From 17cdf052d84ef36dd7a84ada859ee9fb113f2afd Mon Sep 17 00:00:00 2001
From: "R. Miles McCain" <x1.key.2020@sendmiles.email>
Date: Fri, 24 Apr 2020 14:07:34 -0400
Subject: [PATCH] Add CORS origin management

---
 shynet/analytics/views/ingress.py | 11 ++++++++++-
 shynet/dashboard/views.py         |  8 ++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/shynet/analytics/views/ingress.py b/shynet/analytics/views/ingress.py
index ebe51f9..ffc8c3d 100644
--- a/shynet/analytics/views/ingress.py
+++ b/shynet/analytics/views/ingress.py
@@ -8,7 +8,9 @@ from django.utils import timezone
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView, View
+from django.core.cache import cache
 from ipware import get_client_ip
+from core.models import Service
 
 from ..tasks import ingress_request
 
@@ -58,8 +60,15 @@ class PixelView(View):
 @method_decorator(csrf_exempt, name="dispatch")
 class ScriptView(View):
     def dispatch(self, request, *args, **kwargs):
+        service_uuid = self.kwargs.get("service_uuid")
+        origins = cache.get(f"service_origins_{service_uuid}")
+        if origins is None:
+            service = Service.objects.get(uuid=service_uuid)
+            origins = service.origins
+            cache.set(f"service_origins_{service_uuid}", origins, timeout=3600)
+
         resp = super().dispatch(request, *args, **kwargs)
-        resp["Access-Control-Allow-Origin"] = "*"
+        resp["Access-Control-Allow-Origin"] = origins
         resp["Access-Control-Allow-Methods"] = "GET,HEAD,OPTIONS,POST"
         resp[
             "Access-Control-Allow-Headers"
diff --git a/shynet/dashboard/views.py b/shynet/dashboard/views.py
index 227d7d1..3e3fe84 100644
--- a/shynet/dashboard/views.py
+++ b/shynet/dashboard/views.py
@@ -12,6 +12,7 @@ from django.views.generic import (
     UpdateView,
 )
 from rules.contrib.views import PermissionRequiredMixin
+from django.core.cache import cache
 
 from analytics.models import Session
 from core.models import Service
@@ -77,6 +78,13 @@ class ServiceUpdateView(
     def get_success_url(self):
         return reverse("dashboard:service", kwargs={"pk": self.object.uuid})
 
+    def form_valid(self, *args, **kwargs):
+        resp = super().form_valid(*args, **kwargs)
+        cache.set(
+            f"service_origins_{self.object.uuid}", self.object.origins, timeout=3600
+        )
+        return resp
+
 
 class ServiceDeleteView(
     LoginRequiredMixin, PermissionRequiredMixin, SuccessMessageMixin, DeleteView