reearth
diff --git a/‎server/e2e/common.go‎
Lines changed: 3 additions & 0 deletions b/‎server/e2e/common.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎server/internal/app/app.go‎
Lines changed: 1 addition & 1 deletion b/‎server/internal/app/app.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/internal/app/config/config.go‎
Lines changed: 9 additions & 1 deletion b/‎server/internal/app/config/config.go‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎server/internal/app/file.go‎
Lines changed: 19 additions & 7 deletions b/‎server/internal/app/file.go‎
Lines changed: 19 additions & 7 deletions
diff --git a/‎server/internal/app/internal/middleware/assets_cors_middleware.go‎
Lines changed: 48 additions & 0 deletions b/‎server/internal/app/internal/middleware/assets_cors_middleware.go‎
Lines changed: 48 additions & 0 deletions
@@ -16,6 +16,7 @@ import (
 	"github.com/gavv/httpexpect/v2"
 	"github.com/reearth/reearth/server/internal/app"
 	"github.com/reearth/reearth/server/internal/app/config"
+	"github.com/reearth/reearth/server/internal/infrastructure/domain"
 	"github.com/reearth/reearth/server/internal/infrastructure/fs"
 	"github.com/reearth/reearth/server/internal/infrastructure/memory"
 	"github.com/reearth/reearth/server/internal/infrastructure/mongo"
@@ -95,11 +96,13 @@ func initGateway() *gateway.Container {
 		return &gateway.Container{
 			File:          lo.Must(fs.NewFile(afero.NewMemMapFs(), "https://example.com/")),
 			PolicyChecker: policy.NewPermissiveChecker(),
+			DomainChecker: domain.NewDefaultChecker(),
 		}
 	}
 	return &gateway.Container{
 		File:          *fr,
 		PolicyChecker: policy.NewPermissiveChecker(),
+		DomainChecker: domain.NewDefaultChecker(),
 	}
 }
 
 
@@ -151,7 +151,7 @@ func initEcho(ctx context.Context, cfg *ServerConfig) *echo.Echo {
 	published.GET("/:name/data.json", PublishedData("", true))
 	published.GET("/:name/", PublishedIndex("", true))
 
-	serveFiles(e, cfg.Gateways.File)
+	serveFiles(e, allowedOrigins(cfg), cfg.Gateways.DomainChecker, cfg.Gateways.File)
 
 	serveUploadFiles(e, cfg.Gateways.File)
 
 
@@ -88,7 +88,8 @@ type VisualizerConfig struct {
 	InternalApi InternalApiConfig `pp:",omitempty"`
 
 	// Policy Checker Configuration
-	Policy Policy `pp:",omitempty"`
+	Policy        Policy              `pp:",omitempty"`
+	DomainChecker DomainCheckerConfig `pp:",omitempty"`
 }
 
 type Policy struct {
@@ -102,6 +103,13 @@ type CheckerConfig struct {
 	Timeout  int `default:"30"`
 }
 
+type DomainCheckerConfig struct {
+	Type     string `default:"default"`
+	Endpoint string
+	Token    string
+	Timeout  int `default:"30"`
+}
+
 type InternalApiConfig struct {
 	Active bool   `default:"false" pp:",omitempty"`
 	Port   string `default:"50051" pp:",omitempty"`
 
@@ -9,16 +9,19 @@ import (
 	"time"
 
 	"github.com/labstack/echo/v4"
+	"github.com/reearth/reearth/server/internal/app/internal/middleware"
 	"github.com/reearth/reearth/server/internal/usecase/gateway"
 	"github.com/reearth/reearth/server/pkg/id"
 	"github.com/reearth/reearthx/rerror"
 )
 
 func serveFiles(
 	ec *echo.Echo,
-	repo gateway.File,
+	allowedOrigins []string,
+	domainChecker gateway.DomainChecker,
+	fileGateway gateway.File,
 ) {
-	if repo == nil {
+	if fileGateway == nil {
 		return
 	}
 
@@ -44,17 +47,26 @@ func serveFiles(
 		"/assets/:filename",
 		fileHandler(func(ctx echo.Context) (io.Reader, string, error) {
 			filename := ctx.Param("filename")
-			r, err := repo.ReadAsset(ctx.Request().Context(), filename)
+			r, err := fileGateway.ReadAsset(ctx.Request().Context(), filename)
 			return r, filename, err
 		}),
+		middleware.AssetsCORSMiddleware(domainChecker, allowedOrigins),
+	)
+
+	// Handle OPTIONS for assets endpoint
+	ec.OPTIONS("/assets/:filename",
+		func(c echo.Context) error {
+			return c.NoContent(http.StatusNoContent)
+		},
+		middleware.AssetsCORSMiddleware(domainChecker, allowedOrigins),
 	)
 
 	ec.GET(
 		"/export/:filename",
 		fileHandler(func(ctx echo.Context) (io.Reader, string, error) {
 			filename := ctx.Param("filename")
 
