Merge pull request #58 from AgoraIO-Community/preflight

added preflight support

service/http_handlers.go

@@ -3,6 +3,8 @@ package service
 import (
 	"fmt"
 	"log"
+	"net/http"
+	"strings"
 
 	rtmtokenbuilder2 "github.com/AgoraIO-Community/go-tokenbuilder/rtmtokenbuilder"
 
@@ -153,8 +155,43 @@ func (s *Service) nocache() gin.HandlerFunc {
 		c.Header("Cache-Control", "private, no-cache, no-store, must-revalidate")
 		c.Header("Expires", "-1")
 		c.Header("Pragma", "no-cache")
-		if s.allowOrigin != "" {
-			c.Header("Access-Control-Allow-Origin", s.allowOrigin)
+	}
+}
+
+// Add CORSMiddleware to handle CORS requests and set the necessary headers
+func (s *Service) CORSMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		origin := c.Request.Header.Get("Origin")
+		if !s.isOriginAllowed(origin) {
+			c.Header("Content-Type", "application/json")
+			c.JSON(http.StatusForbidden, gin.H{
+				"error": "Origin not allowed",
+			})
+			c.Abort()
+			return
+		}
+		c.Header("Access-Control-Allow-Origin", origin)
+		c.Header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+		c.Header("Access-Control-Allow-Headers", "Origin, Content-Type")
+		if c.Request.Method == "OPTIONS" {
+			c.AbortWithStatus(http.StatusNoContent)
+			return
+		}
+		c.Next()
+	}
+}
+
+func (s *Service) isOriginAllowed(origin string) bool {
+	if s.allowOrigin == "*" {
+		return true
+	}
+
+	allowedOrigins := strings.Split(s.allowOrigin, ",")
+	for _, allowed := range allowedOrigins {
+		if origin == allowed {
+			return true
 		}
 	}
+
+	return false
 }

service/service.go

@@ -93,6 +93,7 @@ func NewService() *Service {
 	api := gin.Default()
 
 	api.Use(s.nocache())
+	api.Use(s.CORSMiddleware())
 	api.GET("rtc/:channelName/:role/:tokenType/:rtcuid/", s.getRtcToken)
 	api.GET("rtm/:rtmuid/", s.getRtmToken)
 	api.GET("rte/:channelName/:role/:tokenType/:rtcuid/", s.getRtcRtmToken)