From c8e8817e257ccf3c977717a109df8b063cdad21f Mon Sep 17 00:00:00 2001 From: hitanshu310 Date: Sat, 18 Oct 2025 16:35:23 +0530 Subject: [PATCH] ISSUE-43: Attempting to fix Hithomelabs/HomeLabDocker#43 disbling server side csrf check --- .../com/hithomelabs/CFTunnels/Config/OpenApiConfig.java | 6 +++--- .../CFTunnels/Config/Security/SecuirtyConfig.java | 9 +++++---- .../CFTunnels/Controllers/TunnelController.java | 2 +- src/main/resources/application-local.properties | 2 +- src/main/resources/application-prod.properties | 2 +- src/main/resources/application-test.properties | 2 +- src/main/resources/application.properties | 6 ++++++ 7 files changed, 18 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java b/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java index ef3b098..e24e6f5 100644 --- a/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java +++ b/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java @@ -11,12 +11,12 @@ import java.util.ArrayList; @Configuration public class OpenApiConfig { - @Value("${api.corsResolveUrl}") - private String corsResolveUrl; + @Value("${api.baseUrl}") + private String baseUrl; @Bean public OpenAPI openAPI(){ - Server httpsServer = new Server().url(corsResolveUrl); + Server httpsServer = new Server().url(baseUrl); OpenAPI openApi = new OpenAPI(); ArrayList servers = new ArrayList<>(); servers.add(httpsServer); diff --git a/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java b/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java index 7bd9c1e..81def11 100644 --- a/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java +++ b/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java @@ -16,8 +16,8 @@ import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity @EnableMethodSecurity( prePostEnabled = true, - securedEnabled = true, - jsr250Enabled = true + securedEnabled = true, + jsr250Enabled = true ) public class SecuirtyConfig { @@ -29,8 +29,9 @@ public class SecuirtyConfig { http .authorizeHttpRequests(auth -> auth .anyRequest().authenticated() - ) - .with(new OAuth2LoginConfigurer<>(), oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration))); + ).csrf(csrf -> csrf.disable()) + .with(new OAuth2LoginConfigurer<>(), + oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration))); return http.build(); diff --git a/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java b/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java index 612fc78..902cb55 100644 --- a/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java +++ b/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java @@ -87,7 +87,7 @@ public class TunnelController implements ErrorController { return ResponseEntity.ok(jsonResponse); } -// 50df9101-f625-4618-b7c5-100338a57124 + // 50df9101-f625-4618-b7c5-100338a57124 @PreAuthorize("hasAnyRole('ADMIN')") @PutMapping("/tunnel/{tunnelId}/add") public ResponseEntity> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException { diff --git a/src/main/resources/application-local.properties b/src/main/resources/application-local.properties index 9001ed2..fdb25ce 100644 --- a/src/main/resources/application-local.properties +++ b/src/main/resources/application-local.properties @@ -1 +1 @@ -api.corsResolveUrl=http://localhost:8080 \ No newline at end of file +api.baseUrl=http://localhost:8080 \ No newline at end of file diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties index 5126249..dec0f4b 100644 --- a/src/main/resources/application-prod.properties +++ b/src/main/resources/application-prod.properties @@ -1 +1 @@ -api.corsResolveUrl=https://cftunnels.hithomelabs.com \ No newline at end of file +api.baseUrl=https://cftunnels.hithomelabs.com \ No newline at end of file diff --git a/src/main/resources/application-test.properties b/src/main/resources/application-test.properties index 1ea328b..e5c014b 100644 --- a/src/main/resources/application-test.properties +++ b/src/main/resources/application-test.properties @@ -1 +1 @@ -api.corsResolveUrl=https://testcf.hithomelabs.com \ No newline at end of file +api.baseUrl=https://testcf.hithomelabs.com \ No newline at end of file diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 4774989..5f1c452 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -4,6 +4,12 @@ cloudflare.apiKey=${CLOUDFLARE_API_KEY} cloudflare.email=${CLOUDFLARE_EMAIL} spring.profiles.active=${ENV} +# set root level +logging.level.root=INFO +# package-specific +logging.level.org.springframework=TRACE +logging.level.com.myapp=INFO + / * * Masking sure app works behind a reverse proxy server.forward-headers-strategy=framework