Add CORS options & bump up docker's base image

pottava · Feb 18, 2017 · 2e11186 · 2e11186
1 parent 0c4cd39
commit 2e11186
Show file tree

Hide file tree

Showing 9 changed files with 55 additions and 16 deletions.
diff --git a/README-ja.md b/README-ja.md
@@ -27,6 +27,10 @@ BASIC_AUTH_USER           | Basic 認証をかけるなら、その `ユーザ
 BASIC_AUTH_PASS           | Basic 認証をかけるなら、その `パスワード`            |        | -
 SSL_CERT_PATH             | TLS を有効にしたいなら、その `cert.pem` へのパス     |        | -
 SSL_KEY_PATH              | TLS を有効にしたいなら、その `key.pem` へのパス      |        | -
+CORS_ALLOW_ORIGIN  | CORS を有効にしたいなら、リソースへのアクセスを許可する URI |        | -
+CORS_ALLOW_METHODS | CORS を有効にしたいなら、許可する [HTTP request methods](https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html)のカンマ区切りのリスト |        | -
+CORS_ALLOW_HEADERS | CORS を有効にしたいなら、サポートするヘッダーのカンマ区切りのリスト |        | -
+CORS_MAX_AGE       | CORS における preflight リクエスト結果のキャッシュ上限時間(秒) |        | 600
 APP_PORT                  | このサービスが待機する `ポート番号`                  |        | 80
 ACCESS_LOG                | 標準出力へアクセスログを送る                        |        | false
 STRIP_PATH                | 指定した Prefix を S3 のパスから削除                |         | -
@@ -43,6 +47,10 @@ STRIP_PATH                | 指定した Prefix を S3 のパスから削除
 
 `docker run -d -p 8080:80 -e AWS_REGION -e AWS_S3_BUCKET -e SSL_CERT_PATH -e SSL_KEY_PATH pottava/s3-proxy`
 
+* CORS を有効にしたいなら:
+
+`docker run -d -p 8080:80 -e PROXY_URL -e CORS_ALLOW_ORIGIN -e CORS_ALLOW_METHODS -e CORS_ALLOW_HEADERS -e CORS_MAX_AGE pottava/s3-proxy`
+
 * docker-compose.yml として使うなら:  
 
 ```

diff --git a/README.md b/README.md
@@ -32,6 +32,10 @@ BASIC_AUTH_USER           | User for basic authentication.                    |
 BASIC_AUTH_PASS           | Password for basic authentication.                |          | -
 SSL_CERT_PATH             | TLS: cert.pem file path.                          |          | -
 SSL_KEY_PATH              | TLS: key.pem file path.                           |          | -
+CORS_ALLOW_ORIGIN         | CORS: a URI that may access the resource.         |          | -
+CORS_ALLOW_METHODS        | CORS: Comma-delimited list of the allowed [HTTP request methods](https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html). |          | -
+CORS_ALLOW_HEADERS        | CORS: Comma-delimited list of the supported request headers. |          | -
+CORS_MAX_AGE              | CORS: Maximum number of seconds the results of a preflight request can be cached. |          | 600
 APP_PORT                  | The port number to be assigned for listening.     |          | 80
 ACCESS_LOG                | Send access logs to /dev/stdout.                  |          | false
 STRIP_PATH                | Strip path prefix.                                |          | -
@@ -48,6 +52,10 @@ STRIP_PATH                | Strip path prefix.                                |
 
 `docker run -d -p 8080:80 -e AWS_REGION -e AWS_S3_BUCKET -e SSL_CERT_PATH -e SSL_KEY_PATH pottava/s3-proxy`
 
+* with CORS:
+
+`docker run -d -p 8080:80 -e PROXY_URL -e CORS_ALLOW_ORIGIN -e CORS_ALLOW_METHODS -e CORS_ALLOW_HEADERS -e CORS_MAX_AGE pottava/s3-proxy`
+
 * with docker-compose.yml:  
 
