Add option to disable CORS

twentyhq · Jul 28, 2023 · b59a54c · b59a54c
1 parent 838056b
commit b59a54c
Show file tree

Hide file tree

Showing 9 changed files with 61 additions and 53 deletions.
diff --git a/front/.env.example b/front/.env.example
@@ -1,6 +1,6 @@
 REACT_APP_SERVER_BASE_URL=http://localhost:3000
 
 # ———————— Optional ————————
-REACT_APP_SERVER_AUTH_URL=     # http://localhost:3000/auth
-REACT_APP_SERVER_FILES_URL=    # http://localhost:3000/files
-CHROMATIC_PROJECT_TOKEN=       # Get it from https://www.chromatic.com
+# REACT_APP_SERVER_AUTH_URL=http://localhost:3000/auth
+# REACT_APP_SERVER_FILES_URL=http://localhost:3000/files
+# CHROMATIC_PROJECT_TOKEN=
diff --git a/render.yaml b/render.yaml
@@ -23,6 +23,8 @@ services:
     generateValue: true
   - key: REFRESH_TOKEN_SECRET
     generateValue: true
+  - key: IS_CORS_ENABLED
+    value: "false"
   - key: PG_DATABASE_URL
     fromDatabase:
       name: twenty-db

diff --git a/server/.env.example b/server/.env.example
@@ -1,18 +1,19 @@
 PG_DATABASE_URL=postgres://postgres:postgrespassword@localhost:5432/default?connection_limit=1
-FRONT_BASE_URL=http://localhost:3001 # the URL of the front-end app
-ACCESS_TOKEN_SECRET=secret_jwt # a random key used to sign the JWT tokens
-LOGIN_TOKEN_SECRET=secret_login_token # another random key used to sign the JWT tokens
-REFRESH_TOKEN_SECRET=secret_refresh_token  # another random key used to sign the JWT tokens
-
+# the URL of the front-end app
+FRONT_BASE_URL=http://localhost:3001
+# random keys used to generate JWT tokens
+ACCESS_TOKEN_SECRET=secret_jwt 
+LOGIN_TOKEN_SECRET=secret_login_tokens
+REFRESH_TOKEN_SECRET=secret_refresh_token  
 
 # ———————— Optional ————————
-DEBUG_MODE=                   # false
-DEMO_MODE=                    # false
-ACCESS_TOKEN_EXPIRES_IN=      # 30m
-LOGIN_TOKEN_EXPIRES_IN=       # 15m
-REFRESH_TOKEN_EXPIRES_IN=     # 90d
-FRONT_AUTH_CALLBACK_URL=      # http://localhost:3001/verify
-AUTH_GOOGLE_ENABLED=          # false
-STORAGE_TYPE=                 # local
-STORAGE_LOCAL_PATH=           # .local-storage
-
+# DEBUG_MODE=false
+# DEMO_MODE=false
+# ACCESS_TOKEN_EXPIRES_IN=30m
+# LOGIN_TOKEN_EXPIRES_IN=15m
+# REFRESH_TOKEN_EXPIRES_IN=90d 
+# FRONT_AUTH_CALLBACK_URL=http://localhost:3001/verify 
+# AUTH_GOOGLE_ENABLED=false
+# STORAGE_TYPE=local
+# STORAGE_LOCAL_PATH=.local-storage 
+# IS_CORS_ENABLED=true
diff --git a/server/.env.test b/server/.env.test
@@ -1,28 +1,21 @@
 DEBUG_MODE=true
 PG_DATABASE_URL=postgres://postgres:postgrespassword@localhost:5432/test?connection_limit=1
-FRONT_BASE_URL=http://localhost:3001 # the URL of the front-end app
-ACCESS_TOKEN_SECRET=secret_jwt # a random key used to sign the JWT tokens
-LOGIN_TOKEN_SECRET=secret_login_token # another random key used to sign the JWT tokens
-REFRESH_TOKEN_SECRET=secret_refresh_token  # another random key used to sign the JWT tokens
+# the URL of the front-end app
+FRONT_BASE_URL=http://localhost:3001
+# random keys used to generate JWT tokens
+ACCESS_TOKEN_SECRET=secret_jwt 
+LOGIN_TOKEN_SECRET=secret_login_tokens
+REFRESH_TOKEN_SECRET=secret_refresh_token  
 
