Add CORS support

app/middlewares.php

@@ -12,3 +12,4 @@ declare(strict_types=1);
 
 $app->add(new App\Middleware\JsonBodyParserMiddleware());
 $app->add(new App\Middleware\ContentTypeJsonMiddleware());
+$app->add(new App\Middleware\CorsMiddleware());

docker-compose.yml

@@ -19,7 +19,7 @@ services:
             LOGGER_PATH: "php://stderr"
             LOGGER_LEVEL: "debug"
         ports:
-            - 8082:80
+            - 8080:80
         volumes:
             - .:/project
             - ./conf-dev/dev-php.ini:/usr/local/etc/php/conf.d/dev-php.ini

src/Middleware/CorsMiddleware.php

+<?php
+
+/*
+ * This file is part of Anis Auth.
+ *
+ * (c) Laboratoire d'Astrophysique de Marseille / CNRS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace App\Middleware;
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+use Psr\Http\Server\MiddlewareInterface;
+
+/**
+ * Middleware to allow resources to be requested from another origin
+ *
+ * @author Tifenn Guillas <tifenn.guillas@lam.fr>
+ * @package App\Middleware
+ */
+final class CorsMiddleware implements MiddlewareInterface
+{
+    /**
+     * Allow resources to be requested from another origin
+     *
+     * @param  ServerRequest  $request PSR-7 request
+     * @param  RequestHandler $handler PSR-15 request handler
+     *
+     * @return Response
+     */
+    public function process(Request $request, RequestHandler $handler): Response
+    {
+        $response = $handler->handle($request);
+
+        if ($request->getMethod() === OPTIONS) {
+            return $response
+                ->withHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization')
+                ->withHeader('Access-Control-Allow-Origin', '*');
+        }
+
+        return $response
+            ->withHeader('Access-Control-Allow-Origin', '*');
+    }
+}

tests/Middleware/CorsMiddlewareTest.php

+<?php
+
+/*
+ * This file is part of Anis Auth.
+ *
+ * (c) Laboratoire d'Astrophysique de Marseille / CNRS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace App\Tests\Middleware;
+
+use PHPUnit\Framework\TestCase;
+use Nyholm\Psr7\ServerRequest;
+use Nyholm\Psr7\Response;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+
+final class CorsMiddlewareTest extends TestCase
+{
+    public function testCorsHeadersForOptionsMethod()
+    {
+        $request = new ServerRequest('OPTIONS', '/');
+
+        $requestHandler = $this->getMockBuilder(RequestHandler::class)
+            ->disableOriginalConstructor()
+            ->setMethods(['handle'])
+            ->getMock();
+
+        $requestHandler->method('handle')
+            ->with($this->identicalTo($request))
+            ->will($this->returnValue(new Response()));
+
+        $corsMiddleware = new \App\Middleware\CorsMiddleware();
+        $response = $corsMiddleware->process($request, $requestHandler);
+        $this->assertSame((string) $response->getHeaderLine('Access-Control-Allow-Origin'), '*');
+        $this->assertSame('Content-Type, Authorization', (string) $response->getHeaderLine('Access-Control-Allow-Headers'));
+    }
+    
+    public function testCorsHeadersForGetMethod()
+    {
+        $request = new ServerRequest('GET', '/');
+
+        $requestHandler = $this->getMockBuilder(RequestHandler::class)
+            ->disableOriginalConstructor()
+            ->setMethods(['handle'])
+            ->getMock();
+
+        $requestHandler->method('handle')
+            ->with($this->identicalTo($request))
+            ->will($this->returnValue(new Response()));
+
+        $corsMiddleware = new \App\Middleware\CorsMiddleware();
+        $response = $corsMiddleware->process($request, $requestHandler);
+        $this->assertSame((string) $response->getHeaderLine('Access-Control-Allow-Origin'), '*');
+    }
+}