API 1.2.1 CORS

src/main/kotlin/com/aitrainer/api/controller/CustomerController.kt

@@ -42,7 +42,8 @@ class CustomerController ( private val customerRepository: CustomerRepository) {
 
     @Secured
     @GetMapping("/customers/{id}")
-    fun getCustomerById(@PathVariable(value = "id") customerId: Long, @RequestHeader headers: HttpHeaders): ResponseEntity<Customer> {
+    @CrossOrigin(origins = ["http://localhost:48102"])
+    fun getCustomerById(@PathVariable(value = "id") customerId: Long): ResponseEntity<Customer> {
         val customer: Customer? = customerRepository.findById(customerId).orElse(null)
         return if (customer == null) ResponseEntity.notFound().build() else ResponseEntity.ok().body(customer)
     }

src/main/kotlin/com/aitrainer/api/controller/PackageController.kt

@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 import com.google.gson.GsonBuilder
+import org.springframework.web.bind.annotation.CrossOrigin
 
 
 @RestController
@@ -42,6 +43,7 @@ class PackageController(private val exerciseAbilityRepository: ExerciseAbilityRe
 ) {
 
     @GetMapping("/diet_package")
+    @CrossOrigin(origins = ["http://localhost:48102"])
     fun getDietPackageData(): ResponseEntity<String> {
         val gson = GsonBuilder()
             .excludeFieldsWithoutExposeAnnotation()

src/main/kotlin/com/aitrainer/api/security/AuthenticationControllerAspect.kt

@@ -28,10 +28,22 @@ class AuthenticationControllerAspect {
         Singleton.checkDBUpdate(configurationRepository, properties)
     }
 
-    @Before("execution(* com.aitrainer.api.security.JwtSecurityConfig.*(..))")
+    @Before("execution(* com.aitrainer.api.security.JwtSecurityConfig.filterChain(..))")
     fun securityControllerAspect(joinPoint: JoinPoint) {
-        println("JwtSecurity config join")
+        println("JwtSecurity FilterChain config join")
         Singleton.checkDBUpdate(configurationRepository, properties)
     }
 
+    @Before("execution(* com.aitrainer.api.security.JwtSecurityConfig.corsMappingConfigurer(..))")
+    fun corsControllerAspect(joinPoint: JoinPoint) {
+        println("JwtSecurity CorsMapper config join")
+        Singleton.checkDBUpdate(configurationRepository, properties)
+    }
+
+   /* @Before("execution(* com.aitrainer.api.security.JwtRequestFilter.doFilterInternal(..))")
+    fun requestFilterAspect(joinPoint: JoinPoint) {
+        println("JwtRequestFilter join")
+        Singleton.checkDBUpdate(configurationRepository, properties)
+    }*/
+
 }

src/main/kotlin/com/aitrainer/api/security/JwtSecurityConfig.kt

@@ -12,10 +12,13 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
+import org.springframework.web.servlet.config.annotation.CorsRegistry
+import org.springframework.web.servlet.config.annotation.EnableWebMvc
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
 
 @Configuration
 @EnableWebSecurity
+@EnableWebMvc
 class JwtSecurityConfig {
     @Autowired
     private val jwtAuthenticationEntryPoint: JwtAuthenticationEntryPoint? = null
@@ -33,24 +36,37 @@ class JwtSecurityConfig {
         val authenticationManagerBuilder = http.getSharedObject(
             AuthenticationManagerBuilder::class.java
         )
-        authenticationManagerBuilder.userDetailsService(jwtUserDetailsService).passwordEncoder(serviceBeans!!.passwordEncoder())
+        authenticationManagerBuilder.userDetailsService(jwtUserDetailsService)
+            .passwordEncoder(serviceBeans!!.passwordEncoder())
         return authenticationManagerBuilder.build()
     }
 
     @Bean
     @Throws(Exception::class)
-    fun filterChain(httpSecurity: HttpSecurity):SecurityFilterChain {
+    fun filterChain(httpSecurity: HttpSecurity): SecurityFilterChain {
 
-        httpSecurity.
-            csrf().disable().
-            authorizeHttpRequests().requestMatchers("/api/authenticate").permitAll().
-            anyRequest().authenticated().and().
-            exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().
-            addFilterAfter(jwtRequestFilter, UsernamePasswordAuthenticationFilter::class.java).
+        httpSecurity.cors().and().csrf().disable().authorizeHttpRequests().requestMatchers("/api/authenticate").permitAll()
+            .anyRequest().authenticated().and().exceptionHandling()
+            .authenticationEntryPoint(jwtAuthenticationEntryPoint).and()
+            .addFilterAfter(jwtRequestFilter, UsernamePasswordAuthenticationFilter::class.java).
 
             // make sure we use stateless session; session won't be used to
             // store user's state.
-            sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+        sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
         return httpSecurity.build();
     }
-}
+
+    @Bean
+    fun corsMappingConfigurer(): WebMvcConfigurer? {
+        return object : WebMvcConfigurer {
+            override fun addCorsMappings(registry: CorsRegistry) {
+                registry.addMapping("/**")
+                    .allowedOriginPatterns("https://*.diet4you.eu", "https://*.diet4you.hu", "https://*.workouttest.org", "http://localhost:[*]")
+                    //.allowedOrigins("*")
+                    .allowedMethods("POST", "GET", "OPTIONS", "HEAD")
+                    .maxAge(3600)
+                    .allowedHeaders("*")
+            }
+        }
+    }
+}

src/main/resources/application-diet.properties

@@ -23,3 +23,5 @@ jwt.secret=aitrainer
 openai.key=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
 firebase.key=AIzaSyBLn7Bz73Z1hB-OhqphBDsskOyGmpI7J8E
 spring.mail.properties.mail.mime.charset=UTF-8
+
+spring.mvc.cors.allowed-origins=*

src/main/resources/application-dietprod.properties

@@ -20,4 +20,6 @@ jwt.secret=aitrainer
 
 firebase.key=AIzaSyCUXBWV3_qzvV__ZWZA1siHftrrJpjDKh4
 openai.key=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
-spring.mail.properties.mail.mime.charset=UTF-8
+spring.mail.properties.mail.mime.charset=UTF-8
+
+spring.mvc.cors.allowed-origins=*

src/main/resources/application.properties

@@ -23,4 +23,6 @@ jwt.secret=aitrainer
 
 openai.key=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
 spring.mail.properties.mail.mime.charset=UTF-8
-firebase.key=AIzaSyCUXBWV3_qzvV__ZWZA1siHftrrJpjDKh4
+firebase.key=AIzaSyCUXBWV3_qzvV__ZWZA1siHftrrJpjDKh4
+
+spring.mvc.cors.allowed-origins=*

src/test/kotlin/com/aitrainer/api/test/AppPackageTest.kt

@@ -394,9 +394,9 @@ class AppPackageTest {
                 val appTextJson: String = record[1]
                 val type = object : TypeToken<List<AppText?>?>() {}.type
                 val texts: List<AppText> = gson.fromJson(appTextJson, type)
-                assertEquals(texts.size, 2)
-                assertEquals(texts[0].translations[0].translation, "Done!")
-                assertEquals(texts[0].translations[1].translation, "Kész!")
+                assertEquals(texts.size, 15)
+                assertEquals(texts[13].translations[0].translation, "Done!")
+                assertEquals(texts[13].translations[1].translation, "Kész!")
             } else if (record[0] == TrainingProgram::class.simpleName) {
                 val trainingProgramJson: String = record[1]
                 val type = object : TypeToken<List<TrainingProgram?>?>() {}.type