refactor: apply CORS rules on relay

2026-02-06 13:44:19 +01:00 · 2024-11-05 18:37:12 +00:00
parent bbcf948dd6
commit 582a74c000
2 changed files with 24 additions and 28 deletions
--- a/blossom/server.go
+++ b/blossom/server.go
@@ -3,11 +3,9 @@ package blossom
 import (
 	"context"
 	"io"
-	"net/http"

 	"github.com/fiatjaf/khatru"
 	"github.com/nbd-wtf/go-nostr"
-	"github.com/rs/cors"
 )

 type BlossomServer struct {
@@ -29,30 +27,14 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer {
 		ServiceURL: serviceURL,
 	}

-	base := rl.Router()
+	mux := rl.Router()

-	blossomApi := http.NewServeMux()
-	blossomApi.HandleFunc("PUT /upload", bs.handleUpload)
-	blossomApi.HandleFunc("HEAD /upload", bs.handleUploadCheck)
-	blossomApi.HandleFunc("GET /list/{pubkey}", bs.handleList)
-	blossomApi.HandleFunc("HEAD /{sha256}", bs.handleHasBlob)
-	blossomApi.HandleFunc("GET /{sha256}", bs.handleGetBlob)
-	blossomApi.HandleFunc("DELETE /{sha256}", bs.handleDelete)
-	blossomApi.Handle("/", base) // forwards to relay
-
-	bud01CorsMux := cors.New(cors.Options{
-		AllowedOrigins: []string{"*"},
-		AllowedMethods: []string{"GET", "PUT", "DELETE"},
-		AllowedHeaders: []string{"Authorization", "*"},
-		MaxAge:         86400,
-	})
-
-	wrappedBlossomApi := bud01CorsMux.Handler(blossomApi)
-
-	combinedMux := http.NewServeMux()
-	combinedMux.Handle("/", wrappedBlossomApi)
-
-	rl.SetRouter(combinedMux)
+	mux.HandleFunc("PUT /upload", bs.handleUpload)
+	mux.HandleFunc("HEAD /upload", bs.handleUploadCheck)
+	mux.HandleFunc("GET /list/{pubkey}", bs.handleList)
+	mux.HandleFunc("HEAD /{sha256}", bs.handleHasBlob)
+	mux.HandleFunc("GET /{sha256}", bs.handleGetBlob)
+	mux.HandleFunc("DELETE /{sha256}", bs.handleDelete)

 	return bs
 }
--- a/handlers.go
+++ b/handlers.go
@@ -26,14 +26,28 @@ func (rl *Relay) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		rl.ServiceURL = getServiceBaseURL(r)
 	}

+	corsMiddleware := cors.New(cors.Options{
+		AllowedOrigins: []string{"*"},
+		AllowedMethods: []string{
+			http.MethodHead,
+			http.MethodGet,
+			http.MethodPost,
+			http.MethodPut,
+			http.MethodPatch,
+			http.MethodDelete,
+		},
+		AllowedHeaders: []string{"Authorization", "*"},
+		MaxAge:         86400,
+	})
+
 	if r.Header.Get("Upgrade") == "websocket" {
 		rl.HandleWebsocket(w, r)
 	} else if r.Header.Get("Accept") == "application/nostr+json" {
-		cors.AllowAll().Handler(http.HandlerFunc(rl.HandleNIP11)).ServeHTTP(w, r)
+		corsMiddleware.Handler(http.HandlerFunc(rl.HandleNIP11)).ServeHTTP(w, r)
 	} else if r.Header.Get("Content-Type") == "application/nostr+json+rpc" {
-		cors.AllowAll().Handler(http.HandlerFunc(rl.HandleNIP86)).ServeHTTP(w, r)
+		corsMiddleware.Handler(http.HandlerFunc(rl.HandleNIP86)).ServeHTTP(w, r)
 	} else {
-		rl.serveMux.ServeHTTP(w, r)
+		corsMiddleware.Handler(rl.serveMux).ServeHTTP(w, r)
 	}
 }