feat(handler): add SkipOriginCheckMiddleware and configuration option to bypass origin checks

internal/api/handler.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/gorilla/websocket"
 	"github.com/rs/zerolog/log"
 	swaggerFiles "github.com/swaggo/files"
 	ginSwagger "github.com/swaggo/gin-swagger"
@@ -19,6 +20,7 @@ import (
 	metricsApi "github.com/yusing/go-proxy/internal/api/v1/metrics"
 	routeApi "github.com/yusing/go-proxy/internal/api/v1/route"
 	"github.com/yusing/go-proxy/internal/auth"
+	"github.com/yusing/go-proxy/internal/common"
 )
 
 // @title           GoDoxy API
@@ -66,6 +68,9 @@ func NewHandler() *gin.Engine {
 	if auth.IsEnabled() {
 		v1.Use(AuthMiddleware())
 	}
+	if common.APISkipOriginCheck {
+		v1.Use(SkipOriginCheckMiddleware())
+	}
 	{
 		v1.GET("/favicon", apiV1.FavIcon)
 		v1.GET("/health", apiV1.Health)
@@ -152,6 +157,18 @@ func AuthMiddleware() gin.HandlerFunc {
 	}
 }
 
+func SkipOriginCheckMiddleware() gin.HandlerFunc {
+	upgrader := &websocket.Upgrader{
+		CheckOrigin: func(r *http.Request) bool {
+			return true
+		},
+	}
+	return func(c *gin.Context) {
+		c.Set("upgrader", upgrader)
+		c.Next()
+	}
+}
+
 func ErrorHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		c.Next()

internal/common/env.go

@@ -42,6 +42,8 @@ var (
 	APIUser        = GetEnvString("API_USER", "admin")
 	APIPassword    = GetEnvString("API_PASSWORD", "password")
 
+	APISkipOriginCheck = GetEnvBool("API_SKIP_ORIGIN_CHECK", false) // skip this in UI Demo
+
 	DebugDisableAuth = GetEnvBool("DEBUG_DISABLE_AUTH", false)
 
 	// OIDC Configuration.