fix(server): asset cors middleware (#1810)

soneda-yuya · web-flow · commit f567b918eaff · 2025-09-08T20:10:08.000+09:00
diff --git a/server/internal/app/internal/middleware/assets_cors_middleware.go b/server/internal/app/internal/middleware/assets_cors_middleware.go
@@ -2,6 +2,8 @@ package middleware
 
 import (
 	"net/http"
+	"net/url"
+	"strings"
 
 	"github.com/labstack/echo/v4"
 	"github.com/reearth/reearth/server/internal/usecase/gateway"
@@ -23,8 +25,13 @@ func AssetsCORSMiddleware(domainChecker gateway.DomainChecker, allowedOrigins []
 				}
 			}
 			if allowedOrigin == "" {
+				domain, err := extractDomain(origin)
+				if err != nil {
+					log.Errorfc(c.Request().Context(), "[AssetsCORSMiddleware] extract domain err: %v", err)
+					return next(c)
+				}
 				domainResp, err := domainChecker.CheckDomain(c.Request().Context(), gateway.DomainCheckRequest{
-					Domain: origin,
+					Domain: domain,
 				})
 				if err != nil {
 					log.Errorfc(c.Request().Context(), "[AssetsCORSMiddleware] domain checker check domain err: %v", err)
@@ -46,3 +53,17 @@ func AssetsCORSMiddleware(domainChecker gateway.DomainChecker, allowedOrigins []
 		}
 	}
 }
+
+func extractDomain(raw string) (string, error) {
+	u, err := url.Parse(raw)
+	if err != nil {
+		return "", err
+	}
+
+	host := u.Host
+	if strings.Contains(host, ":") {
+		host = strings.Split(host, ":")[0]
+	}
+
+	return host, nil
+}
diff --git a/server/internal/app/internal/middleware/assets_cors_middleware_test.go b/server/internal/app/internal/middleware/assets_cors_middleware_test.go
@@ -77,7 +77,7 @@ func TestAssetsCORSMiddleware(t *testing.T) {
 
 			mockChecker := &mockDomainChecker{
 				checkFunc: func(ctx context.Context, req gateway.DomainCheckRequest) (*gateway.DomainCheckResponse, error) {
-					if req.Domain == "https://custom.com" {
+					if req.Domain == "custom.com" {
 						return &gateway.DomainCheckResponse{Allowed: true}, nil
 					}
 					return &gateway.DomainCheckResponse{Allowed: false}, nil
@@ -468,7 +468,7 @@ func TestAssetsCORSMiddleware_EdgeCases(t *testing.T) {
 
 		mockChecker := &mockDomainChecker{
 			checkFunc: func(ctx context.Context, req gateway.DomainCheckRequest) (*gateway.DomainCheckResponse, error) {
-				if req.Domain == "https://example.com/" {
+				if req.Domain == "example.com" {
 					return &gateway.DomainCheckResponse{Allowed: true}, nil
 				}
 				return &gateway.DomainCheckResponse{Allowed: false}, nil
diff --git a/server/internal/infrastructure/domain/http_checker.go b/server/internal/infrastructure/domain/http_checker.go
@@ -45,13 +45,18 @@ func (h *HTTPDomainChecker) CheckDomain(ctx context.Context, req gateway.DomainC
 	}
 
 	resp, err := h.client.Do(httpReq)
+
 	if err != nil {
 		return nil, rerror.ErrInternalBy(fmt.Errorf("domain check request failed: %w", err))
 	}
 	defer func() {
 		_ = resp.Body.Close()
 	}()
 
+	if resp.StatusCode == http.StatusNotFound {
+		return &gateway.DomainCheckResponse{Allowed: false}, nil
+	}
+
 	if resp.StatusCode != http.StatusOK {
 		return nil, rerror.ErrInternalBy(fmt.Errorf("domain check returned status %d", resp.StatusCode))
 	}

Original file line number	Diff line number	Diff line change
`@@ -45,13 +45,18 @@ func (h *HTTPDomainChecker) CheckDomain(ctx context.Context, req gateway.DomainC`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`resp, err := h.client.Do(httpReq)`
	`48`	`+`
`48`	`49`	`if err != nil {`
`49`	`50`	`return nil, rerror.ErrInternalBy(fmt.Errorf("domain check request failed: %w", err))`
`50`	`51`	`}`
`51`	`52`	`defer func() {`
`52`	`53`	`_ = resp.Body.Close()`
`53`	`54`	`}()`
`54`	`55`
	`56`	`+ if resp.StatusCode == http.StatusNotFound {`
	`57`	`+ return &gateway.DomainCheckResponse{Allowed: false}, nil`
	`58`	`+ }`
	`59`	`+`
`55`	`60`	`if resp.StatusCode != http.StatusOK {`
`56`	`61`	`return nil, rerror.ErrInternalBy(fmt.Errorf("domain check returned status %d", resp.StatusCode))`
`57`	`62`	`}`