From 32813651941c8778db9b558a2e6b7746a461f921 Mon Sep 17 00:00:00 2001
From: Laurent <58115082+naaturel@users.noreply.github.com>
Date: Tue, 22 Oct 2024 11:33:32 +0200
Subject: [PATCH] Add main configurations

---
 .../configurations/AppConfigurations.java     | 23 ++++++++
 .../unluckiest/configurations/Security.java   | 59 +++++++++++++++++++
 .../src/main/resources/application.properties | 16 +++++
 3 files changed, 98 insertions(+)
 create mode 100644 back/src/main/java/be/naaturel/unluckiest/configurations/AppConfigurations.java
 create mode 100644 back/src/main/java/be/naaturel/unluckiest/configurations/Security.java

diff --git a/back/src/main/java/be/naaturel/unluckiest/configurations/AppConfigurations.java b/back/src/main/java/be/naaturel/unluckiest/configurations/AppConfigurations.java
new file mode 100644
index 0000000..5a8e9c5
--- /dev/null
+++ b/back/src/main/java/be/naaturel/unluckiest/configurations/AppConfigurations.java
@@ -0,0 +1,23 @@
+package be.naaturel.unluckiest.configurations;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+
+@Component
+public class AppConfigurations {
+
+    @Value("${storage.location}")
+    public String storageLocation = "";
+
+    @Value("${sec.cors.authorizedHots}")
+    public String[] authorizedHosts;
+
+    @Value("${sec.cors.authorizedMethods}")
+    public String[] authorizedMethods;
+
+    @Value("${sec.cors.authorizedHeader}")
+    public String[] authorizedHeaders;
+
+
+}
diff --git a/back/src/main/java/be/naaturel/unluckiest/configurations/Security.java b/back/src/main/java/be/naaturel/unluckiest/configurations/Security.java
new file mode 100644
index 0000000..0a72979
--- /dev/null
+++ b/back/src/main/java/be/naaturel/unluckiest/configurations/Security.java
@@ -0,0 +1,59 @@
+package be.naaturel.unluckiest.configurations;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+import java.util.Arrays;
+
+@Configuration
+@EnableWebSecurity
+public class Security {
+
+    private final AppConfigurations conf;
+
+    @Autowired
+    public Security(AppConfigurations conf) {
+        this.conf = conf;
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+
+        return http
+                .cors(cors -> {})
+                .csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests((requests) -> requests
+                                .requestMatchers("/**" ).permitAll()
+                        //.anyRequest().authenticated()
+                )
+                .formLogin((form) -> form
+                        .defaultSuccessUrl("/", true)
+                        .permitAll()
+                )
+                .logout(LogoutConfigurer::permitAll)
+                .build();
+    }
+
+    @Bean
+    public CorsFilter corsFilter() {
+
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(Arrays.asList(conf.authorizedHosts));
+        config.setAllowedMethods(Arrays.asList(conf.authorizedMethods));
+        config.setAllowedHeaders(Arrays.asList(conf.authorizedHeaders));
+        config.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}
\ No newline at end of file
diff --git a/back/src/main/resources/application.properties b/back/src/main/resources/application.properties
index 42bb2c2..5797206 100644
--- a/back/src/main/resources/application.properties
+++ b/back/src/main/resources/application.properties
@@ -1 +1,17 @@
+#=============MAIN=============
 spring.application.name=unluckiest
+
+#=============SECURITY=============
+sec.cors.authorizedHots=http://localhost:5173
+sec.cors.authorizedMethods=GET,POST,PUT,DELETE,OPTION
+sec.cors.authorizedHeader=Authorization,Content-type
+
+#=============DATABASE=============
+spring.datasource.url=jdbc:${DB_URL}
+spring.datasource.username=${DB_USER}
+spring.datasource.password=${DB_PASSWORD}
+
+spring.jpa.database-platform=org.hibernate.dialect.MariaDBDialect
+spring.jpa.show-sql=true
+spring.jpa.hibernate.ddl-auto=update
+spring.user.datasource.driver-class-name=com.mysql.jdbc.Driver
\ No newline at end of file