Browse Source

feat: CORS组件支持使用配置文件更灵活的配置处理跨域的逻辑;

main
ShadowWalker 3 years ago
parent
commit
3e1c04c348
  1. 16
      server/config.docker.yaml
  2. 16
      server/config.yaml
  3. 3
      server/config/config.go
  4. 14
      server/config/cors.go
  5. 5
      server/initialize/router.go
  6. 49
      server/middleware/cors.go

16
server/config.docker.yaml

@ -135,3 +135,19 @@ Timer:
{ tableName: "sys_operation_records" , compareField: "created_at", interval: "2160h" }, { tableName: "sys_operation_records" , compareField: "created_at", interval: "2160h" },
#{ tableName: "log2" , compareField: "created_at", interval: "2160h" } #{ tableName: "log2" , compareField: "created_at", interval: "2160h" }
] ]
# 跨域配置
# 需要配合 server/initialize/router.go#L32 使用
cors:
mode: whitelist # 放行模式: allow-all, 放行全部; whitelist, 白名单模式, 来自白名单内域名的请求添加 cors 头; strict-whitelist 严格白名单模式, 白名单外的请求一律拒绝
whitelist:
- allow-origin: example1.com
allow-headers: content-type
allow-methods: GET, POST
expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
allow-credentials: true # 布尔值
- allow-origin: example2.com
allow-headers: content-type
allow-methods: GET, POST
expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
allow-credentials: true # 布尔值

16
server/config.yaml

@ -179,4 +179,18 @@ Timer:
#{ tableName: "log2" , compareField: "created_at", interval: "2160h" } #{ tableName: "log2" , compareField: "created_at", interval: "2160h" }
] ]
# 跨域配置
# 需要配合 server/initialize/router.go#L32 使用
cors:
mode: whitelist # 放行模式: allow-all, 放行全部; whitelist, 白名单模式, 来自白名单内域名的请求添加 cors 头; strict-whitelist 严格白名单模式, 白名单外的请求一律拒绝
whitelist:
- allow-origin: example1.com
allow-headers: content-type
allow-methods: GET, POST
expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
allow-credentials: true # 布尔值
- allow-origin: example2.com
allow-headers: content-type
allow-methods: GET, POST
expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
allow-credentials: true # 布尔值

3
server/config/config.go

@ -23,4 +23,7 @@ type Server struct {
Excel Excel `mapstructure:"excel" json:"excel" yaml:"excel"` Excel Excel `mapstructure:"excel" json:"excel" yaml:"excel"`
Timer Timer `mapstructure:"timer" json:"timer" yaml:"timer"` Timer Timer `mapstructure:"timer" json:"timer" yaml:"timer"`
// 跨域配置
Cors CORS `mapstructure:"cors" json:"cors" yaml:"cors"`
} }

14
server/config/cors.go

@ -0,0 +1,14 @@
package config
type CORS struct {
Mode string `mapstructure:"mode" json:"mode" yaml:"mode"`
Whitelist []CORSWhitelist `mapstructure:"whitelist" json:"whitelist" yaml:"whitelist"`
}
type CORSWhitelist struct {
AllowOrigin string `mapstructure:"allow-origin" json:"allow-origin" yaml:"allow-origin"`
AllowMethods string `mapstructure:"allow-methods" json:"allow-methods" yaml:"allow-methods"`
AllowHeaders string `mapstructure:"allow-headers" json:"allow-headers" yaml:"allow-headers"`
ExposeHeaders string `mapstructure:"expose-headers" json:"expose-headers" yaml:"expose-headers"`
AllowCredentials bool `mapstructure:"allow-credentials" json:"allow-credentials" yaml:"allow-credentials"`
}

5
server/initialize/router.go

@ -29,8 +29,9 @@ func Routers() *gin.Engine {
Router.StaticFS(global.GVA_CONFIG.Local.Path, http.Dir(global.GVA_CONFIG.Local.Path)) // 为用户头像和文件提供静态地址 Router.StaticFS(global.GVA_CONFIG.Local.Path, http.Dir(global.GVA_CONFIG.Local.Path)) // 为用户头像和文件提供静态地址
// Router.Use(middleware.LoadTls()) // 打开就能玩https了 // Router.Use(middleware.LoadTls()) // 打开就能玩https了
global.GVA_LOG.Info("use middleware logger") global.GVA_LOG.Info("use middleware logger")
// 跨域
//Router.Use(middleware.Cors()) // 如需跨域可以打开
// 跨域,如需跨域可以打开下面的注释
// Router.Use(middleware.Cors()) // 直接放行全部跨域请求
//Router.Use(middleware.CorsByRules()) // 按照配置的规则放行跨域请求
global.GVA_LOG.Info("use middleware cors") global.GVA_LOG.Info("use middleware cors")
Router.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler)) Router.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
global.GVA_LOG.Info("register swagger handler") global.GVA_LOG.Info("register swagger handler")

49
server/middleware/cors.go

@ -1,11 +1,13 @@
package middleware package middleware
import ( import (
"github.com/flipped-aurora/gin-vue-admin/server/config"
"github.com/flipped-aurora/gin-vue-admin/server/global"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"net/http" "net/http"
) )
// 处理跨域请求,支持options访问
// Cors 直接放行所有跨域请求并放行所有 OPTIONS 方法
func Cors() gin.HandlerFunc { func Cors() gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
method := c.Request.Method method := c.Request.Method
@ -24,3 +26,48 @@ func Cors() gin.HandlerFunc {
c.Next() c.Next()
} }
} }
// CorsByRules 按照配置处理跨域请求
func CorsByRules() gin.HandlerFunc {
// 放行全部
if global.GVA_CONFIG.Cors.Mode == "allow-all" {
return Cors()
}
return func(c *gin.Context) {
whitelist := checkCors(c.GetHeader("origin"))
// 通过检查, 添加请求头
if whitelist != nil {
c.Header("Access-Control-Allow-Origin", whitelist.AllowOrigin)
c.Header("Access-Control-Allow-Headers", whitelist.AllowHeaders)
c.Header("Access-Control-Allow-Methods", whitelist.AllowMethods)
c.Header("Access-Control-Expose-Headers", whitelist.ExposeHeaders)
if whitelist.AllowCredentials {
c.Header("Access-Control-Allow-Credentials", "true")
}
}
// 严格白名单模式且未通过检查,直接拒绝处理请求
if whitelist == nil && global.GVA_CONFIG.Cors.Mode == "strict-whitelist" {
c.AbortWithStatus(http.StatusForbidden)
} else {
// 非严格白名单模式,无论是否通过检查均放行所有 OPTIONS 方法
if c.Request.Method == "OPTIONS" {
c.AbortWithStatus(http.StatusNoContent)
}
}
// 处理请求
c.Next()
}
}
func checkCors(currentOrigin string) *config.CORSWhitelist {
for _, whitelist := range global.GVA_CONFIG.Cors.Whitelist {
// 遍历配置中的跨域头,寻找匹配项
if currentOrigin == whitelist.AllowOrigin {
return &whitelist
}
}
return nil
}
Loading…
Cancel
Save