From 56d1987ea8a800a06b7f9b0ab0ff7d70140d7f67 Mon Sep 17 00:00:00 2001
From: Jakob Odersky <jakob@driver.xyz>
Date: Fri, 20 Oct 2017 14:17:21 -0700
Subject: Backport #77

---
 src/main/scala/xyz/driver/core/app.scala | 108 ++++++++++++++++---------------
 1 file changed, 56 insertions(+), 52 deletions(-)

diff --git a/src/main/scala/xyz/driver/core/app.scala b/src/main/scala/xyz/driver/core/app.scala
index a7f58e3..d0c7106 100644
--- a/src/main/scala/xyz/driver/core/app.scala
+++ b/src/main/scala/xyz/driver/core/app.scala
@@ -49,6 +49,7 @@ object app {
                   port: Int = 8080,
                   tracer: Option[ServiceTracer] = None)(implicit actorSystem: ActorSystem,
                                                         executionContext: ExecutionContext) {
+    import DriverApp._
 
     implicit private lazy val materializer = ActorMaterializer()(actorSystem)
     private lazy val http                  = Http()(actorSystem)
@@ -75,58 +76,6 @@ object app {
     private def extractHeader(request: HttpRequest)(headerName: String): Option[String] =
       request.headers.find(_.name().toLowerCase === headerName).map(_.value())
 
-    private val allowedHeaders =
-      Seq(
-        "Origin",
-        "X-Requested-With",
-        "Content-Type",
-        "Content-Length",
-        "Accept",
-        "X-Trace",
-        "Access-Control-Allow-Methods",
-        "Access-Control-Allow-Origin",
-        "Access-Control-Allow-Headers",
-        "Server",
-        "Date",
-        ContextHeaders.TrackingIdHeader,
-        ContextHeaders.StacktraceHeader,
-        ContextHeaders.AuthenticationTokenHeader,
-        "X-Frame-Options",
-        "X-Content-Type-Options",
-        "Strict-Transport-Security",
-        AuthProvider.SetAuthenticationTokenHeader,
-        AuthProvider.SetPermissionsTokenHeader,
-        trace.TracingHeaderKey
-      )
-
-    private def allowOrigin(originHeader: Option[Origin]) =
-      `Access-Control-Allow-Origin`(
-        originHeader.fold[HttpOriginRange](HttpOriginRange.*)(h => HttpOriginRange(h.origins: _*)))
-
-    protected implicit def rejectionHandler =
-      RejectionHandler
-        .newBuilder()
-        .handleAll[MethodRejection] { rejections =>
-          val methods    = rejections map (_.supported)
-          lazy val names = methods map (_.name) mkString ", "
-
-          options { ctx =>
-            optionalHeaderValueByType[Origin](()) { originHeader =>
-              respondWithHeaders(List[HttpHeader](
-                Allow(methods),
-                `Access-Control-Allow-Methods`(methods),
-                allowOrigin(originHeader),
-                `Access-Control-Allow-Headers`(allowedHeaders: _*),
-                `Access-Control-Expose-Headers`(allowedHeaders: _*)
-              )) {
-                complete(s"Supported methods: $names.")
-              }
-            }(ctx)
-          } ~
-            complete(MethodNotAllowed -> s"HTTP method not allowed, supported methods: $names!")
-        }
-        .result()
-
     protected def bindHttp(modules: Seq[Module]): Unit = {
       val serviceTypes   = modules.flatMap(_.routeTypes)
       val swaggerService = swaggerOverride(serviceTypes)
@@ -386,6 +335,61 @@ object app {
     }
   }
 
+  object DriverApp {
+
+    private val allowedHeaders =
+      Seq(
+        "Origin",
+        "X-Requested-With",
+        "Content-Type",
+        "Content-Length",
+        "Accept",
+        "X-Trace",
+        "Access-Control-Allow-Methods",
+        "Access-Control-Allow-Origin",
+        "Access-Control-Allow-Headers",
+        "Server",
+        "Date",
+        ContextHeaders.TrackingIdHeader,
+        ContextHeaders.StacktraceHeader,
+        ContextHeaders.AuthenticationTokenHeader,
+        "X-Frame-Options",
+        "X-Content-Type-Options",
+        "Strict-Transport-Security",
+        AuthProvider.SetAuthenticationTokenHeader,
+        AuthProvider.SetPermissionsTokenHeader
+      )
+
+    private def allowOrigin(originHeader: Option[Origin]) =
+      `Access-Control-Allow-Origin`(
+        originHeader.fold[HttpOriginRange](HttpOriginRange.*)(h => HttpOriginRange(h.origins: _*)))
+
+    implicit def rejectionHandler: RejectionHandler =
+      RejectionHandler
+        .newBuilder()
+        .handleAll[MethodRejection] { rejections =>
+          val methods    = rejections map (_.supported)
+          lazy val names = methods map (_.name) mkString ", "
+
+          options { ctx =>
+            optionalHeaderValueByType[Origin](()) { originHeader =>
+              respondWithHeaders(List[HttpHeader](
+                Allow(methods),
+                `Access-Control-Allow-Methods`(methods),
+                allowOrigin(originHeader),
+                `Access-Control-Allow-Headers`(allowedHeaders: _*),
+                `Access-Control-Expose-Headers`(allowedHeaders: _*)
+              )) {
+                complete(s"Supported methods: $names.")
+              }
+            }(ctx)
+          } ~
+            complete(MethodNotAllowed -> s"HTTP method not allowed, supported methods: $names!")
+        }
+        .result()
+
+  }
+
   trait Module {
     val name: String
     def route: Route
-- 
cgit v1.2.3