Merge pull request #315 from myl7/raw-link-cors

2022-01-29 15:03:20 +08:00 · 2022-01-29 15:03:20 +08:00 · 89b1ed7dfe
commit 89b1ed7dfe
parent 79fd82b71e b1761a98bd
3 changed files with 68 additions and 3 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -16,6 +16,7 @@
        "@headlessui/react": "^1.4.0",
        "awesome-debounce-promise": "^2.1.0",
        "axios": "^0.21.1",
+        "cors": "^2.8.5",
        "crypto-js": "^4.1.1",
        "emoji-regex": "^9.2.2",
        "ioredis": "^4.28.2",
@ -43,6 +44,7 @@
        "use-constant": "^1.1.0"
      },
      "devDependencies": {
+        "@types/cors": "^2.8.12",
        "@types/crypto-js": "^4.0.2",
        "@types/ioredis": "^4.28.5",
        "@types/prismjs": "^1.16.5",
@ -617,6 +619,12 @@
      "integrity": "sha512-Myxw//kzromB9yWgS8qYGuGVf91oBUUJpNvy5eM50sqvmKLbKjwLxohJnkWGTeeI9v9IBMtPLxz5Gc60FIfvCA==",
      "dev": true
    },
+    "node_modules/@types/cors": {
+      "version": "2.8.12",
+      "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz",
+      "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
+      "dev": true
+    },
    "node_modules/@types/crypto-js": {
      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/@types/crypto-js/-/crypto-js-4.0.2.tgz",
@ -1664,6 +1672,18 @@
      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
      "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="
    },
+    "node_modules/cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "dependencies": {
+        "object-assign": "^4",
+        "vary": "^1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
    "node_modules/cosmiconfig": {
      "version": "7.0.1",
      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.0.1.tgz",
@ -7334,6 +7354,14 @@
        "spdx-expression-parse": "^3.0.0"
      }
    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
    "node_modules/vfile": {
      "version": "4.2.1",
      "resolved": "https://registry.npmjs.org/vfile/-/vfile-4.2.1.tgz",
@ -7879,6 +7907,12 @@
      "integrity": "sha512-Myxw//kzromB9yWgS8qYGuGVf91oBUUJpNvy5eM50sqvmKLbKjwLxohJnkWGTeeI9v9IBMtPLxz5Gc60FIfvCA==",
      "dev": true
    },
+    "@types/cors": {
+      "version": "2.8.12",
+      "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz",
+      "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
+      "dev": true
+    },
    "@types/crypto-js": {
      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/@types/crypto-js/-/crypto-js-4.0.2.tgz",
@ -8672,6 +8706,15 @@
      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
      "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="
    },
+    "cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "requires": {
+        "object-assign": "^4",
+        "vary": "^1"
+      }
+    },
    "cosmiconfig": {
      "version": "7.0.1",
      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.0.1.tgz",
@ -12929,6 +12972,11 @@
        "spdx-expression-parse": "^3.0.0"
      }
    },
+    "vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
+    },
    "vfile": {
      "version": "4.2.1",
      "resolved": "https://registry.npmjs.org/vfile/-/vfile-4.2.1.tgz",
--- a/package.json
+++ b/package.json
@ -17,6 +17,7 @@
    "@headlessui/react": "^1.4.0",
    "awesome-debounce-promise": "^2.1.0",
    "axios": "^0.21.1",
+    "cors": "^2.8.5",
    "crypto-js": "^4.1.1",
    "emoji-regex": "^9.2.2",
    "ioredis": "^4.28.2",
@ -44,6 +45,7 @@
    "use-constant": "^1.1.0"
  },
  "devDependencies": {
+    "@types/cors": "^2.8.12",
    "@types/crypto-js": "^4.0.2",
    "@types/ioredis": "^4.28.5",
    "@types/prismjs": "^1.16.5",
--- a/pages/api/index.ts
+++ b/pages/api/index.ts
@ -2,6 +2,7 @@ import { posix as pathPosix } from 'path'

 import type { NextApiRequest, NextApiResponse } from 'next'
 import axios from 'axios'
+import Cors from 'cors'

 import apiConfig from '../../config/api.json'
 import siteConfig from '../../config/site.json'
@ -12,6 +13,20 @@ import { getOdAuthTokens, storeOdAuthTokens } from '../../utils/odAuthTokenStore
 const basePath = pathPosix.resolve('/', siteConfig.baseDirectory)
 const clientSecret = revealObfuscatedToken(apiConfig.obfuscatedClientSecret)

+// CORS middleware for raw links: https://nextjs.org/docs/api-routes/api-middlewares
+function runCorsMiddleware(req: NextApiRequest, res: NextApiResponse) {
+  const cors = Cors({ methods: ['GET', 'HEAD'] })
+  return new Promise((resolve, reject) => {
+    cors(req, res, result => {
+      if (result instanceof Error) {
+        return reject(result)
+      }
+
+      return resolve(result)
+    })
+  })
+}
+
 /**
 * Encode the path of the file relative to the base directory
 *
@ -168,8 +183,10 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
  // Whether path is root, which requires some special treatment
  const isRoot = requestPath === ''

-  // Go for file raw download link and query with only temporary link parameter
+  // Go for file raw download link, add CORS headers, and redirect to @microsoft.graph.downloadUrl
  if (raw) {
+    await runCorsMiddleware(req, res)
+
    const { data } = await axios.get(requestUrl, {
      headers: { Authorization: `Bearer ${accessToken}` },
      params: {
@ -188,8 +205,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
  }

  // Querying current path identity (file or folder) and follow up query childrens in folder
-  // console.log(accessToken)
-
  try {
    const { data: identityData } = await axios.get(requestUrl, {
      headers: { Authorization: `Bearer ${accessToken}` },