Add support for CORS

src/getAccessToken.js

@@ -10,7 +10,9 @@ export async function verifyAccessToken(request, env, ctx) {
 	const timestamp = headers.get('x-timestamp');
 	const token = headers.get('x-access-token');
     const secretBase = env.ACCESS_TOKEN_BASE;
-    return token === await getAccessToken(subid, timestamp, secretBase);
+    const adminSecret = env.ADMIN_SECRET;
+    return token === await getAccessToken(subid, timestamp, secretBase)
+        || token === adminSecret;
 }
 
 export async function getAccessTokenDispatcher(request, env, ctx) {
@@ -23,7 +25,14 @@ export async function getAccessTokenDispatcher(request, env, ctx) {
     
     const token = await getAccessToken(subid, timestamp, secretBase);
     const res = JSON.stringify({ token, timestamp });
-    return new Response(res, { status: 200 });
+    return new Response(res, {
+        status: 200,
+        headers: {
+            'Access-Control-Allow-Origin': request.headers.get('Origin'),
+            'Access-Control-Allow-Methods': '*',
+            'Access-Control-Allow-Headers': '*',
+        },
+    });
 }
 
 export default getAccessTokenDispatcher;

src/index.js

@@ -23,10 +23,6 @@ export default {
 			}});
 		}
 
-		if (request.method === 'GET' && uri === '/getAccessToken') {
-			return await getAccessTokenDispatcher(request, env, ctx);
-		}
-
 		if (request.method === 'GET' && uri === '/auth') {
 			return await authDispatcher(request, env, ctx);
 		}
@@ -43,6 +39,17 @@ export default {
 			return await putDispatcher(request, env, ctx);
 		}
 
+		if (request.method === 'OPTIONS') {
+			return new Response(null, {
+				status: 200,
+				headers: {
+					'Access-Control-Allow-Origin': request.headers.get('Origin'),
+					'Access-Control-Allow-Methods': 'GET,PUT,OPTIONS',
+					'Access-Control-Allow-Headers': '*',
+				},
+			});
+		}
+		
 		return new Response('', { status: 200 });
 	},
 };

src/put.js

@@ -11,9 +11,8 @@ async function invalidPutRequest(request, env, ctx) {
 	const contentType = headers.get('content-type');
 	
 	return (subid === null)
-		|| (!subid.match(/^[a-zA-Z0-9]{1,32}$/))
+        || (!allowedContentTypes.includes(contentType))
-		|| (!await verifyAccessToken(request, env, ctx))
+		|| (!await verifyAccessToken(request, env, ctx));
-		|| (!allowedContentTypes.includes(contentType));
 }
 
 export async function putDispatcher(request, env, ctx) {
@@ -29,14 +28,14 @@ export async function putDispatcher(request, env, ctx) {
         if (await invalidPutRequest(request, env, ctx))
             return new Response(null, { status: 401, statusText: 'Unauthorized' });
         
-        const subid = headers.get('x-subject-id');
+        const studyId = headers.get('x-study-id');
+        const subjectId = headers.get('x-subject-id');
         const data = await request.text();
-        const objectKey = `${subid}${uri}`;
+        const objectKey = `${keyPrefix}${studyId}/${subjectId}${uri}`;
         const customMetadata = JSON.parse(headers.get('x-metadata') || '{}');
         const httpMetadata = { contentType: headers.get('content-type') };
         const result = await bucket.put(
-            keyPrefix + objectKey,
+            objectKey, data,
-            data,
             { customMetadata, httpMetadata }
         );
         
@@ -45,7 +44,14 @@ export async function putDispatcher(request, env, ctx) {
             objectKey,
             etag: result.etag,
             message: 'Data saved successfully',
-        }), { status: 200 });
+        }), {
+            status: 200,
+            headers: {
+                'Access-Control-Allow-Origin': headers.get('Origin'),
+                'Access-Control-Allow-Methods': 'GET,PUT,OPTIONS',
+                'Access-Control-Allow-Headers': '*',
+            }
+        });
 
     } catch (e) { console.log(e); return new Response(null, { status: 400 }); }
 }