search

oatpp / example-jwt

A complete example of a CRUD service with API secured with JSON Web Token (JWT)
https://oatpp.io/
Apache License 2.0
6 stars 8 forks source link

[Question] Is it possible to add CORS configuration for authorized failed response? #3

Closed hhashoww closed 1 year ago

hhashoww commented 2 years ago

Hello,

I'm trying to implement the authorization logic in my project, I face a CORS problem when I get the Unauthorized (401) response from the oatpp server

image

I know there is a macro ADD_CORS that can handle the CORS problem at each END POINT but Is it possible to add CORS configuration in my authorize callback function?

class BearerAuthorizationObject : public oatpp::web::server::handler::AuthorizationObject {
 public:
  // oatpp::String user;
  // oatpp::String password;
  oatpp::String token;
};

class MyBearerAuthorizationHandler : public oatpp::web::server::handler::BearerAuthorizationHandler {
 public:
  MyBearerAuthorizationHandler() : oatpp::web::server::handler::BearerAuthorizationHandler("my-realm") {}

  std::shared_ptr<AuthorizationObject> authorize(const oatpp::String& token) override {

    if (token == "4e99e8c12de7e01535248d2bac85e732") {
      auto obj = std::make_shared<BearerAuthorizationObject>();
      obj->user = "foo";
      obj->password = "bar";
      obj->token = token;
      return obj;
    }

    return nullptr;
  }
};
lganzzzo commented 2 years ago

Hello @hhashoww ,

This project implements this. Please look here - https://github.com/oatpp/example-jwt/blob/master/src/AppComponent.hpp#L68

Make sure to add interceptors in the same order:

    auto connectionHandler = oatpp::web::server::HttpConnectionHandler::createShared(router);

    connectionHandler->setErrorHandler(std::make_shared<ErrorHandler>(objectMapper));

    connectionHandler->addRequestInterceptor(std::make_shared<oatpp::web::server::interceptor::AllowOptionsGlobal>());
    connectionHandler->addRequestInterceptor(std::make_shared<AuthInterceptor>(jwt));

    connectionHandler->addResponseInterceptor(std::make_shared<oatpp::web::server::interceptor::AllowCorsGlobal>());

AllowOptionsGlobal Request Interceptor must go before AuthInterceptor.
And don't forget to add AllowCorsGlobal Response Interceptor.

hhashoww commented 2 years ago

Hi @lganzzzo,

I do really appreciate your help and I'd give it a try. If any progress has been made, I'll share the result here 👍

hhashoww commented 2 years ago

I can't integrate the example to my project, my application is built on Windows 10

And I'm not familiar with jwt-cpp, but I think the default "jwt.h" should provide the jwt::picojson_traits? so I copy the basic files in the jwt-cpp library to my project folder

jwt-cpp/
├─ jwt.h
├─ base.h
├─ traits/
│  ├─ kazuho-picojson/
│  │  ├─ traits.h
│  │  ├─ defaults.h

But the compiled result is failed image

:(

lganzzzo commented 2 years ago

Hello @hhashoww ,

I'm not sure what is your question about:)? The original question was about CORS - for this you don't need to integrate anything - just add CORS interceptors.

hhashoww commented 1 year ago

Hello @lganzzzo

I think the remaining problem of the integration is out of the scope I'll close the issue :)

Thanks again for your help