-			r, err := repo.ReadExportProjectZip(ctx.Request().Context(), filename)
+			r, err := fileGateway.ReadExportProjectZip(ctx.Request().Context(), filename)
 			if err != nil {
 				fmt.Printf("[export] !!!! download error: %s \n", filename)
 				return nil, filename, err
@@ -66,7 +78,7 @@ func serveFiles(
 			go func() {
 				// download and then delete
 				time.Sleep(3 * time.Second)
-				err := repo.RemoveExportProjectZip(rctx, filename)
+				err := fileGateway.RemoveExportProjectZip(rctx, filename)
 				if err != nil {
 					fmt.Printf("[export] !!!! delete err: %s \n", err.Error())
 				} else {
@@ -85,7 +97,7 @@ func serveFiles(
 				return nil, "", rerror.ErrNotFound
 			}
 			filename := ctx.Param("filename")
-			r, err := repo.ReadPluginFile(ctx.Request().Context(), pid, filename)
+			r, err := fileGateway.ReadPluginFile(ctx.Request().Context(), pid, filename)
 			return r, filename, err
 		}),
 	)
@@ -94,7 +106,7 @@ func serveFiles(
 		"/published/:name",
 		fileHandler(func(ctx echo.Context) (io.Reader, string, error) {
 			name := ctx.Param("name")
-			r, err := repo.ReadBuiltSceneFile(ctx.Request().Context(), name)
+			r, err := fileGateway.ReadBuiltSceneFile(ctx.Request().Context(), name)
 			return r, name + ".json", err
 		}),
 	)
 
@@ -0,0 +1,48 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/labstack/echo/v4"
+	"github.com/reearth/reearth/server/internal/usecase/gateway"
+	"github.com/reearth/reearthx/log"
+)
+
+func AssetsCORSMiddleware(domainChecker gateway.DomainChecker, allowedOrigins []string) func(echo.HandlerFunc) echo.HandlerFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			origin := c.Request().Header.Get("Origin")
+			if origin == "" {
+				return c.NoContent(http.StatusBadRequest)
+			}
+			allowedOrigin := ""
+			for _, allowed := range allowedOrigins {
+				if allowed == origin {
+					allowedOrigin = allowed
+					break
+				}
+			}
+			if allowedOrigin == "" {
+				domainResp, err := domainChecker.CheckDomain(c.Request().Context(), gateway.DomainCheckRequest{
+					Domain: origin,
+				})
+				if err != nil {
+					log.Errorfc(c.Request().Context(), "[AssetsCORSMiddleware] domain checker check domain err: %v", err)
+					return next(c)
+				}
+				if domainResp.Allowed {
+					allowedOrigin = origin
+				}
+			}
+
+			if allowedOrigin != "" {
+				c.Response().Header().Set("Access-Control-Allow-Origin", allowedOrigin)
+				c.Response().Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS")
+				c.Response().Header().Set("Access-Control-Allow-Headers", "*")
+				c.Response().Header().Set("Access-Control-Max-Age", "86400")
+			}
+
+			return next(c)
+		}
+	}
+}
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ import (`
`16`	`16`	`"github.com/gavv/httpexpect/v2"`
`17`	`17`	`"github.com/reearth/reearth/server/internal/app"`
`18`	`18`	`"github.com/reearth/reearth/server/internal/app/config"`
	`19`	`+ "github.com/reearth/reearth/server/internal/infrastructure/domain"`
`19`	`20`	`"github.com/reearth/reearth/server/internal/infrastructure/fs"`
`20`	`21`	`"github.com/reearth/reearth/server/internal/infrastructure/memory"`
`21`	`22`	`"github.com/reearth/reearth/server/internal/infrastructure/mongo"`
`@@ -95,11 +96,13 @@ func initGateway() *gateway.Container {`
`95`	`96`	`return &gateway.Container{`
`96`	`97`	`File: lo.Must(fs.NewFile(afero.NewMemMapFs(), "https://example.com/")),`
`97`	`98`	`PolicyChecker: policy.NewPermissiveChecker(),`
	`99`	`+ DomainChecker: domain.NewDefaultChecker(),`
`98`	`100`	`}`
`99`	`101`	`}`
`100`	`102`	`return &gateway.Container{`
`101`	`103`	`File: *fr,`
`102`	`104`	`PolicyChecker: policy.NewPermissiveChecker(),`
	`105`	`+ DomainChecker: domain.NewDefaultChecker(),`
`103`	`106`	`}`
`104`	`107`	`}`
`105`	`108`