From a2a2863d624cb68a9a44c23b672aa040818823ca Mon Sep 17 00:00:00 2001
From: Lucien Cartier-Tilet <lucien@phundrak.com>
Date: Wed, 4 Jan 2023 14:42:55 +0100
Subject: [PATCH] Add CORS and authorized origins to server

---
 .env.example               |  2 ++
 Cargo.toml                 | 12 +++++++-
 src/db/models/languages.rs |  8 +++---
 src/db/models/words.rs     |  6 ++--
 src/main.rs                | 57 ++++++++++++++++++++++++++++++++++++--
 5 files changed, 75 insertions(+), 10 deletions(-)

diff --git a/.env.example b/.env.example
index 7956ca6..7f3d3fb 100644
--- a/.env.example
+++ b/.env.example
@@ -1,3 +1,5 @@
+ORDABOK_HOSTS=https://example.com # if empty or unset, CORS will allow all origins
+
 # Database
 POSTGRES_HOST=0.0.0.0
 POSTGRES_PASSWORD=changeme
diff --git a/Cargo.toml b/Cargo.toml
index 445e5a2..ebb308f 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,8 +6,18 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+# Environment variables
+dotenvy = "0.15"
+
+# Database
 diesel = { version = "2.0", features = ["postgres", "chrono"] }
 diesel-derive-enum = { version = "2.0.0-rc.0", features = ["postgres"] }
 chrono = "0.4.23"
 
-dotenvy = "0.15"
\ No newline at end of file
+# Web server
+rocket = "0.5.0-rc.2"
+rocket_cors = { git = "https://github.com/lawliet89/rocket_cors", rev = "c17e814" }
+
+# logging
+tracing = "0.1.37"
+tracing-subscriber = "0.3.16"
\ No newline at end of file
diff --git a/src/db/models/languages.rs b/src/db/models/languages.rs
index 1810a7e..b9d7152 100644
--- a/src/db/models/languages.rs
+++ b/src/db/models/languages.rs
@@ -1,5 +1,5 @@
+use super::super::schema::{langandagents, languages};
 use diesel::prelude::*;
-use super::super::schema::{languages, langandagents};
 
 #[derive(diesel_derive_enum::DbEnum, Debug, Clone, PartialEq, Eq)]
 #[DieselTypePath = "crate::db::schema::sql_types::Release"]
@@ -7,7 +7,7 @@ pub enum Release {
     Public,
     NonCommercial,
     Research,
-    Private
+    Private,
 }
 
 #[derive(diesel_derive_enum::DbEnum, Debug, Clone, PartialEq, Eq)]
@@ -19,14 +19,14 @@ pub enum DictGenre {
     Specialized,
     Historical,
     Orthography,
-    Terminology
+    Terminology,
 }
 
 #[derive(diesel_derive_enum::DbEnum, Debug, Clone, PartialEq, Eq)]
 #[DieselTypePath = "crate::db::schema::sql_types::Agentlanguagerelation"]
 pub enum AgentLanguageRelation {
     Publisher,
-    Author
+    Author,
 }
 
 #[derive(Queryable, Insertable, Debug, Clone, PartialEq, Eq)]
diff --git a/src/db/models/words.rs b/src/db/models/words.rs
index 8dda43a..a0d330d 100644
--- a/src/db/models/words.rs
+++ b/src/db/models/words.rs
@@ -1,11 +1,11 @@
-use diesel::prelude::*;
 use super::super::schema::{wordrelation, words};
+use diesel::prelude::*;
 
 #[derive(diesel_derive_enum::DbEnum, Debug, Clone, PartialEq, Eq)]
 #[DieselTypePath = "crate::db::schema::sql_types::Wordrelationship"]
 pub enum WordRelationship {
     Definition,
-    Related
+    Related,
 }
 
 #[derive(diesel_derive_enum::DbEnum, Debug, Clone, PartialEq, Eq)]
@@ -27,7 +27,7 @@ pub enum PartOfSpeech {
     SubjConj,
     Symbol,
     Verb,
-    Other
+    Other,
 }
 
 #[derive(Queryable, Insertable, Debug, Clone, PartialEq, Eq)]
diff --git a/src/main.rs b/src/main.rs
index 8ef45e8..073d1f2 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,58 @@
+#![warn(clippy::style, clippy::pedantic)]
+
 mod db;
 
-fn main() {
-    println!("Hello, world!");
+use std::{env, error::Error};
+
+use dotenvy::dotenv;
+use tracing::{debug, info, Level};
+use tracing_subscriber::FmtSubscriber;
+
+fn setup_logging() {
+    let subscriber = FmtSubscriber::builder()
+        .with_max_level(Level::DEBUG)
+        .finish();
+    tracing::subscriber::set_global_default(subscriber)
+        .expect("Setting default subscriber failed");
+}
+
+fn make_cors() -> Result<rocket_cors::Cors, rocket_cors::Error> {
+    use rocket_cors::{AllowedHeaders, AllowedOrigins};
+    use std::str::FromStr;
+    rocket_cors::CorsOptions {
+        allowed_methods: ["Get", "Post"]
+            .iter()
+            .map(|s| FromStr::from_str(s).unwrap())
+            .collect(),
+        allowed_headers: AllowedHeaders::some(&["Authorization", "Accept"]),
+        allowed_origins: match env::var("ORDABOK_HOSTS") {
+            Ok(val) => {
+                if val.is_empty() {
+                    AllowedOrigins::all()
+                } else {
+                    AllowedOrigins::some_exact(
+                        val.split(',').collect::<Vec<_>>().as_ref(),
+                    )
+                }
+            }
+            Err(_) => AllowedOrigins::all(),
+        },
+        ..Default::default()
+    }
+    .to_cors()
+}
+
+#[rocket::main]
+async fn main() -> Result<(), Box<dyn Error>> {
+    setup_logging();
+
+    info!("Reading environment variables");
+    dotenv().ok();
+
+    let cors = make_cors()?;
+    debug!("CORS: {:?}", cors);
+
+    #[allow(clippy::let_underscore_drop)]
+    let _ = rocket::build().attach(cors).launch().await?;
+    Ok(())
 }