scripts/setup-blockscout-cors.sh

#!/bin/bash

# Setup Blockscout CORS Configuration for MetaMask Portfolio
# This script creates CORS configuration files for Blockscout

set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"

# Colors
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }

log_info "========================================="
log_info "Blockscout CORS Configuration Setup"
log_info "========================================="
log_info ""

# Create CORS configuration directory
CORS_DIR="$PROJECT_ROOT/blockscout-cors-config"
mkdir -p "$CORS_DIR"

# Create environment variables file
log_info "Creating CORS environment configuration..."
cat > "$CORS_DIR/cors.env" << 'EOF'
# Blockscout CORS Configuration for MetaMask Portfolio
# Add these environment variables to your Blockscout deployment

# Enable CORS
ENABLE_CORS=true

# Allowed Origins (comma-separated)
CORS_ALLOWED_ORIGINS=https://portfolio.metamask.io,https://metamask.io,https://chainlist.org,https://explorer.d-bis.org

# CORS Allowed Methods
CORS_ALLOWED_METHODS=GET,POST,OPTIONS

# CORS Allowed Headers
CORS_ALLOWED_HEADERS=Content-Type,Authorization,Accept

# CORS Max Age (seconds)
CORS_MAX_AGE=3600

# Token Metadata API Configuration
ENABLE_TOKEN_METADATA_API=true
TOKEN_METADATA_CACHE_ENABLED=true
TOKEN_METADATA_CACHE_TTL=3600

# Logo Serving Configuration
ENABLE_TOKEN_LOGO_SERVING=true
TOKEN_LOGO_BASE_URL=https://explorer.d-bis.org/images/tokens

# API Rate Limiting
API_RATE_LIMIT_ENABLED=true
API_RATE_LIMIT_PER_MINUTE=120
EOF

log_success "Created: $CORS_DIR/cors.env"

# Create Kubernetes ConfigMap
log_info "Creating Kubernetes ConfigMap..."
cat > "$CORS_DIR/blockscout-cors-configmap.yaml" << 'EOF'
apiVersion: v1
kind: ConfigMap
metadata:
  name: blockscout-metamask-cors
  namespace: besu-network
  labels:
    app: blockscout
    component: cors-config
data:
  # CORS Configuration
  ENABLE_CORS: "true"
  CORS_ALLOWED_ORIGINS: "https://portfolio.metamask.io,https://metamask.io,https://chainlist.org,https://explorer.d-bis.org"
  CORS_ALLOWED_METHODS: "GET,POST,OPTIONS"
  CORS_ALLOWED_HEADERS: "Content-Type,Authorization,Accept"
  CORS_MAX_AGE: "3600"
  
  # Token Metadata API
  ENABLE_TOKEN_METADATA_API: "true"
  TOKEN_METADATA_CACHE_ENABLED: "true"
  TOKEN_METADATA_CACHE_TTL: "3600"
  
  # Logo Serving
  ENABLE_TOKEN_LOGO_SERVING: "true"
  TOKEN_LOGO_BASE_URL: "https://explorer.d-bis.org/images/tokens"
  
  # API Rate Limiting
  API_RATE_LIMIT_ENABLED: "true"
  API_RATE_LIMIT_PER_MINUTE: "120"
EOF

log_success "Created: $CORS_DIR/blockscout-cors-configmap.yaml"

# Create Docker Compose environment
log_info "Creating Docker Compose environment..."
cat > "$CORS_DIR/docker-compose.cors.env" << 'EOF'
# Blockscout CORS Configuration for Docker Compose
# Add to your docker-compose.yml environment section

ENABLE_CORS=true
CORS_ALLOWED_ORIGINS=https://portfolio.metamask.io,https://metamask.io,https://chainlist.org,https://explorer.d-bis.org
CORS_ALLOWED_METHODS=GET,POST,OPTIONS
CORS_ALLOWED_HEADERS=Content-Type,Authorization,Accept
CORS_MAX_AGE=3600
ENABLE_TOKEN_METADATA_API=true
TOKEN_METADATA_CACHE_ENABLED=true
TOKEN_METADATA_CACHE_TTL=3600
ENABLE_TOKEN_LOGO_SERVING=true
TOKEN_LOGO_BASE_URL=https://explorer.d-bis.org/images/tokens
API_RATE_LIMIT_ENABLED=true
API_RATE_LIMIT_PER_MINUTE=120
EOF

log_success "Created: $CORS_DIR/docker-compose.cors.env"

# Create nginx CORS configuration (if using nginx in front of Blockscout)
log_info "Creating nginx CORS configuration..."
cat > "$CORS_DIR/nginx-cors.conf" << 'EOF'
# Nginx CORS Configuration for Blockscout
# Add to your nginx server block for explorer.d-bis.org

