diff --git a/api/api-app/src/main/kotlin/co/nilin/opex/api/app/config/CorsConfig.kt b/api/api-app/src/main/kotlin/co/nilin/opex/api/app/config/CorsConfig.kt new file mode 100644 index 000000000..d7f08bb75 --- /dev/null +++ b/api/api-app/src/main/kotlin/co/nilin/opex/api/app/config/CorsConfig.kt @@ -0,0 +1,46 @@ +package co.nilin.opex.api.app.config + +import org.springframework.beans.factory.annotation.Value +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.core.Ordered +import org.springframework.core.annotation.Order +import org.springframework.web.cors.CorsConfiguration +import org.springframework.web.cors.reactive.CorsWebFilter +import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource + +@Configuration(proxyBeanMethods = false) +class CorsConfig( + @Value("\${app.cors.enabled:false}") + private val enabled: Boolean, + + @Value("\${app.cors.allowed-origins:http://localhost:8110}") + private val allowedOrigins: String +) { + + @Bean + @Order(Ordered.HIGHEST_PRECEDENCE) + fun swaggerCorsWebFilter(): CorsWebFilter { + val config = CorsConfiguration().apply { + allowedOrigins = if (enabled) { + this@CorsConfig.allowedOrigins + .split(",") + .map { it.trim() } + .filter { it.isNotBlank() } + } else { + emptyList() + } + + allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS") + allowedHeaders = listOf("*") + exposedHeaders = listOf("Location", "Content-Disposition") + allowCredentials = false + maxAge = 3600 + } + + val source = UrlBasedCorsConfigurationSource() + source.registerCorsConfiguration("/**", config) + + return CorsWebFilter(source) + } +} \ No newline at end of file diff --git a/api/api-app/src/main/resources/application.yml b/api/api-app/src/main/resources/application.yml index 353f13cc1..29bd59f40 100644 --- a/api/api-app/src/main/resources/application.yml +++ b/api/api-app/src/main/resources/application.yml @@ -149,10 +149,9 @@ app: api: crypto: key: ${api_crypto_key:0e1fd29572ec8c85970d76e3433e96ee} - swagger: - cors: - enabled: true - allowed-origins: "http://localhost:8110" + cors: + enabled: true + allowed-origins: ${ALLOWED_ORIGINS:"http://localhost:8110"} # --- Swagger / SpringDoc (env-driven) --- springdoc: diff --git a/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/config/CorsConfig.kt b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/config/CorsConfig.kt new file mode 100644 index 000000000..15a7bec43 --- /dev/null +++ b/auth-gateway/auth-gateway-app/src/main/kotlin/co/nilin/opex/auth/config/CorsConfig.kt @@ -0,0 +1,46 @@ +package co.nilin.opex.auth.config + +import org.springframework.beans.factory.annotation.Value +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.core.Ordered +import org.springframework.core.annotation.Order +import org.springframework.web.cors.CorsConfiguration +import org.springframework.web.cors.reactive.CorsWebFilter +import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource + +@Configuration(proxyBeanMethods = false) +class CorsConfig( + @Value("\${app.cors.enabled:false}") + private val enabled: Boolean, + + @Value("\${app.cors.allowed-origins:http://localhost:8110}") + private val allowedOrigins: String +) { + + @Bean + @Order(Ordered.HIGHEST_PRECEDENCE) + fun CorsWebFilter(): CorsWebFilter { + val config = CorsConfiguration().apply { + allowedOrigins = if (enabled) { + this@CorsConfig.allowedOrigins + .split(",") + .map { it.trim() } + .filter { it.isNotBlank() } + } else { + emptyList() + } + + allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS") + allowedHeaders = listOf("*") + exposedHeaders = listOf("Location", "Content-Disposition") + allowCredentials = false + maxAge = 3600 + } + + val source = UrlBasedCorsConfigurationSource() + source.registerCorsConfiguration("/**", config) + + return CorsWebFilter(source) + } +} \ No newline at end of file diff --git a/auth-gateway/auth-gateway-app/src/main/resources/application.yml b/auth-gateway/auth-gateway-app/src/main/resources/application.yml index 68dd6b18e..e114a9a6f 100644 --- a/auth-gateway/auth-gateway-app/src/main/resources/application.yml +++ b/auth-gateway/auth-gateway-app/src/main/resources/application.yml @@ -80,10 +80,9 @@ app: custom-user-language: enabled: ${CUSTOM_USER_LANGUAGE_ENABLED:false} pre-auth-client-secret: ${PRE_AUTH_CLIENT_SECRET} - swagger: - cors: - enabled: true - allowed-origins: "http://localhost:8110" + cors: + enabled: true + allowed-origins: ${ALLOWED_ORIGINS:"http://localhost:8110"} # --- Swagger / SpringDoc (env-driven) --- springdoc: diff --git a/docker-compose.yml b/docker-compose.yml index bb427887e..c8b020b6c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -426,6 +426,7 @@ services: - SWAGGER_UI_ENABLED=${SWAGGER_UI_ENABLED} - SWAGGER_AUTH_ENABLED=${SWAGGER_AUTH_ENABLED} - SWAGGER_AUTH_AUTHORITY=${SWAGGER_AUTH_AUTHORITY} + - ALLOWED_ORIGINS:${ALLOWED_ORIGINS} volumes: - auth-gateway-keys:/app/keys depends_on: @@ -525,6 +526,7 @@ services: - SWAGGER_UI_ENABLED=${SWAGGER_UI_ENABLED} - SWAGGER_AUTH_ENABLED=${SWAGGER_AUTH_ENABLED} - SWAGGER_AUTH_AUTHORITY=${SWAGGER_AUTH_AUTHORITY} + - ALLOWED_ORIGINS:${ALLOWED_ORIGINS} depends_on: - consul - vault @@ -663,8 +665,6 @@ services: condition: on-failure swagger-docs: image: swaggerapi/swagger-ui:latest - profiles: - - docs environment: URLS: ${SWAGGER_DOCS_URLS} URLS_PRIMARY_NAME: ${SWAGGER_DOCS_PRIMARY_NAME:-Opex API}