CORS Configuration for ECD API Services (#100)

* implemented cors all api

* fix:added cors error api fix

* fix:vary added

* fix: ci properties changed

Author: vishwab1

src/main/environment/ecd_ci.properties

@@ -29,4 +29,7 @@ logging.file.name=@env.ECD_API_LOGGING_FILE_NAME@
 springdoc.api-docs.enabled=@env.SWAGGER_DOC_ENABLED@
 springdoc.swagger-ui.enabled=@env.SWAGGER_DOC_ENABLED@
 
-spring.redis.host=@env.REDIS_HOST@
+spring.redis.host=@env.REDIS_HOST@
+
+cors.allowed-origins=@env.CORS_ALLOWED_ORIGINS@
+

src/main/environment/ecd_example.properties

@@ -23,4 +23,6 @@ springdoc.swagger-ui.enabled=true
 jwt.secret=my-32-character-ultra-secure-and-ultra-long-secret
 #If both properties are set, only logging.file.name takes effect.
 logging.path=logs/
-logging.file.name=logs/ecd-api.log
+logging.file.name=logs/ecd-api.log
+
+cors.allowed-origins=http://localhost:*

src/main/java/com/iemr/ecd/config/WebConfiguration.java

@@ -24,13 +24,33 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import java.util.Arrays;
+import org.springframework.beans.factory.annotation.Value;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @Configuration
 public class WebConfiguration implements WebMvcConfigurer {
 
+	private static final Logger logger = LoggerFactory.getLogger(WebConfiguration.class);
+
+	@Value("${cors.allowed-origins}")
+	private String allowedOrigins;
+
 	@Override
 	public void addCorsMappings(CorsRegistry registry) {
-		registry.addMapping("/**").allowedMethods("*");
-	}
+		String[] originPatterns = Arrays.stream(allowedOrigins.split(","))
+				.map(String::trim)
+				.toArray(String[]::new);
 
+		logger.info("Initializing CORS configuration with allowed origins: {}", Arrays.toString(originPatterns));
+
+		registry.addMapping("/**")
+				.allowedOriginPatterns(originPatterns)
+				.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+				.allowedHeaders("*")
+				.exposedHeaders("Authorization", "Jwttoken")
+				.allowCredentials(true)
+				.maxAge(3600);
+	}
 }

src/main/java/com/iemr/ecd/controller/associate/AutoPreviewDialingController.java

@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -47,7 +47,6 @@
 
 @RestController
 @RequestMapping(value = "/autoPreviewDialing", headers = "Authorization")
-@CrossOrigin()
 public class AutoPreviewDialingController {
 
 	@Autowired

src/main/java/com/iemr/ecd/controller/associate/BeneficiaryCallHistoryController.java

@@ -25,7 +25,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -46,7 +46,6 @@
 
 @RestController
 @RequestMapping(value = "/callHistory", headers = "Authorization")
-@CrossOrigin()
 public class BeneficiaryCallHistoryController {
 	@Autowired
 	private BeneficiaryCallHistoryImpl beneficiaryCallHistoryImpl;

src/main/java/com/iemr/ecd/controller/associate/BeneficiaryRegistrationController.java

@@ -25,7 +25,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
@@ -43,14 +43,12 @@
 
 @RestController
 @RequestMapping(value = "/beneficary", headers = "Authorization")
-@CrossOrigin()
 
 public class BeneficiaryRegistrationController {
 
 	@Autowired
 	private BeneficiaryRegistrationServiceImpl beneficiaryRegistrationServiceImpl;
 
-	@CrossOrigin()
 	@PostMapping(value = "/registration", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Create beneficiary registration", description = "Desc - Create Beneficiary registration")
 	@ApiResponses(value = {
@@ -67,7 +65,6 @@ public ResponseEntity<Object> beneficiaryRegistration(@RequestBody RequestBenefi
 				HttpStatus.OK);
 	}
 
