From 5463a1e92278d9aa570fd5c4b6f18a7e20f83ab8 Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonygarnockjones@gmail.com>
Date: Tue, 9 Aug 2016 16:43:30 -0400
Subject: [PATCH] Configure S3 CORS support. Closes #10.

---
 README.md      | 37 +++++++++++++++++++++++++++++++++++++
 src/static.rkt | 13 +++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/README.md b/README.md
index d35eb57..72fdddc 100644
--- a/README.md
+++ b/README.md
@@ -123,6 +123,43 @@ To enable replication, set configuration variable
 set `static-content-update-hook` to a string containing a shell
 command to execute every time the static content is updated.
 
+#### S3 Content
+
+To set up an S3 bucket---let's call it `s3.example`---for use with
+this site, follow these steps:
+
+ 0. Create the bucket ("`s3.example`")
+ 0. Optionally add a CNAME record to DNS mapping `s3.example` to
+    `s3.example.s3-website-us-east-1.amazonaws.com`. If you do, static
+    resources will be available at `http://s3.example/`; if not, at
+    the longer URL.
+ 0. Enable "Static Website Hosting" for the bucket. Set the index
+    document to `index.html` and the error document to `not-found`.
+
+Then, under "Permissions", click "Add bucket policy", and add
+something like the following.
+
+    {
+      "Id": "RacketPackageWebsiteS3Policy",
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Sid": "RacketPackageWebsiteS3PolicyStmt1",
+          "Action": "s3:*",
+          "Effect": "Allow",
+          "Resource": ["arn:aws:s3:::s3.example",
+                       "arn:aws:s3:::s3.example/*"],
+          "Principal": {
+            "AWS": ["<<<ARN OF THE USER TO WHOM ACCESS SHOULD BE GRANTED>>>"]
+          }
+        }
+      ]
+    }
+
+The user will need to be able to read and write objects and set CORS
+policy. (CORS is configured automatically by code in
+`src/static.rkt`.)
+
 ### Supervision
 
 Startable using djb's [daemontools](http://cr.yp.to/daemontools.html);
diff --git a/src/static.rkt b/src/static.rkt
index 406cbe9..845a267 100644
--- a/src/static.rkt
+++ b/src/static.rkt
@@ -17,6 +17,7 @@
 (require web-server/http/request-structs)
 (require web-server/http/response-structs)
 (require file/md5)
+(require xml)
 (require xml/path)
 (require net/url)
 (require aws/s3)
@@ -219,7 +220,19 @@
                    (file->bytes filepath)
                    (extension-map filepath))))
 
+(define (configure-s3-cors!)
+  (log-info "Configuring S3 CORS headers:\n~a"
+            (put/bytes (string-append aws-s3-bucket+path "?cors")
+                       (string->bytes/utf-8 (xexpr->string
+                                             `(CORSConfiguration
+                                               (CORSRule (AllowedOrigin "*")
+                                                         (AllowedMethod "GET")
+                                                         (AllowedHeader "*")))))
+                       "application/xml"
+                       '())))
+
 (define (static-renderer-aws-s3 index)
+  (when (not index) (configure-s3-cors!))
   (let ((index (or index (initial-aws-s3-index))))
     (match
         (rpc-handler (sync (rpc-request-evt))