enable CORS on /api endpoints
This commit is contained in:
parent
85bb30abb0
commit
774ffcae3b
|
@ -1,7 +1,6 @@
|
||||||
from flask import g
|
from flask import g
|
||||||
from flask import jsonify
|
from flask import jsonify
|
||||||
from flask import request
|
from flask import request
|
||||||
from flask_cors import cross_origin
|
|
||||||
|
|
||||||
from app import alias_utils
|
from app import alias_utils
|
||||||
from app.api.base import api_bp, require_api_auth
|
from app.api.base import api_bp, require_api_auth
|
||||||
|
@ -25,7 +24,6 @@ from app.utils import random_string
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/aliases", methods=["GET", "POST"])
|
@api_bp.route("/aliases", methods=["GET", "POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def get_aliases():
|
def get_aliases():
|
||||||
"""
|
"""
|
||||||
|
@ -68,7 +66,6 @@ def get_aliases():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/v2/aliases", methods=["GET", "POST"])
|
@api_bp.route("/v2/aliases", methods=["GET", "POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def get_aliases_v2():
|
def get_aliases_v2():
|
||||||
"""
|
"""
|
||||||
|
@ -121,7 +118,6 @@ def get_aliases_v2():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/aliases/<int:alias_id>", methods=["DELETE"])
|
@api_bp.route("/aliases/<int:alias_id>", methods=["DELETE"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def delete_alias(alias_id):
|
def delete_alias(alias_id):
|
||||||
"""
|
"""
|
||||||
|
@ -144,7 +140,6 @@ def delete_alias(alias_id):
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/aliases/<int:alias_id>/toggle", methods=["POST"])
|
@api_bp.route("/aliases/<int:alias_id>/toggle", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def toggle_alias(alias_id):
|
def toggle_alias(alias_id):
|
||||||
"""
|
"""
|
||||||
|
@ -170,7 +165,6 @@ def toggle_alias(alias_id):
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/aliases/<int:alias_id>/activities")
|
@api_bp.route("/aliases/<int:alias_id>/activities")
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def get_alias_activities(alias_id):
|
def get_alias_activities(alias_id):
|
||||||
"""
|
"""
|
||||||
|
@ -226,7 +220,6 @@ def get_alias_activities(alias_id):
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/aliases/<int:alias_id>", methods=["PUT"])
|
@api_bp.route("/aliases/<int:alias_id>", methods=["PUT"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def update_alias(alias_id):
|
def update_alias(alias_id):
|
||||||
"""
|
"""
|
||||||
|
@ -310,7 +303,6 @@ def update_alias(alias_id):
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/aliases/<int:alias_id>", methods=["GET"])
|
@api_bp.route("/aliases/<int:alias_id>", methods=["GET"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def get_alias(alias_id):
|
def get_alias(alias_id):
|
||||||
"""
|
"""
|
||||||
|
@ -334,7 +326,6 @@ def get_alias(alias_id):
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/aliases/<int:alias_id>/contacts")
|
@api_bp.route("/aliases/<int:alias_id>/contacts")
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def get_alias_contacts_route(alias_id):
|
def get_alias_contacts_route(alias_id):
|
||||||
"""
|
"""
|
||||||
|
@ -368,7 +359,6 @@ def get_alias_contacts_route(alias_id):
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/aliases/<int:alias_id>/contacts", methods=["POST"])
|
@api_bp.route("/aliases/<int:alias_id>/contacts", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def create_contact_route(alias_id):
|
def create_contact_route(alias_id):
|
||||||
"""
|
"""
|
||||||
|
@ -423,7 +413,6 @@ def create_contact_route(alias_id):
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/contacts/<int:contact_id>", methods=["DELETE"])
|
@api_bp.route("/contacts/<int:contact_id>", methods=["DELETE"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def delete_contact(contact_id):