 
 # ———————— Optional ————————
-# default: false
-DEBUG_MODE=
-# default: false
-DEMO_MODE=
-# default: 30m
-ACCESS_TOKEN_EXPIRES_IN=
-# default: 15m
-LOGIN_TOKEN_EXPIRES_IN= 
-# default: 90d
-REFRESH_TOKEN_EXPIRES_IN= 
-# default: http://localhost:3001/verify
-FRONT_AUTH_CALLBACK_URL= 
-# default: false 
-AUTH_GOOGLE_ENABLED=
-# default: local
-STORAGE_TYPE=
-# default: .local-storage 
-STORAGE_LOCAL_PATH= 
-
+# DEBUG_MODE=false
+# DEMO_MODE=false
+# ACCESS_TOKEN_EXPIRES_IN=30m
+# LOGIN_TOKEN_EXPIRES_IN=15m
+# REFRESH_TOKEN_EXPIRES_IN=90d 
+# FRONT_AUTH_CALLBACK_URL=http://localhost:3001/verify 
+# AUTH_GOOGLE_ENABLED=false
+# STORAGE_TYPE=local
+# STORAGE_LOCAL_PATH=.local-storage 
+# IS_CORS_ENABLED=true
diff --git a/server/scripts/set-env-test.sh b/server/scripts/set-env-test.sh
@@ -15,7 +15,7 @@ if [ -f "${ENV_PATH}" ]; then
     if echo "$line" | grep -F = &>/dev/null
     then
       varname=$(echo "$line" | cut -d '=' -f 1)
-      varvalue=$(echo "$line" | cut -d '=' -f 2-)
+      varvalue=$(echo "$line" | cut -d '=' -f 2- | cut -d '#' -f 1)
       export "$varname"="$varvalue"
     fi
   done < <(grep -v '^#' "${ENV_PATH}")

diff --git a/server/src/ability/handlers/activity-target.ability-handler.ts b/server/src/ability/handlers/activity-target.ability-handler.ts
@@ -47,9 +47,10 @@ export class UpdateActivityTargetAbilityHandler implements IAbilityHandler {
   async handle(ability: AppAbility, context: ExecutionContext) {
     const gqlContext = GqlExecutionContext.create(context);
     const args = gqlContext.getArgs<ActivityTargetArgs>();
-    const ActivityTarget = await this.prismaService.client.activityTarget.findFirst({
-      where: args.where,
-    });
+    const ActivityTarget =
+      await this.prismaService.client.activityTarget.findFirst({
+        where: args.where,
+      });
     assert(ActivityTarget, '', NotFoundException);
 
     return ability.can(
@@ -66,9 +67,10 @@ export class DeleteActivityTargetAbilityHandler implements IAbilityHandler {
   async handle(ability: AppAbility, context: ExecutionContext) {
     const gqlContext = GqlExecutionContext.create(context);
     const args = gqlContext.getArgs<ActivityTargetArgs>();
-    const ActivityTarget = await this.prismaService.client.activityTarget.findFirst({
-      where: args.where,
-    });
+    const ActivityTarget =
+      await this.prismaService.client.activityTarget.findFirst({
+        where: args.where,
+      });
     assert(ActivityTarget, '', NotFoundException);
 
     return ability.can(

diff --git a/server/src/integrations/environment/environment.service.ts b/server/src/integrations/environment/environment.service.ts
@@ -60,7 +60,10 @@ export class EnvironmentService {
   }
 
   getFrontAuthCallbackUrl(): string {
-    return this.configService.get<string>('FRONT_AUTH_CALLBACK_URL') ?? this.getFrontBaseUrl() + '/auth/callback';
+    return (
+      this.configService.get<string>('FRONT_AUTH_CALLBACK_URL') ??
+      this.getFrontBaseUrl() + '/auth/callback'
+    );
   }
 
   isAuthGoogleEnabled(): boolean {
@@ -80,7 +83,9 @@ export class EnvironmentService {
   }
 
   getStorageType(): StorageType {
-    return this.configService.get<StorageType>('STORAGE_TYPE') ?? StorageType.Local;
+    return (
+      this.configService.get<StorageType>('STORAGE_TYPE') ?? StorageType.Local
+    );
   }
 
   getStorageS3Region(): AwsRegion | undefined {
@@ -92,6 +97,8 @@ export class EnvironmentService {
   }
 
   getStorageLocalPath(): string {
-    return this.configService.get<string>('STORAGE_LOCAL_PATH') ?? '.local-storage';
+    return (
+      this.configService.get<string>('STORAGE_LOCAL_PATH') ?? '.local-storage'
+    );
   }
 }
diff --git a/server/src/integrations/environment/environment.validation.ts b/server/src/integrations/environment/environment.validation.ts
@@ -43,7 +43,6 @@ export class EnvironmentVariables {
   @IsUrl({ protocols: ['postgres'], require_tld: false })
   PG_DATABASE_URL: string;
 
-
   // Frontend URL
   @IsUrl({ require_tld: false })
   FRONT_BASE_URL: string;

diff --git a/server/src/main.ts b/server/src/main.ts
@@ -4,14 +4,18 @@ import { ValidationPipe } from '@nestjs/common';
 import * as bodyParser from 'body-parser';
 import { graphqlUploadExpress } from 'graphql-upload';
 import bytes from 'bytes';
+import * as dotenv from 'dotenv';
 
 import { AppModule } from './app.module';
 
 import { settings } from './constants/settings';
 
+dotenv.config();
+
 async function bootstrap() {
+  const isCorsEnabled = process.env.IS_CORS_ENABLED !== 'false';
   const app = await NestFactory.create(AppModule, {
-    cors: true,
+    cors: isCorsEnabled,
   });
 
   // Apply validation pipes globally