From 7b84bdb29b60504c1c5c88617e191767803384ab Mon Sep 17 00:00:00 2001
From: Samantaz Fox <coding@samantaz.fr>
Date: Tue, 13 Feb 2024 21:05:26 +0100
Subject: [PATCH] API: Add APIHandler back

This handler should no have been removed in 4276, as it adds the required CORS
header (Access-Control-Allow-Origin) for public acces to the API.

Thanks to iBicha for noticing this!
---
 src/invidious.cr                  |  1 +
 src/invidious/helpers/handlers.cr | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/src/invidious.cr b/src/invidious.cr
index c8cac80e..e0bd0101 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -217,6 +217,7 @@ public_folder "assets"
 
 Kemal.config.powered_by_header = false
 add_handler FilteredCompressHandler.new
+add_handler APIHandler.new
 add_handler AuthHandler.new
 add_handler DenyFrame.new
 add_context_storage_type(Array(String))
diff --git a/src/invidious/helpers/handlers.cr b/src/invidious/helpers/handlers.cr
index cece289b..174f620d 100644
--- a/src/invidious/helpers/handlers.cr
+++ b/src/invidious/helpers/handlers.cr
@@ -134,6 +134,19 @@ class AuthHandler < Kemal::Handler
   end
 end
 
+class APIHandler < Kemal::Handler
+  {% for method in %w(GET POST PUT HEAD DELETE PATCH OPTIONS) %}
+  only ["/api/v1/*"], {{method}}
+  {% end %}
+  exclude ["/api/v1/auth/notifications"], "GET"
+  exclude ["/api/v1/auth/notifications"], "POST"
+
+  def call(env)
+    env.response.headers["Access-Control-Allow-Origin"] = "*" if only_match?(env)
+    call_next env
+  end
+end
+
 class DenyFrame < Kemal::Handler
   exclude ["/embed/*"]