From 4ffc88b54dae78c0e63b6e90b649d32b540971ef Mon Sep 17 00:00:00 2001 From: EntireTwix Date: Wed, 7 Apr 2021 12:49:15 -0700 Subject: [PATCH] :bug: huge CORS bug --- include/bank_f.hpp | 26 +++++++++++++------------- main.cpp | 5 +++++ 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/include/bank_f.hpp b/include/bank_f.hpp index 8127cc7..d516622 100644 --- a/include/bank_f.hpp +++ b/include/bank_f.hpp @@ -37,7 +37,7 @@ public: { auto resp = HttpResponse::newHttpResponse(); auto handlerInfo = app().getHandlersInfo(); - resp->setBody("

ALL FUNCTIONS (that have args) ARE EXPECTING JSON AS DATA TYPE


/BankF/admin/close (POST)

 attempt  - admin password

Closes and Saves the server.


/BankF/user (POST)

 name  - name of the user being added

 init_pass  - initial password for the user being added

Adds a user to the bank


/BankF/admin/user (POST)

 name  - name of the user being added

 attempt  - admin password required to add user with balance

 init_bal  - initial balance for user being added

 init_pass  - initial password for user being added

Adds a user with initial balance


/BankF/sendfunds (POST)

 a_name  - sender's name

 b_name  - reciever's name

 amount  - amount being sent

 attempt  - password of sender

Sends money from one user to another


/BankF/changepass (PATCH)

 name  - name of user's password being changes

 attempt  - password of user being changed

 new_pass  - new password to replace the current user's password

 Changes password of a user

 

/BankF/{name}/bal (PATCH)

 name  - the name of the user being set

 attempt  - the admin password required

 amount  - the new balance of the user

Sets the balance of a user

 

/BankF/help (GET)

the page you're looking at right now!


/BankF/vpass (GET)

 name  - name of user being verified

 attempt  - password being verified

returns 0 or 1 based on if [attempt] is equal to the password of the user [name]. The intended usage for this function is for connected services


/BankF/contains/{name} (GET)

returns a 0 or 1 based on if the bank contains the user

 

/BankF/{name}/bal (GET)

returns the balance of a given user's name, if -1 that means the user does not exist


/BankF/user (DELETE)

 name  - name of user being deleted

 attempt  - password of user being deleted

Deletes a user with the password of the user as verification


/BankF/admin/user (DELETE)

 name  - name of user being deleted

 attempt  - admin password

Deletes a user with admin password as verification

"); + resp->setBody("

ALL FUNCTIONS (that have args) ARE EXPECTING JSON AS DATA TYPE


/BankF/admin/close (POST)

 attempt  - admin password

Closes and Saves the server.


/BankF/user (POST)

 name  - name of the user being added

 init_pass  - initial password for the user being added

Adds a user to the bank


/BankF/admin/user (POST)

 name  - name of the user being added

 attempt  - admin password required to add user with balance

 init_bal  - initial balance for user being added

 init_pass  - initial password for user being added

Adds a user with initial balance


/BankF/sendfunds (POST)

 a_name  - sender's name

 b_name  - reciever's name

 amount  - amount being sent

 attempt  - password of sender

Sends money from one user to another


/BankF/changepass (PATCH)

 name  - name of user's password being changes

 attempt  - password of user being changed

 new_pass  - new password to replace the current user's password

 Changes password of a user

 

/BankF/{name}/bal (PATCH)

 name  - the name of the user being set

 attempt  - the admin password required

 amount  - the new balance of the user

Sets the balance of a user

 

/BankF/help (GET)

the page you're looking at right now!


/BankF/vpass (POST)

 name  - name of user being verified

 attempt  - password being verified

returns 0 or 1 based on if [attempt] is equal to the password of the user [name]. The intended usage for this function is for connected services


/BankF/contains/{name} (GET)

returns a 0 or 1 based on if the bank contains the user

 

/BankF/{name}/bal (GET)

returns the balance of a given user's name, if -1 that means the user does not exist


/BankF/user (DELETE)

 name  - name of user being deleted

 attempt  - password of user being deleted

Deletes a user with the password of the user as verification


/BankF/admin/user (DELETE)

 name  - name of user being deleted

 attempt  - admin password

Deletes a user with admin password as verification

"); resp->setExpiredTime(0); callback(resp); } @@ -108,20 +108,20 @@ public: } METHOD_LIST_BEGIN - METHOD_ADD(BankF::Close, "/admin/close", Post); - METHOD_ADD(BankF::AddUser, "/user", Post); - METHOD_ADD(BankF::AdminAddUser, "/admin/user", Post); - METHOD_ADD(BankF::SendFunds, "/sendfunds", Post); + METHOD_ADD(BankF::Close, "/admin/close", Post, Options); + METHOD_ADD(BankF::AddUser, "/user", Post, Options); + METHOD_ADD(BankF::AdminAddUser, "/admin/user", Post, Options); + METHOD_ADD(BankF::SendFunds, "/sendfunds", Post, Options); - METHOD_ADD(BankF::ChangePassword, "/changepass", Patch); - METHOD_ADD(BankF::SetBal, "/{name}/bal", Patch); + METHOD_ADD(BankF::ChangePassword, "/changepass", Patch, Options); + METHOD_ADD(BankF::SetBal, "/{name}/bal", Patch, Options); - METHOD_ADD(BankF::Help, "/help", Get); - METHOD_ADD(BankF::VerifyPassword, "/vpass", Get); - METHOD_ADD(BankF::Contains, "/contains/{name}", Get); - METHOD_ADD(BankF::GetBal, "/{name}/bal", Get); + METHOD_ADD(BankF::Help, "/help", Get, Options); + METHOD_ADD(BankF::VerifyPassword, "/vpass", Post, Options); + METHOD_ADD(BankF::Contains, "/contains/{name}", Get, Options); + METHOD_ADD(BankF::GetBal, "/{name}/bal", Get, Options); - METHOD_ADD(BankF::DelUser, "/user", Delete); - METHOD_ADD(BankF::AdminDelUser, "/admin/user", Delete); + METHOD_ADD(BankF::DelUser, "/user", Delete, Options); + METHOD_ADD(BankF::AdminDelUser, "/admin/user", Delete, Options); METHOD_LIST_END }; \ No newline at end of file diff --git a/main.cpp b/main.cpp index c2b12a7..1cf4770 100644 --- a/main.cpp +++ b/main.cpp @@ -40,6 +40,11 @@ int main(int argc, char **argv) } auto API = std::make_shared(); + app().registerPostHandlingAdvice( + [](const drogon::HttpRequestPtr &req, const drogon::HttpResponsePtr &resp) { + //LOG_DEBUG << "postHandling1"; + resp->addHeader("Access-Control-Allow-Origin", "*"); + }); app().addListener("0.0.0.0", 80).registerController(API).setThreadNum(std::stoul(argv[3])).run(); return 0;