fix(cors): Disabled CORS for development

linjeforeningen-delta · Jan 21, 2024 · 18c9cdf · 18c9cdf
1 parent 2f2858e
commit 18c9cdf
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 2 deletions.
diff --git a/src/main/kotlin/dev/stonegarden/deltahouse/config/SecurityConfiguration.kt b/src/main/kotlin/dev/stonegarden/deltahouse/config/SecurityConfiguration.kt
@@ -19,10 +19,25 @@ class SecurityConfiguration {
         httpSecurity.csrf { request ->
             request.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                 .csrfTokenRequestHandler(CsrfTokenRequestAttributeHandler())
+                //TODO: DON'T DISABLE CSRF!!!
+                .disable()
         }.authorizeHttpRequests { request ->
             request.anyRequest().permitAll()
         }
         return httpSecurity.build()
     }
 
+//    @Bean
+//    fun corsConfigurationSource(): CorsConfigurationSource {
+//        val configuration = CorsConfiguration()
+//        configuration.allowedOrigins = listOf("*")
+//        configuration.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS")
+//        configuration.allowedHeaders = listOf("*")
+//        configuration.allowCredentials = true
+//        configuration.maxAge = 3600
+//        val source = UrlBasedCorsConfigurationSource()
+//        source.registerCorsConfiguration("/**", configuration)
+//        return source
+//    }
+
 }
diff --git a/src/main/kotlin/dev/stonegarden/deltahouse/wallet/WalletController.kt b/src/main/kotlin/dev/stonegarden/deltahouse/wallet/WalletController.kt
@@ -9,7 +9,13 @@ import org.springframework.web.bind.annotation.*
 class WalletController(
     @Autowired val walletService: WalletService,
 ) {
-    @PostMapping("/users/{id}/wallet/buy")
+
+    @GetMapping("/users/{id}/wallet", produces = [MediaType.APPLICATION_JSON_VALUE])
+    fun getWallet(@PathVariable id: Long): UserWalletDTO {
+        return UserWalletDTO(walletService.getWallet(id))
+    }
+
+    @PostMapping("/users/{id}/wallet/spend")
     fun purchase(@PathVariable id: Long, @RequestParam value: Short) {
         walletService.purchase(id, value)
     }

diff --git a/src/main/resources/application-test-stonegarden.yaml b/src/main/resources/application-test-stonegarden.yaml
@@ -1,3 +1,7 @@
+datasource-url: jdbc:postgresql://192.168.1.140:5432/bar
+datasource-username: veh
+datasource-password: 1QtlsofDJ1zLL40cRWo690UuAo0Ogf4lCpwyzklng1WTnNebxWbPx3ytrNCTSJbD
+
 springdoc:
   swagger-ui:
     csrf:

diff --git a/src/test/kotlin/dev/stonegarden/deltahouse/wallet/WalletControllerTest.kt b/src/test/kotlin/dev/stonegarden/deltahouse/wallet/WalletControllerTest.kt
@@ -56,7 +56,7 @@ internal class WalletControllerTest(@Autowired val mockMvc: MockMvc) {
     fun purchase() {
         every { mockWalletService.purchase(any(), any()) } returns UserWallet(testUserA, walletA)
         mockMvc
-            .post(urlTemplate = "/api/v1/users/123/wallet/buy?value=100") { with(csrf()) }
+            .post(urlTemplate = "/api/v1/users/123/wallet/spend?value=100") { with(csrf()) }
             .andExpect {
                 status { isOk() }
             }