Skip to content

Commit

Permalink
Added allowAll convenience method.
Browse files Browse the repository at this point in the history
  • Loading branch information
@coreybutler
coreybutler committed Aug 13, 2020
1 parent a077ff4 commit 7f1be8b
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 2 deletions.
20 changes: 20 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ const server = app.listen(() => console.log('Server is running.'))
- [allowMethods('GET', 'POST', 'OPTIONS')](#allowmethodsget-post-options)
- [allowOrigins('a.domain.com', 'b.domain.com')](#alloworiginsadomaincom-bdomaincom)
- [allowPreflight()](#allowpreflight)
- [allowAll('host')](#allowallhost)

### [Responses](#Responses)
- [200](#200)
Expand Down Expand Up @@ -371,6 +372,25 @@ app.use(API.allowPreflight())
app.any('/path', API.allowPreflight(), (req, res) => { ... })
```
## allowAll(host)
This middleware uses CORS, allowing any request from the specified host(s). This should not be considered a secure or insecure method. Used appropriately, it can provide proper security at large scale. Used inappropriately, it can be insecure at any scale. Use with caution. Remember, this method is primarily useful for developing functional API's before locking them down with tighter security restrictions.

```javascript
// Allow anything from any domain (insecure)
app.use(API.allowAll('*'))
app.use(API.allowAll()) // Equivalent of above
// Allow anything from my domain (semi-secure, limited to 1 domain)
app.use(API.allowAll('mydomain.com'))
// Applied to a specific endpoint (semi-secure, limited to 1 path on 1 domain)
app.get('/endpoint', this.allowAll('mydomain.com'), (req, res) => { ... })
// Applied to a specific endpoint for multiple sources
app.get('/endpoint', this.allowAll('mydomain.com', 'mypartner.com'), (req, res) => { ... })
```

---

## Responses
Expand Down
9 changes: 9 additions & 0 deletions index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,15 @@ class Endpoint {
})
}

allowAll (host = '*') {
return (req, res, next) => {
this.allowOrigins(...(arguments.length > 0 ? arguments : [host]))(req, res)
this.allowMethods(req.method)(req, res)
this.allowHeaders(...Object.keys(req.headers))(req, res)
this.allowPreflight(req, res, next)
}
}

allowPreflight () {
return (req, res, next) => {
if (req.method.toUpperCase() === 'OPTIONS') {
Expand Down
2 changes: 1 addition & 1 deletion package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@butlerlogic/common-api",
"version": "1.5.4",
"version": "1.5.5",
"description": "An API engineering productivity kit for Express.",
"main": "index.js",
"scripts": {
Expand Down

0 comments on commit 7f1be8b

Please sign in to comment.