0.1.1-cors-internal

2025-06-02 22:20:37 +03:00
parent 0982dff45b
commit 30000a4803
7 changed files with 315 additions and 156 deletions
--- a/src/handlers/mod.rs
+++ b/src/handlers/mod.rs
@@ -1,10 +1,21 @@
-mod upload;
 mod proxy;
+mod upload;
 mod serve_file;

-pub use upload::upload_handler;
 pub use proxy::proxy_handler;
-// pub use serve_file::serve_file;
+pub use upload::upload_handler;

 // Лимит квоты на пользователя: 2 ГБ в неделю
 pub const MAX_WEEK_BYTES: u64 = 2 * 1024 * 1024 * 1024;
+
+use actix_web::{HttpResponse, Result, HttpRequest};
+
+/// Обработчик для корневого пути /
+pub async fn root_handler(req: HttpRequest) -> Result<HttpResponse> {
+    match req.method().as_str() {
+        "GET" => Ok(HttpResponse::Ok()
+            .content_type("text/plain")
+            .body("ok")),
+        _ => Ok(HttpResponse::MethodNotAllowed().finish())
+    }
+}
--- a/src/main.rs
+++ b/src/main.rs
@@ -7,9 +7,10 @@ mod thumbnail;
 mod core;
 mod overlay;

-use actix_web::{middleware::Logger, web, App, HttpServer};
+use actix_web::{middleware::Logger, web, App, HttpServer, http::header::{self, HeaderName}};
+use actix_cors::Cors;
 use app_state::AppState;
-use handlers::{proxy_handler, upload_handler};
+use handlers::{proxy_handler, upload_handler, root_handler};
 use log::warn;
 use tokio::task::spawn_blocking;
 use std::env;
@@ -34,9 +35,32 @@ async fn main() -> std::io::Result<()> {
    });

    HttpServer::new(move || {
+        // Настройка CORS middleware
+        let cors = Cors::default()
+            .allow_any_origin() // TODO: ограничить конкретными доменами в продакшене
+            .allowed_methods(vec!["GET", "POST", "OPTIONS"])
+            .allowed_headers(vec![
+                header::DNT,
+                header::USER_AGENT,
+                HeaderName::from_static("x-requested-with"),
+                header::IF_MODIFIED_SINCE,
+                header::CACHE_CONTROL,
+                header::CONTENT_TYPE,
+                header::RANGE,
+                header::AUTHORIZATION,
+            ])
+            .expose_headers(vec![
+                header::CONTENT_LENGTH,
+                header::CONTENT_RANGE,
+            ])
+            .supports_credentials()
+            .max_age(1728000); // 20 дней
+
        App::new()
            .app_data(web::Data::new(app_state.clone()))
+            .wrap(cors)
            .wrap(Logger::default())
+            .route("/", web::get().to(root_handler))
            .route("/", web::post().to(upload_handler))
            .route("/{path:.*}", web::get().to(proxy_handler))
    })