ISSUE-43: Attempting to fix Hithomelabs/HomeLabDocker#43 disbling server side csrf check

src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java

@@ -11,12 +11,12 @@ import java.util.ArrayList;
 @Configuration
 public class OpenApiConfig {
 
-    @Value("${api.corsResolveUrl}")
+    @Value("${api.baseUrl}")
-    private String corsResolveUrl;
+    private String baseUrl;
 
     @Bean
     public OpenAPI openAPI(){
-        Server httpsServer = new Server().url(corsResolveUrl);
+        Server httpsServer = new Server().url(baseUrl);
         OpenAPI openApi = new OpenAPI();
         ArrayList<Server> servers = new ArrayList<>();
         servers.add(httpsServer);

src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java

@@ -29,8 +29,9 @@ public class SecuirtyConfig {
         http
                 .authorizeHttpRequests(auth -> auth
                         .anyRequest().authenticated()
-                )
+                ).csrf(csrf -> csrf.disable())
-                .with(new OAuth2LoginConfigurer<>(), oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration)));
+                .with(new OAuth2LoginConfigurer<>(),
+                        oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration)));
 
 
         return http.build();

src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java

@@ -87,7 +87,7 @@ public class TunnelController implements ErrorController {
         return ResponseEntity.ok(jsonResponse);
     }
 
-// 50df9101-f625-4618-b7c5-100338a57124
+    // 50df9101-f625-4618-b7c5-100338a57124
     @PreAuthorize("hasAnyRole('ADMIN')")
     @PutMapping("/tunnel/{tunnelId}/add")
     public ResponseEntity<Map<String, Object>> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {

src/main/resources/application-local.properties

@@ -1 +1 @@
-api.corsResolveUrl=http://localhost:8080
+api.baseUrl=http://localhost:8080

src/main/resources/application-prod.properties

@@ -1 +1 @@
-api.corsResolveUrl=https://cftunnels.hithomelabs.com
+api.baseUrl=https://cftunnels.hithomelabs.com

src/main/resources/application-test.properties

@@ -1 +1 @@
-api.corsResolveUrl=https://testcf.hithomelabs.com
+api.baseUrl=https://testcf.hithomelabs.com

src/main/resources/application.properties

@@ -4,6 +4,12 @@ cloudflare.apiKey=${CLOUDFLARE_API_KEY}
 cloudflare.email=${CLOUDFLARE_EMAIL}
 spring.profiles.active=${ENV}
 
+# set root level
+logging.level.root=INFO
+# package-specific
+logging.level.org.springframework=TRACE
+logging.level.com.myapp=INFO
+
 / * * Masking sure app works behind a reverse proxy
 server.forward-headers-strategy=framework