# CORS Headers for MetaMask Portfolio
add_header Access-Control-Allow-Origin "https://portfolio.metamask.io" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept" always;
add_header Access-Control-Max-Age 3600 always;
add_header Access-Control-Allow-Credentials true always;

# Handle OPTIONS preflight requests
if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin "https://portfolio.metamask.io" always;
    add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
    add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept" always;
    add_header Access-Control-Max-Age 3600 always;
    add_header Content-Length 0;
    add_header Content-Type text/plain;
    return 204;
}

# Additional CORS for other MetaMask domains
if ($http_origin ~* "^https://(metamask\.io|chainlist\.org)$") {
    add_header Access-Control-Allow-Origin "$http_origin" always;
}
EOF

log_success "Created: $CORS_DIR/nginx-cors.conf"

# Create application configuration
log_info "Creating application configuration..."
cat > "$CORS_DIR/blockscout-config.exs" << 'EOF'
# Blockscout CORS Configuration (Elixir/Phoenix)
# Add to config/prod.exs or config/runtime.exs

config :blockscout_web, BlockscoutWeb.Endpoint,
  http: [
    port: 4000,
    protocol_options: [
      idle_timeout: 60_000
    ]
  ],
  # CORS Configuration
  cors: [
    enabled: true,
    allowed_origins: [
      "https://portfolio.metamask.io",
      "https://metamask.io",
      "https://chainlist.org",
      "https://explorer.d-bis.org"
    ],
    allowed_methods: ["GET", "POST", "OPTIONS"],
    allowed_headers: ["Content-Type", "Authorization", "Accept"],
    max_age: 3600
  ],
  # Token Metadata API
  token_metadata: [
    enabled: true,
    cache_enabled: true,
    cache_ttl: 3600
  ],
  # Logo Serving
  logo_serving: [
    enabled: true,
    base_url: "https://explorer.d-bis.org/images/tokens"
  ],
  # API Rate Limiting
  rate_limiting: [
    enabled: true,
    requests_per_minute: 120
  ]
EOF

log_success "Created: $CORS_DIR/blockscout-config.exs"

# Create setup instructions
cat > "$CORS_DIR/SETUP_INSTRUCTIONS.md" << 'EOF'
# Blockscout CORS Configuration Setup

## Overview

This directory contains CORS configuration files for Blockscout to enable MetaMask Portfolio compatibility.

## Files

- `cors.env` - Environment variables for Blockscout
- `blockscout-cors-configmap.yaml` - Kubernetes ConfigMap
- `docker-compose.cors.env` - Docker Compose environment
- `nginx-cors.conf` - Nginx CORS configuration
- `blockscout-config.exs` - Elixir/Phoenix configuration

## Setup Methods

### Method 1: Environment Variables (Docker/Kubernetes)

1. **Docker Compose**:
   ```bash
   # Add to docker-compose.yml
   env_file:
     - docker-compose.cors.env
   ```

2. **Kubernetes**:
   ```bash
   kubectl apply -f blockscout-cors-configmap.yaml
   # Then reference in deployment:
   envFrom:
     - configMapRef:
         name: blockscout-metamask-cors
   ```

3. **Direct Environment**:
   ```bash
   source cors.env
   # Or export variables manually
   ```

### Method 2: Application Configuration (Elixir)

1. Copy `blockscout-config.exs` to your Blockscout config
2. Merge with existing configuration
3. Restart Blockscout

### Method 3: Nginx (Reverse Proxy)

1. Add `nginx-cors.conf` to your nginx server block
2. Reload nginx: `systemctl reload nginx`

## Verification

Test CORS headers:

```bash
# Test CORS preflight
curl -I -X OPTIONS https://explorer.d-bis.org/api/v2/tokens/0x... \
  -H "Origin: https://portfolio.metamask.io" \
  -H "Access-Control-Request-Method: GET"

# Expected headers:
# Access-Control-Allow-Origin: https://portfolio.metamask.io
# Access-Control-Allow-Methods: GET, POST, OPTIONS
# Access-Control-Allow-Headers: Content-Type, Authorization, Accept
```

## API Endpoints Required

Blockscout must provide these API endpoints for Portfolio:

1. **Token Metadata**:
   ```
   GET /api/v2/tokens/{address}
   ```

2. **Token Holders**:
   ```
   GET /api/v2/tokens/{address}/holders
   ```

3. **Account Token Balances**:
   ```
   GET /api/v2/addresses/{address}/token-balances
   ```

