = koa(feathers())
 const authService = new AuthenticationService(app)
 
 app.use(errorHandler())
+app.use(cors())
 app.use(bodyParser())
 app.configure(rest())
 app.set('authentication', {

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ export class OAuthStrategy extends AuthenticationBaseStrategy {`
`68`	`68`	`}`
`69`	`69`
`70`	`70`	`async getAllowedOrigin(params?: Params) {`
`71`		`- const { redirect, origins } = this.authentication.configuration.oauth`
	`71`	`+ const { redirect, origins = this.app.get('origins') } = this.authentication.configuration.oauth`
`72`	`72`
`73`	`73`	`if (Array.isArray(origins)) {`
`74`	`74`	`const referer = params?.headers?.referer \|\| ''`
Original file line number	Diff line number	Diff line change
`@@ -171,7 +171,7 @@ export const generate = (ctx: AppGeneratorArguments) =>`
`171`	`171`	`}`
`172`	`172`
`173`	`173`	`if (framework === 'express') {`
`174`		`- dependencies.push('@feathersjs/express', 'compression', 'helmet')`
	`174`	`+ dependencies.push('@feathersjs/express', 'compression')`
`175`	`175`	`}`
`176`	`176`
`177`	`177`	`return addVersions(dependencies, dependencyVersions)`