|
def delete_contact(contact_id):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
from flask import jsonify, request, g
|
from flask import jsonify, request, g
|
||||||
from flask_cors import cross_origin
|
|
||||||
from sqlalchemy import desc
|
from sqlalchemy import desc
|
||||||
|
|
||||||
from app.api.base import api_bp, require_api_auth
|
from app.api.base import api_bp, require_api_auth
|
||||||
|
@ -12,7 +11,6 @@ from app.utils import convert_to_id, random_word
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/alias/options")
|
@api_bp.route("/alias/options")
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def options():
|
def options():
|
||||||
"""
|
"""
|
||||||
|
@ -88,7 +86,6 @@ def options():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/v2/alias/options")
|
@api_bp.route("/v2/alias/options")
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def options_v2():
|
def options_v2():
|
||||||
"""
|
"""
|
||||||
|
@ -169,7 +166,6 @@ def options_v2():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/v3/alias/options")
|
@api_bp.route("/v3/alias/options")
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def options_v3():
|
def options_v3():
|
||||||
"""
|
"""
|
||||||
|
@ -246,7 +242,6 @@ def options_v3():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/v4/alias/options")
|
@api_bp.route("/v4/alias/options")
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def options_v4():
|
def options_v4():
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -5,7 +5,6 @@ import requests
|
||||||
from flask import g
|
from flask import g
|
||||||
from flask import jsonify
|
from flask import jsonify
|
||||||
from flask import request
|
from flask import request
|
||||||
from flask_cors import cross_origin
|
|
||||||
|
|
||||||
from app.api.base import api_bp, require_api_auth
|
from app.api.base import api_bp, require_api_auth
|
||||||
from app.config import APPLE_API_SECRET, MACAPP_APPLE_API_SECRET
|
from app.config import APPLE_API_SECRET, MACAPP_APPLE_API_SECRET
|
||||||
|
@ -25,7 +24,6 @@ _PROD_URL = "https://buy.itunes.apple.com/verifyReceipt"
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/apple/process_payment", methods=["POST"])
|
@api_bp.route("/apple/process_payment", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def apple_process_payment():
|
def apple_process_payment():
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
|
import random
|
||||||
|
|
||||||
import facebook
|
import facebook
|
||||||
import google.oauth2.credentials
|
import google.oauth2.credentials
|
||||||
import googleapiclient.discovery
|
import googleapiclient.discovery
|
||||||
import random
|
|
||||||
from flask import jsonify, request, g
|
from flask import jsonify, request, g
|
||||||
from flask_cors import cross_origin
|
|
||||||
from itsdangerous import Signer
|
from itsdangerous import Signer
|
||||||
|
|
||||||
from app import email_utils
|
from app import email_utils
|
||||||
|
@ -22,7 +22,6 @@ from app.models import User, ApiKey, SocialAuth, AccountActivation
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/login", methods=["POST"])
|
@api_bp.route("/auth/login", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@limiter.limit(
|
@limiter.limit(
|
||||||
"10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
|
"10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
|
||||||
)
|
)
|
||||||
|
@ -68,7 +67,6 @@ def auth_login():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/register", methods=["POST"])
|
@api_bp.route("/auth/register", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
def auth_register():
|
def auth_register():
|
||||||
"""
|
"""
|
||||||
User signs up - will need to activate their account with an activation code.
|
User signs up - will need to activate their account with an activation code.
