Fixed CORS polices

src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java

@@ -1,14 +0,0 @@
-package com.faf223.expensetrackerfaf.config;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-
-@Configuration
-public class CorsConfig implements WebMvcConfigurer {
-
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**").allowedMethods("*");
-    }
-}

src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java

@@ -1,39 +0,0 @@
-package com.faf223.expensetrackerfaf.config;
-
-import jakarta.servlet.*;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.stereotype.Component;
-
-import java.io.IOException;
-
-@Component
-@Order(Ordered.HIGHEST_PRECEDENCE)
-public class CorsFilter implements Filter {
-
-    @Override
-    public void destroy() {
-    }
-
-
-    @Override
-    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
-        HttpServletResponse response = (HttpServletResponse) servletResponse;
-        response.setHeader("Access-Control-Allow-Origin", "*");
-        response.setHeader("Access-Control-Allow-Credentials", "true");
-        response.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS");
-        response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
-        if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) servletRequest).getMethod())) {
-            response.setStatus(HttpServletResponse.SC_OK);
-        } else {
-            filterChain.doFilter(servletRequest, response);
-        }
-
-    }
-
-    @Override
-    public void init(FilterConfig config) {
-    }
-}

src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java

@@ -22,6 +22,13 @@ import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+
+import static org.springframework.security.config.Customizer.withDefaults;
 
 @Configuration
 @EnableWebSecurity
@@ -35,6 +42,7 @@ public class SecurityConfiguration {
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
+                .cors(Customizer.withDefaults())
                 .csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/api/v1/auth/**").permitAll()
@@ -46,4 +54,16 @@ public class SecurityConfiguration {
         return http.build();
     }
 
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
+        configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+
 }

src/main/java/com/faf223/expensetrackerfaf/controller/ExpenseController.java

@@ -25,6 +25,7 @@ import java.util.stream.Collectors;
 @RestController
 @RequestMapping("/expenses")
 @RequiredArgsConstructor
+@CrossOrigin(origins = "http://localhost:5173")
 public class ExpenseController {
 
     private final ExpenseService expenseService;
@@ -60,6 +61,7 @@ public class ExpenseController {
         return ResponseEntity.notFound().build();
     }
 
+
     // TODO: has to be checked on auto extracting Uuid
     @PatchMapping()
     public ResponseEntity<ExpenseDTO> updateExpense(@RequestBody ExpenseCreationDTO expenseDTO,

src/main/java/com/faf223/expensetrackerfaf/controller/IncomeController.java

@@ -25,6 +25,7 @@ import java.util.stream.Collectors;
 @RestController
 @RequestMapping("/incomes")
 @RequiredArgsConstructor
+@CrossOrigin(origins = "http://localhost:5173")
 public class IncomeController {
 
     private final IncomeService incomeService;

src/main/java/com/faf223/expensetrackerfaf/controller/UserController.java

@@ -19,6 +19,7 @@ import java.util.ArrayList;
 @RestController
 @RequestMapping("/users")
 @RequiredArgsConstructor
+@CrossOrigin(origins = "http://localhost:5173")
 public class UserController {
 
     private final UserService userService;

src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/Dashboard.svelte

@@ -15,6 +15,7 @@
     onMount(() => {
             if (getCookie('access_token') === null) {
                     window.location.href = '/auth/login';
+                    console.log("no token");
             }
 
             const token = getCookie('access_token');

src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/Expenses.svelte

@@ -57,7 +57,6 @@
     }
 
     #expenseList {
-        margin-top: 10px;
         scrollbar-width: none;
         flex: 1;
         border-radius: 10px;

src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/Incomes.svelte

@@ -57,7 +57,6 @@
     }
 
     #incomeList {
-        margin-top: 10px;
         scrollbar-width: none;
         flex: 1;
         border-radius: 10px;

src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/contents/ContentExpense.svelte

@@ -63,7 +63,7 @@
 <div id="exp">
     <div id="optionField">
         <h2>Expenses</h2>
-        <div id="openModal" class="plus-button" role="button" tabindex="1" on:click={() => (showModal = true)} on:keydown={() => console.log("keydown")}>
+        <div id="openModal" class="plus-button" role="button" tabindex="0" on:click={() => (showModal = true)} on:keydown={() => console.log("keydown")}>
             +
         </div>
     </div>

src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/contents/ContentIncome.svelte

@@ -95,7 +95,7 @@
 <div id="inc">
     <div id="optionField">
         <h2>Incomes</h2>
-        <div id="openModal" class="plus-button" role="button" tabindex="1" on:click={() => (showModal = true)} on:keydown={() => console.log("keydown")}>
+        <div id="openModal" class="plus-button" role="button" tabindex="0" on:click={() => (showModal = true)} on:keydown={() => console.log("keydown")}>
             +
         </div>
     </div>

src/main/java/com/faf223/expensetrackerfaf/web/src/routes/dashboard/board/infolists/modals/Modal.svelte

@@ -1,7 +1,7 @@
 <script>
-    export let showModal; // boolean
+    export let showModal;
 
-    let dialog; // HTMLDialogElement
+    let dialog;
 
     $: if (dialog && showModal) dialog.showModal();
 </script>
@@ -54,7 +54,4 @@
             opacity: 1;
         }
     }
-    button {
-        display: block;
-    }
 </style>