From b9f94adde9c7fdc5150020031916b6c55c935780 Mon Sep 17 00:00:00 2001
From: Thomasr <techninjas514@begintrust.com>
Date: Tue, 4 Feb 2025 01:49:56 -0500
Subject: [PATCH] Fixed cors issues by adding custom CorsOptions

---
 server/node-service/package.json  |  2 ++
 server/node-service/src/server.ts | 34 +++++++++++++++++--------------
 server/node-service/yarn.lock     | 25 +++++++++++++++++++++--
 3 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/server/node-service/package.json b/server/node-service/package.json
index 11410849c..ad4a4fa3c 100644
--- a/server/node-service/package.json
+++ b/server/node-service/package.json
@@ -40,6 +40,7 @@
     "@google-cloud/bigquery": "^6.1.0",
     "@google-cloud/storage": "^6.10.1",
     "@supabase/supabase-js": "^2.26.0",
+    "@types/cors": "^2.8.17",
     "@types/express": "^4.17.14",
     "@types/jsonpath": "^0.2.0",
     "@types/lodash": "^4.14.190",
@@ -50,6 +51,7 @@
     "axios": "^1.7.9",
     "base64-arraybuffer": "^1.0.2",
     "bluebird": "^3.7.2",
+    "cors": "^2.8.5",
     "duckdb-async": "^1.1.3",
     "dynamodb-data-types": "^4.0.1",
     "express": "^4.21.0",
diff --git a/server/node-service/src/server.ts b/server/node-service/src/server.ts
index 93ac2c88f..124c8d1e5 100644
--- a/server/node-service/src/server.ts
+++ b/server/node-service/src/server.ts
@@ -8,6 +8,7 @@ import morgan from "morgan";
 import { collectDefaultMetrics } from "prom-client";
 import apiRouter from "./routes/apiRouter";
 import systemRouter from "./routes/systemRouter";
+import cors, { CorsOptions } from "cors";
 collectDefaultMetrics();
 
 const prefix = "/node-service";
@@ -39,21 +40,24 @@ router.use(
 );
 
 /** RULES OF OUR API */
-router.use((req, res, next) => {
-  // set the CORS policy
-  res.header("Access-Control-Allow-Origin", "*");
-  // set the CORS headers
-  res.header(
-    "Access-Control-Allow-Headers",
-    "origin, X-Requested-With,Content-Type,Accept, Authorization"
-  );
-  // set the CORS method headers
-  if (req.method === "OPTIONS") {
-    res.header("Access-Control-Allow-Methods", "GET,PATCH,DELETE,POST");
-    return res.status(200).json({});
-  }
-  next();
-});
+
+const corsOptions: CorsOptions = {
+  origin: (origin: string | undefined, callback: any) => {
+    callback(null, true);
+  },
+  credentials: true,
+  allowedHeaders: [
+    'origin',
+    'X-Requested-With',
+    'Lowcoder-Ce-Selfhost-Token',
+    'Authorization',
+    'Accept',
+    'Content-Type'
+  ],
+  methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH']
+};
+
+router.use(cors(corsOptions));
 
 /** Routes */
 router.use(`${prefix}/api`, apiRouter);
diff --git a/server/node-service/yarn.lock b/server/node-service/yarn.lock
index 2537e74a5..34fc293c2 100644
--- a/server/node-service/yarn.lock
+++ b/server/node-service/yarn.lock
@@ -4545,6 +4545,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/cors@npm:^2.8.17":
+  version: 2.8.17
+  resolution: "@types/cors@npm:2.8.17"
+  dependencies:
+    "@types/node": "*"
+  checksum: 469bd85e29a35977099a3745c78e489916011169a664e97c4c3d6538143b0a16e4cc72b05b407dc008df3892ed7bf595f9b7c0f1f4680e169565ee9d64966bde
+  languageName: node
+  linkType: hard
+
 "@types/estree@npm:*, @types/estree@npm:^1.0.0":
   version: 1.0.6
   resolution: "@types/estree@npm:1.0.6"
@@ -5838,6 +5847,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cors@npm:^2.8.5":
+  version: 2.8.5
+  resolution: "cors@npm:2.8.5"
+  dependencies:
+    object-assign: ^4
+    vary: ^1
+  checksum: ced838404ccd184f61ab4fdc5847035b681c90db7ac17e428f3d81d69e2989d2b680cc254da0e2554f5ed4f8a341820a1ce3d1c16b499f6e2f47a1b9b07b5006
+  languageName: node
+  linkType: hard
+
 "create-jest@npm:^29.7.0":
   version: 29.7.0
   resolution: "create-jest@npm:29.7.0"
@@ -8519,6 +8538,7 @@ __metadata:
     "@google-cloud/storage": ^6.10.1
     "@supabase/supabase-js": ^2.26.0
     "@types/ali-oss": ^6.16.11
+    "@types/cors": ^2.8.17
     "@types/express": ^4.17.14
     "@types/jest": ^29.2.4
     "@types/jsonpath": ^0.2.0
@@ -8532,6 +8552,7 @@ __metadata:
     bluebird: ^3.7.2
     commander: ^10.0.0
     copyfiles: ^2.4.1
+    cors: ^2.8.5
     duckdb-async: ^1.1.3
     dynamodb-data-types: ^4.0.1
     express: ^4.21.0
@@ -9383,7 +9404,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"object-assign@npm:^4.0.1, object-assign@npm:^4.1.1":
+"object-assign@npm:^4, object-assign@npm:^4.0.1, object-assign@npm:^4.1.1":
   version: 4.1.1
   resolution: "object-assign@npm:4.1.1"
   checksum: fcc6e4ea8c7fe48abfbb552578b1c53e0d194086e2e6bbbf59e0a536381a292f39943c6e9628af05b5528aa5e3318bb30d6b2e53cadaf5b8fe9e12c4b69af23f
@@ -11372,7 +11393,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"vary@npm:~1.1.2":
+"vary@npm:^1, vary@npm:~1.1.2":
   version: 1.1.2
   resolution: "vary@npm:1.1.2"
   checksum: ae0123222c6df65b437669d63dfa8c36cee20a504101b2fcd97b8bf76f91259c17f9f2b4d70a1e3c6bbcee7f51b28392833adb6b2770b23b01abec84e369660b