|
||||||
|
@ -116,7 +114,6 @@ def auth_register():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/activate", methods=["POST"])
|
@api_bp.route("/auth/activate", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@limiter.limit(
|
@limiter.limit(
|
||||||
"10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
|
"10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
|
||||||
)
|
)
|
||||||
|
@ -176,7 +173,6 @@ def auth_activate():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/reactivate", methods=["POST"])
|
@api_bp.route("/auth/reactivate", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
def auth_reactivate():
|
def auth_reactivate():
|
||||||
"""
|
"""
|
||||||
User asks for another activation code
|
User asks for another activation code
|
||||||
|
@ -218,7 +214,6 @@ def auth_reactivate():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/facebook", methods=["POST"])
|
@api_bp.route("/auth/facebook", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
def auth_facebook():
|
def auth_facebook():
|
||||||
"""
|
"""
|
||||||
Authenticate user with Facebook
|
Authenticate user with Facebook
|
||||||
|
@ -269,7 +264,6 @@ def auth_facebook():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/google", methods=["POST"])
|
@api_bp.route("/auth/google", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
def auth_google():
|
def auth_google():
|
||||||
"""
|
"""
|
||||||
Authenticate user with Facebook
|
Authenticate user with Facebook
|
||||||
|
@ -343,7 +337,6 @@ def auth_payload(user, device) -> dict:
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/forgot_password", methods=["POST"])
|
@api_bp.route("/auth/forgot_password", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
def forgot_password():
|
def forgot_password():
|
||||||
"""
|
"""
|
||||||
User forgot password
|
User forgot password
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
import pyotp
|
import pyotp
|
||||||
from flask import jsonify, request
|
from flask import jsonify, request
|
||||||
from flask_cors import cross_origin
|
|
||||||
from itsdangerous import Signer
|
from itsdangerous import Signer
|
||||||
|
|
||||||
from app.api.base import api_bp
|
from app.api.base import api_bp
|
||||||
|
@ -11,7 +10,6 @@ from app.models import User, ApiKey
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/auth/mfa", methods=["POST"])
|
@api_bp.route("/auth/mfa", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
def auth_mfa():
|
def auth_mfa():
|
||||||
"""
|
"""
|
||||||
Validate the OTP Token
|
Validate the OTP Token
|
||||||
|
|
|
@ -3,7 +3,6 @@ from smtplib import SMTPRecipientsRefused
|
||||||
from flask import g
|
from flask import g
|
||||||
from flask import jsonify
|
from flask import jsonify
|
||||||
from flask import request
|
from flask import request
|
||||||
from flask_cors import cross_origin
|
|
||||||
|
|
||||||
from app.api.base import api_bp, require_api_auth
|
from app.api.base import api_bp, require_api_auth
|
||||||
from app.dashboard.views.mailbox import send_verification_email
|
from app.dashboard.views.mailbox import send_verification_email
|
||||||
|
@ -17,7 +16,6 @@ from app.models import Mailbox
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/mailboxes", methods=["POST"])
|
@api_bp.route("/mailboxes", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def create_mailbox():
|
def create_mailbox():
|
||||||
"""
|
"""
|
||||||
|
@ -62,7 +60,6 @@ def create_mailbox():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/mailboxes/<mailbox_id>", methods=["DELETE"])
|
@api_bp.route("/mailboxes/<mailbox_id>", methods=["DELETE"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def delete_mailbox(mailbox_id):
|
def delete_mailbox(mailbox_id):
|
||||||
"""
|
"""
|
||||||
|
@ -89,7 +86,6 @@ def delete_mailbox(mailbox_id):
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/mailboxes/<mailbox_id>", methods=["PUT"])
|
@api_bp.route("/mailboxes/<mailbox_id>", methods=["PUT"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def update_mailbox(mailbox_id):
|
def update_mailbox(mailbox_id):
|
||||||
"""
|
"""
|
||||||
|
@ -152,7 +148,6 @@ def update_mailbox(mailbox_id):
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/mailboxes", methods=["GET"])
|
@api_bp.route("/mailboxes", methods=["GET"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def get_mailboxes():
|
def get_mailboxes():
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
from flask import g
|
from flask import g
|
||||||
from flask import jsonify, request
|
from flask import jsonify, request
|
||||||
from flask_cors import cross_origin
|
|
||||||
from itsdangerous import SignatureExpired
