diff --git a/fbla-api/lib/fbla_api.dart b/fbla-api/lib/fbla_api.dart index ce41934..ce61bc5 100644 --- a/fbla-api/lib/fbla_api.dart +++ b/fbla-api/lib/fbla_api.dart @@ -154,7 +154,6 @@ Future fetchBusinessData() async { //set defaults String _hostname = 'localhost'; const _port = 8000; -Map headers = {...headers, 'Access-Control-Allow-Methods': '*'}; final postgres = PostgreSQLConnection( Platform.environment['JOBLINK_POSTGRES_ADDRESS']!, @@ -169,13 +168,22 @@ void main() async { final app = Router(); + // CORS preflight acceptor + app.options('/', (Request request) { + return Response.ok(null, headers: { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS', + 'Access-Control-Allow-Headers': 'Content-Type', + }); + }); + // routes app.get('/fbla-api/hello', (Request request) async { print('Hello received'); return Response.ok( 'Hello, World!', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); }); app.get('/fbla-api/businessdata/overview/jobs', (Request request) async { @@ -232,7 +240,10 @@ void main() async { return Response.ok( json.encode(postgresResult[0][0]), - headers: {...headers, 'Content-Type': 'text/plain'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'text/plain' + }, ); }); app.get('/fbla-api/businessdata/overview/types', (Request request) async { @@ -267,7 +278,10 @@ void main() async { return Response.ok( json.encode(output), - headers: {...headers, 'Content-Type': 'text/plain'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'text/plain' + }, ); }); app.get('/fbla-api/businessdata/businessnames', (Request request) async { @@ -284,7 +298,10 @@ void main() async { return Response.ok( json.encode(postgresResult), - headers: {...headers, 'Content-Type': 'text/plain'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'text/plain' + }, ); }); app.get('/fbla-api/businessdata/business/', @@ -330,7 +347,10 @@ void main() async { return Response.ok( json.encode(result), - headers: {...headers, 'Content-Type': 'text/plain'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'text/plain' + }, ); }); app.get('/fbla-api/businessdata/businesses', (Request request) async { @@ -339,7 +359,10 @@ void main() async { if (request.url.queryParameters['businesses'] == null) { return Response.badRequest( body: 'query \'businesses\' required', - headers: {...headers, 'Content-Type': 'text/plain'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'text/plain' + }, ); } var filters = request.url.queryParameters['businesses']!.split(','); @@ -369,7 +392,10 @@ void main() async { return Response.ok( json.encode(output), - headers: {...headers, 'Content-Type': 'text/plain'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'text/plain' + }, ); }); app.get('/fbla-api/businessdata', (Request request) async { @@ -395,7 +421,10 @@ void main() async { var encoded = json.encode(result[0][0]); return Response.ok( encoded, - headers: {...headers, 'Content-Type': 'text/plain'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'text/plain' + }, ); }); app.get('/fbla-api/logos/', (Request request, String logoId) { @@ -406,13 +435,19 @@ void main() async { List content = logo.readAsBytesSync(); return Response.ok( content, - headers: {...headers, 'Content-Type': 'image/png'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'image/png' + }, ); } catch (e) { print('Error reading logo!'); return Response.notFound( 'logo not found', - headers: {...headers, 'Content-Type': 'image/png'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'image/png' + }, ); } }); @@ -444,7 +479,7 @@ void main() async { } return Response.ok( id.toString(), - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } on JWTExpiredException { print('JWT Expired'); @@ -454,7 +489,7 @@ void main() async { return Response.unauthorized( 'unauthorized', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); }); app.post('/fbla-api/createlisting', (Request request) async { @@ -479,7 +514,7 @@ void main() async { return Response.ok( id.toString(), - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } on JWTExpiredException { print('JWT Expired'); @@ -489,7 +524,7 @@ void main() async { return Response.unauthorized( 'unauthorized', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); }); app.post('/fbla-api/deletebusiness', (Request request) async { @@ -512,7 +547,7 @@ void main() async { return Response.ok( id.toString(), - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } on JWTExpiredException { print('JWT Expired'); @@ -522,7 +557,7 @@ void main() async { return Response.unauthorized( 'unauthorized', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); }); app.post('/fbla-api/deletelisting', (Request request) async { @@ -539,7 +574,7 @@ void main() async { return Response.ok( id.toString(), - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } on JWTExpiredException { print('JWT Expired'); @@ -549,7 +584,7 @@ void main() async { return Response.unauthorized( 'unauthorized', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); }); app.post('/fbla-api/editbusiness', (Request request) async { @@ -586,7 +621,7 @@ void main() async { return Response.ok( business.id.toString(), - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } on JWTExpiredException { print('JWT Expired'); @@ -596,7 +631,7 @@ void main() async { return Response.unauthorized( 'unauthorized', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); }); app.post('/fbla-api/editlisting', (Request request) async { @@ -619,7 +654,7 @@ void main() async { return Response.ok( listing.id.toString(), - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } on JWTExpiredException { print('JWT Expired'); @@ -629,7 +664,7 @@ void main() async { return Response.unauthorized( 'unauthorized', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); }); app.post('/fbla-api/signin', (Request request) async { @@ -645,7 +680,7 @@ void main() async { if (saltDb.isEmpty) { return Response.unauthorized( 'invalid username', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } @@ -686,12 +721,12 @@ void main() async { return Response.ok( token.toString(), - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } else { return Response.unauthorized( 'invalid password', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } }); @@ -735,7 +770,7 @@ void main() async { return Response.ok( username, - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } on JWTExpiredException { print('JWT Expired'); @@ -745,7 +780,7 @@ void main() async { return Response.unauthorized( 'unauthorized', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); }); app.post('/fbla-api/deleteuser', (Request request) async { @@ -767,7 +802,7 @@ void main() async { return Response.ok( username, - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); } on JWTExpiredException { print('JWT Expired'); @@ -777,7 +812,7 @@ void main() async { return Response.unauthorized( 'unauthorized', - headers: headers, + headers: {'Access-Control-Allow-Origin': '*'}, ); }); app.get('/fbla-api/marinodev', (Request request) async { @@ -788,7 +823,10 @@ void main() async { return Response.ok( content, - headers: {...headers, 'Content-Type': 'image/svg+xml'}, + headers: { + 'Access-Control-Allow-Origin': '*', + 'Content-Type': 'image/svg+xml' + }, ); });