Version 2.1 - Added CORS support and period (.) to bucket constraint

stevemorad · stevemorad · commit 545de322f33c · 2017-10-06T18:38:11.000-04:00
diff --git a/deployment/serverless-image-handler.template b/deployment/serverless-image-handler.template
@@ -9,7 +9,7 @@
       "ConstraintDescription": "Must be a valid S3 Bucket.",
       "MinLength": "1",
       "MaxLength": "64",
-      "AllowedPattern": "[a-zA-Z][a-zA-Z0-9-]*"
+      "AllowedPattern": "[a-zA-Z][a-zA-Z0-9-.]*"
     },
     "OriginS3BucketRegion": {
       "Description": "S3 bucket Region that will source your images.",
@@ -32,6 +32,20 @@
         "us-west-2"
       ]
     },
+    "EnableCors": {
+      "Description": "Will this API require Cross-Origin Resource Sharing (CORS) support?",
+      "Default": "No",
+      "Type": "String",
+      "AllowedValues": [
+        "Yes",
+        "No"
+      ]
+    },
+    "CorsOrig": {
+      "Description": "This value will be returned by the API in the Access-Control-Allow-Origin header. A star (*) value will support any origin. We recommend specifying a specific origin (e.g. http://example.domain) to restrict cross-site access to your API.",
+      "Default": "*",
+      "Type": "String"
+    },
     "LambdaLogRetention": {
       "Description": "Retain Lambda CloudWatch Logs by days.",
       "Type": "Number",
@@ -63,7 +77,7 @@
      "ParameterGroups" : [
       {
         "Label" : { "default":"Image Handler API Configuration" },
-        "Parameters" : [ "OriginS3Bucket", "OriginS3BucketRegion", "LambdaLogRetention" ]
+        "Parameters" : [ "OriginS3Bucket", "OriginS3BucketRegion", "EnableCors", "CorsOrig","LambdaLogRetention" ]
       },
       {
         "Label" : { "default":"Image Handler UI Configuration" },
@@ -73,6 +87,8 @@
      "ParameterLabels" : {
       "OriginS3Bucket" : { "default" : "Origin S3 Bucket" },
       "OriginS3BucketRegion" : { "default" : "Origin S3 Bucket Region" },
+      "EnableCors" : { "default" : "Enable CORS?" },
+      "CorsOrig" : { "default" : "CORS Origin" },
       "LambdaLogRetention" : { "default" : "Lambda Log Retention" },
       "DeployUI" : { "default" : "Deploy UI?" },
       "UIDestPrefix" : { "default" : "UI Prefix" },
@@ -260,6 +276,8 @@
             },
             "TC_AWS_REGION":{ "Ref": "OriginS3BucketRegion" },
             "TC_AWS_STORAGE_BUCKET":{ "Ref": "OriginS3Bucket" },
+            "ENABLE_CORS":{ "Ref" : "EnableCors"},
+            "CORS_ORIGIN":{ "Ref" : "CorsOrig"},
             "SEND_ANONYMOUS_DATA":{ "Fn::FindInMap" : [ "Send", "AnonymousUsage", "Data"]},
             "UUID":{"Fn::GetAtt": ["CreateUniqueID", "UUID"]},
             "LOG_LEVEL":"INFO"
@@ -608,14 +626,6 @@
     }
   },
   "Outputs": {
-    "CloudFrontURL": {
-      "Description": "URL for new CloudFront distribution",
-      "Value": { "Fn::Sub": [ "https://${Domain}", { "Domain": {"Fn::GetAtt": ["ImageHandlerDistribution", "DomainName"]}} ]}
-    },
-    "CloudFrontSampleRequest": {
-      "Description": "Sample URL calling origin image key through CloudFront",
-      "Value": { "Fn::Sub": [ "https://${Domain}/fit-in/100x100/image-name.jpg", { "Domain": {"Fn::GetAtt": ["ImageHandlerDistribution", "DomainName"]}} ]}
-    },
     "SolutionUI": {
       "Description": "If enabled, the URL for the UI.",
       "Value": { "Fn::Sub": [
@@ -624,6 +634,22 @@
                     "Bucket": { "Ref" : "OriginS3Bucket"},
                     "Prefix": { "Ref" : "UIDestPrefix" } }
                ] }
+    },
+    "CloudFrontURL": {
+      "Description": "URL for new CloudFront distribution",
+      "Value": { "Fn::Sub": [ "https://${Domain}", { "Domain": {"Fn::GetAtt": ["ImageHandlerDistribution", "DomainName"]}} ]}
+    },
+    "CloudFrontSampleRequest": {
+      "Description": "Sample URL calling origin image key through CloudFront",
+      "Value": { "Fn::Sub": [ "https://${Domain}/fit-in/100x100/image-name.jpg", { "Domain": {"Fn::GetAtt": ["ImageHandlerDistribution", "DomainName"]}} ]}
+    },
+    "CorsEnabled": {
+      "Description": "Was CORS support enabled?",
+      "Value": { "Ref" : "EnableCors"}
+    },
+    "CorsOrigin": {
+      "Description": "If enabled, allow CORS from this origin.",
+      "Value": { "Ref" : "CorsOrig"}
     }
   }
 }
diff --git a/source/image-handler/lambda_function.py b/source/image-handler/lambda_function.py
@@ -51,29 +51,29 @@ def response_formater(status_code='400',
                       expires='',
                       etag='',
                       date=''):
-    if int(status_code) != 200:
-        return {
-            'statusCode': status_code,
-            'body':  json.dumps(body),
-            'headers': {
-                'Cache-Control': cache_control,
-                'Content-Type': content_type
-            }
-        }
-    else:
-        return {
-            'statusCode': status_code,
-            'body': body,
-            'isBase64Encoded': 'true',
-            'headers': {
-                'Content-Type': content_type,
-                'Expires': expires,
-                'Etag': etag,
-                'Cache-Control': cache_control,
-                'Date': date,
-            },
+
+    api_response = {
+        'statusCode': status_code,
+        'headers': {
+            'Content-Type': content_type
         }
+    }
 
+    if str(os.environ.get('ENABLE_CORS')).upper() == "YES":
+        api_response['headers']['Access-Control-Allow-Origin'] = os.environ.get('CORS_ORIGIN')
+
+    if int(status_code) != 200:
+        api_response['body'] = json.dumps(body)
+        api_response['Cache-Control'] = cache_control
+    else:
+        api_response['body'] = body
+        api_response['isBase64Encoded'] = 'true'
+        api_response['headers']['Expires'] = expires
+        api_response['headers']['Etag'] = etag
+        api_response['headers']['Cache-Control'] = cache_control
+        api_response['headers']['Date'] = date
+    logging.debug(api_response)
+    return api_response
 
 def run_server(application, context):
     server = HTTPServer(application)
@@ -170,12 +170,13 @@ def call_thumbor(request):
         )
         restart_server()
         return response_formater(status_code='502')
-    if config.ALLOW_UNSAFE_URL:
-        http_path = '/unsafe' + request['path']
-    else:
-        http_path = request['path']
+    http_path = request['path']
     if str(os.environ.get('REWRITE_ENABLED')).upper() == 'YES':
         http_path = lambda_rewrite.match_patterns(http_path)
+    if config.ALLOW_UNSAFE_URL:
+        http_path = '/unsafe' + http_path
+    else:
+        http_path = http_path
     response = session.get(unix_path + http_path)
     if response.status_code != 200:
         return response_formater(status_code=response.status_code)
