Source code

001/*
002 * Copyright 2022-2025 Revetware LLC.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016
017package com.soklet.core;
018
019import javax.annotation.Nonnull;
020import java.util.Map;
021import java.util.Optional;
022
023/**
024 * Contract for types that authorize <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">CORS</a> requests.
025 * <p>
026 * See <a href="https://www.soklet.com/docs/cors#authorizing-cors-requests">https://www.soklet.com/docs/cors#authorizing-cors-requests</a> for detailed documentation.
027 *
028 * @author <a href="https://www.revetkn.com">Mark Allen</a>
029 */
030public interface CorsAuthorizer {
031        /**
032         * Authorizes a <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">non-preflight CORS</a> request.
033         *
034         * @param request the request to authorize
035         * @param cors    the CORS data provided in the request
036         * @return a {@link CorsResponse} if authorized, or {@link Optional#empty()} if not authorized
037         */
038        @Nonnull
039        Optional<CorsResponse> authorize(@Nonnull Request request,
040                                                                                                                                         @Nonnull Cors cors);
041
042        /**
043         * Authorizes a <a href="https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request">CORS preflight</a> request.
044         *
045         * @param request                              the preflight request to authorize
046         * @param corsPreflight                        the CORS preflight data provided in the request
047         * @param availableResourceMethodsByHttpMethod <em>Resource Methods</em> that are available to serve requests according to parameters specified by the preflight data
048         * @return a {@link CorsPreflightResponse} if authorized, or {@link Optional#empty()} if not authorized
049         */
050        @Nonnull
051        Optional<CorsPreflightResponse> authorizePreflight(@Nonnull Request request,
052                                                                                                                                                                                                                 @Nonnull CorsPreflight corsPreflight,
053                                                                                                                                                                                                                 @Nonnull Map<HttpMethod, ResourceMethod> availableResourceMethodsByHttpMethod);
054}