 ```

diff --git a/circle.yml b/circle.yml
@@ -10,13 +10,13 @@ dependencies:
   pre:
       # Prepare directories.
       - mkdir -p ~/cache "$PRIVATE_GOPATH/src/$IMPORT_PATH"
-      # Install go 1.7
+      # Install go 1.8
       - sudo rm -rf /usr/local/go
-      - cd ~/cache && if [ ! -e go1.7.5.linux-amd64.tar.gz ]; then wget https://storage.googleapis.com/golang/go1.7.5.linux-amd64.tar.gz; fi
-      - cd ~/cache && sudo tar -C /usr/local -xzf go1.7.5.linux-amd64.tar.gz
+      - cd ~/cache && if [ ! -e go1.8.linux-amd64.tar.gz ]; then wget https://storage.googleapis.com/golang/go1.8.linux-amd64.tar.gz; fi
+      - cd ~/cache && sudo tar -C /usr/local -xzf go1.8.linux-amd64.tar.gz
       - go version
       # Install test utils
-      - go get github.com/golang/dep
+      - go get github.com/golang/dep/...
       - go get github.com/golang/lint/golint
   post:
     - >

diff --git a/dev/Dockerfile b/dev/Dockerfile
@@ -0,0 +1,2 @@
+FROM pottava/golang:1.8-builder
+RUN apk add --no-cache ca-certificates
diff --git a/dev/docker-compose-gox.yml b/dev/docker-compose-gox.yml
@@ -1,4 +1,4 @@
-# BUILD_VERSION=v0.1.0 BUILD_DATE=`date +%FT%T%z` docker-compose -f development/docker-compose-gox.yml run --rm build
+# BUILD_VERSION=v0.1.0 BUILD_DATE=`date +%FT%T%z` docker-compose -f dev/docker-compose-gox.yml run --rm build
 
 build:
   image: pottava/gox:go1.8

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,7 +2,8 @@ version: "2"
 
 services:
   app:
-    image: pottava/golang:1.8
+    build: dev/
+    image: aws-s3-proxy:dev
     command: go run /go/src/github.com/pottava/aws-s3-proxy/main.go
     ports:
       - 8080:80
@@ -21,5 +22,9 @@ services:
       - BASIC_AUTH_PASS
       - SSL_CERT_PATH
       - SSL_KEY_PATH
+      - CORS_ALLOW_ORIGIN
+      - CORS_ALLOW_METHODS
+      - CORS_ALLOW_HEADERS
+      - CORS_MAX_AGE
       - ACCESS_LOG=true
     container_name: app
diff --git a/lock.json b/lock.json
@@ -4,7 +4,7 @@
         {
             "name": "github.com/aws/aws-sdk-go",
             "branch": "master",
-            "revision": "830984cdef47f8ac0d4883012367bf75e5ccac2c",
+            "revision": "e43e7ed87a3584fd820402855e7ff990fb10239f",
             "packages": [
                 "aws",
                 "aws/session",

diff --git a/main.go b/main.go
@@ -31,6 +31,10 @@ type config struct {
 	sslCert          string // SSL_CERT_PATH
 	sslKey           string // SSL_KEY_PATH
 	stripPath        string // STRIP_PATH
+	corsAllowOrigin  string // CORS_ALLOW_ORIGIN
+	corsAllowMethods string // CORS_ALLOW_METHODS
+	corsAllowHeaders string // CORS_ALLOW_HEADERS
+	corsMaxAge       int64  // CORS_MAX_AGE
 }
 
