Add cors to fake authentication server (#33)

code/backend/.vscode/launch.json

@@ -27,7 +27,8 @@
             "stopAtEntry": false,
             "env": {
                 "ASPNETCORE_ENVIRONMENT": "Development",
-                "ASPNETCORE_URLS": "http://localhost:5002"
+                "ASPNETCORE_URLS": "http://localhost:5002",
+                "CrossOriginDomains": "http://localhost:5000"
             }
         }
     ],

code/backend/Server.Users.Fake/Program.cs

@@ -4,6 +4,8 @@
 
 var app = builder.Build();
 
+app.Use(Cors);
+
 app.MapGet("/login", (string redirect_uri, string response_type, string scope) =>
 {
     if (response_type != "code") return InvalidResponseType();
@@ -80,6 +82,30 @@ static IResult InvalidRequestUri(AuthenticationRequest request, string redirect_
 static IResult BadRequest(string message)
     => Results.BadRequest(new { message = message });
 
+static Task Cors(HttpContext context, Func<Task> next)
+{
+    if (!context.Request.Headers.Origin.Any()) return next();
+
+    var origin = context.Request.Headers.Origin.Single();
+    if (AllowedOrigins().Contains(origin))
+    {
+        context.Response.Headers["Access-Control-Allow-Origin"] = origin;
+    }
+    context.Response.Headers["Access-Control-Allow-Headers"] = "content-type, accept, origin, authorization";
+    context.Response.Headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS";
+
+    if (context.Request.Method != "OPTIONS") return next();
+
+    context.Response.StatusCode = 200;
+    return context.Response.CompleteAsync();
+}
+
+static string[] AllowedOrigins()
+    => Configuration("CrossOriginDomains").Split(',');
+
+static string Configuration(string name)
+     => Environment.GetEnvironmentVariable(name) ?? throw new NullReferenceException($"Environment varialbe {name} is not set");
+
 class LoginRequest
 {
     public string redirect_uri { get; init; } = string.Empty;