Merge pull request #918 from Hexastack/816-bug---redis-issues

fix(api): resolve getAllowsOrigins bug

api/src/main.ts

@@ -50,11 +50,11 @@ async function bootstrap() {
 
   const settingService = app.get<SettingService>(SettingService);
   app.enableCors({
-    origin: (origin, callback) => {
-      settingService
+    origin: async (origin, callback) => {
+      await settingService
         .getAllowedOrigins()
         .then((allowedOrigins) => {
-          if (!origin || allowedOrigins.has(origin)) {
+          if (!origin || allowedOrigins.includes(origin)) {
             callback(null, true);
           } else {
             callback(new Error('Not allowed by CORS'));

api/src/setting/services/setting.service.spec.ts

@@ -161,14 +161,12 @@ describe('SettingService', () => {
       expect(settingService.find).toHaveBeenCalledWith({
         label: 'allowed_domains',
       });
-      expect(result).toEqual(
-        new Set([
-          '*',
-          'https://example.com',
-          'https://test.com',
-          'https://another.com',
-        ]),
-      );
+      expect(result).toEqual([
+        '*',
+        'https://example.com',
+        'https://test.com',
+        'https://another.com',
+      ]);
     });
 
     it('should return the config allowed cors only if no settings are found', async () => {
@@ -179,7 +177,7 @@ describe('SettingService', () => {
       expect(settingService.find).toHaveBeenCalledWith({
         label: 'allowed_domains',
       });
-      expect(result).toEqual(new Set(['*']));
+      expect(result).toEqual(['*']);
     });
 
     it('should handle settings with empty values', async () => {
@@ -195,7 +193,7 @@ describe('SettingService', () => {
       expect(settingService.find).toHaveBeenCalledWith({
         label: 'allowed_domains',
       });
-      expect(result).toEqual(new Set(['*', 'https://example.com']));
+      expect(result).toEqual(['*', 'https://example.com']);
     });
   });
 });

api/src/setting/services/setting.service.ts

@@ -135,7 +135,7 @@ export class SettingService extends BaseService<Setting> {
    * @returns A promise that resolves to a set of allowed origins
    */
   @Cacheable(ALLOWED_ORIGINS_CACHE_KEY)
-  async getAllowedOrigins() {
+  async getAllowedOrigins(): Promise<string[]> {
     const settings = (await this.find({
       label: 'allowed_domains',
     })) as TextSetting[];
@@ -150,7 +150,7 @@ export class SettingService extends BaseService<Setting> {
       ...allowedDomains,
     ]);
 
-    return uniqueOrigins;
+    return Array.from(uniqueOrigins);
   }
 
   /**

api/src/websocket/utils/gateway-options.ts

@@ -54,15 +54,15 @@ export const buildWebSocketGatewayOptions = (): Partial<ServerOptions> => {
     ...(config.sockets.cookie && { cookie: config.sockets.cookie }),
     ...(config.sockets.onlyAllowOrigins && {
       cors: {
-        origin: (origin, cb) => {
+        origin: async (origin, cb) => {
           // Retrieve the allowed origins from the settings
           const app = AppInstance.getApp();
           const settingService = app.get<SettingService>(SettingService);
 
-          settingService
+          await settingService
             .getAllowedOrigins()
             .then((allowedOrigins) => {
-              if (origin && allowedOrigins.has(origin)) {
+              if (origin && allowedOrigins.includes(origin)) {
                 cb(null, true);
               } else {
                 // eslint-disable-next-line no-console