diff --git a/src/getAccessToken.js b/src/getAccessToken.js index 7fcfb21..03c6191 100644 --- a/src/getAccessToken.js +++ b/src/getAccessToken.js @@ -10,7 +10,9 @@ export async function verifyAccessToken(request, env, ctx) { const timestamp = headers.get('x-timestamp'); const token = headers.get('x-access-token'); const secretBase = env.ACCESS_TOKEN_BASE; - return token === await getAccessToken(subid, timestamp, secretBase); + const adminSecret = env.ADMIN_SECRET; + return token === await getAccessToken(subid, timestamp, secretBase) + || token === adminSecret; } export async function getAccessTokenDispatcher(request, env, ctx) { @@ -23,7 +25,14 @@ export async function getAccessTokenDispatcher(request, env, ctx) { const token = await getAccessToken(subid, timestamp, secretBase); const res = JSON.stringify({ token, timestamp }); - return new Response(res, { status: 200 }); + return new Response(res, { + status: 200, + headers: { + 'Access-Control-Allow-Origin': request.headers.get('Origin'), + 'Access-Control-Allow-Methods': '*', + 'Access-Control-Allow-Headers': '*', + }, + }); } export default getAccessTokenDispatcher; \ No newline at end of file diff --git a/src/index.js b/src/index.js index 3389c5a..5bfbfe5 100644 --- a/src/index.js +++ b/src/index.js @@ -23,10 +23,6 @@ export default { }}); } - if (request.method === 'GET' && uri === '/getAccessToken') { - return await getAccessTokenDispatcher(request, env, ctx); - } - if (request.method === 'GET' && uri === '/auth') { return await authDispatcher(request, env, ctx); } @@ -42,6 +38,17 @@ export default { if (request.method === 'PUT') { return await putDispatcher(request, env, ctx); } + + if (request.method === 'OPTIONS') { + return new Response(null, { + status: 200, + headers: { + 'Access-Control-Allow-Origin': request.headers.get('Origin'), + 'Access-Control-Allow-Methods': 'GET,PUT,OPTIONS', + 'Access-Control-Allow-Headers': '*', + }, + }); + } return new Response('', { status: 200 }); }, diff --git a/src/put.js b/src/put.js index 6a0d372..baa89c2 100644 --- a/src/put.js +++ b/src/put.js @@ -11,9 +11,8 @@ async function invalidPutRequest(request, env, ctx) { const contentType = headers.get('content-type'); return (subid === null) - || (!subid.match(/^[a-zA-Z0-9]{1,32}$/)) - || (!await verifyAccessToken(request, env, ctx)) - || (!allowedContentTypes.includes(contentType)); + || (!allowedContentTypes.includes(contentType)) + || (!await verifyAccessToken(request, env, ctx)); } export async function putDispatcher(request, env, ctx) { @@ -29,14 +28,14 @@ export async function putDispatcher(request, env, ctx) { if (await invalidPutRequest(request, env, ctx)) return new Response(null, { status: 401, statusText: 'Unauthorized' }); - const subid = headers.get('x-subject-id'); + const studyId = headers.get('x-study-id'); + const subjectId = headers.get('x-subject-id'); const data = await request.text(); - const objectKey = `${subid}${uri}`; + const objectKey = `${keyPrefix}${studyId}/${subjectId}${uri}`; const customMetadata = JSON.parse(headers.get('x-metadata') || '{}'); const httpMetadata = { contentType: headers.get('content-type') }; const result = await bucket.put( - keyPrefix + objectKey, - data, + objectKey, data, { customMetadata, httpMetadata } ); @@ -45,7 +44,14 @@ export async function putDispatcher(request, env, ctx) { objectKey, etag: result.etag, message: 'Data saved successfully', - }), { status: 200 }); + }), { + status: 200, + headers: { + 'Access-Control-Allow-Origin': headers.get('Origin'), + 'Access-Control-Allow-Methods': 'GET,PUT,OPTIONS', + 'Access-Control-Allow-Headers': '*', + } + }); } catch (e) { console.log(e); return new Response(null, { status: 400 }); } }