From 54e434ba8fd29a3088c629019ee90c6d25636b22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Valenta?= <git@imaniti.org>
Date: Wed, 22 Mar 2023 08:41:35 +0100
Subject: [PATCH] add proxy to ARES (no CORS)

---
 contracts/urls.py               |  6 ++++++
 contracts/views.py              | 20 ++++++++++++++++++++
 static_src/admin/signee_form.js |  2 +-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/contracts/urls.py b/contracts/urls.py
index ad00727..b0fe3a6 100644
--- a/contracts/urls.py
+++ b/contracts/urls.py
@@ -109,4 +109,10 @@ urlpatterns = [
         dal.autocomplete.Select2QuerySetView.as_view(model=models.ContracteeSignature),
         name="select2_djhacker_contractee_signature_autocomplete",
     ),
+
+    path(
+        "ares-info-proxy/<int:ico>",
+        views.get_ares_info,
+        name="get_ares_info",
+    )
 ]
diff --git a/contracts/views.py b/contracts/views.py
index d047b3b..9a95bed 100644
--- a/contracts/views.py
+++ b/contracts/views.py
@@ -1,6 +1,10 @@
+import requests
+
 from django.conf import settings
 from django.core.paginator import Paginator
+from django.http import HttpResponse
 from django.shortcuts import render
+from django_http_exceptions import HTTPExceptions
 from django_downloadview import ObjectDownloadView
 from guardian.shortcuts import get_objects_for_user
 
@@ -368,3 +372,19 @@ def view_signees(request):
 
 
 # END Submodel listing views
+
+
+# ARES CORS proxy
+def get_ares_info(request, ico: int):
+    if not request.user.is_staff:
+        raise HTTPExceptions.FORBIDDEN
+
+    ares_info = requests.get(
+        f"https://wwwinfo.mfcr.cz/cgi-bin/ares/darv_std.cgi?ico={ico}"
+    )
+
+    return HttpResponse(
+        content=ares_info.content,
+        status=ares_info.status_code,
+        content_type=ares_info.headers.get("Content-Type")
+    )
diff --git a/static_src/admin/signee_form.js b/static_src/admin/signee_form.js
index 4d0acae..f15a9c8 100644
--- a/static_src/admin/signee_form.js
+++ b/static_src/admin/signee_form.js
@@ -88,7 +88,7 @@ $(window).ready(
                 const icoValue = $("#id_ico_number").val();
                 
                 const rawAresXMLResponse = await fetch(
-                    `https://wwwinfo.mfcr.cz/cgi-bin/ares/darv_std.cgi?ico=${icoValue}`
+                    `/ares-info-proxy/${icoValue}`
                 );
                 
                 if (!rawAresXMLResponse.ok) {
-- 
GitLab