sto/puzzle-scoreboard
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add CORS to /message
All checks were successful
CI / scan_ruby (push) Successful in 16s
Details
CI / scan_js (push) Successful in 12s
Details
CI / lint (push) Successful in 13s
Details
CI / test (push) Successful in 36s
Details

Browse Source
This commit is contained in:
sto 2025-06-13 19:33:56 +02:00
parent d7d90f0c91
commit 55399d80fe
2 changed files with 29 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
app/controllers/messages_controller.rb
View File

@ -1,8 +1,10 @@
class MessagesController < ApplicationController class MessagesController < ApplicationController
include CompletionsConcern include CompletionsConcern
skip_before_action :verify_authenticity_token, only: %i[ create ] skip_before_action :verify_authenticity_token, only: %i[ create cors_preflight_check ]
skip_before_action :require_authentication, only: %i[ create cors_preflight_check ]
before_action :cors_set_access_control_headers, only: %i[ create cors_preflight_check ]
before_action :set_contest, only: %i[ convert destroy ] before_action :set_contest, only: %i[ convert destroy ]
before_action :set_message, only: %i[ convert destroy ] before_action :set_message, only: %i[ convert destroy ]
before_action :set_data, only: %i[ convert ] before_action :set_data, only: %i[ convert ]
@ -11,19 +13,35 @@ class MessagesController < ApplicationController
super + [ "completions" ] super + [ "completions" ]
end end
def cors_set_access_control_headers
response.set_header("Access-Control-Allow-Origin", "https://meet.google.com")
response.set_header("Access-Control-Allow-Credentials", "true")
response.set_header("Access-Control-Allow-Methods", "POST")
response.set_header("Access-Control-Allow-Headers", "*")
response.set_header("Access-Control-Max-Age", "86400")
end
def cors_preflight_check
skip_authorization
end
def create def create
allow_unauthenticated_access
skip_authorization skip_authorization
@message_params = message_params begin
@contest = Contest.find_by_token_for(:token, params[:token]) @contest = Contest.find_by_token_for(:token, params[:token])
@message = Message.new(text: params[:text], author: params[:author], time_seconds: params[:time_seconds], @message = Message.new(text: params[:text], author: params[:author], time_seconds: params[:time_seconds],
display_time: display_time(params[:time_seconds]), contest: @contest) display_time: display_time(params[:time_seconds]), contest: @contest)
if @contest && @message.save if @contest && @message.save
respond_to do |format| respond_to do |format|
format.json { render json: {}, status: 200 } format.json { render json: {}, status: 200 }
end
else
respond_to do |format|
format.json { render json: { error: "invalid contest token" }, status: 400 }
end
end end
else rescue
respond_to do |format| respond_to do |format|
format.json { render json: { error: "invalid contest token" }, status: 400 } format.json { render json: { error: "invalid contest token" }, status: 400 }
end end
@ -60,8 +78,4 @@ class MessagesController < ApplicationController
@contestants = @contest.contestants @contestants = @contest.contestants
@puzzles = @contest.puzzles @puzzles = @contest.puzzles
end end
def message_params
params.expect(message: [ :author, :text, :time_seconds, :token ])
end
end end

1
config/routes.rb
View File

@ -24,6 +24,7 @@ Rails.application.routes.draw do
resource :session resource :session
resources :users resources :users
options "message", to: "messages#cors_preflight_check"
post "message", to: "messages#create" post "message", to: "messages#create"
get "public/:id", to: "contests#scoreboard" get "public/:id", to: "contests#scoreboard"