4. **Account Transactions**:
   ```
   GET /api/v2/addresses/{address}/transactions
   ```

## Testing

After configuration:

1. Restart Blockscout
2. Test CORS headers (see verification above)
3. Test from MetaMask Portfolio
4. Verify token metadata is accessible
5. Verify token logos are accessible

## Troubleshooting

### CORS Headers Not Appearing

- Check if CORS is enabled in Blockscout
- Verify environment variables are set
- Check nginx/application logs
- Verify origin is in allowed list

### Portfolio Cannot Access API

- Verify API endpoints are accessible
- Check rate limiting settings
- Verify SSL certificates are valid
- Test API endpoints directly

## Support

For issues, check:
- Blockscout documentation
- MetaMask Portfolio requirements
- CORS configuration best practices
EOF

log_success "Created: $CORS_DIR/SETUP_INSTRUCTIONS.md"

log_info ""
log_info "========================================="
log_info "CORS Configuration Complete!"
log_info "========================================="
log_info ""
log_info "Files created in: $CORS_DIR"
log_info ""
log_info "Next steps:"
log_info "1. Review SETUP_INSTRUCTIONS.md"
log_info "2. Apply CORS configuration to Blockscout"
log_info "3. Test CORS headers"
log_info "4. Verify Portfolio compatibility"
log_info ""
chore: sync submodule state (parent ref update) Made-with: Cursor 2026-03-02 12:14:14 -08:00			`#!/bin/bash`

			`# Setup Blockscout CORS Configuration for MetaMask Portfolio`
			`# This script creates CORS configuration files for Blockscout`

			`set -e`

			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`
			`PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"`

			`# Colors`
			`GREEN='\033[0;32m'`
			`RED='\033[0;31m'`
			`YELLOW='\033[1;33m'`
			`BLUE='\033[0;34m'`
			`NC='\033[0m'`

			`log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }`
			`log_success() { echo -e "${GREEN}[✓]${NC} $1"; }`
			`log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }`
			`log_error() { echo -e "${RED}[ERROR]${NC} $1"; }`

			`log_info "========================================="`
			`log_info "Blockscout CORS Configuration Setup"`
			`log_info "========================================="`
			`log_info ""`

			`# Create CORS configuration directory`
			`CORS_DIR="$PROJECT_ROOT/blockscout-cors-config"`
			`mkdir -p "$CORS_DIR"`

			`# Create environment variables file`
			`log_info "Creating CORS environment configuration..."`
			`cat > "$CORS_DIR/cors.env" << 'EOF'`
			`# Blockscout CORS Configuration for MetaMask Portfolio`
			`# Add these environment variables to your Blockscout deployment`

			`# Enable CORS`
			`ENABLE_CORS=true`

			`# Allowed Origins (comma-separated)`
			`CORS_ALLOWED_ORIGINS=https://portfolio.metamask.io,https://metamask.io,https://chainlist.org,https://explorer.d-bis.org`

			`# CORS Allowed Methods`
			`CORS_ALLOWED_METHODS=GET,POST,OPTIONS`

			`# CORS Allowed Headers`
			`CORS_ALLOWED_HEADERS=Content-Type,Authorization,Accept`

			`# CORS Max Age (seconds)`
			`CORS_MAX_AGE=3600`

			`# Token Metadata API Configuration`
			`ENABLE_TOKEN_METADATA_API=true`
			`TOKEN_METADATA_CACHE_ENABLED=true`
			`TOKEN_METADATA_CACHE_TTL=3600`

			`# Logo Serving Configuration`
			`ENABLE_TOKEN_LOGO_SERVING=true`
			`TOKEN_LOGO_BASE_URL=https://explorer.d-bis.org/images/tokens`

			`# API Rate Limiting`
			`API_RATE_LIMIT_ENABLED=true`
			`API_RATE_LIMIT_PER_MINUTE=120`
			`EOF`

			`log_success "Created: $CORS_DIR/cors.env"`

			`# Create Kubernetes ConfigMap`
			`log_info "Creating Kubernetes ConfigMap..."`
			`cat > "$CORS_DIR/blockscout-cors-configmap.yaml" << 'EOF'`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: blockscout-metamask-cors`
			`namespace: besu-network`
			`labels:`
			`app: blockscout`
			`component: cors-config`
			`data:`
			`# CORS Configuration`
			`ENABLE_CORS: "true"`
			`CORS_ALLOWED_ORIGINS: "https://portfolio.metamask.io,https://metamask.io,https://chainlist.org,https://explorer.d-bis.org"`
			`CORS_ALLOWED_METHODS: "GET,POST,OPTIONS"`
			`CORS_ALLOWED_HEADERS: "Content-Type,Authorization,Accept"`
			`CORS_MAX_AGE: "3600"`

