close #21 with cors() method

jeremydaly · jeremydaly · commit 04a355d6f131 · 2018-04-23T17:49:27.000-04:00
diff --git a/lib/response.js b/lib/response.js
@@ -317,6 +317,29 @@ class RESPONSE {
   // TODO: sendStatus
 
 
+  // Convenience method for setting CORS headers
+  cors(options) {
+    const opts = typeof options === 'object' ? options : {}
+
+    // Check for existing headers
+    let acao = this.getHeader('Access-Control-Allow-Origin')
+    let acam = this.getHeader('Access-Control-Allow-Methods')
+    let acah = this.getHeader('Access-Control-Allow-Headers')
+
+    // Default CORS headers
+    this.header('Access-Control-Allow-Origin',opts.origin ? opts.origin : (acao ? acao : '*'))
+    this.header('Access-Control-Allow-Methods',opts.methods ? opts.methods : (acam ? acam : 'GET, PUT, POST, DELETE, OPTIONS'))
+    this.header('Access-Control-Allow-Headers',opts.headers ? opts.headers : (acah ? acah : 'Content-Type, Authorization, Content-Length, X-Requested-With'))
+
+    // Optional CORS headers
+    if(opts.maxAge && !isNaN(opts.maxAge)) this.header('Access-Control-Max-Age',(opts.maxAge/1000|0).toString())
+    if(opts.credentials) this.header('Access-Control-Allow-Credentials',opts.credentials.toString())
+    if(opts.exposeHeaders) this.header('Access-Control-Expose-Headers',opts.exposeHeaders)
+
+    return this
+  }
+
+
 
   // Sends the request to the main callback
   send(body) {
diff --git a/test/headers.js b/test/headers.js
@@ -49,6 +49,28 @@ api.get('/getHeader', function(req,res) {
   })
 })
 
+api.get('/cors', function(req,res) {
+  res.cors().json({})
+})
+
+api.get('/corsCustom', function(req,res) {
+  res.cors({
+    origin: 'example.com',
+    methods: 'GET, OPTIONS',
+    headers: 'Content-Type, Authorization',
+    maxAge: 84000000,
+    credentials: true,
+    exposeHeaders: 'Content-Type'
+  }).json({})
+})
+
+api.get('/corsOverride', function(req,res) {
+  res.cors().cors({
+    origin: 'example.com',
+    credentials: true
+  }).json({})
+})
+
 
 /******************************************************************************/
 /***  BEGIN TESTS                                                           ***/
@@ -104,4 +126,66 @@ describe('Header Tests:', function() {
     })
   }) // end it
 
+
+  it('Add Default CORS Headers', function() {
+    let _event = Object.assign({},event,{ path: '/cors'})
+
+    return new Promise((resolve,reject) => {
+      api.run(_event,{},function(err,res) { resolve(res) })
+    }).then((result) => {
+      expect(result).to.deep.equal({
+        headers: {
+          'Content-Type': 'application/json',
+          'Access-Control-Allow-Headers': 'Content-Type, Authorization, Content-Length, X-Requested-With',
+          'Access-Control-Allow-Methods': 'GET, PUT, POST, DELETE, OPTIONS',
+          'Access-Control-Allow-Origin': '*'
+        }, statusCode: 200,
+        body: '{}',
+        isBase64Encoded: false
+      })
+    })
+  }) // end it
+
+  it('Add Custom CORS Headers', function() {
+    let _event = Object.assign({},event,{ path: '/corsCustom'})
+
+    return new Promise((resolve,reject) => {
+      api.run(_event,{},function(err,res) { resolve(res) })
+    }).then((result) => {
+      expect(result).to.deep.equal({
+        headers: {
+          'Content-Type': 'application/json',
+          'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+          'Access-Control-Allow-Methods': 'GET, OPTIONS',
+          'Access-Control-Allow-Origin': 'example.com',
+          'Access-Control-Allow-Credentials': 'true',
+          'Access-Control-Expose-Headers': 'Content-Type',
+          'Access-Control-Max-Age': '84000'
+        }, statusCode: 200,
+        body: '{}',
+        isBase64Encoded: false
+      })
+    })
+  }) // end it
+
+  it('Override CORS Headers', function() {
+    let _event = Object.assign({},event,{ path: '/corsOverride'})
+
+    return new Promise((resolve,reject) => {
+      api.run(_event,{},function(err,res) { resolve(res) })
+    }).then((result) => {
+      expect(result).to.deep.equal({
+        headers: {
+          'Content-Type': 'application/json',
+          'Access-Control-Allow-Headers': 'Content-Type, Authorization, Content-Length, X-Requested-With',
+          'Access-Control-Allow-Methods': 'GET, PUT, POST, DELETE, OPTIONS',
+          'Access-Control-Allow-Origin': 'example.com',
+          'Access-Control-Allow-Credentials': 'true'
+        }, statusCode: 200,
+        body: '{}',
+        isBase64Encoded: false
+      })
+    })
+  }) // end it
+
 }) // end HEADER tests
