public createCorsRequestMiddleware()

in src/table/middleware/PreflightMiddlewareFactory.ts [141:231]

• 79 lines of code
• 16 McCabe index (conditional complexity)

  public createCorsRequestMiddleware(
    metadataStore: ITableMetadataStore,
    blockErrorRequest: boolean = false
  ): ErrorRequestHandler | RequestHandler {
    const internalMethod = (
      err: MiddlewareError | Error | undefined,
      req: Request,
      res: Response,
      next: NextFunction
    ) => {
      if (req.method.toUpperCase() === MethodConstants.OPTIONS) {
        return next(err);
      }

      const context = new TableStorageContext(
        res.locals,
        DEFAULT_TABLE_CONTEXT_PATH
      );

      const account = context.account!;

      const origin = req.headers[HeaderConstants.ORIGIN] as string | undefined;
      if (origin === undefined) {
        return next(err);
      }

      const method = req.method;
      if (method === undefined || typeof method !== "string") {
        return next(err);
      }

      metadataStore
        .getServiceProperties(context, account)
        .then(properties => {
          if (properties === undefined || properties.cors === undefined) {
            return next(err);
          }
          const corsSet = properties.cors;
          const resHeaders = this.getResponseHeaders(
            res,
            err instanceof MiddlewareError ? err : undefined
          );

          // Here we will match CORS settings in order and select first matched CORS
          for (const cors of corsSet) {
            if (
              this.checkOrigin(origin, cors.allowedOrigins) &&
              this.checkMethod(method, cors.allowedMethods)
            ) {
              const exposedHeaders = this.getExposedHeaders(
                resHeaders,
                cors.exposedHeaders || ""
              );

              res.setHeader(
                HeaderConstants.ACCESS_CONTROL_EXPOSE_HEADERS,
                exposedHeaders
              );

              res.setHeader(
                HeaderConstants.ACCESS_CONTROL_ALLOW_ORIGIN,
                cors.allowedOrigins === "*" ? "*" : origin! // origin is not undefined as checked in checkOrigin()
              );

              if (cors.allowedOrigins !== "*") {
                res.setHeader(HeaderConstants.VARY, "Origin");
                res.setHeader(
                  HeaderConstants.ACCESS_CONTROL_ALLOW_CREDENTIALS,
                  "true"
                );
              }

              return next(err);
            }
          }
          if (corsSet.length > 0) {
            res.setHeader(HeaderConstants.VARY, "Origin");
          }
          return next(err);
        })
        .catch(next);
    };

    if (blockErrorRequest) {
      return internalMethod;
    } else {
      return (req: Request, res: Response, next: NextFunction) => {
        internalMethod(undefined, req, res, next);
      };
    }
  }