			`# Token Metadata API`
			`ENABLE_TOKEN_METADATA_API: "true"`
			`TOKEN_METADATA_CACHE_ENABLED: "true"`
			`TOKEN_METADATA_CACHE_TTL: "3600"`

			`# Logo Serving`
			`ENABLE_TOKEN_LOGO_SERVING: "true"`
			`TOKEN_LOGO_BASE_URL: "https://explorer.d-bis.org/images/tokens"`

			`# API Rate Limiting`
			`API_RATE_LIMIT_ENABLED: "true"`
			`API_RATE_LIMIT_PER_MINUTE: "120"`
			`EOF`

			`log_success "Created: $CORS_DIR/blockscout-cors-configmap.yaml"`

			`# Create Docker Compose environment`
			`log_info "Creating Docker Compose environment..."`
			`cat > "$CORS_DIR/docker-compose.cors.env" << 'EOF'`
			`# Blockscout CORS Configuration for Docker Compose`
			`# Add to your docker-compose.yml environment section`

			`ENABLE_CORS=true`
			`CORS_ALLOWED_ORIGINS=https://portfolio.metamask.io,https://metamask.io,https://chainlist.org,https://explorer.d-bis.org`
			`CORS_ALLOWED_METHODS=GET,POST,OPTIONS`
			`CORS_ALLOWED_HEADERS=Content-Type,Authorization,Accept`
			`CORS_MAX_AGE=3600`
			`ENABLE_TOKEN_METADATA_API=true`
			`TOKEN_METADATA_CACHE_ENABLED=true`
			`TOKEN_METADATA_CACHE_TTL=3600`
			`ENABLE_TOKEN_LOGO_SERVING=true`
			`TOKEN_LOGO_BASE_URL=https://explorer.d-bis.org/images/tokens`
			`API_RATE_LIMIT_ENABLED=true`
			`API_RATE_LIMIT_PER_MINUTE=120`
			`EOF`

			`log_success "Created: $CORS_DIR/docker-compose.cors.env"`

			`# Create nginx CORS configuration (if using nginx in front of Blockscout)`
			`log_info "Creating nginx CORS configuration..."`
			`cat > "$CORS_DIR/nginx-cors.conf" << 'EOF'`
			`# Nginx CORS Configuration for Blockscout`
			`# Add to your nginx server block for explorer.d-bis.org`

			`# CORS Headers for MetaMask Portfolio`
			`add_header Access-Control-Allow-Origin "https://portfolio.metamask.io" always;`
			`add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;`
			`add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept" always;`
			`add_header Access-Control-Max-Age 3600 always;`
			`add_header Access-Control-Allow-Credentials true always;`

			`# Handle OPTIONS preflight requests`
			`if ($request_method = OPTIONS) {`
			`add_header Access-Control-Allow-Origin "https://portfolio.metamask.io" always;`
			`add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;`
			`add_header Access-Control-Allow-Headers "Content-Type, Authorization, Accept" always;`
			`add_header Access-Control-Max-Age 3600 always;`
			`add_header Content-Length 0;`
			`add_header Content-Type text/plain;`
			`return 204;`
			`}`

			`# Additional CORS for other MetaMask domains`
			`if ($http_origin ~* "^https://(metamask\.io\|chainlist\.org)$") {`
			`add_header Access-Control-Allow-Origin "$http_origin" always;`
			`}`
			`EOF`

			`log_success "Created: $CORS_DIR/nginx-cors.conf"`

			`# Create application configuration`
			`log_info "Creating application configuration..."`
			`cat > "$CORS_DIR/blockscout-config.exs" << 'EOF'`
			`# Blockscout CORS Configuration (Elixir/Phoenix)`
			`# Add to config/prod.exs or config/runtime.exs`

			`config :blockscout_web, BlockscoutWeb.Endpoint,`
			`http: [`
			`port: 4000,`
			`protocol_options: [`
			`idle_timeout: 60_000`
			`]`
			`],`
			`# CORS Configuration`
			`cors: [`
			`enabled: true,`
			`allowed_origins: [`
			`"https://portfolio.metamask.io",`
			`"https://metamask.io",`
			`"https://chainlist.org",`
			`"https://explorer.d-bis.org"`
			`],`
			`allowed_methods: ["GET", "POST", "OPTIONS"],`
			`allowed_headers: ["Content-Type", "Authorization", "Accept"],`
			`max_age: 3600`
			`],`
			`# Token Metadata API`
			`token_metadata: [`
			`enabled: true,`
			`cache_enabled: true,`
			`cache_ttl: 3600`
			`],`
			`# Logo Serving`
			`logo_serving: [`
			`enabled: true,`
			`base_url: "https://explorer.d-bis.org/images/tokens"`
			`],`
			`# API Rate Limiting`
			`rate_limiting: [`
			`enabled: true,`
			`requests_per_minute: 120`
			`]`
			`EOF`