-	@CrossOrigin()
 	@PostMapping(value = "/updateBeneficiaryDetails", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Update beneficiary details", description = "Desc - Update Beneficiary details")
 	@ApiResponses(value = {

src/main/java/com/iemr/ecd/controller/associate/CallClosureController.java

@@ -25,7 +25,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -42,12 +42,10 @@
 
 @RestController
 @RequestMapping(value = "/closure", headers = "Authorization")
-@CrossOrigin()
 public class CallClosureController {
 	@Autowired
 	private CallClosureImpl callClosureImpl;
 
-	@CrossOrigin()
 	@PostMapping(value = "/closeCall", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Call closure", description = "Desc - Call closure")
 	@ApiResponses(value = {

src/main/java/com/iemr/ecd/controller/callallocation/CallAllocationController.java

@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -50,7 +50,6 @@
 
 @RestController
 @RequestMapping(value = "/callAllocation", headers = "Authorization")
-@CrossOrigin()
 public class CallAllocationController {
 
 	@Autowired
@@ -127,7 +126,7 @@ public ResponseEntity<Object> reAllocateCalls(@RequestBody RequestCallAllocation
 	public ResponseEntity<String> updateAlerts(@RequestBody RequestCallAllocationDTO callAllocationDto) {
 		return new ResponseEntity<>(callAllocationImpl.moveAllocatedCallsToBin(callAllocationDto), HttpStatus.OK);
 	}
-	
+
 	@PostMapping(value = "/insertRecordsInOutboundCalls", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Insert Records In OutboundCalls", description = "Desc - Insert Records In OutboundCalls")
 	@ApiResponses(value = {
@@ -141,7 +140,7 @@ public ResponseEntity<String> insertRecordsInOutboundCalls(@RequestBody Outbound
 		return new ResponseEntity<>(callAllocationImpl.insertRecordsInOutboundCalls(outboundCallsDTO), HttpStatus.OK);
 
 	}
-	
+
 	@GetMapping(value = "/getEligibleRecordsLanguageInfo/{psmId}/{phoneNoType}/{recordType}/{fDate}/{tDate}/{preferredLanguage}/{role}", produces = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Fetch eligible Language records for allocation", description = "Desc - Fetch eligible records for allocation")
 	@ApiResponses(value = {
@@ -153,9 +152,12 @@ public ResponseEntity<String> insertRecordsInOutboundCalls(@RequestBody Outbound
 			@ApiResponse(responseCode = CustomExceptionResponse.BAD_REQUEST_SC_V, description = CustomExceptionResponse.BAD_REQUEST_SC) })
 	public ResponseEntity<ResponseEligibleCallRecordsDTO> getEligibleRecordsLanguageInfo(@PathVariable int psmId,
 			@PathVariable String phoneNoType, @PathVariable String recordType, @PathVariable String fDate,
-			@PathVariable String tDate, @PathVariable String preferredLanguage,@PathVariable String role) throws ECDException {
+			@PathVariable String tDate, @PathVariable String preferredLanguage, @PathVariable String role)
+			throws ECDException {
 		return new ResponseEntity<>(
-				callAllocationImpl.getEligibleRecordsLanguageInfo(psmId, phoneNoType, recordType, fDate, tDate, preferredLanguage,role), HttpStatus.OK);
+				callAllocationImpl.getEligibleRecordsLanguageInfo(psmId, phoneNoType, recordType, fDate, tDate,
+						preferredLanguage, role),
+				HttpStatus.OK);
 
 	}
 

src/main/java/com/iemr/ecd/controller/callallocation/CallConfigurationController.java

@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -48,7 +48,6 @@
 
 @RestController
 @RequestMapping(value = "/callConfiguration", headers = "Authorization")
-@CrossOrigin()
 public class CallConfigurationController {
 
 	@Autowired

src/main/java/com/iemr/ecd/controller/dataupload/DataTemplateController.java

@@ -29,7 +29,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -48,7 +48,6 @@
 
 @RestController
 @RequestMapping(value = "/dataTemplate", headers = "Authorization")
-@CrossOrigin()
 public class DataTemplateController {
 
 	@Autowired