fix cors

thanhdanh27600 · Dec 26, 2024 · 4b648e6 · 4b648e6
1 parent b8be7ca
commit 4b648e6
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 5 deletions.
diff --git a/src/controllers/upload/index.ts b/src/controllers/upload/index.ts
@@ -5,7 +5,7 @@ import { NextApiRequest, NextApiResponse } from 'next/types';
 import path from 'path';
 import requestIp from 'request-ip';
 import prisma from '../../services/db/prisma';
-import { isDebug, LIMIT_FILE_UPLOAD } from '../../types/constants';
+import { isLocal, LIMIT_FILE_UPLOAD } from '../../types/constants';
 import { api, successHandler } from '../../utils/axios';
 import HttpStatusCode from '../../utils/statusCode';
 import { generateFileName } from '../../utils/text';
@@ -66,7 +66,7 @@ export const handler = api<any>(
         });
         return successHandler(res, {
           filename: uniqueFileName,
-          blob: isDebug ? blob : undefined,
+          blob: isLocal ? blob : undefined,
         });
       } catch (error: any) {
         return res.status(HttpStatusCode.BAD_GATEWAY).json({ error: 'File upload failed ' + error?.message });

diff --git a/src/pages/api/upload/index.ts b/src/pages/api/upload/index.ts
@@ -1,6 +1,7 @@
 import { upload } from 'controllers';
+import { cors } from '../../../requests/api';
 
-export default upload.handler;
+export default cors(upload.handler);
 
 export const config = {
   api: {

diff --git a/src/requests/api.ts b/src/requests/api.ts
@@ -1,6 +1,7 @@
 import axios from 'axios';
 import { NextApiRequest, NextApiResponse } from 'next';
-import { BASE_URL, brandUrl, brandUrlShort, localUrlShort } from '../types/constants';
+import { BASE_URL, brandUrl, brandUrlShort, isLocal, localUrl, localUrlShort } from '../types/constants';
+import HttpStatusCode from '../utils/statusCode';
 
 export const API = axios.create({
   baseURL: BASE_URL,
@@ -26,7 +27,7 @@ export function withAuth(token?: string) {
   };
 }
 
-const allowedOrigins = [brandUrl, localUrlShort, brandUrlShort];
+const allowedOrigins = isLocal ? [localUrl, localUrlShort] : [brandUrl, brandUrlShort];
 
 export const allowCors = (handler: any) => async (req: NextApiRequest, res: NextApiResponse) => {
   const origin = req.headers?.origin;
@@ -46,3 +47,17 @@ export const allowCors = (handler: any) => async (req: NextApiRequest, res: Next
   }
   return await handler(req, res);
 };
+
+export const cors = (handler: any) => async (req: NextApiRequest, res: NextApiResponse) => {
+  const origin = req.headers?.origin;
+  console.log('origin', origin);
+
+  // Allow requests from the same origin
+  if (!!origin && allowedOrigins.includes(origin)) {
+    return await handler(req, res);
+  }
+
+  // Block requests from other origins
+  res.setHeader('Access-Control-Allow-Origin', 'false');
+  return res.status(HttpStatusCode.FORBIDDEN).send('CORS policy: No access from this origin');
+};