sto/puzzle-scoreboard
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add CORS to /message
All checks were successful
CI / scan_ruby (push) Successful in 16s
Details
CI / scan_js (push) Successful in 12s
Details
CI / lint (push) Successful in 13s
Details
CI / test (push) Successful in 36s
Details

Browse Source
This commit is contained in:
sto 2025-06-13 19:33:56 +02:00
parent d7d90f0c91
commit 55399d80fe
2 changed files with 29 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
app/controllers/messages_controller.rb
View File

@ -1,8 +1,10 @@
class MessagesController < ApplicationController
include CompletionsConcern
skip_before_action :verify_authenticity_token, only: %i[ create ]
skip_before_action :verify_authenticity_token, only: %i[ create cors_preflight_check ]
skip_before_action :require_authentication, only: %i[ create cors_preflight_check ]
before_action :cors_set_access_control_headers, only: %i[ create cors_preflight_check ]
before_action :set_contest, only: %i[ convert destroy ]
before_action :set_message, only: %i[ convert destroy ]
before_action :set_data, only: %i[ convert ]
@ -11,19 +13,35 @@ class MessagesController < ApplicationController
super + [ "completions" ]
end
def cors_set_access_control_headers
response.set_header("Access-Control-Allow-Origin", "https://meet.google.com")
response.set_header("Access-Control-Allow-Credentials", "true")
response.set_header("Access-Control-Allow-Methods", "POST")
response.set_header("Access-Control-Allow-Headers", "*")
response.set_header("Access-Control-Max-Age", "86400")
end
def cors_preflight_check
skip_authorization
end
def create
allow_unauthenticated_access
skip_authorization
@message_params = message_params
@contest = Contest.find_by_token_for(:token, params[:token])
@message = Message.new(text: params[:text], author: params[:author], time_seconds: params[:time_seconds],
display_time: display_time(params[:time_seconds]), contest: @contest)
if @contest && @message.save
respond_to do |format|
format.json { render json: {}, status: 200 }
begin
@contest = Contest.find_by_token_for(:token, params[:token])
@message = Message.new(text: params[:text], author: params[:author], time_seconds: params[:time_seconds],
display_time: display_time(params[:time_seconds]), contest: @contest)
if @contest && @message.save
respond_to do |format|
format.json { render json: {}, status: 200 }
end
else
respond_to do |format|
format.json { render json: { error: "invalid contest token" }, status: 400 }
end
end
else
rescue
respond_to do |format|
format.json { render json: { error: "invalid contest token" }, status: 400 }
end
@ -60,8 +78,4 @@ class MessagesController < ApplicationController
@contestants = @contest.contestants
@puzzles = @contest.puzzles
end
def message_params
params.expect(message: [ :author, :text, :time_seconds, :token ])
end
end

1
config/routes.rb
View File

@ -24,6 +24,7 @@ Rails.application.routes.draw do
resource :session
resources :users
options "message", to: "messages#cors_preflight_check"
post "message", to: "messages#create"
get "public/:id", to: "contests#scoreboard"