Merge pull request #438 from FlowCI/feature/1610

gy2006 · web-flow · commit 7749ccac74f7 · 2023-02-04T14:07:00.000+01:00
Feature/1610
diff --git a/core/src/main/java/com/flowci/core/auth/controller/WebAuth.java b/core/src/main/java/com/flowci/core/auth/controller/WebAuth.java
@@ -25,6 +25,7 @@
 import com.flowci.exception.AuthenticationException;
 import com.flowci.util.StringHelper;
 import com.google.common.base.Strings;
+import lombok.AllArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.messaging.MessageHeaders;
 import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
@@ -43,17 +44,16 @@
  * @author yang
  */
 @Component("webAuth")
+@AllArgsConstructor
 public class WebAuth implements HandlerInterceptor {
 
     private static final String HeaderToken = "Token";
 
     private static final String ParameterToken = "token";
 
-    @Autowired
-    private AuthService authService;
+    private final AuthService authService;
 
-    @Autowired
-    private SessionManager sessionManager;
+    private final SessionManager sessionManager;
 
     /**
      * Get user object from ws message header
@@ -73,7 +73,7 @@ public User validate(MessageHeaders headers) {
         }
 
         Optional<User> user = authService.get(token);
-        if (!user.isPresent()) {
+        if (user.isEmpty()) {
             throw new AuthenticationException("Invalid token");
         }
 
diff --git a/core/src/main/java/com/flowci/core/common/adviser/CorsFilter.java b/core/src/main/java/com/flowci/core/common/adviser/CorsFilter.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2018 flow.ci
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.flowci.core.common.adviser;
+
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author yang
+ */
+@WebFilter(urlPatterns = "/*", filterName = "corsFilter")
+public class CorsFilter implements Filter {
+
+    private static final String AllowedHeaders =
+        "Origin, X-Requested-With, Content-Disposition, Content-Type, Accept, Token, Authorization";
+
+    private static final String AllowedMethods = "GET, POST, PATCH, OPTIONS, DELETE";
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        if (!isHttpRequest(request, response)) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+        var httpRequest = (HttpServletRequest) request;
+        var httpResponse = (HttpServletResponse) response;
+
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*");
+        httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
+        httpResponse.setHeader("Access-Control-Allow-Methods", AllowedMethods);
+        httpResponse.setHeader("Access-Control-Max-Age", "1800");
+        httpResponse.setHeader("Access-Control-Allow-Headers", AllowedHeaders);
+
+        if (httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
+            httpResponse.setStatus(HttpServletResponse.SC_OK);
+            return;
+        }
+
+        chain.doFilter(request, response);
+    }
+
+    private static boolean isHttpRequest(ServletRequest request, ServletResponse response) {
+        return (request instanceof HttpServletRequest) && (response instanceof HttpServletResponse);
+    }
+}
diff --git a/core/src/main/java/com/flowci/core/common/adviser/CrosInterceptor.java b/core/src/main/java/com/flowci/core/common/adviser/CrosInterceptor.java
diff --git a/core/src/main/java/com/flowci/core/common/config/WebConfig.java b/core/src/main/java/com/flowci/core/common/config/WebConfig.java
@@ -17,56 +17,61 @@
 package com.flowci.core.common.config;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.flowci.core.common.adviser.CrosInterceptor;
+import com.flowci.core.common.adviser.CorsFilter;
 import com.flowci.core.common.helper.JacksonHelper;
 import com.flowci.core.plugin.domain.Plugin;
 import com.flowci.domain.Vars;
 import com.google.common.collect.ImmutableList;
+import lombok.AllArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.converter.ByteArrayHttpMessageConverter;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.ResourceHttpMessageConverter;
 import org.springframework.http.converter.StringHttpMessageConverter;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.http.converter.support.AllEncompassingFormHttpMessageConverter;
 import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.config.annotation.EnableWebMvc;
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
-import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.config.annotation.*;
 
+import javax.servlet.Filter;
 import java.nio.file.Path;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
 @EnableWebMvc
 @Configuration
+@AllArgsConstructor
 public class WebConfig {
 
-    @Autowired
-    private HandlerInterceptor apiAuth;
+    private final HandlerInterceptor apiAuth;
 
-    @Autowired
-    private HandlerInterceptor webAuth;
+    private final HandlerInterceptor webAuth;
 
-    @Autowired
-    private AppProperties appProperties;
+    private final AppProperties appProperties;
 
     @Bean("staticResourceDir")
     public Path staticResourceDir() {
         return appProperties.getSiteDir();
     }
 
+    @Bean
+    @Order(Ordered.HIGHEST_PRECEDENCE)
+    @ConditionalOnProperty(prefix = "app", name = "cors", havingValue = "true")
+    public Filter corsFilter() {
+        return new CorsFilter();
+    }
+
     @Bean
     public WebMvcConfigurer webMvcConfigurer() {
         return new WebMvcConfigurer() {
             @Override
             public void addInterceptors(InterceptorRegistry registry) {
-                registry.addInterceptor(new CrosInterceptor());
-
                 registry.addInterceptor(webAuth)
                         .addPathPatterns("/users/**")
                         .excludePathPatterns("/users/default")
diff --git a/core/src/main/resources/flow.properties b/core/src/main/resources/flow.properties
@@ -8,6 +8,7 @@ app.default-smtp-config=true
 app.socket-container=true
 app.core-pool-size=100
 app.max-pool-size=200
+app.cors=true
 
 app.auth.enabled=true
 app.auth.expire-seconds=7200
