From c305811e3abafb1a8e948e7a45fabb6e8dabf00c Mon Sep 17 00:00:00 2001
From: Roman <roman@osmosis.team>
Date: Fri, 12 Apr 2024 15:07:05 -0600
Subject: [PATCH] Sentry CORS config (#169)

---
 app/sidecar_query_server.go |  2 +-
 config-testnet.json         |  5 +++++
 config.json                 |  5 +++++
 domain/config.go            | 17 +++++++++++++++++
 domain/router.go            |  9 ---------
 middleware/middleware.go    | 13 ++++++++-----
 6 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/app/sidecar_query_server.go b/app/sidecar_query_server.go
index d9a937f57..b292a8356 100644
--- a/app/sidecar_query_server.go
+++ b/app/sidecar_query_server.go
@@ -86,7 +86,7 @@ func (sqs *sideCarQueryServer) Start(context.Context) error {
 func NewSideCarQueryServer(appCodec codec.Codec, config domain.Config, logger log.Logger) (SideCarQueryServer, error) {
 	// Setup echo server
 	e := echo.New()
-	middleware := middleware.InitMiddleware()
+	middleware := middleware.InitMiddleware(config.CORS)
 	e.Use(middleware.CORS)
 	e.Use(middleware.InstrumentMiddleware)
 	e.Use(middleware.TraceWithParamsMiddleware("sqs"))
diff --git a/config-testnet.json b/config-testnet.json
index 80ec22b5e..92981270e 100644
--- a/config-testnet.json
+++ b/config-testnet.json
@@ -46,6 +46,11 @@
 		"traces-sample-rate":   1,
 		"profiles-sample-rate": 1, 
         "environment" : "production"
+    },
+    "cors": {
+        "allowed-headers": "Origin, Accept, Content-Type, X-Requested-With, X-Server-Time, Origin, Accept, Content-Type, X-Requested-With, X-Server-Time, Accept-Encoding, sentry-trace, baggage",
+        "allowed-methods": "HEAD, GET, POST, HEAD, GET, POST, DELETE, OPTIONS, PATCH, PUT",
+        "allowed-origins": "*"
     }
   }
   
\ No newline at end of file
diff --git a/config.json b/config.json
index dadbf7f8a..3b4e73524 100644
--- a/config.json
+++ b/config.json
@@ -44,6 +44,11 @@
 		"traces-sample-rate":   1,
 		"profiles-sample-rate": 1, 
         "environment" : "production"
+    },
+    "cors": {
+        "allowed-headers": "Origin, Accept, Content-Type, X-Requested-With, X-Server-Time, Origin, Accept, Content-Type, X-Requested-With, X-Server-Time, Accept-Encoding, sentry-trace, baggage",
+        "allowed-methods": "HEAD, GET, POST, HEAD, GET, POST, DELETE, OPTIONS, PATCH, PUT",
+        "allowed-origins": "*"
     }
 }
   
\ No newline at end of file
diff --git a/domain/config.go b/domain/config.go
index 906f92d0c..203dce95b 100644
--- a/domain/config.go
+++ b/domain/config.go
@@ -31,4 +31,21 @@ type Config struct {
 	GRPCIngester *GRPCIngesterConfig `mapstructure:"grpc-ingester"`
 
 	OTEL *OTELConfig `mapstructure:"otel"`
+
+	CORS *CORSConfig `mapstructure:"cors"`
+}
+
+type OTELConfig struct {
+	DSN                string  `mapstructure:"dsn"`
+	SampleRate         float64 `mapstructure:"sample-rate"`
+	EnableTracing      bool    `mapstructure:"enable-tracing"`
+	TracesSampleRate   float64 `mapstructure:"traces-sample-rate"`
+	ProfilesSampleRate float64 `mapstructure:"profiles-sample-rate"`
+	Environment        string  `mapstructure:"environment"`
+}
+
+type CORSConfig struct {
+	AllowedHeaders string `mapstructure:"allowed-headers"`
+	AllowedMethods string `mapstructure:"allowed-methods"`
+	AllowedOrigin  string `mapstructure:"allowed-origin"`
 }
diff --git a/domain/router.go b/domain/router.go
index f231b37a8..de4699d7d 100644
--- a/domain/router.go
+++ b/domain/router.go
@@ -86,15 +86,6 @@ type PoolsConfig struct {
 	GeneralCosmWasmCodeIDs []uint64 `mapstructure:"general-cosmwasm-code-ids"`
 }
 
-type OTELConfig struct {
-	DSN                string  `mapstructure:"dsn"`
-	SampleRate         float64 `mapstructure:"sample-rate"`
-	EnableTracing      bool    `mapstructure:"enable-tracing"`
-	TracesSampleRate   float64 `mapstructure:"traces-sample-rate"`
-	ProfilesSampleRate float64 `mapstructure:"profiles-sample-rate"`
-	Environment        string  `mapstructure:"environment"`
-}
-
 const DisableSplitRoutes = 0
 
 type RouterState struct {
diff --git a/middleware/middleware.go b/middleware/middleware.go
index 9786312de..a43fcef5c 100644
--- a/middleware/middleware.go
+++ b/middleware/middleware.go
@@ -15,7 +15,7 @@ import (
 
 // GoMiddleware represent the data-struct for middleware
 type GoMiddleware struct {
-	// another stuff , may be needed by middleware
+	corsConfig domain.CORSConfig
 }
 
 var (
@@ -47,15 +47,18 @@ func init() {
 // CORS will handle the CORS middleware
 func (m *GoMiddleware) CORS(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
-		c.Response().Header().Set("Access-Control-Allow-Origin", "*")
-		c.Response().Header().Set("Access-Control-Allow-Headers", "sentry-trace, baggage")
+		c.Response().Header().Set("Access-Control-Allow-Origin", m.corsConfig.AllowedOrigin)
+		c.Response().Header().Set("Access-Control-Allow-Headers", m.corsConfig.AllowedHeaders)
+		c.Response().Header().Set("Access-Control-Allow-Methods", m.corsConfig.AllowedMethods)
 		return next(c)
 	}
 }
 
 // InitMiddleware initialize the middleware
-func InitMiddleware() *GoMiddleware {
-	return &GoMiddleware{}
+func InitMiddleware(corsConfig *domain.CORSConfig) *GoMiddleware {
+	return &GoMiddleware{
+		corsConfig: *corsConfig,
+	}
 }
 
 // InstrumentMiddleware will handle the instrumentation middleware