From 99f91fbce2a029dd963ed30c9007a9b046ea6560 Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Mon, 21 Mar 2022 17:36:42 +0500 Subject: [PATCH 1/5] feat(cors): whitelisting is configurable through .env variables --- api/.env.example | 4 ++-- api/src/app.ts | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/api/.env.example b/api/.env.example index c808872..882adc8 100644 --- a/api/.env.example +++ b/api/.env.example @@ -1,10 +1,10 @@ MODE=[desktop|server] default considered as desktop -CORS=[disable|enable] default considered as disable +CORS=[disable|enable] default considered as disable for server MODE & enable for desktop MODE +WHITELIST= PROTOCOL=[http|https] default considered as http PRIVATE_KEY=privkey.pem FULL_CHAIN=fullchain.pem PORT=[5000] default value is 5000 -PORT_WEB=[port for sasjs web component(react)] default value is 3000 ACCESS_TOKEN_SECRET= REFRESH_TOKEN_SECRET= AUTH_CODE_SECRET= diff --git a/api/src/app.ts b/api/src/app.ts index cc8bff2..f898d86 100644 --- a/api/src/app.ts +++ b/api/src/app.ts @@ -16,13 +16,14 @@ dotenv.config() const app = express() -const { MODE, CORS, PORT_WEB } = process.env -const whiteList = [ - `http://localhost:${PORT_WEB ?? 3000}`, - 'https://sas.analytium.co.uk:8343' -] +const { MODE, CORS, WHITELIST } = process.env if (MODE?.trim() !== 'server' || CORS?.trim() === 'enable') { + const whiteList: string[] = [] + WHITELIST?.split(' ')?.forEach((url) => { + if (url.startsWith('http')) whiteList.push(url) + }) + console.log('All CORS Requests are enabled') app.use(cors({ credentials: true, origin: whiteList })) } From 4fd5bf948e4ad8a274d3176d5509163e67980061 Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Mon, 21 Mar 2022 17:49:28 +0500 Subject: [PATCH 2/5] fix(cors): removed trailing slashes of urls --- api/src/app.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/api/src/app.ts b/api/src/app.ts index f898d86..35dfa9b 100644 --- a/api/src/app.ts +++ b/api/src/app.ts @@ -21,10 +21,12 @@ const { MODE, CORS, WHITELIST } = process.env if (MODE?.trim() !== 'server' || CORS?.trim() === 'enable') { const whiteList: string[] = [] WHITELIST?.split(' ')?.forEach((url) => { - if (url.startsWith('http')) whiteList.push(url) + if (url.startsWith('http')) + // removing trailing slash of URLs listing for CORS + whiteList.push(url.replace(/\/$/, '')) }) - console.log('All CORS Requests are enabled') + console.log('All CORS Requests are enabled for:', whiteList) app.use(cors({ credentials: true, origin: whiteList })) } From aaa469a1423e8fe72697ace09cc1379f1e763f8f Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Mon, 21 Mar 2022 17:54:20 +0500 Subject: [PATCH 3/5] chore: .env.example updated --- api/.env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/.env.example b/api/.env.example index 882adc8..f36cf34 100644 --- a/api/.env.example +++ b/api/.env.example @@ -1,6 +1,6 @@ MODE=[desktop|server] default considered as desktop CORS=[disable|enable] default considered as disable for server MODE & enable for desktop MODE -WHITELIST= +WHITELIST= PROTOCOL=[http|https] default considered as http PRIVATE_KEY=privkey.pem FULL_CHAIN=fullchain.pem From 6146372eba14055cd49a0a413559f14320cebd59 Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Mon, 21 Mar 2022 18:05:40 +0500 Subject: [PATCH 4/5] chore: README.md updated --- README.md | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index eeaf75b..b584844 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ SASjs Server is available in two modes - Desktop (without authentication) and Se ## Installation -Installation can be made programmatically using command line, or by manually downloading and running the executable. +Installation can be made