From f2fb6379c616b6b117a1b9b748d91a4350aedc59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carl-Gerhard=20Lindesva=CC=88rd?= <lindesvard@gmail.com>
Date: Mon, 23 Sep 2024 09:36:02 +0200
Subject: [PATCH] feature(api): support better wildcard

---
 apps/api/src/utils/auth.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/apps/api/src/utils/auth.ts b/apps/api/src/utils/auth.ts
index 7f5c3b90..0dfb55a8 100644
--- a/apps/api/src/utils/auth.ts
+++ b/apps/api/src/utils/auth.ts
@@ -75,7 +75,17 @@ export async function validateSdkRequest(
 
   if (client.cors) {
     const domainAllowed = client.cors.split(',').find((domain) => {
-      if (cleanDomain(domain) === cleanDomain(origin || '')) {
+      const cleanedDomain = cleanDomain(domain);
+      // support wildcard domains `*.foo.com`
+      if (cleanedDomain.includes('*')) {
+        const regex = new RegExp(
+          `${cleanedDomain.replaceAll('.', '\\.').replaceAll('*', '.+?')}`,
+        );
+
+        return regex.test(origin || '');
+      }
+
+      if (cleanedDomain === cleanDomain(origin || '')) {
         return true;
       }
     });