Add main configurations

back/src/main/java/be/naaturel/unluckiest/configurations/AppConfigurations.java

@@ -0,0 +1,23 @@
+package be.naaturel.unluckiest.configurations;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+
+@Component
+public class AppConfigurations {
+
+    @Value("${storage.location}")
+    public String storageLocation = "";
+
+    @Value("${sec.cors.authorizedHots}")
+    public String[] authorizedHosts;
+
+    @Value("${sec.cors.authorizedMethods}")
+    public String[] authorizedMethods;
+
+    @Value("${sec.cors.authorizedHeader}")
+    public String[] authorizedHeaders;
+
+
+}

back/src/main/java/be/naaturel/unluckiest/configurations/Security.java

@@ -0,0 +1,59 @@
+package be.naaturel.unluckiest.configurations;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+import java.util.Arrays;
+
+@Configuration
+@EnableWebSecurity
+public class Security {
+
+    private final AppConfigurations conf;
+
+    @Autowired
+    public Security(AppConfigurations conf) {
+        this.conf = conf;
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+
+        return http
+                .cors(cors -> {})
+                .csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests((requests) -> requests
+                                .requestMatchers("/**" ).permitAll()
+                        //.anyRequest().authenticated()
+                )
+                .formLogin((form) -> form
+                        .defaultSuccessUrl("/", true)
+                        .permitAll()
+                )
+                .logout(LogoutConfigurer::permitAll)
+                .build();
+    }
+
+    @Bean
+    public CorsFilter corsFilter() {
+
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(Arrays.asList(conf.authorizedHosts));
+        config.setAllowedMethods(Arrays.asList(conf.authorizedMethods));
+        config.setAllowedHeaders(Arrays.asList(conf.authorizedHeaders));
+        config.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

back/src/main/resources/application.properties

@@ -1 +1,17 @@
+#=============MAIN=============
 spring.application.name=unluckiest
+
+#=============SECURITY=============
+sec.cors.authorizedHots=http://localhost:5173
+sec.cors.authorizedMethods=GET,POST,PUT,DELETE,OPTION
+sec.cors.authorizedHeader=Authorization,Content-type
+
+#=============DATABASE=============
+spring.datasource.url=jdbc:${DB_URL}
+spring.datasource.username=${DB_USER}
+spring.datasource.password=${DB_PASSWORD}
+
+spring.jpa.database-platform=org.hibernate.dialect.MariaDBDialect
+spring.jpa.show-sql=true
+spring.jpa.hibernate.ddl-auto=update
+spring.user.datasource.driver-class-name=com.mysql.jdbc.Driver