Add CORS support

README.md

@@ -45,6 +45,13 @@ Edit or change the db.env file to your liking. Then, run the following command:
 ```bash
 docker-compose --env-file db.env up --build
 ```
+
+Note this generates a self-signed cert & key during the build, separate from anything you might have in cert.pem file.
+So once it built, you want to run this to get the same ./cert.pem:
+```
+docker run blood-donation-backend_blood-info /bin/cat cert.pem > cert.pem
+```
+
 ### Stopping the containers
 ```bash
 docker-compose --env-file db.env down --remove-orphans --volumes --rmi local

cmd/server/Dockerfile

@@ -20,6 +20,8 @@ COPY --from=build /app/blood-info blood-info
 COPY --from=build /app/tls-self-signed-cert tls-self-signed-cert
 
 # FIXME: This is a hack to get the self-signed certificate to work. There must be a better way.
+# FIXME: This makes the secret `key.pem` also part of the image; uploading the image anywhere would leak it!
+# FIXME: any prior `cert.pem` & `key.pem` you had in current dir are *also* leaked in the COPY layer.
 RUN ./tls-self-signed-cert
 
 RUN addgroup -S gouser && adduser -S gouser -G gouser

cmd/server/main.go

@@ -8,6 +8,7 @@ import (
 	"github.com/il-blood-donation-info/blood-donation-backend/pkg/api"
 	"github.com/il-blood-donation-info/blood-donation-backend/server"
 	middleware "github.com/oapi-codegen/nethttp-middleware"
+	"github.com/rs/cors"
 	"gorm.io/driver/postgres"
 	"gorm.io/gorm"
 	"log"
@@ -51,9 +52,15 @@ func main() {
 	swagger.Servers = nil
 
 	strictBloodInfoServer := server.NewStrictBloodInfoServer(db)
-	strictHandler := api.NewStrictHandler(strictBloodInfoServer, nil)
+
+	// We can add 2 kinds of middlewares:
+	// - "strict" middlewares here deal in per-request generated `api` types.
+	// - r.Use() chi middlewares below deal in de-facto standard `http.Handler`.
+	strictMiddlewares := []api.StrictMiddlewareFunc{}
+	strictHandler := api.NewStrictHandler(strictBloodInfoServer, strictMiddlewares)
 
 	r := chi.NewRouter()
+	r.Use(cors.Default().Handler) // Tell browsers cross-origin requests OK from any domain.
 	r.Use(middleware.OapiRequestValidator(swagger))
 	api.HandlerFromMux(strictHandler, r)
 	s := &http.Server{

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/go-chi/chi/v5 v5.0.10
 	github.com/oapi-codegen/nethttp-middleware v1.0.1
 	github.com/oapi-codegen/runtime v1.0.0
+	github.com/rs/cors v1.10.1
 	gorm.io/driver/postgres v1.5.3
 	gorm.io/gorm v1.25.5
 )

go.sum

@@ -56,6 +56,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo=
+github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/spkg/bom v0.0.0-20160624110644-59b7046e48ad/go.mod h1:qLr4V1qq6nMqFKkMo8ZTx3f+BZEkzsRUY10Xsm2mwU0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=