feat: 🔧 Add CORS constant/env variable, add healthz route

gnekich · gnekich · commit be6d73fd13ab · 2022-06-30T00:22:10.000+02:00
Add `HLAMBDA_CORS_DOMAIN`. By default, all CORS requests to the Hlambda server are allowed. To run with more restrictive CORS settings, use this env variable. Example: `https://*.foo.bar.com:8080, http://*.localhost, http://localhost:3000, http://example.com`
diff --git a/.env.example b/.env.example
@@ -30,6 +30,10 @@ PRIVATE_KEY_CONFIGURATION="__INSERT_YOUR_PRIVATE_KEY_CONFIGURATION__"
 # Server max allowed body size from client that express app will support. (Main usecase is Apple Subscription Notifications)
 SERVER_BODY_SIZE="2mb"
 
+# Constant reference in code: ENV_HLAMBDA_CORS_DOMAIN | Default value: *
+# By default, all CORS requests to the Hlambda server are allowed. To run with more restrictive CORS settings, use this env variable. Example: `https://*.foo.bar.com:8080, http://*.localhost, http://localhost:3000, http://example.com`
+HLAMBDA_CORS_DOMAIN="*"
+
 # Constant reference in code: ENV_SERVER_HEALTH | Default value: Healthy
 # Server health that can change based on different events "Healthy", "Degraded", "Unhealthy", "Advisory"
 SERVER_HEALTH="Healthy"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,6 @@
-# Todo
+# (Future) Release 0.0.9
 
-- Default GET /healthz if does not exist.
+- undefined :)
 
 # Release 0.0.8
 
@@ -9,3 +9,5 @@
 - Add example for the static serving of the content because `__dirname` is not available, `fileURLToPath(import.meta.url);` should be used.
 - Add version build number route. (GET /build-number)
 - Add timestamp to docker image on build `./image-build-timestamp.txt`
+- Add GET /healthz route
+- Add CORS env variable `HLAMBDA_CORS_DOMAIN`, by default Hlambda server continues to allow '\*'
diff --git a/src/constants/index.js b/src/constants/index.js
@@ -69,6 +69,13 @@ export const constants = {
       'Server max allowed body size from client that express app will support. (Main usecase is Apple Subscription Notifications)',
   },
 
+  ENV_HLAMBDA_CORS_DOMAIN: {
+    name: 'HLAMBDA_CORS_DOMAIN',
+    default: '*',
+    description:
+      'By default, all CORS requests to the Hlambda server are allowed. To run with more restrictive CORS settings, use this env variable. Example: `https://*.foo.bar.com:8080, http://*.localhost, http://localhost:3000, http://example.com`',
+  },
+
   ENV_SERVER_HEALTH: {
     name: 'SERVER_HEALTH',
     default: 'Healthy',
diff --git a/src/index.js b/src/index.js
@@ -25,6 +25,7 @@ import middlewareProtector from './routes/protector.js';
 // import routeConsole from './routes/console.js';
 import route404 from './routes/404.js';
 import hasuraErrorHandler from './routes/hasuraErrorHandler.js';
+import healthzRouter from './routes/health/public-router.healthz.js';
 // import requestTimeLogger from './utils/requestTimer.js';
 
 import generateDotEnvFileFromConsts from './utils/generateDotEnvFileFromConsts.js';
@@ -153,6 +154,7 @@ const spinServer = async () => {
   // const SERVER_VERSION = getEnvValue(constants.ENV_SERVER_VERSION);
   const HLAMBDA_DISABLE_CONSOLE = isEnvTrue(constants.ENV_HLAMBDA_DISABLE_CONSOLE);
   const HLAMBDA_DISABLE_INITIAL_ROUTE_REDIRECT = isEnvTrue(constants.ENV_HLAMBDA_DISABLE_INITIAL_ROUTE_REDIRECT);
+  const HLAMBDA_CORS_DOMAIN = getEnvValue(constants.ENV_HLAMBDA_CORS_DOMAIN);
   // --------------------------------------------------------------------------------
   const app = express();
   // --------------------------------------------------------------------------------
@@ -163,7 +165,7 @@ const spinServer = async () => {
   app.use(express.json());
 
   // Allow cors everywhere, it make sense for this usecase, unsafe otherwise!
-  app.use(cors());
+  app.use(cors({ origin: HLAMBDA_CORS_DOMAIN }));
 
   if (!HLAMBDA_DISABLE_CONSOLE) {
     // Serve static
@@ -279,6 +281,8 @@ const spinServer = async () => {
     );
   }
   // --------------------------------------------------------------------------------
+  // Add healthz route.
+  app.use(healthzRouter);
   // Handle 404 routes.
   app.use(route404);
   // !!! Important !!! Error handler.
diff --git a/src/routes/health/public-router.healthz.js b/src/routes/health/public-router.healthz.js
@@ -0,0 +1,14 @@
+import express from 'express';
+import asyncHandler from 'express-async-handler';
+
+// Create express router
+const router = express.Router();
+
+router.get(
+  '/healthz',
+  asyncHandler(async (req, res) => {
+    res.status(200).send('OK');
+  })
+);
+
+export default router;