 type symlink struct {
@@ -66,12 +70,6 @@ func main() {
 }
 
 func configFromEnvironmentVariables() *config {
-	if len(os.Getenv("AWS_ACCESS_KEY_ID")) == 0 {
-		log.Print("Not defined environment variable: AWS_ACCESS_KEY_ID")
-	}
-	if len(os.Getenv("AWS_SECRET_ACCESS_KEY")) == 0 {
-		log.Print("Not defined environment variable: AWS_SECRET_ACCESS_KEY")
-	}
 	if len(os.Getenv("AWS_S3_BUCKET")) == 0 {
 		log.Fatal("Missing required environment variable: AWS_S3_BUCKET")
 	}
@@ -87,6 +85,10 @@ func configFromEnvironmentVariables() *config {
 	if b, err := strconv.ParseBool(os.Getenv("ACCESS_LOG")); err == nil {
 		accessLog = b
 	}
+	corsMaxAge := int64(600)
+	if i, err := strconv.ParseInt(os.Getenv("CORS_MAX_AGE"), 10, 64); err == nil {
+		corsMaxAge = i
+	}
 	conf := &config{
 		awsRegion:        region,
 		s3Bucket:         os.Getenv("AWS_S3_BUCKET"),
@@ -100,6 +102,10 @@ func configFromEnvironmentVariables() *config {
 		sslCert:          os.Getenv("SSL_CERT_PATH"),
 		sslKey:           os.Getenv("SSL_KEY_PATH"),
 		stripPath:        os.Getenv("STRIP_PATH"),
+		corsAllowOrigin:  os.Getenv("CORS_ALLOW_ORIGIN"),
+		corsAllowMethods: os.Getenv("CORS_ALLOW_METHODS"),
+		corsAllowHeaders: os.Getenv("CORS_ALLOW_HEADERS"),
+		corsMaxAge:       corsMaxAge,
 	}
 	// Proxy
 	log.Printf("[config] Proxy to %v", conf.s3Bucket)
@@ -113,6 +119,10 @@ func configFromEnvironmentVariables() *config {
 	if (len(conf.basicAuthUser) > 0) && (len(conf.basicAuthPass) > 0) {
 		log.Printf("[config] Basic authentication: %s", conf.basicAuthUser)
 	}
+	// CORS
+	if (len(conf.corsAllowOrigin) > 0) && (conf.corsMaxAge > 0) {
+		log.Printf("[config] CORS enabled: %s", conf.corsAllowOrigin)
+	}
 	return conf
 }
 
@@ -128,6 +138,12 @@ func (r *custom) WriteHeader(status int) {
 
 func wrapper(f func(w http.ResponseWriter, r *http.Request)) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if (len(c.corsAllowOrigin) > 0) && (len(c.corsAllowMethods) > 0) && (len(c.corsAllowHeaders) > 0) && (c.corsMaxAge > 0) {
+			w.Header().Set("Access-Control-Allow-Origin", c.corsAllowOrigin)
+			w.Header().Set("Access-Control-Allow-Methods", c.corsAllowMethods)
+			w.Header().Set("Access-Control-Allow-Headers", c.corsAllowHeaders)
+			w.Header().Set("Access-Control-Max-Age", strconv.FormatInt(c.corsMaxAge, 10))
+		}
 		if (len(c.basicAuthUser) > 0) && (len(c.basicAuthPass) > 0) && !auth(r) {
 			w.Header().Set("WWW-Authenticate", `Basic realm="REALM"`)
 			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)

diff --git a/prod/Dockerfile b/prod/Dockerfile
@@ -12,9 +12,9 @@ RUN apk add --no-cache ca-certificates
 RUN apk --no-cache add --virtual build-dependencies bash gcc musl-dev openssl go git \
 
     # Install go 1.8
-    && GOLANG_VERSION=1.8rc3 \
+    && GOLANG_VERSION=1.8 \
     && GOLANG_SRC_URL=https://golang.org/dl/go$GOLANG_VERSION.src.tar.gz \
-    && GOLANG_SRC_SHA256=38b1c1738f111f7bccdd372efca2aa98a7bad1ca2cb21767ba69f34ae007499c \
+    && GOLANG_SRC_SHA256=406865f587b44be7092f206d73fc1de252600b79b3cacc587b74b5ef5c623596 \
     && export GOROOT_BOOTSTRAP="$(go env GOROOT)" \
     && wget -q "$GOLANG_SRC_URL" -O golang.tar.gz \
     && echo "$GOLANG_SRC_SHA256  golang.tar.gz" | sha256sum -c - \
@@ -32,7 +32,7 @@ RUN apk --no-cache add --virtual build-dependencies bash gcc musl-dev openssl go
     && mv /go/bin/aws-s3-proxy /usr/bin \
 
     # Clean up
-    && apk del --purge build-dependencies \
+    && apk del --purge -r build-dependencies \
     && rm -rf /usr/local/go /usr/lib/go /go /golang.tar.gz /*.patch
 
 EXPOSE 80