From 99f91fbce2a029dd963ed30c9007a9b046ea6560 Mon Sep 17 00:00:00 2001
From: Saad Jutt <ihsan.distranger@gmail.com>
Date: Mon, 21 Mar 2022 17:36:42 +0500
Subject: [PATCH] feat(cors): whitelisting is configurable through .env
 variables

---
 api/.env.example |  4 ++--
 api/src/app.ts   | 11 ++++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/api/.env.example b/api/.env.example
index c808872..882adc8 100644
--- a/api/.env.example
+++ b/api/.env.example
@@ -1,10 +1,10 @@
 MODE=[desktop|server] default considered as desktop
-CORS=[disable|enable] default considered as disable
+CORS=[disable|enable] default considered as disable for server MODE & enable for desktop MODE
+WHITELIST=<space separated urls, each starting with 'http'>
 PROTOCOL=[http|https] default considered as http
 PRIVATE_KEY=privkey.pem
 FULL_CHAIN=fullchain.pem
 PORT=[5000] default value is 5000
-PORT_WEB=[port for sasjs web component(react)] default value is 3000
 ACCESS_TOKEN_SECRET=<secret>
 REFRESH_TOKEN_SECRET=<secret>
 AUTH_CODE_SECRET=<secret>
diff --git a/api/src/app.ts b/api/src/app.ts
index cc8bff2..f898d86 100644
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -16,13 +16,14 @@ dotenv.config()
 
 const app = express()
 
-const { MODE, CORS, PORT_WEB } = process.env
-const whiteList = [
-  `http://localhost:${PORT_WEB ?? 3000}`,
-  'https://sas.analytium.co.uk:8343'
-]
+const { MODE, CORS, WHITELIST } = process.env
 
 if (MODE?.trim() !== 'server' || CORS?.trim() === 'enable') {
+  const whiteList: string[] = []
+  WHITELIST?.split(' ')?.forEach((url) => {
+    if (url.startsWith('http')) whiteList.push(url)
+  })
+
   console.log('All CORS Requests are enabled')
   app.use(cors({ credentials: true, origin: whiteList }))
 }