Merge pull request #30 from cancogen-virus-seq/PATCH/0.1.2

Patch/0.1.2
virusseq · Apr 14, 2021 · ff59076 · ff59076
2 parents 17f3ecf + c132ad3
commit ff59076
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 49 deletions.
diff --git a/pom.xml b/pom.xml
@@ -10,7 +10,7 @@
     </parent>
     <groupId>org.cancogen-virus-seq</groupId>
     <artifactId>muse</artifactId>
-    <version>0.1.1</version>
+    <version>0.1.2</version>
     <name>muse</name>
     <description>Service to submit, validate, and download virus-seq data</description>
     <properties>

diff --git a/src/main/java/org/cancogenvirusseq/muse/config/CorsConfiguration.java b/src/main/java/org/cancogenvirusseq/muse/config/CorsConfiguration.java
diff --git a/src/main/java/org/cancogenvirusseq/muse/config/websecurity/AuthConfig.java b/src/main/java/org/cancogenvirusseq/muse/config/websecurity/AuthConfig.java
@@ -39,6 +39,7 @@
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
@@ -52,14 +53,29 @@
 import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
 import org.springframework.security.oauth2.server.resource.web.server.ServerBearerTokenAuthenticationConverter;
 import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.reactive.CorsConfigurationSource;
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
 import reactor.core.publisher.Mono;
 
 @Slf4j
 @EnableWebFluxSecurity
 @EnableReactiveMethodSecurity
 @RequiredArgsConstructor
 public class AuthConfig {
+
+  /** Constants */
+  private static final List<String> ALLOWED_METHODS =
+      List.of("GET", "PUT", "POST", "DELETE", "OPTIONS");
+
+  private static final List<String> ALLOWED_ORIGINS = List.of("*");
+
+  private static final List<String> ALLOWED_HEADERS = List.of("*");
+
+  /** Dependencies */
   private final AuthProperties authProperties;
+
+  private final CorsProperties corsProperties;
   private final ResourceLoader resourceLoader;
 
   @Bean
@@ -68,7 +84,8 @@ public SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
         new ServerBearerTokenAuthenticationConverter();
     authenticationConverter.setAllowUriQueryParameter(true);
 
-    http.csrf()
+    http.cors(Customizer.withDefaults())
+        .csrf()
         .disable()
         .authorizeExchange()
         .pathMatchers("/actuator/**")
@@ -111,6 +128,19 @@ public Function<Authentication, Boolean> readScopeChecker() {
     return new ScopeChecker(expectedScopes);
   }
 
+  @Bean
+  CorsConfigurationSource corsConfigurationSource() {
+    CorsConfiguration configuration = new CorsConfiguration();
+    configuration.setAllowCredentials(true);
+    configuration.setAllowedOriginPatterns(corsProperties.getDomainPatterns());
+    configuration.setAllowedMethods(ALLOWED_METHODS);
+    configuration.setAllowedHeaders(ALLOWED_HEADERS);
+    configuration.setMaxAge(corsProperties.getMaxAge());
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", configuration);
+    return source;
+  }
+
   private Converter<Jwt, Mono<AbstractAuthenticationToken>> grantedAuthoritiesExtractor() {
     JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
     jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(

diff --git a/src/main/java/org/cancogenvirusseq/muse/config/websecurity/CorsProperties.java b/src/main/java/org/cancogenvirusseq/muse/config/websecurity/CorsProperties.java
@@ -0,0 +1,14 @@
+package org.cancogenvirusseq.muse.config.websecurity;
+
+import java.util.List;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Data
+@Configuration
+@ConfigurationProperties(prefix = "cors")
+public class CorsProperties {
+  private List<String> domainPatterns;
+  private Long maxAge;
+}
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
@@ -7,6 +7,12 @@ spring:
 server:
   port: 8080
 
+cors:
+  domainPatterns:
+    - "http://localhost:3000"
+    - "https://localhost:3000"
+  maxAge: 3600
+
 postgres:
   host: localhost
   port: 5432