			`log_success "Created: $CORS_DIR/blockscout-config.exs"`

			`# Create setup instructions`
			`cat > "$CORS_DIR/SETUP_INSTRUCTIONS.md" << 'EOF'`
			`# Blockscout CORS Configuration Setup`

			`## Overview`

			`This directory contains CORS configuration files for Blockscout to enable MetaMask Portfolio compatibility.`

			`## Files`

			- `cors.env` - Environment variables for Blockscout
			- `blockscout-cors-configmap.yaml` - Kubernetes ConfigMap
			- `docker-compose.cors.env` - Docker Compose environment
			- `nginx-cors.conf` - Nginx CORS configuration
			- `blockscout-config.exs` - Elixir/Phoenix configuration

			`## Setup Methods`

			`### Method 1: Environment Variables (Docker/Kubernetes)`

			`1. Docker Compose:`
			```bash
			`# Add to docker-compose.yml`
			`env_file:`
			`- docker-compose.cors.env`
			```

			`2. Kubernetes:`
			```bash
			`kubectl apply -f blockscout-cors-configmap.yaml`
			`# Then reference in deployment:`
			`envFrom:`
			`- configMapRef:`
			`name: blockscout-metamask-cors`
			```

			`3. Direct Environment:`
			```bash
			`source cors.env`
			`# Or export variables manually`
			```

			`### Method 2: Application Configuration (Elixir)`

			1. Copy `blockscout-config.exs` to your Blockscout config
			`2. Merge with existing configuration`
			`3. Restart Blockscout`

			`### Method 3: Nginx (Reverse Proxy)`

			1. Add `nginx-cors.conf` to your nginx server block
			2. Reload nginx: `systemctl reload nginx`

			`## Verification`

			`Test CORS headers:`

			```bash
			`# Test CORS preflight`
			`curl -I -X OPTIONS https://explorer.d-bis.org/api/v2/tokens/0x... \`
			`-H "Origin: https://portfolio.metamask.io" \`
			`-H "Access-Control-Request-Method: GET"`

			`# Expected headers:`
			`# Access-Control-Allow-Origin: https://portfolio.metamask.io`
			`# Access-Control-Allow-Methods: GET, POST, OPTIONS`
			`# Access-Control-Allow-Headers: Content-Type, Authorization, Accept`
			```

			`## API Endpoints Required`

			`Blockscout must provide these API endpoints for Portfolio:`

			`1. Token Metadata:`
			```
			`GET /api/v2/tokens/{address}`
			```

			`2. Token Holders:`
			```
			`GET /api/v2/tokens/{address}/holders`
			```

			`3. Account Token Balances:`
			```
			`GET /api/v2/addresses/{address}/token-balances`
			```

			`4. Account Transactions:`
			```
			`GET /api/v2/addresses/{address}/transactions`
			```

			`## Testing`

			`After configuration:`

			`1. Restart Blockscout`
			`2. Test CORS headers (see verification above)`
			`3. Test from MetaMask Portfolio`
			`4. Verify token metadata is accessible`
			`5. Verify token logos are accessible`

			`## Troubleshooting`

			`### CORS Headers Not Appearing`

			`- Check if CORS is enabled in Blockscout`
			`- Verify environment variables are set`
			`- Check nginx/application logs`
			`- Verify origin is in allowed list`

			`### Portfolio Cannot Access API`

			`- Verify API endpoints are accessible`
			`- Check rate limiting settings`
			`- Verify SSL certificates are valid`
			`- Test API endpoints directly`

			`## Support`

			`For issues, check:`
			`- Blockscout documentation`
			`- MetaMask Portfolio requirements`
			`- CORS configuration best practices`
			`EOF`

			`log_success "Created: $CORS_DIR/SETUP_INSTRUCTIONS.md"`

			`log_info ""`
			`log_info "========================================="`
			`log_info "CORS Configuration Complete!"`
			`log_info "========================================="`
			`log_info ""`
			`log_info "Files created in: $CORS_DIR"`
			`log_info ""`
			`log_info "Next steps:"`
			`log_info "1. Review SETUP_INSTRUCTIONS.md"`
			`log_info "2. Apply CORS configuration to Blockscout"`
			`log_info "3. Test CORS headers"`
			`log_info "4. Verify Portfolio compatibility"`
			`log_info ""`