byte/expensetracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #26 from lumijiez/front-v2

Browse Source 
Fixed CORS polices
This commit was merged in pull request #26.
This commit is contained in:
Daniel
2023-10-26 21:52:26 +03:00
committed by GitHub
parent f98bd461ee dfc5fd19a1
commit 6e96029058
12 changed files with 29 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java
View File

@@ -1,14 +0,0 @@
package com.faf223.expensetrackerfaf.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("*");
}
}

39
src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java
View File

@@ -1,39 +0,0 @@
package com.faf223.expensetrackerfaf.config;
import jakarta.servlet.*;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import java.io.IOException;
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) servletRequest).getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
filterChain.doFilter(servletRequest, response);
}
}
@Override
public void init(FilterConfig config) {
}
}

20
src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
View File

@@ -22,6 +22,13 @@ import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.Arrays;
import static org.springframework.security.config.Customizer.withDefaults;
@Configuration
@EnableWebSecurity
@@ -35,6 +42,7 @@ public class SecurityConfiguration {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.cors(Customizer.withDefaults())
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/v1/auth/**").permitAll()
@@ -46,4 +54,16 @@ public class SecurityConfiguration {
return http.build();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}

2
src/main/java/com/faf223/expensetrackerfaf/controller/ExpenseController.java
View File

@@ -25,6 +25,7 @@ import java.util.stream.Collectors;
@RestController
@RequestMapping("/expenses")
@RequiredArgsConstructor
@CrossOrigin(origins = "http://localhost:5173")
public class ExpenseController {
private final ExpenseService expenseService;
@@ -60,6 +61,7 @@ public class ExpenseController {
return ResponseEntity.notFound().build();
}
// TODO: has to be checked on auto extracting Uuid
@PatchMapping()
public ResponseEntity<ExpenseDTO> updateExpense(@RequestBody ExpenseCreationDTO expenseDTO,

1
src/main/java/com/faf223/expensetrackerfaf/controller/IncomeController.java
View File

@@ -25,6 +25,7 @@ import java.util.stream.Collectors;
@RestController
@RequestMapping("/incomes")
@RequiredArgsConstructor
@CrossOrigin(origins = "http://localhost:5173")
public class IncomeController {
private final IncomeService incomeService;

1
src/main/java/com/faf223/expensetrackerfaf/controller/UserController.java
View File

@@ -19,6 +19,7 @@ import java.util.ArrayList;
@RestController
@RequestMapping("/users")
@RequiredArgsConstructor
@CrossOrigin(origins = "http://localhost:5173")
public class UserController {
private final UserService userService;

1
src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/Dashboard.svelte
View File

@@ -15,6 +15,7 @@
onMount(() => {
if (getCookie('access_token') === null) {
window.location.href = '/auth/login';
console.log("no token");
}
const token = getCookie('access_token');

1
src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/Expenses.svelte
View File

@@ -57,7 +57,6 @@
}
#expenseList {
margin-top: 10px;
scrollbar-width: none;
flex: 1;
border-radius: 10px;

1
src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/Incomes.svelte
View File

@@ -57,7 +57,6 @@
}
#incomeList {
margin-top: 10px;
scrollbar-width: none;
flex: 1;
border-radius: 10px;

2
src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/contents/ContentExpense.svelte
View File

@@ -63,7 +63,7 @@
<div id="exp">
<div id="optionField">
<h2>Expenses</h2>
<div id="openModal" class="plus-button" role="button" tabindex="1" on:click={() => (showModal = true)} on:keydown={() => console.log("keydown")}>
<div id="openModal" class="plus-button" role="button" tabindex="0" on:click={() => (showModal = true)} on:keydown={() => console.log("keydown")}>
+
</div>
</div>

2
src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/contents/ContentIncome.svelte
View File

@@ -95,7 +95,7 @@
<div id="inc">
<div id="optionField">
<h2>Incomes</h2>
<div id="openModal" class="plus-button" role="button" tabindex="1" on:click={() => (showModal = true)} on:keydown={() => console.log("keydown")}>
<div id="openModal" class="plus-button" role="button" tabindex="0" on:click={() => (showModal = true)} on:keydown={() => console.log("keydown")}>
+
</div>
</div>

7
src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/modals/Modal.svelte
View File

@@ -1,7 +1,7 @@
<script>
export let showModal; // boolean
export let showModal;
let dialog; // HTMLDialogElement
let dialog;
$: if (dialog && showModal) dialog.showModal();
</script>
@@ -54,7 +54,4 @@
opacity: 1;
}
}
button {
display: block;
}
</style>