Adding cors headers directly to the job

Author: dpacheco-groupieticket

server/server-core/build.gradle.kts

@@ -16,5 +16,4 @@ dependencies {
     implementation(libs.smithy.model)
     implementation(project(":io"))
     implementation(project(":logging"))
-    implementation(libs.netty.all)
 }

server/server-core/src/main/java/software/amazon/smithy/java/server/core/CorsHeaders.java

@@ -7,7 +7,6 @@
 
 import static software.amazon.smithy.java.core.schema.TraitKey.CORS_TRAIT;
 
-import io.netty.handler.codec.http.HttpHeaders;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
@@ -16,15 +15,15 @@ public final class CorsHeaders {
 
     private CorsHeaders() {}
 
-    private static final Map<String, Iterable<?>> BASE_CORS_HEADERS = Map.of(
+    private static final Map<String, List<String>> BASE_CORS_HEADERS = Map.of(
             "Access-Control-Allow-Methods",
             List.of("GET, POST, PUT, DELETE, OPTIONS"),
             "Access-Control-Allow-Headers",
             List.of("*,Access-Control-Allow-Headers,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Authorization,Content-Length,Content-Type,X-Amz-User-Agent,X-Amzn-Trace-Id"),
             "Access-Control-Max-Age",
             List.of("600"));
 
-    public static void of(HttpJob job, HttpHeaders headers) {
+    public static void addCorsHeaders(HttpJob job) {
         if (!shouldAddCorsHeaders(job)) {
             return;
         }
@@ -36,11 +35,8 @@ public static void of(HttpJob job, HttpHeaders headers) {
             return;
         }
 
-        for (Map.Entry<String, Iterable<?>> entrySet : BASE_CORS_HEADERS.entrySet()) {
-            headers.set(entrySet.getKey(), entrySet.getValue());
-        }
-
-        headers.set("Access-Control-Allow-Origin", List.of(requestOrigin));
+        job.response().headers().putHeaders(BASE_CORS_HEADERS);
+        job.response().headers().putHeader("Access-Control-Allow-Origin", List.of(requestOrigin));
     }
 
     private static boolean shouldAddCorsHeaders(HttpJob job) {

server/server-core/src/test/java/software/amazon/smithy/java/server/core/CorsHeadersTest.java

@@ -8,7 +8,6 @@
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
-import io.netty.handler.codec.http.DefaultHttpHeaders;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.List;
@@ -19,6 +18,7 @@
 import software.amazon.smithy.java.core.schema.ApiService;
 import software.amazon.smithy.java.core.schema.Schema;
 import software.amazon.smithy.java.http.api.HttpHeaders;
+import software.amazon.smithy.java.http.api.ModifiableHttpHeaders;
 import software.amazon.smithy.java.server.Operation;
 import software.amazon.smithy.model.traits.CorsTrait;
 
@@ -99,29 +99,28 @@ public Schema schema() {
         HttpJob job = new HttpJob(testOperation, protocol, request, response);
 
         // Apply CORS headers
-        var responseHeaders = new DefaultHttpHeaders();
-        CorsHeaders.of(job, responseHeaders);
+        CorsHeaders.addCorsHeaders(job);
 
         // Verify headers
         if (testCase.shouldHaveHeaders) {
-            assertContainsHeader(responseHeaders, testCase.expectedAllowOrigin);
+            assertContainsHeader(job.response().headers(), testCase.expectedAllowOrigin);
         } else {
-            assertDoNotContainsHeader(responseHeaders);
+            assertDoNotContainsHeader(job.response().headers());
         }
     }
 
