From c37922d1338b900f6631b72a522bccb6422b2360 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Morten=20Remb=C3=B8l=20Jacobsen?= Date: Mon, 16 Jan 2023 11:07:13 +0100 Subject: [PATCH] added optional cors --- Presentation.Web/App_Start/WebApiConfig.cs | 11 ++++- .../Controllers/Web/HomeController.cs | 7 +-- .../Application/Cors/CorsConfiguration.cs | 44 +++++++++++++++++++ .../RuntimeEnv/KitosEnvironment.cs | 10 +++++ .../KitosEnvironmentConfiguration.cs | 31 +++++++++++++ Presentation.Web/Presentation.Web.csproj | 3 ++ .../Properties/Settings.Designer.cs | 11 ++++- Presentation.Web/Properties/Settings.settings | 3 ++ Presentation.Web/Web.config | 3 ++ 9 files changed, 118 insertions(+), 5 deletions(-) create mode 100644 Presentation.Web/Models/Application/Cors/CorsConfiguration.cs create mode 100644 Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironment.cs create mode 100644 Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironmentConfiguration.cs diff --git a/Presentation.Web/App_Start/WebApiConfig.cs b/Presentation.Web/App_Start/WebApiConfig.cs index 802ba1069c..9d6bcb9095 100644 --- a/Presentation.Web/App_Start/WebApiConfig.cs +++ b/Presentation.Web/App_Start/WebApiConfig.cs @@ -28,12 +28,13 @@ using DataType = Core.DomainModel.ItSystem.DataType; using HelpText = Core.DomainModel.HelpText; using Core.DomainModel.Shared; +using Presentation.Web.Models.Application.Cors; namespace Presentation.Web { public static class WebApiConfig { - const string ControllerSuffix = "Controller"; + private const string ControllerSuffix = "Controller"; public static void Register(HttpConfiguration config) { @@ -62,6 +63,14 @@ public static void Register(HttpConfiguration config) config.Filters.Add(new ValidateActionParametersAttribute()); config.Filters.Add(new DenyRightsHoldersAccessAttribute()); //By default block all actions for users with rights holders access in one or more organizations config.Count().Filter().OrderBy().Expand().Select().MaxTop(null); + + //Optionally enable CORS + var corsConfig = CorsConfiguration.FromConfiguration(); + var globalCors = corsConfig.GlobalCorsSettings; + if (globalCors.HasValue) + { + config.EnableCors(globalCors.Value); + } } public static IEdmModel GetModel() diff --git a/Presentation.Web/Controllers/Web/HomeController.cs b/Presentation.Web/Controllers/Web/HomeController.cs index 1aecdeb641..58c45a949f 100644 --- a/Presentation.Web/Controllers/Web/HomeController.cs +++ b/Presentation.Web/Controllers/Web/HomeController.cs @@ -4,9 +4,8 @@ using Core.ApplicationServices.Authentication; using Core.ApplicationServices.SSO.Model; using Core.DomainServices; - using Presentation.Web.Models.Application.FeatureToggle; -using Presentation.Web.Properties; +using Presentation.Web.Models.Application.RuntimeEnv; namespace Presentation.Web.Controllers.Web { @@ -15,6 +14,7 @@ public class HomeController : Controller { private readonly IAuthenticationContext _userContext; private readonly IUserRepository _userRepository; + private readonly bool _isProd; private const string SsoErrorKey = "SSO_ERROR"; private const string FeatureToggleKey = "FEATURE_TOGGLE"; private const string SsoAuthenticationCompletedKey = "SSO_PREFERRED_START"; @@ -23,11 +23,12 @@ public HomeController(IAuthenticationContext userContext, IUserRepository userRe { _userContext = userContext; _userRepository = userRepository; + _isProd = KitosEnvironmentConfiguration.FromConfiguration().Environment == KitosEnvironment.Production; } public ActionResult Index() { - ViewBag.StylingScheme = Settings.Default.Environment?.ToLowerInvariant().Contains("prod") == true ? "PROD" : "TEST"; + ViewBag.StylingScheme = _isProd ? "PROD" : "TEST"; AppendSsoError(); AppendFeatureToggles(); AppendSsoLoginInformation(); diff --git a/Presentation.Web/Models/Application/Cors/CorsConfiguration.cs b/Presentation.Web/Models/Application/Cors/CorsConfiguration.cs new file mode 100644 index 0000000000..dd57b96397 --- /dev/null +++ b/Presentation.Web/Models/Application/Cors/CorsConfiguration.cs @@ -0,0 +1,44 @@ +using System; +using System.Diagnostics; +using System.Linq; +using System.Web.Http.Cors; +using Core.Abstractions.Types; +using Presentation.Web.Models.Application.RuntimeEnv; +using Presentation.Web.Properties; + +namespace Presentation.Web.Models.Application.Cors +{ + public class CorsConfiguration + { + private const string WildCard = "*"; + public Maybe GlobalCorsSettings { get; } + + public static CorsConfiguration FromConfiguration() + { + var environmentConfiguration = KitosEnvironmentConfiguration.FromConfiguration(); + var config = Maybe.None; + + if (environmentConfiguration.Environment == KitosEnvironment.Dev) + { + var origins = Settings.Default.CorsOrigins; + if (!string.IsNullOrWhiteSpace(origins)) + { + var configuredOrigins = origins.