programmatically using command line, or by manually downloading and running the executable. ### Programmatic @@ -48,16 +48,20 @@ When launching the app, it will make use of specific environment variables. Thes Example contents of a `.env` file: ``` -MODE=desktop # options: [desktop|server] default: desktop -CORS=disable # options: [disable|enable] default: disable +MODE=desktop # options: [desktop|server] default: `desktop` +CORS=disable # options: [disable|enable] default: `disable` for `server` MODE and `enable` for `desktop` MODE +WHITELIST= # options: space separated urls, each starting with protocol `http` or `https` PROTOCOL=http # options: [http|https] default: http +PRIVATE_KEY=privkey.pem # only required for PROTOCOL `https` +FULL_CHAIN=fullchain.pem # only required for PROTOCOL `https` PORT=5000 # default: 5000 -PORT_WEB=3000 # port for sasjs web component(react). default: 3000 +ACCESS_TOKEN_SECRET= # only required for MODE `server` +REFRESH_TOKEN_SECRET= # only required for MODE `server` +AUTH_CODE_SECRET= # only required for MODE `server` +DB_CONNECT=mongodb+srv://:@/?retryWrites=true&w=majority # only required for MODE `server` + SAS_PATH=/path/to/sas/executable.exe DRIVE_PATH=/tmp -PROTOCOL=http # options: [http|https] default: http -PRIVATE_KEY=privkey.pem -FULL_CHAIN=fullchain.pem ``` ## Persisting the Session @@ -94,11 +98,10 @@ Instead of `app_name` you can pass: - `all` to act on all processes - `id` to act on a specific process id - ## Server Version -The following credentials can be used for the initial connection to SASjs/server. It is recommended to change these on first use. +The following credentials can be used for the initial connection to SASjs/server. It is recommended to change these on first use. -* CLIENTID: `clientID1` -* USERNAME: `secretuser` -* PASSWORD: `secretpassword` +- CLIENTID: `clientID1` +- USERNAME: `secretuser` +- PASSWORD: `secretpassword` From 534e4e5bf3152ec8149710e5d097fc4732269655 Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Mon, 21 Mar 2022 18:17:26 +0500 Subject: [PATCH 5/5] chore: README.md updated --- README.md | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index b584844..b5764c3 100644 --- a/README.md +++ b/README.md @@ -49,19 +49,31 @@ Example contents of a `.env` file: ``` MODE=desktop # options: [desktop|server] default: `desktop` -CORS=disable # options: [disable|enable] default: `disable` for `server` MODE and `enable` for `desktop` MODE -WHITELIST= # options: space separated urls, each starting with protocol `http` or `https` +CORS=disable # options: [disable|enable] default: `disable` for `server` & `enable` for `desktop` +WHITELIST= # options: space separated urls PROTOCOL=http # options: [http|https] default: http -PRIVATE_KEY=privkey.pem # only required for PROTOCOL `https` -FULL_CHAIN=fullchain.pem # only required for PROTOCOL `https` PORT=5000 # default: 5000 -ACCESS_TOKEN_SECRET= # only required for MODE `server` -REFRESH_TOKEN_SECRET= # only required for MODE `server` -AUTH_CODE_SECRET= # only required for MODE `server` -DB_CONNECT=mongodb+srv://:@/?retryWrites=true&w=majority # only required for MODE `server` +# optional +# for MODE: `desktop`, prompts user +# for MODE: `server` gets value from api/package.json `configuration.sasPath` SAS_PATH=/path/to/sas/executable.exe + + +# optional +# for MODE: `desktop`, prompts user +# for MODE: `server` defaults to /tmp DRIVE_PATH=/tmp + +# ENV variables required for PROTOCOL: `https` +PRIVATE_KEY=privkey.pem +FULL_CHAIN=fullchain.pem + +# ENV variables required for MODE: `server` +ACCESS_TOKEN_SECRET= +REFRESH_TOKEN_SECRET= +AUTH_CODE_SECRET= +DB_CONNECT=mongodb+srv://:@/?retryWrites=true&w=majority ``` ## Persisting the Session