-    private void assertContainsHeader(io.netty.handler.codec.http.HttpHeaders responseHeaders, String allowedOrigin) {
-        assertTrue(responseHeaders.contains("Access-Control-Allow-Methods"));
-        assertTrue(responseHeaders.contains("Access-Control-Allow-Headers"));
-        assertTrue(responseHeaders.contains("Access-Control-Max-Age"));
-        assertTrue(responseHeaders.contains("Access-Control-Allow-Origin"));
-        assertTrue(responseHeaders.get("Access-Control-Allow-Origin").contains(allowedOrigin));
+    private void assertContainsHeader(ModifiableHttpHeaders responseHeaders, String allowedOrigin) {
+        assertTrue(responseHeaders.hasHeader("Access-Control-Allow-Methods"));
+        assertTrue(responseHeaders.hasHeader("Access-Control-Allow-Headers"));
+        assertTrue(responseHeaders.hasHeader("Access-Control-Max-Age"));
+        assertTrue(responseHeaders.hasHeader("Access-Control-Allow-Origin"));
+        assertTrue(responseHeaders.allValues("Access-Control-Allow-Origin").contains(allowedOrigin));
     }
 
-    private void assertDoNotContainsHeader(io.netty.handler.codec.http.HttpHeaders responseHeaders) {
-        assertFalse(responseHeaders.contains("Access-Control-Allow-Methods"));
-        assertFalse(responseHeaders.contains("Access-Control-Allow-Headers"));
-        assertFalse(responseHeaders.contains("Access-Control-Max-Age"));
-        assertFalse(responseHeaders.contains("Access-Control-Allow-Origin"));
+    private void assertDoNotContainsHeader(ModifiableHttpHeaders responseHeaders) {
+        assertFalse(responseHeaders.hasHeader("Access-Control-Allow-Methods"));
+        assertFalse(responseHeaders.hasHeader("Access-Control-Allow-Headers"));
+        assertFalse(responseHeaders.hasHeader("Access-Control-Max-Age"));
+        assertFalse(responseHeaders.hasHeader("Access-Control-Allow-Origin"));
     }
 }

server/server-core/src/test/java/software/amazon/smithy/java/server/core/TestStructs.java

@@ -5,6 +5,7 @@
 
 package software.amazon.smithy.java.server.core;
 
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -130,39 +131,41 @@ public ApiService service() {
     }
 
     public static class TestModifiableHttpHeaders implements ModifiableHttpHeaders {
+        Map<String, List<String>> headers = new HashMap<>();
+
         @Override
         public void putHeader(String name, String value) {
-
+            headers.put(name, List.of(value));
         }
 
         @Override
         public void putHeader(String name, List<String> values) {
-
+            headers.put(name, values);
         }
 
         @Override
         public void removeHeader(String name) {
-
+            headers.remove(name);
         }
 
         @Override
         public List<String> allValues(String name) {
-            return List.of();
+            return headers.getOrDefault(name, List.of());
         }
 
         @Override
         public int size() {
-            return 0;
+            return headers.size();
         }
 
         @Override
         public Map<String, List<String>> map() {
-            return Map.of();
+            return headers;
         }
 
         @Override
         public Iterator<Map.Entry<String, List<String>>> iterator() {
-            return null;
+            return headers.entrySet().iterator();
         }
     }
 

server/server-netty/src/main/java/software/amazon/smithy/java/server/netty/HttpRequestHandler.java

@@ -99,12 +99,12 @@ private void writeResponse(Channel channel, HttpJob job) {
                     HttpVersion.HTTP_1_1,
                     HttpResponseStatus.valueOf(job.response().getStatusCode()),
                     Unpooled.wrappedBuffer(serializedValue.waitForByteBuffer()));
+            CorsHeaders.addCorsHeaders(job);
             response.headers().set(((NettyHttpHeaders) job.response().headers()).getNettyHeaders());
             response.headers().set("content-length", serializedValue.contentLength());
             if (serializedValue.contentType() != null) {
                 response.headers().set("content-type", serializedValue.contentType());
             }
-            CorsHeaders.of(job, response.headers());
         } catch (Throwable e) {
             response = new DefaultFullHttpResponse(
                     HttpVersion.HTTP_1_1,