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(x => x.Trim()).ToList(); + var originsString = string.Join(",", configuredOrigins); + Trace.WriteLine($"CORS origins enabled:{originsString}"); + if (originsString.Length > 0) + { + config = new EnableCorsAttribute(originsString, WildCard, WildCard); + } + } + } + + return new CorsConfiguration(config); + } + + public CorsConfiguration(Maybe globalCorsSettings) + { + GlobalCorsSettings = globalCorsSettings; + } + } +} \ No newline at end of file diff --git a/Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironment.cs b/Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironment.cs new file mode 100644 index 0000000000..df74c979f3 --- /dev/null +++ b/Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironment.cs @@ -0,0 +1,10 @@ +namespace Presentation.Web.Models.Application.RuntimeEnv +{ + public enum KitosEnvironment + { + Dev = 0, + Integration = 1, + Staging = 2, + Production = 3 + } +} \ No newline at end of file diff --git a/Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironmentConfiguration.cs b/Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironmentConfiguration.cs new file mode 100644 index 0000000000..44d9754918 --- /dev/null +++ b/Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironmentConfiguration.cs @@ -0,0 +1,31 @@ +using System.Configuration; +using Presentation.Web.Properties; + +namespace Presentation.Web.Models.Application.RuntimeEnv +{ + public class KitosEnvironmentConfiguration + { + public KitosEnvironment Environment { get; } + + public KitosEnvironmentConfiguration(KitosEnvironment environment) + { + Environment = environment; + } + + public static KitosEnvironmentConfiguration FromConfiguration() + { + var environmentConf = Settings.Default.Environment?.ToLowerInvariant() ?? ""; + var env = environmentConf switch + { + "dev" => KitosEnvironment.Dev, + "integration" => KitosEnvironment.Integration, + "staging" => KitosEnvironment.Staging, + "prod" => KitosEnvironment.Production, + _ => throw new ConfigurationErrorsException( + $"Invalid value of the Environment variable. Got:\"{environmentConf}\"") + }; + + return new KitosEnvironmentConfiguration(env); + } + } +} \ No newline at end of file diff --git a/Presentation.Web/Presentation.Web.csproj b/Presentation.Web/Presentation.Web.csproj index 1707b353d9..74e89e37a8 100644 --- a/Presentation.Web/Presentation.Web.csproj +++ b/Presentation.Web/Presentation.Web.csproj @@ -773,6 +773,7 @@ + @@ -830,6 +831,8 @@ + + diff --git a/Presentation.Web/Properties/Settings.Designer.cs b/Presentation.Web/Properties/Settings.Designer.cs index 47441ebb6e..45802a5a89 100644 --- a/Presentation.Web/Properties/Settings.Designer.cs +++ b/Presentation.Web/Properties/Settings.Designer.cs @@ -12,7 +12,7 @@ namespace Presentation.Web.Properties { [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] - [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "17.2.0.0")] + [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "17.4.0.0")] internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase { private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); @@ -112,5 +112,14 @@ public string SsoServiceProviderId { return ((string)(this["SsoServiceProviderId"])); } } + + [global::System.Configuration.ApplicationScopedSettingAttribute()] + [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] + [global::System.Configuration.DefaultSettingValueAttribute("http://localhost:4200")] + public string CorsOrigins { + get { + return ((string)(this["CorsOrigins"])); + } + } } } diff --git a/Presentation.Web/Properties/Settings.settings b/Presentation.Web/Properties/Settings.settings index e19c1d1c02..aa956efb34 100644 --- a/Presentation.Web/Properties/Settings.settings +++ b/Presentation.Web/Properties/Settings.settings @@ -32,5 +32,8 @@ https://kitos-local.strongminds.dk + + http://localhost:4200 + \ No newline at end of file diff --git a/Presentation.Web/Web.config b/Presentation.Web/Web.config index df2f5c9e29..ab825f79a4 100644 --- a/Presentation.Web/Web.config +++ b/Presentation.Web/Web.config @@ -347,6 +347,9 @@ https://kitos-local.strongminds.dk + + http://localhost:4200 +