Hithomelabs/CFTunnels
6
0
Fork 3
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ISSUE-43: Attempting to fix Hithomelabs/HomeLabDocker#43 disbling server side csrf check
All checks were successful
sample gradle build and test / build (pull_request) Successful in 1m35s
Details

Browse Source
This commit is contained in:
hitanshu310 2025-10-18 16:35:23 +05:30
parent fb4ff60729
commit c8e8817e25
7 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java
View File

@ -11,12 +11,12 @@ import java.util.ArrayList;
@Configuration @Configuration
public class OpenApiConfig { public class OpenApiConfig {
@Value("${api.corsResolveUrl}") @Value("${api.baseUrl}")
private String corsResolveUrl; private String baseUrl;
@Bean @Bean
public OpenAPI openAPI(){ public OpenAPI openAPI(){
Server httpsServer = new Server().url(corsResolveUrl); Server httpsServer = new Server().url(baseUrl);
OpenAPI openApi = new OpenAPI(); OpenAPI openApi = new OpenAPI();
ArrayList<Server> servers = new ArrayList<>(); ArrayList<Server> servers = new ArrayList<>();
servers.add(httpsServer); servers.add(httpsServer);

5
src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java
View File

@ -29,8 +29,9 @@ public class SecuirtyConfig {
http http
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.anyRequest().authenticated() .anyRequest().authenticated()
) ).csrf(csrf -> csrf.disable())
.with(new OAuth2LoginConfigurer<>(), oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration))); .with(new OAuth2LoginConfigurer<>(),
oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration)));
return http.build(); return http.build();

2
src/main/resources/application-local.properties
View File

@ -1 +1 @@
api.corsResolveUrl=http://localhost:8080 api.baseUrl=http://localhost:8080

2
src/main/resources/application-prod.properties
View File

@ -1 +1 @@
api.corsResolveUrl=https://cftunnels.hithomelabs.com api.baseUrl=https://cftunnels.hithomelabs.com

2
src/main/resources/application-test.properties
View File

@ -1 +1 @@
api.corsResolveUrl=https://testcf.hithomelabs.com api.baseUrl=https://testcf.hithomelabs.com

6
src/main/resources/application.properties
View File

@ -4,6 +4,12 @@ cloudflare.apiKey=${CLOUDFLARE_API_KEY}
cloudflare.email=${CLOUDFLARE_EMAIL} cloudflare.email=${CLOUDFLARE_EMAIL}
spring.profiles.active=${ENV} spring.profiles.active=${ENV}
# set root level
logging.level.root=INFO
# package-specific
logging.level.org.springframework=TRACE
logging.level.com.myapp=INFO
/ * * Masking sure app works behind a reverse proxy / * * Masking sure app works behind a reverse proxy
server.forward-headers-strategy=framework server.forward-headers-strategy=framework