From 5de7b754ccbdbad307661926738b364c0dcc631e Mon Sep 17 00:00:00 2001 From: Nur Fikri Date: Wed, 17 Jul 2024 20:09:29 +0700 Subject: [PATCH] sync staging to main (#330) * feat: change social bg (#327) * feat: improve cors middleware (#329) --- chain-registry | 2 +- initia-registry | 2 +- src/middleware.ts | 58 ++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 54 insertions(+), 8 deletions(-) diff --git a/chain-registry b/chain-registry index 64662fc0..2bdb2be8 160000 --- a/chain-registry +++ b/chain-registry @@ -1 +1 @@ -Subproject commit 64662fc086c2360d065b4739281ff6a1a394c506 +Subproject commit 2bdb2be8bc7218b88067075454f273d1058fed32 diff --git a/initia-registry b/initia-registry index 9ef053f7..f0855953 160000 --- a/initia-registry +++ b/initia-registry @@ -1 +1 @@ -Subproject commit 9ef053f74a1e842fc5ec9813a1af9967032619da +Subproject commit f0855953f277882877dc4352927746cb2c8c9a22 diff --git a/src/middleware.ts b/src/middleware.ts index 847c0dad..40ec420f 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -7,6 +7,43 @@ const corsOptions = { "Access-Control-Allow-Headers": "Content-Type, Authorization, solana-client", }; +const cleanOrigin = (str: string) => { + try { + const url = new URL(str); + let domain = url.hostname; + + // Remove www. + if (domain.startsWith("www.")) { + domain = domain.slice(4); + } + + return domain; + } catch (error) { + return str; // Return the original string if it's not a valid URL + } +}; + +const isVercelPreview = (str: string) => { + if (str.endsWith("vercel.app")) { + return true; + } + return false; +}; + +const isCloudflarePreview = (str: string) => { + if (str.endsWith("pages.dev")) { + return true; + } + return false; +}; + +const isPreview = (str: string) => { + if (isVercelPreview(str) || isCloudflarePreview(str)) { + return true; + } + return false; +}; + export async function middleware(request: NextRequest) { // Check the origin from the request const origin = request.headers.get("origin") ?? ""; @@ -16,16 +53,25 @@ export async function middleware(request: NextRequest) { return NextResponse.next(); } const client = createClient(process.env.ALLOWED_LIST_EDGE_CONFIG); - const allowedOriginsData = await client.get("allowed-origins"); - const allowedOrigins = await stringArraySchema.parseAsync(allowedOriginsData); - const isAllowedOrigin = allowedOrigins.includes(origin); + const isAllowed = await (async () => { + const domain = cleanOrigin(origin) || ""; + if (isPreview(domain)) { + const allowedPreviewData = await client.get("preview-namespace"); + const allowedPreview = await stringArraySchema.parseAsync(allowedPreviewData); + if (allowedPreview.find((d) => d.includes(domain))) { + return true; + } + } + const allowedOriginsData = await client.get("allowed-origins"); + const allowedOrigins = await stringArraySchema.parseAsync(allowedOriginsData); + return allowedOrigins.includes(domain); + })(); // Handle preflighted requests const isPreflight = request.method === "OPTIONS"; - if (isPreflight) { const preflightHeaders = { - ...(isAllowedOrigin && { "Access-Control-Allow-Origin": origin }), + ...(isAllowed && { "Access-Control-Allow-Origin": origin }), ...corsOptions, }; return NextResponse.json({}, { headers: preflightHeaders }); @@ -34,7 +80,7 @@ export async function middleware(request: NextRequest) { // Handle simple requests const response = NextResponse.next(); - if (isAllowedOrigin) { + if (isAllowed) { response.headers.set("Access-Control-Allow-Origin", origin); }