Feature/kitosudv 3892 optional cors origins

Presentation.Web/App_Start/WebApiConfig.cs

@@ -28,12 +28,13 @@
 using DataType = Core.DomainModel.ItSystem.DataType;
 using HelpText = Core.DomainModel.HelpText;
 using Core.DomainModel.Shared;
+using Presentation.Web.Models.Application.Cors;
 
 namespace Presentation.Web
 {
     public static class WebApiConfig
     {
-        const string ControllerSuffix = "Controller";
+        private const string ControllerSuffix = "Controller";
 
         public static void Register(HttpConfiguration config)
         {
@@ -62,6 +63,14 @@ public static void Register(HttpConfiguration config)
             config.Filters.Add(new ValidateActionParametersAttribute());
             config.Filters.Add(new DenyRightsHoldersAccessAttribute()); //By default block all actions for users with rights holders access in one or more organizations
             config.Count().Filter().OrderBy().Expand().Select().MaxTop(null);
+
+            //Optionally enable CORS
+            var corsConfig = CorsConfiguration.FromConfiguration();
+            var globalCors = corsConfig.GlobalCorsSettings;
+            if (globalCors.HasValue)
+            {
+                config.EnableCors(globalCors.Value);
+            }
         }
 
         public static IEdmModel GetModel()

Presentation.Web/Controllers/Web/HomeController.cs

@@ -4,9 +4,8 @@
 using Core.ApplicationServices.Authentication;
 using Core.ApplicationServices.SSO.Model;
 using Core.DomainServices;
-
 using Presentation.Web.Models.Application.FeatureToggle;
-using Presentation.Web.Properties;
+using Presentation.Web.Models.Application.RuntimeEnv;
 
 namespace Presentation.Web.Controllers.Web
 {
@@ -15,6 +14,7 @@ public class HomeController : Controller
     {
         private readonly IAuthenticationContext _userContext;
         private readonly IUserRepository _userRepository;
+        private readonly bool _isProd;
         private const string SsoErrorKey = "SSO_ERROR";
         private const string FeatureToggleKey = "FEATURE_TOGGLE";
         private const string SsoAuthenticationCompletedKey = "SSO_PREFERRED_START";
@@ -23,11 +23,12 @@ public HomeController(IAuthenticationContext userContext, IUserRepository userRe
         {
             _userContext = userContext;
             _userRepository = userRepository;
+            _isProd = KitosEnvironmentConfiguration.FromConfiguration().Environment == KitosEnvironment.Production;
         }
 
         public ActionResult Index()
         {
-            ViewBag.StylingScheme = Settings.Default.Environment?.ToLowerInvariant().Contains("prod") == true ? "PROD" : "TEST";
+            ViewBag.StylingScheme = _isProd ? "PROD" : "TEST";
             AppendSsoError();
             AppendFeatureToggles();
             AppendSsoLoginInformation();

Presentation.Web/Models/Application/Cors/CorsConfiguration.cs

@@ -0,0 +1,44 @@
+using System;
+using System.Diagnostics;
+using System.Linq;
+using System.Web.Http.Cors;
+using Core.Abstractions.Types;
+using Presentation.Web.Models.Application.RuntimeEnv;
+using Presentation.Web.Properties;
+
+namespace Presentation.Web.Models.Application.Cors
+{
+    public class CorsConfiguration
+    {
+        private const string WildCard = "*";
+        public Maybe<EnableCorsAttribute> GlobalCorsSettings { get; }
+
+        public static CorsConfiguration FromConfiguration()
+        {
+            var environmentConfiguration = KitosEnvironmentConfiguration.FromConfiguration();
+            var config = Maybe<EnableCorsAttribute>.None;
+
+            if (environmentConfiguration.Environment == KitosEnvironment.Dev)
+            {
+                var origins = Settings.Default.CorsOrigins;
+                if (!string.IsNullOrWhiteSpace(origins))
+                {
+                    var configuredOrigins = origins.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(x => x.Trim()).ToList();
+                    var originsString = string.Join(",", configuredOrigins);
+                    Trace.WriteLine($"CORS origins enabled:{originsString}");
+                    if (originsString.Length > 0)
+                    {
+                        config = new EnableCorsAttribute(originsString, WildCard, WildCard);
+                    }
+                }
+            }
+
+            return new CorsConfiguration(config);
+        }
+
+        public CorsConfiguration(Maybe<EnableCorsAttribute> globalCorsSettings)
+        {
+            GlobalCorsSettings = globalCorsSettings;
+        }
+    }
+}

Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironment.cs

@@ -0,0 +1,10 @@
+namespace Presentation.Web.Models.Application.RuntimeEnv
+{
+    public enum KitosEnvironment
+    {
+        Dev = 0,
+        Integration = 1,
+        Staging = 2,
+        Production = 3
+    }
+}

Presentation.Web/Models/Application/RuntimeEnv/KitosEnvironmentConfiguration.cs

@@ -0,0 +1,31 @@
+using System.Configuration;
+using Presentation.Web.Properties;
+
+namespace Presentation.Web.Models.Application.RuntimeEnv
+{
+    public class KitosEnvironmentConfiguration
+    {
+        public KitosEnvironment Environment { get; }
+
+        public KitosEnvironmentConfiguration(KitosEnvironment environment)
+        {
+            Environment = environment;
+        }
+
+        public static KitosEnvironmentConfiguration FromConfiguration()
+        {
+            var environmentConf = Settings.Default.Environment?.ToLowerInvariant() ?? "";
+            var env = environmentConf switch
+            {
+                "dev" => KitosEnvironment.Dev,
+                "integration" => KitosEnvironment.Integration,
+                "staging" => KitosEnvironment.Staging,
+                "prod" => KitosEnvironment.Production,
+                _ => throw new ConfigurationErrorsException(
+                    $"Invalid value of the Environment variable. Got:\"{environmentConf}\"")
+            };
+
+            return new KitosEnvironmentConfiguration(env);
+        }
+    }
+}

Presentation.Web/Presentation.Web.csproj

@@ -773,6 +773,7 @@
     <Compile Include="Models\API\V1\BusinessRoleDTO.cs" />
     <Compile Include="Models\API\V1\CreateItSystemDTO.cs" />
     <Compile Include="Models\API\V1\CreateItsystemUsageDTO.cs" />
+    <Compile Include="Models\Application\Cors\CorsConfiguration.cs" />
     <Compile Include="Models\Application\Csv\CsvColumnDefinition.cs" />
     <Compile Include="Models\Application\Csv\CsvColumnIdentity.cs" />
     <Compile Include="Models\Application\Csv\CsvResponseBuilder.cs" />
@@ -830,6 +831,8 @@
     <Compile Include="Models\API\V1\UserWithEmailDTO.cs" />
     <Compile Include="Models\API\V1\ValueWithOptionalDateAndRemark.cs" />
     <Compile Include="Models\API\V1\ValueWithOptionalRemarkDTO.cs" />
+    <Compile Include="Models\Application\RuntimeEnv\KitosEnvironment.cs" />
+    <Compile Include="Models\Application\RuntimeEnv\KitosEnvironmentConfiguration.cs" />
     <Compile Include="Ninject\HangfireNinjectResolutionScope.cs" />
     <Compile Include="Ninject\BindingSyntaxExtensions.cs" />
     <Compile Include="Ninject\KernelBuilder.cs" />

Presentation.Web/Properties/Settings.settings

@@ -32,5 +32,8 @@
     <Setting Name="SsoServiceProviderId" Type="System.String" Scope="Application">
       <Value Profile="(Default)">https://kitos-local.strongminds.dk</Value>
     </Setting>
+    <Setting Name="CorsOrigins" Type="System.String" Scope="Application">
+      <Value Profile="(Default)">http://localhost:4200</Value>
+    </Setting>
   </Settings>
 </SettingsFile>

Presentation.Web/Web.config

@@ -347,6 +347,9 @@
       <setting name="SsoServiceProviderId" serializeAs="String">
         <value>https://kitos-local.strongminds.dk</value>
       </setting>
+      <setting name="CorsOrigins" serializeAs="String">
+        <value>http://localhost:4200</value>
+      </setting>
     </Presentation.Web.Properties.Settings>
   </applicationSettings>
   <!--<system.diagnostics>