mirror of
https://github.com/gotson/komga.git
synced 2025-12-20 23:45:11 +01:00
Gauthier Roebroeck
parent
29e98adbcf
commit
0708ce750c
3 changed files with 49 additions and 20 deletions
|
|
@ -0,0 +1,49 @@
|
||||||
|
package org.gotson.komga.infrastructure.security
|
||||||
|
|
||||||
|
import org.gotson.komga.infrastructure.configuration.KomgaProperties
|
||||||
|
import org.springframework.boot.autoconfigure.condition.ConditionOutcome
|
||||||
|
import org.springframework.boot.autoconfigure.condition.SpringBootCondition
|
||||||
|
import org.springframework.boot.context.properties.bind.Bindable
|
||||||
|
import org.springframework.boot.context.properties.bind.Binder
|
||||||
|
import org.springframework.boot.context.properties.source.ConfigurationPropertyName
|
||||||
|
import org.springframework.context.annotation.Bean
|
||||||
|
import org.springframework.context.annotation.ConditionContext
|
||||||
|
import org.springframework.context.annotation.Conditional
|
||||||
|
import org.springframework.context.annotation.Configuration
|
||||||
|
import org.springframework.core.type.AnnotatedTypeMetadata
|
||||||
|
import org.springframework.http.HttpHeaders
|
||||||
|
import org.springframework.http.HttpMethod
|
||||||
|
import org.springframework.web.cors.CorsConfiguration
|
||||||
|
import org.springframework.web.cors.UrlBasedCorsConfigurationSource
|
||||||
|
import java.util.Collections
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
class CorsConfiguration(
|
||||||
|
private val komgaProperties: KomgaProperties
|
||||||
|
) {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
@Conditional(CorsAllowedOriginsPresent::class)
|
||||||
|
fun corsConfigurationSource(): UrlBasedCorsConfigurationSource =
|
||||||
|
UrlBasedCorsConfigurationSource().apply {
|
||||||
|
registerCorsConfiguration(
|
||||||
|
"/**",
|
||||||
|
CorsConfiguration().applyPermitDefaultValues().apply {
|
||||||
|
allowedOrigins = komgaProperties.cors.allowedOrigins
|
||||||
|
allowedMethods = HttpMethod.values().map { it.name }
|
||||||
|
allowCredentials = true
|
||||||
|
addExposedHeader(HttpHeaders.CONTENT_DISPOSITION)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
class CorsAllowedOriginsPresent : SpringBootCondition() {
|
||||||
|
override fun getMatchOutcome(context: ConditionContext, metadata: AnnotatedTypeMetadata): ConditionOutcome {
|
||||||
|
val defined = Binder.get(context.environment)
|
||||||
|
.bind(ConfigurationPropertyName.of("komga.cors.allowed-origins"), Bindable.of(List::class.java))
|
||||||
|
.orElse(Collections.emptyList<String>())
|
||||||
|
.isNotEmpty()
|
||||||
|
return ConditionOutcome(defined, "Cors allowed-origins present")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -5,9 +5,6 @@ import org.gotson.komga.domain.model.ROLE_ADMIN
|
||||||
import org.gotson.komga.domain.model.ROLE_USER
|
import org.gotson.komga.domain.model.ROLE_USER
|
||||||
import org.gotson.komga.infrastructure.configuration.KomgaProperties
|
import org.gotson.komga.infrastructure.configuration.KomgaProperties
|
||||||
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
|
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
|
||||||
import org.springframework.context.annotation.Bean
|
|
||||||
import org.springframework.http.HttpHeaders
|
|
||||||
import org.springframework.http.HttpMethod
|
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.builders.WebSecurity
|
import org.springframework.security.config.annotation.web.builders.WebSecurity
|
||||||
|
|
@ -15,8 +12,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
||||||
import org.springframework.security.core.session.SessionRegistry
|
import org.springframework.security.core.session.SessionRegistry
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.web.cors.CorsConfiguration
|
|
||||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource
|
|
||||||
|
|
||||||
private val logger = KotlinLogging.logger {}
|
private val logger = KotlinLogging.logger {}
|
||||||
|
|
||||||
|
|
@ -91,18 +86,4 @@ class SecurityConfiguration(
|
||||||
"/index.html"
|
"/index.html"
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
|
||||||
fun corsConfigurationSource(): UrlBasedCorsConfigurationSource =
|
|
||||||
UrlBasedCorsConfigurationSource().apply {
|
|
||||||
registerCorsConfiguration(
|
|
||||||
"/**",
|
|
||||||
CorsConfiguration().applyPermitDefaultValues().apply {
|
|
||||||
allowedOrigins = komgaProperties.cors.allowedOrigins
|
|
||||||
allowedMethods = HttpMethod.values().map { it.name }
|
|
||||||
allowCredentials = true
|
|
||||||
addExposedHeader(HttpHeaders.CONTENT_DISPOSITION)
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,6 @@ komga:
|
||||||
file: ":memory:"
|
file: ":memory:"
|
||||||
cors.allowed-origins:
|
cors.allowed-origins:
|
||||||
- http://localhost:8081
|
- http://localhost:8081
|
||||||
|
|
||||||
spring:
|
spring:
|
||||||
artemis:
|
artemis:
|
||||||
embedded:
|
embedded:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue