feat(app): auto-cors

Author: ShGKme

.env

@@ -2,7 +2,6 @@ PORT=3000
 HOST=127.0.0.1
 SECRET=secret_key
 PUBLIC_URL=https://course-vue.javascript.ru
-CORS_ORIGIN=*
 
 # Admin key is used to protect some maintenance features; remove or set empty to disable
 # ADMIN_KEY=admin_key

src/app.module.ts

@@ -1,4 +1,4 @@
-import { Module } from '@nestjs/common';
+import { MiddlewareConsumer, Module } from '@nestjs/common';
 import { MikroOrmModule } from '@mikro-orm/nestjs';
 import { ScheduleModule } from '@nestjs/schedule';
 import { ConfigModule, ConfigService } from '@nestjs/config';
@@ -10,6 +10,7 @@ import { ImagesModule } from './images/images.module';
 import { MaintenanceModule } from './maintenance/maintenance.module';
 import config from './mikro-orm.config';
 import { configuration } from './configuration';
+import { CorsMiddleware } from './common/middleware/cors.middleware';
 
 @Module({
   imports: [
@@ -40,4 +41,8 @@ import { configuration } from './configuration';
     MaintenanceModule,
   ],
 })
-export class AppModule {}
+export class AppModule {
+  configure(consumer: MiddlewareConsumer) {
+    consumer.apply(CorsMiddleware).forRoutes('*');
+  }
+}

src/common/middleware/cors.middleware.ts

@@ -0,0 +1,11 @@
+import { Injectable, NestMiddleware } from '@nestjs/common';
+import { Request, Response, NextFunction } from 'express';
+
+@Injectable()
+export class CorsMiddleware implements NestMiddleware {
+  use(request: Request, response: Response, next: NextFunction) {
+    response.header('Access-Control-Allow-Origin', request.headers.origin);
+    response.header('Access-Control-Allow-Credentials', 'true');
+    next();
+  }
+}

src/configuration.ts

@@ -2,7 +2,6 @@ export const configuration = () => ({
   port: parseInt(process.env.PORT, 10) ?? 3000,
   host: process.env.HOST ?? '127.0.0.1',
   publicUrl: process.env.PUBLIC_URL ?? 'https://course-vue.javascript.ru',
-  corsOrigin: process.env.CORS_ORIGIN ?? '*',
   secret: process.env.SECRET ?? 'secret',
   adminKey: process.env.ADMIN_KEY,
   dbRefreshCron: process.env.DB_REFRESH_CRON,

src/main.ts

@@ -7,16 +7,13 @@ import passport from 'passport';
 import session from 'express-session';
 import SQLiteStoreFactory from 'connect-sqlite3';
 import { AppModule } from './app.module';
+import * as process from 'process';
 
 async function bootstrap() {
   const app = await NestFactory.create<NestExpressApplication>(AppModule);
   const configService = app.get<ConfigService>(ConfigService);
 
   app.setGlobalPrefix('api');
-  app.enableCors({
-    origin: configService.get('corsOrigin'),
-    credentials: true,
-  });
   app.set('trust proxy', 1);
   app.use(
     session({