From c93441cd6380e982f1706508f6d18378c0c6352e Mon Sep 17 00:00:00 2001
From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com>
Date: Mon, 4 Nov 2024 17:18:37 +0000
Subject: [PATCH]  feat(blossom): use rs/cors to handle BUD-01 CORS

---
 blossom/server.go | 18 ++++++++++--------
 blossom/utils.go  | 10 +++++-----
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/blossom/server.go b/blossom/server.go
index 653756f..ea55e47 100644
--- a/blossom/server.go
+++ b/blossom/server.go
@@ -2,6 +2,7 @@ package blossom
 
 import (
 	"context"
+	"github.com/rs/cors"
 	"io"
 	"net/http"
 	"strings"
@@ -31,43 +32,37 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer {
 
 	base := rl.Router()
 	mux := http.NewServeMux()
+	blossomApi := http.NewServeMux()
 
-	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+	blossomApi.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == "OPTIONS" {
-			setCors(w)
 			w.WriteHeader(http.StatusNoContent)
 			return
 		}
 
 		if r.URL.Path == "/upload" {
 			if r.Method == "PUT" {
-				setCors(w)
 				bs.handleUpload(w, r)
 				return
 			} else if r.Method == "HEAD" {
-				setCors(w)
 				bs.handleUploadCheck(w, r)
 				return
 			}
 		}
 
 		if strings.HasPrefix(r.URL.Path, "/list/") && r.Method == "GET" {
-			setCors(w)
 			bs.handleList(w, r)
 			return
 		}
 
 		if len(strings.SplitN(r.URL.Path, ".", 2)[0]) == 65 {
 			if r.Method == "HEAD" {
-				setCors(w)
 				bs.handleHasBlob(w, r)
 				return
 			} else if r.Method == "GET" {
-				setCors(w)
 				bs.handleGetBlob(w, r)
 				return
 			} else if r.Method == "DELETE" {
-				setCors(w)
 				bs.handleDelete(w, r)
 				return
 			}
@@ -76,6 +71,13 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer {
 		base.ServeHTTP(w, r)
 	})
 
+	bud01corsHeaders := cors.New(cors.Options{
+		AllowedOrigins: []string{"*"},
+		AllowedMethods: []string{"GET", "PUT", "DELETE"},
+		AllowedHeaders: []string{"Authorization", "*"},
+	})
+
+	mux.Handle("/", bud01corsHeaders.Handler(blossomApi))
 	rl.SetRouter(mux)
 
 	return bs
diff --git a/blossom/utils.go b/blossom/utils.go
index 5af0d0d..6f95c7a 100644
--- a/blossom/utils.go
+++ b/blossom/utils.go
@@ -5,11 +5,11 @@ import (
 	"net/http"
 )
 
-func setCors(w http.ResponseWriter) {
-	w.Header().Set("Access-Control-Allow-Origin", "*")
-	w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
-	w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, DELETE, OPTIONS")
-}
+//func setCors(w http.ResponseWriter) {
+//	w.Header().Set("Access-Control-Allow-Origin", "*")
+//	w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
+//	w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, DELETE, OPTIONS")
+//}
 
 func blossomError(w http.ResponseWriter, msg string, code int) {
 	w.Header().Add("X-Reason", msg)