Allow enabling CORS using --allow-cors <origin>

shesek · shesek · commit 37af9737b3f8 · 2019-07-13T19:06:48.000+03:00
Resolves #64
diff --git a/bin/charged b/bin/charged
@@ -14,6 +14,7 @@ const args = require('meow')(`
       -p, --port <port>         http server port [default: 9112]
       -i, --host <host>         http server listen address [default: 127.0.0.1]
       -e, --node-env <env>      nodejs environment mode [default: production]
+      --allow-cors <origin>     allow browser CORS requests from <origin> [default: off]
 
       --rate-proxy <uri>        proxy to use for fetching exchange rate from bitcoinaverage [default: see proxy-from-env]
       --hook-proxy <uri>        proxy to use for web hook push requests [default: see proxy-from-env]
diff --git a/src/app.js b/src/app.js
@@ -26,6 +26,11 @@ const lnPath   = process.env.LN_PATH || join(require('os').homedir(), '.lightnin
   app.use(require('body-parser').json())
   app.use(require('body-parser').urlencoded({ extended: true }))
 
+  process.env.ALLOW_CORS && app.use((req, res, next) => {
+    res.set('Access-Control-Allow-Origin', process.env.ALLOW_CORS)
+    next()
+  })
+
   app.get('/info', auth, wrap(async (req, res) => res.send(await ln.getinfo())))
 
   require('./invoicing')(app, payListen, model, auth, lnconf)
diff --git a/src/lib/auth.js b/src/lib/auth.js
@@ -21,6 +21,7 @@ export const authMiddleware = (name, pass, realm='Lightning Charge') => (req, re
 
   if (!cred || cred.name !== name || cred.pass !== pass)
     res.set('WWW-Authenticate', `Basic realm="${realm}"`)
+       .removeHeader('Access-Control-Allow-Origin')
        .sendStatus(401)
 
   else next()
