Update WebSocket and CORS allowed origins to reflect the project rename from "Carrot BBS" to "WithYou", changing bbs.littlelan.cn to withyou.littlelan.cn.
59 lines
1.4 KiB
Go
59 lines
1.4 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
var allowedOrigins = []string{
|
|
"https://withyou.littlelan.cn",
|
|
"https://admin.littlelan.cn",
|
|
"https://browser.littlelan.cn",
|
|
"http://localhost:3000",
|
|
"http://localhost:5173",
|
|
"http://127.0.0.1:3000",
|
|
"http://127.0.0.1:5173",
|
|
}
|
|
|
|
func isAllowedOrigin(origin string) bool {
|
|
for _, o := range allowedOrigins {
|
|
if o == origin {
|
|
return true
|
|
}
|
|
}
|
|
|
|
if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") {
|
|
return true
|
|
}
|
|
|
|
if strings.HasPrefix(origin, "https://") && strings.HasSuffix(origin, ".littlelan.cn") {
|
|
return true
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
func CORS() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
origin := c.GetHeader("Origin")
|
|
|
|
if isAllowedOrigin(origin) {
|
|
c.Header("Access-Control-Allow-Origin", origin)
|
|
c.Header("Access-Control-Allow-Credentials", "true")
|
|
}
|
|
|
|
c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
|
|
c.Header("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, Connection, Upgrade, Sec-WebSocket-Key, Sec-WebSocket-Version, Sec-WebSocket-Protocol, Sec-WebSocket-Extensions")
|
|
c.Header("Access-Control-Expose-Headers", "Content-Length, Connection, Upgrade")
|
|
|
|
if c.Request.Method == "OPTIONS" {
|
|
c.AbortWithStatus(http.StatusNoContent)
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|