|
from itsdangerous import SignatureExpired
|
||||||
|
|
||||||
from app.api.base import api_bp, require_api_auth
|
from app.api.base import api_bp, require_api_auth
|
||||||
|
@ -28,7 +27,6 @@ from app.utils import convert_to_id
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/alias/custom/new", methods=["POST"])
|
@api_bp.route("/alias/custom/new", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def new_custom_alias():
|
def new_custom_alias():
|
||||||
"""
|
"""
|
||||||
|
@ -99,7 +97,6 @@ def new_custom_alias():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/v2/alias/custom/new", methods=["POST"])
|
@api_bp.route("/v2/alias/custom/new", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def new_custom_alias_v2():
|
def new_custom_alias_v2():
|
||||||
"""
|
"""
|
||||||
|
@ -194,7 +191,6 @@ def new_custom_alias_v2():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/v3/alias/custom/new", methods=["POST"])
|
@api_bp.route("/v3/alias/custom/new", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def new_custom_alias_v3():
|
def new_custom_alias_v3():
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
from flask import g
|
from flask import g
|
||||||
from flask import jsonify, request
|
from flask import jsonify, request
|
||||||
from flask_cors import cross_origin
|
|
||||||
|
|
||||||
from app.api.base import api_bp, require_api_auth
|
from app.api.base import api_bp, require_api_auth
|
||||||
from app.api.serializer import (
|
from app.api.serializer import (
|
||||||
|
@ -14,7 +13,6 @@ from app.models import Alias, AliasUsedOn, AliasGeneratorEnum
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/alias/random/new", methods=["POST"])
|
@api_bp.route("/alias/random/new", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def new_random_alias():
|
def new_random_alias():
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
from flask import g
|
from flask import g
|
||||||
from flask import jsonify
|
from flask import jsonify
|
||||||
from flask import request
|
from flask import request
|
||||||
from flask_cors import cross_origin
|
|
||||||
|
|
||||||
from app.api.base import api_bp, require_api_auth
|
from app.api.base import api_bp, require_api_auth
|
||||||
from app.config import PAGE_LIMIT
|
from app.config import PAGE_LIMIT
|
||||||
|
@ -10,7 +9,6 @@ from app.models import Notification
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/notifications", methods=["GET"])
|
@api_bp.route("/notifications", methods=["GET"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def get_notifications():
|
def get_notifications():
|
||||||
"""
|
"""
|
||||||
|
@ -61,7 +59,6 @@ def get_notifications():
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/notifications/<notification_id>/read", methods=["POST"])
|
@api_bp.route("/notifications/<notification_id>/read", methods=["POST"])
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def mark_as_read(notification_id):
|
def mark_as_read(notification_id):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
from flask import jsonify, g
|
from flask import jsonify, g
|
||||||
from flask_cors import cross_origin
|
|
||||||
|
|
||||||
from app.api.base import api_bp, require_api_auth
|
from app.api.base import api_bp, require_api_auth
|
||||||
|
|
||||||
|
|
||||||
@api_bp.route("/user_info")
|
@api_bp.route("/user_info")
|
||||||
@cross_origin()
|
|
||||||
@require_api_auth
|
@require_api_auth
|
||||||
def user_info():
|
def user_info():
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -5,7 +5,7 @@ import sentry_sdk
|
||||||
import ssl
|
import ssl
|
||||||
from flask import Flask, redirect, url_for, render_template, request, jsonify, flash
|
from flask import Flask, redirect, url_for, render_template, request, jsonify, flash
|
||||||
from flask_admin import Admin
|
from flask_admin import Admin
|
||||||
from flask_cors import cross_origin
|
from flask_cors import cross_origin, CORS
|
||||||
from flask_login import current_user
|
from flask_login import current_user
|
||||||
from sentry_sdk.integrations.aiohttp import AioHttpIntegration
|
from sentry_sdk.integrations.aiohttp import AioHttpIntegration
|
||||||
from sentry_sdk.integrations.flask import FlaskIntegration
|
from sentry_sdk.integrations.flask import FlaskIntegration
|
||||||
|
@ -122,6 +122,9 @@ def create_app() -> Flask:
|
||||||
}
|
}
|
||||||
flask_profiler.init_app(app)
|
flask_profiler.init_app(app)
|
||||||
|
|
||||||
|
# enable CORS on /api endpoints
|
||||||
|
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
|
||||||
|
|
||||||
return app
|
return app
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue