clean up cors policy

mixcore · Oct 12, 2023 · 1b6314e · 1b6314e
1 parent 4cd83ab
commit 1b6314e
Show file tree

Hide file tree

Showing 11 changed files with 5,254 additions and 5,152 deletions.
diff --git a/src/applications/Mixcore/Controllers/PostContentApiController.cs b/src/applications/Mixcore/Controllers/PostContentApiController.cs
@@ -1,4 +1,6 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Mvc;
+using Mix.Heart.Exceptions;
 using Mix.Heart.Extensions;
 using Mix.Heart.Helpers;
 using Mix.Lib.Models.Common;
@@ -9,6 +11,7 @@
 
 namespace Mixcore.Controllers
 {
+    [EnableCors(MixCorsPolicies.PublicApis)]
     [Route("api/v2/rest/mixcore/post-content")]
     public sealed class PostContentApiController : MixQueryApiControllerBase<PostContentViewModel, MixCmsContext, MixPostContent, int>
     {
@@ -29,8 +32,8 @@ public PostContentApiController(
             IMixMetadataService metadataService,
             MixRepoDbRepository repoDbRepository,
             IPortalHubClientService portalHub,
-            IMixTenantService mixTenantService) 
-            : base(httpContextAccessor, configuration, 
+            IMixTenantService mixTenantService)
+            : base(httpContextAccessor, configuration,
                   cacheService, translator, mixIdentityService, uow, queueService, portalHub, mixTenantService)
         {
             _postService = postService;
@@ -42,36 +45,48 @@ public PostContentApiController(
         [HttpPost("filter")]
         public async Task<ActionResult<PagingResponseModel<PostContentViewModel>>> Filter([FromBody] FilterContentRequestDto req)
         {
-            var searchRequest = BuildSearchRequest(req);
-            searchRequest.Predicate = searchRequest.Predicate.AndAlsoIf(
-                !string.IsNullOrEmpty(req.MixDatabaseName), m => m.MixDatabaseName == req.MixDatabaseName);
-            if (!string.IsNullOrEmpty(req.MixDatabaseName) && req.Queries.Count > 0)
+            try
             {
-                _mixRepoDbRepository.InitTableName(req.MixDatabaseName);
-                var listData = await _mixRepoDbRepository.GetListByAsync(req.Queries, "id, parentId");
-                if (listData != null)
+                var searchRequest = BuildSearchRequest(req);
+                searchRequest.Predicate = searchRequest.Predicate.AndAlsoIf(
+                    !string.IsNullOrEmpty(req.MixDatabaseName), m => m.MixDatabaseName == req.MixDatabaseName);
+                if (!string.IsNullOrEmpty(req.MixDatabaseName) && req.Queries.Count > 0)
                 {
-                    List<int> allowIds = new();
-                    foreach (var data in listData)
+                    _mixRepoDbRepository.InitTableName(req.MixDatabaseName);
+                    var listData = await _mixRepoDbRepository.GetListByAsync(req.Queries, "Id, ParentId");
+                    if (listData != null)
                     {
-                        allowIds.Add(ReflectionHelper.ParseObject(data).Value<int>("parentId"));
+                        List<int> allowIds = new();
+                        foreach (var data in listData)
+                        {
+                            // used JObject.FromObject to keep original reponse fieldName
+                            allowIds.Add(JObject.FromObject(data).Value<int>("ParentId"));
+                        }
+                        searchRequest.Predicate = searchRequest.Predicate.AndAlso(m => allowIds.Contains(m.Id));
                     }
-                    searchRequest.Predicate = searchRequest.Predicate.AndAlso(m => allowIds.Contains(m.Id));
                 }
+                var result = await Repository.GetPagingAsync(searchRequest.Predicate, searchRequest.PagingData);
+                foreach (var item in result.Items)
+                {
+                    await item.LoadAdditionalDataAsync(_repoDbRepository, _metadataService, CacheService);
+                }
+                return Ok(ParseSearchResult(req, result));
             }
-            var result = await Repository.GetPagingAsync(searchRequest.Predicate, searchRequest.PagingData);
-            foreach (var item in result.Items)
+            catch (MixException)
             {
-                await item.LoadAdditionalDataAsync(_repoDbRepository, _metadataService, CacheService);
+                throw;
+            }
+            catch (Exception ex)
+            {
+                throw new MixException(MixErrorStatus.Badrequest, ex);
             }
-            return Ok(ParseSearchResult(req, result));
         }
 
         protected override async Task<PagingResponseModel<PostContentViewModel>> SearchHandler(SearchRequestDto req, CancellationToken cancellationToken = default)
         {
             var searchPostQuery = new SearchPostQueryModel(Request, req, CurrentTenant.Id);
-            
-            var result= await _postService.SearchPosts(searchPostQuery, cancellationToken);
+
+            var result = await _postService.SearchPosts(searchPostQuery, cancellationToken);
             foreach (var item in result.Items)
             {
                 await item.LoadAdditionalDataAsync(_mixRepoDbRepository, _metadataService, CacheService);

diff --git a/src/applications/Mixcore/Startup.cs b/src/applications/Mixcore/Startup.cs
@@ -45,21 +45,14 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
                 // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                 app.UseHsts();
             }
-            app.UseMixCors();
 
             app.UseMixTenant();
 
             app.UseMiddleware<AuditlogMiddleware>();
 
             app.UseRouting();
 
-            // must go between app.UseRouting() and app.UseEndpoints.
-            app.UseMixAuth();
-
-            app.UseMixApps(Assembly.GetExecutingAssembly(), Configuration, env.ContentRootPath, env.IsDevelopment());
-
-            app.UseResponseCompression();
-            app.UseMixResponseCaching();
+            // Typically, UseStaticFiles is called before UseCors. Apps that use JavaScript to retrieve static files cross site must call UseCors before UseStaticFiles.
             app.UseMixStaticFiles(env.ContentRootPath);
             app.UseStaticFiles();
             app.UseStaticFiles(new StaticFileOptions
@@ -68,6 +61,19 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
                     Path.Combine(env.ContentRootPath, MixFolders.TemplatesFolder))
             });
 
+            // UseCors must be placed after UseRouting and before UseAuthorization. This is to ensure that CORS headers are included in the response for both authorized and unauthorized calls.
+            app.UseMixCors();
+
+            // must go between app.UseRouting() and app.UseEndpoints.
+            app.UseMixAuth();
+
+            app.UseMixApps(Assembly.GetExecutingAssembly(), Configuration, env.ContentRootPath, env.IsDevelopment());
+
+            app.UseResponseCompression();
+            app.UseMixResponseCaching();
+
+
+
             if (GlobalConfigService.Instance.AppSettings.IsHttps)
             {
                 app.UseHttpsRedirection();