From 1f9e6f31ca85838f9eb60ecba09e8aad6fd98bd1 Mon Sep 17 00:00:00 2001
From: Aditya Baldwa <adityabaldwa767@gmail.com>
Date: Sat, 5 Oct 2024 16:27:39 +0530
Subject: [PATCH] Closes #535, allowing to configure cors through spring
 properties

---
 .../ui/config/CorsGlobalConfiguration.java     | 12 ++++++++----
 .../io/kafbat/ui/config/CorsProperties.java    | 18 ++++++++++++++++++
 api/src/main/resources/application.yml         |  6 ++++++
 3 files changed, 32 insertions(+), 4 deletions(-)
 create mode 100644 api/src/main/java/io/kafbat/ui/config/CorsProperties.java

diff --git a/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java b/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java
index 4713dfd37..714fa349a 100644
--- a/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java
+++ b/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java
@@ -1,5 +1,6 @@
 package io.kafbat.ui.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpHeaders;
@@ -15,6 +16,9 @@
 @Configuration
 public class CorsGlobalConfiguration {
 
+  @Autowired
+  private CorsProperties corsProperties;
+
   @Bean
   public WebFilter corsFilter() {
     return (final ServerWebExchange ctx, final WebFilterChain chain) -> {
@@ -22,10 +26,10 @@ public WebFilter corsFilter() {
 
       final ServerHttpResponse response = ctx.getResponse();
       final HttpHeaders headers = response.getHeaders();
-      headers.add("Access-Control-Allow-Origin", "*");
-      headers.add("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
-      headers.add("Access-Control-Max-Age", "3600");
-      headers.add("Access-Control-Allow-Headers", "Content-Type");
+      headers.add("Access-Control-Allow-Origin", corsProperties.getAllowedOrigins());
+      headers.add("Access-Control-Allow-Methods", corsProperties.getAllowedMethods());
+      headers.add("Access-Control-Max-Age", corsProperties.getMaxAge());
+      headers.add("Access-Control-Allow-Headers", corsProperties.getAllowedHeaders());
 
       if (request.getMethod() == HttpMethod.OPTIONS) {
         response.setStatusCode(HttpStatus.OK);
diff --git a/api/src/main/java/io/kafbat/ui/config/CorsProperties.java b/api/src/main/java/io/kafbat/ui/config/CorsProperties.java
new file mode 100644
index 000000000..a3c1a47ea
--- /dev/null
+++ b/api/src/main/java/io/kafbat/ui/config/CorsProperties.java
@@ -0,0 +1,18 @@
+package io.kafbat.ui.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+import lombok.Data;
+
+@Component
+@ConfigurationProperties(prefix = "cors")
+@Data
+
+public class CorsProperties {
+
+  private String allowedOrigins;
+  private String allowedMethods;
+  private String allowedHeaders;
+  private String maxAge;
+
+}
diff --git a/api/src/main/resources/application.yml b/api/src/main/resources/application.yml
index ba26c1f9c..d62e9cb39 100644
--- a/api/src/main/resources/application.yml
+++ b/api/src/main/resources/application.yml
@@ -19,3 +19,9 @@ logging:
     reactor.netty.http.server.AccessLog: INFO
     org.hibernate.validator: WARN
 
+cors:
+  allowed-origins: "*"
+  allowed-methods: "GET, PUT, POST, DELETE, OPTIONS"
+  allowed-headers: "Content-Type"
+  max-age: "3600"
+