From a4ae43f778059712dae34a8f67c78cdcaab54e08 Mon Sep 17 00:00:00 2001 From: vishwab1 Date: Tue, 17 Jun 2025 12:56:06 +0530 Subject: [PATCH 1/2] fix: cors error changes --- src/main/environment/common_ci.properties | 3 +- .../environment/common_example.properties | 4 +- .../com/wipro/fhir/config/CorsConfig.java | 28 +++++++++++ .../carecontext/CareContextController.java | 6 +-- .../eaushdhi/EAushadhiController.java | 8 +-- .../facility/FacilityController.java | 8 +-- .../ResourceRequestGateway.java | 7 +-- .../GenerateHealthIDCardController.java | 5 +- .../healthID/CreateHealthIDWithBio.java | 8 +-- .../healthID/CreateHealthIDWithMobileOTP.java | 7 +-- .../healthID/CreateHealthIDWithUID.java | 8 +-- .../healthID/CreateHealthIdRecord.java | 7 +-- .../HealthIDValidateController.java | 5 +- .../HigherHealthFacilityController.java | 5 +- .../PatientDataGatewayController.java | 5 +- .../com/wipro/fhir/controller/test/Test.java | 4 +- .../v3/abha/CreateAbhaV3Controller.java | 11 +--- .../v3/abha/LoginAbhaV3Controller.java | 8 +-- .../com/wipro/fhir/utils/FilterConfig.java | 13 ++++- .../fhir/utils/JwtUserIdValidationFilter.java | 50 +++++++++++++++++-- 20 files changed, 105 insertions(+), 95 deletions(-) create mode 100644 src/main/java/com/wipro/fhir/config/CorsConfig.java diff --git a/src/main/environment/common_ci.properties b/src/main/environment/common_ci.properties index c5dd779..c7b1955 100644 --- a/src/main/environment/common_ci.properties +++ b/src/main/environment/common_ci.properties @@ -117,4 +117,5 @@ springdoc.api-docs.enabled=@env.SWAGGER_DOC_ENABLED@ springdoc.swagger-ui.enabled=@env.SWAGGER_DOC_ENABLED@ # Redis IP -spring.redis.host=@env.REDIS_HOST@ \ No newline at end of file +spring.redis.host=@env.REDIS_HOST@ +cors.allowed-origins=@env.CORS_ALLOWED_ORIGINS@ diff --git a/src/main/environment/common_example.properties b/src/main/environment/common_example.properties index 84ef5d3..b54379b 100644 --- a/src/main/environment/common_example.properties +++ b/src/main/environment/common_example.properties @@ -111,4 +111,6 @@ logging.level.com.iemr=DEBUG logging.level.org.springframework=INFO jwt.secret=my-32-character-ultra-secure-and-ultra-long-secret logging.path=logs/ -logging.file.name=logs/fhir-api.log \ No newline at end of file +logging.file.name=logs/fhir-api.log + +cors.allowed-origins=http://localhost:* \ No newline at end of file diff --git a/src/main/java/com/wipro/fhir/config/CorsConfig.java b/src/main/java/com/wipro/fhir/config/CorsConfig.java new file mode 100644 index 0000000..f6878cf --- /dev/null +++ b/src/main/java/com/wipro/fhir/config/CorsConfig.java @@ -0,0 +1,28 @@ +package com.wipro.fhir.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.CorsRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +import java.util.Arrays; +import org.springframework.beans.factory.annotation.Value; + +@Configuration +public class CorsConfig implements WebMvcConfigurer { + + @Value("${cors.allowed-origins}") + private String allowedOrigins; + + @Override + public void addCorsMappings(CorsRegistry registry) { + registry.addMapping("/**") + .allowedOriginPatterns( + Arrays.stream(allowedOrigins.split(",")) + .map(String::trim) + .toArray(String[]::new)) + .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") + .allowedHeaders("*") + .exposedHeaders("Authorization", "Jwttoken") + .allowCredentials(true) + .maxAge(3600); + } +} diff --git a/src/main/java/com/wipro/fhir/controller/carecontext/CareContextController.java b/src/main/java/com/wipro/fhir/controller/carecontext/CareContextController.java index 2c119a2..7e47c44 100644 --- a/src/main/java/com/wipro/fhir/controller/carecontext/CareContextController.java +++ b/src/main/java/com/wipro/fhir/controller/carecontext/CareContextController.java @@ -24,7 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -38,7 +38,6 @@ import io.lettuce.core.dynamic.annotation.Param; import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/careContext", headers = "Authorization", consumes = "application/json", produces = "application/json") public class CareContextController { @@ -46,7 +45,6 @@ public class CareContextController { @Autowired private CareContextService careContextService; - @CrossOrigin @Operation(summary = "Generate OTP for care context linking") @PostMapping(value = { "/generateOTPForCareContext" }) public String generateOTP( @@ -69,7 +67,6 @@ public String generateOTP( return response.toString(); } - @CrossOrigin @Operation(summary = "Validate OTP and create care context") @PostMapping(value = { "/validateOTPAndCreateCareContext" }) public String validateOTPAndCreateCareContext( @@ -94,7 +91,6 @@ public String validateOTPAndCreateCareContext( return response.toString(); } - @CrossOrigin @Operation(summary = "Add care context to Mongo") @PostMapping(value = { "/addCarecontextToMongo" }) public String saveCareContextToMongo(@Param(value = "{}") @RequestBody String request, diff --git a/src/main/java/com/wipro/fhir/controller/eaushdhi/EAushadhiController.java b/src/main/java/com/wipro/fhir/controller/eaushdhi/EAushadhiController.java index d15fb33..f448264 100644 --- a/src/main/java/com/wipro/fhir/controller/eaushdhi/EAushadhiController.java +++ b/src/main/java/com/wipro/fhir/controller/eaushdhi/EAushadhiController.java @@ -27,7 +27,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -46,8 +46,6 @@ /** * @author DE40034072 Date 01-12-2021 */ - -@CrossOrigin @RestController @RequestMapping(value = "/eAushadhi", headers = "Authorization", consumes = "application/json", produces = "application/json") public class EAushadhiController { @@ -56,7 +54,6 @@ public class EAushadhiController { private EAushadhiService eAushadhiService; private final Logger logger = LoggerFactory.getLogger(this.getClass().getName()); - @CrossOrigin @Operation(summary = "Getting store stock details from e-aushadhi") @PostMapping(value = { "/getStoreStockDetails" }) public String getStoreStockDetails(@Param(value = "{\"facilityID\":\"Integer\"}") @RequestBody String request, @@ -90,7 +87,6 @@ public String getStoreStockDetails(@Param(value = "{\"facilityID\":\"Integer\"}" * @param Authorization * @return sync dispense data and patient information to E-Aushadhi. */ - @CrossOrigin @Operation(summary = "Sync drug dispense data and patient details with e-aushadhi") @PostMapping(value = { "/syncDrugDispenseDetails" }) public String syncDrugDispenseAndPatientDetails( @@ -113,7 +109,6 @@ public String syncDrugDispenseAndPatientDetails( return response.toString(); } - @CrossOrigin @Operation(summary = "Get log for stock processing") @PostMapping(value = { "/getFacilityStockProcessLog" }) public String getFacilityStockProcessLog(@RequestBody String request) { @@ -134,7 +129,6 @@ public String getFacilityStockProcessLog(@RequestBody String request) { return response.toString(); } - @CrossOrigin @Operation(summary = "Sync e-aushadhi for patient issue details") @PostMapping(value = { "/updatePatientIssueSyncStatus" }) public String addFacility(@RequestBody String request) { diff --git a/src/main/java/com/wipro/fhir/controller/facility/FacilityController.java b/src/main/java/com/wipro/fhir/controller/facility/FacilityController.java index 3efafba..e60e61b 100644 --- a/src/main/java/com/wipro/fhir/controller/facility/FacilityController.java +++ b/src/main/java/com/wipro/fhir/controller/facility/FacilityController.java @@ -3,7 +3,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -19,8 +19,6 @@ import io.swagger.v3.oas.annotations.Operation; - -@CrossOrigin @RestController @RequestMapping(value = "/facility", headers = "Authorization") public class FacilityController { @@ -31,7 +29,6 @@ public class FacilityController { Logger logger = LoggerFactory.getLogger(this.getClass().getName()); - @CrossOrigin @Operation(summary = "Get ABDM Registered Facilities") @GetMapping(value = { "/getAbdmRegisteredFacilities" }) public String getAbdmRegisteredFacilities(@RequestHeader(value = "Authorization") String Authorization) { @@ -52,9 +49,6 @@ public String getAbdmRegisteredFacilities(@RequestHeader(value = "Authorization" logger.info("Get ABDM Registered facilities API response" + response.toString()); return response.toString(); } - - - @CrossOrigin @Operation(summary = "Get ABDM Registered Facilities") @PostMapping(value = { "/saveAbdmFacilityId" }) public String saveAbdmFacilityForVisit(@RequestHeader(value = "Authorization") String Authorization, @RequestBody() String reqObj) { diff --git a/src/main/java/com/wipro/fhir/controller/generateresource/ResourceRequestGateway.java b/src/main/java/com/wipro/fhir/controller/generateresource/ResourceRequestGateway.java index 19253dc..78ba1a5 100644 --- a/src/main/java/com/wipro/fhir/controller/generateresource/ResourceRequestGateway.java +++ b/src/main/java/com/wipro/fhir/controller/generateresource/ResourceRequestGateway.java @@ -24,7 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -48,8 +48,6 @@ * fetch from Mongo instead creating again *** * */ - -@CrossOrigin @RestController @RequestMapping(value = "/get/resource", headers = "Authorization", consumes = "application/json", produces = "application/json") public class ResourceRequestGateway { @@ -73,7 +71,6 @@ public class ResourceRequestGateway { * DocumentReference} * */ - @CrossOrigin @Operation(summary = "Get OP consult record bundle") @PostMapping(value = { "/OPConsultRecord" }) public String getPatientResource(@RequestBody ResourceRequestHandler patientResourceRequest, @@ -100,7 +97,6 @@ public String getPatientResource(@RequestBody ResourceRequestHandler patientReso * DocumentReference} * */ - @CrossOrigin @Operation(summary = "Get diagnostic report record bundle") @PostMapping(value = { "/DiagnosticReportRecord" }) public String getDiagnosticReportRecord(@RequestBody ResourceRequestHandler patientResourceRequest, @@ -126,7 +122,6 @@ public String getDiagnosticReportRecord(@RequestBody ResourceRequestHandler pati * || Organization || MedicationRequest || Binary} * */ - @CrossOrigin @Operation(summary = "Get prescription record") @PostMapping(value = { "/PrescriptionRecord" }) public String getPrescriptionRecord(@RequestBody ResourceRequestHandler patientResourceRequest, diff --git a/src/main/java/com/wipro/fhir/controller/healthCard/GenerateHealthIDCardController.java b/src/main/java/com/wipro/fhir/controller/healthCard/GenerateHealthIDCardController.java index b6909e6..46edb41 100644 --- a/src/main/java/com/wipro/fhir/controller/healthCard/GenerateHealthIDCardController.java +++ b/src/main/java/com/wipro/fhir/controller/healthCard/GenerateHealthIDCardController.java @@ -24,7 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -38,7 +38,6 @@ import io.lettuce.core.dynamic.annotation.Param; import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/healthIDCard", headers = "Authorization") public class GenerateHealthIDCardController { @@ -46,7 +45,6 @@ public class GenerateHealthIDCardController { @Autowired private HealthID_CardService healthID_CardService; - @CrossOrigin @Operation(summary = "Generate OTP for ABHA card") @PostMapping(value = { "/generateOTP" }) public String mapHealthIDToBeneficiary( @@ -68,7 +66,6 @@ public String mapHealthIDToBeneficiary( return response.toString(); } - @CrossOrigin @Operation(summary = "Generate OTP for ABHA card") @PostMapping(value = { "/verifyOTPAndGenerateHealthCard" }) public String verifyOTPAndGenerateHealthCard( diff --git a/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithBio.java b/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithBio.java index 3e68923..278072b 100644 --- a/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithBio.java +++ b/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithBio.java @@ -3,7 +3,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -17,7 +17,6 @@ import io.lettuce.core.dynamic.annotation.Param; import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/healthIDWithBio", headers = "Authorization") public class CreateHealthIDWithBio { @@ -26,7 +25,6 @@ public class CreateHealthIDWithBio { @Autowired private HealthIDWithBioService healthIDWithBioService; - @CrossOrigin @Operation(summary = "Verify Bio") @PostMapping(value = { "/verifyBio" }) public String verifyBio(@Param(value = "{\"Aadhaar\":\"String\", \"pid\":\"String\",\"bioType\":\"String\"}") @RequestBody String request, @@ -48,9 +46,6 @@ public String verifyBio(@Param(value = "{\"Aadhaar\":\"String\", \"pid\":\"Strin logger.info("NDHM_FHIR verify Bio API response" + response.toString()); return response.toString(); } - - - @CrossOrigin @Operation(summary = "generate Mobile OTP") @PostMapping(value = { "/generateMobileOTP" }) public String checkAndGenerateMobileOTP( @@ -72,7 +67,6 @@ public String checkAndGenerateMobileOTP( return response.toString(); } - @CrossOrigin @Operation(summary = "Confirm with Aadhaar Bio") @PostMapping(value = { "/confirmWithAadhaarBio" }) public String confirmWithAadhaarBio(@Param(value = "{\"txnId\":\"String\", \"pid\":\"String\",\"bioType\":\"String\",\"authType\":\"String\"}") @RequestBody String request, diff --git a/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithMobileOTP.java b/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithMobileOTP.java index 0d18d96..2924909 100644 --- a/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithMobileOTP.java +++ b/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithMobileOTP.java @@ -25,7 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -40,7 +40,6 @@ import io.lettuce.core.dynamic.annotation.Param; import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/healthID", headers = "Authorization", consumes = "application/json", produces = "application/json") public class CreateHealthIDWithMobileOTP { @@ -56,7 +55,6 @@ public class CreateHealthIDWithMobileOTP { * @param Authorization * @return NDHM transactionID */ - @CrossOrigin @Operation(summary = "generate OTP") @PostMapping(value = { "/generateOTP" }) public String generateOTP(@Param(value = "{\"mobile\":\"String\"}") @RequestBody String request, @@ -84,7 +82,6 @@ public String generateOTP(@Param(value = "{\"mobile\":\"String\"}") @RequestBody * @param Authorization * @return Generated ABHA for Beneficiary */ - @CrossOrigin @Operation(summary = "verify OTP and generate ABHA") @PostMapping(value = { "/verifyOTPAndGenerateHealthID" }) public String verifyOTPAndGenerateHealthID( @@ -114,7 +111,6 @@ public String verifyOTPAndGenerateHealthID( * @param comingRequest * @return ABHA of Beneficiary */ - @CrossOrigin() @Operation(summary = "Get Beneficiary ABHA details") @PostMapping("/getBenhealthID") public String getBenhealthID(@RequestBody String comingRequest) { @@ -138,7 +134,6 @@ public String getBenhealthID(@RequestBody String comingRequest) { return response.toString(); } - @CrossOrigin() @Operation(summary = "Get Beneficiary Id for ABHA Id") @PostMapping(value = { "/getBenIdForhealthID" }) public String getBenIdForhealthID( diff --git a/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithUID.java b/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithUID.java index afafc03..657fb1b 100644 --- a/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithUID.java +++ b/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithUID.java @@ -24,7 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -38,7 +38,6 @@ import io.lettuce.core.dynamic.annotation.Param; import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/healthIDWithUID", headers = "Authorization", consumes = "application/json", produces = "application/json") public class CreateHealthIDWithUID { @@ -47,7 +46,6 @@ public class CreateHealthIDWithUID { @Autowired private HealthIDWithUIDService HealthIDWithUIDService; - @CrossOrigin @Operation(summary = "Generate OTP") @PostMapping(value = { "/generateOTP" }) public String generateOTP(@Param(value = "{\"mobile\":\"String\"}") @RequestBody String request, @@ -70,7 +68,6 @@ public String generateOTP(@Param(value = "{\"mobile\":\"String\"}") @RequestBody return response.toString(); } - @CrossOrigin @Operation(summary = "Verify OTP") @PostMapping(value = { "/verifyOTP" }) public String verifyOTP(@Param(value = "{\"OTP\":\"String\", \"txnId\":\"String\"}") @RequestBody String request, @@ -93,7 +90,6 @@ public String verifyOTP(@Param(value = "{\"OTP\":\"String\", \"txnId\":\"String\ return response.toString(); } - @CrossOrigin @Operation(summary = "Check and generate OTP") @PostMapping(value = { "/checkAndGenerateMobileOTP" }) public String checkAndGenerateMobileOTP( @@ -117,7 +113,6 @@ public String checkAndGenerateMobileOTP( return response.toString(); } - @CrossOrigin @Operation(summary = "Verify mobile OTP") @PostMapping(value = { "/verifyMobileOTP" }) public String verifyMobileOTP( @@ -141,7 +136,6 @@ public String verifyMobileOTP( return response.toString(); } - @CrossOrigin @Operation(summary = "Create ABHA with UID") @PostMapping(value = { "/createHealthIDWithUID" }) public String createHealthIDWithUID( diff --git a/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIdRecord.java b/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIdRecord.java index 58fa5cb..e2cf7b7 100644 --- a/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIdRecord.java +++ b/src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIdRecord.java @@ -3,7 +3,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -16,7 +16,6 @@ import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/healthIDRecord", headers = "Authorization", consumes = "application/json", produces = "application/json") public class CreateHealthIdRecord { @@ -32,7 +31,6 @@ public class CreateHealthIdRecord { * @param Authorization * @return BenRegID of beneficiary after mapping */ - @CrossOrigin @Operation(summary = "Map ABHA to beneficiary") @PostMapping(value = { "/mapHealthIDToBeneficiary" }) public String mapHealthIDToBeneficiary( @@ -52,9 +50,6 @@ public String mapHealthIDToBeneficiary( logger.info("NDHM_FHIR Map ABHA to beneficiary API response " + response.toString()); return response.toString(); } - - - @CrossOrigin @Operation(summary = "Add New health ID record to healthId table") @PostMapping(value = { "/addHealthIdRecord" }) public String addRecordToHealthIdTable( diff --git a/src/main/java/com/wipro/fhir/controller/healthIDvalidate/HealthIDValidateController.java b/src/main/java/com/wipro/fhir/controller/healthIDvalidate/HealthIDValidateController.java index a1da45a..80eb244 100644 --- a/src/main/java/com/wipro/fhir/controller/healthIDvalidate/HealthIDValidateController.java +++ b/src/main/java/com/wipro/fhir/controller/healthIDvalidate/HealthIDValidateController.java @@ -24,7 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -38,7 +38,6 @@ import io.lettuce.core.dynamic.annotation.Param; import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/validate", headers = "Authorization") public class HealthIDValidateController { @@ -47,7 +46,6 @@ public class HealthIDValidateController { private HealthIDValidationService healthIDValidationService; private final Logger logger = LoggerFactory.getLogger(this.getClass().getName()); - @CrossOrigin @Operation(summary = "Generate OTP for ABHA validation") @PostMapping(value = { "/generateOTPForHealthIDValidation" }) public String generateOTPForHealthIDValidation( @@ -70,7 +68,6 @@ public String generateOTPForHealthIDValidation( return response.toString(); } - @CrossOrigin @Operation(summary = "Verify OTP for ABHA validation") @PostMapping(value = { "/verifyOTPForHealthIDValidation" }) public String verifyOTPForHealthIDValidation( diff --git a/src/main/java/com/wipro/fhir/controller/patientdatahandler/HigherHealthFacilityController.java b/src/main/java/com/wipro/fhir/controller/patientdatahandler/HigherHealthFacilityController.java index 881b16f..5743804 100644 --- a/src/main/java/com/wipro/fhir/controller/patientdatahandler/HigherHealthFacilityController.java +++ b/src/main/java/com/wipro/fhir/controller/patientdatahandler/HigherHealthFacilityController.java @@ -22,7 +22,7 @@ package com.wipro.fhir.controller.patientdatahandler; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -34,7 +34,6 @@ import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/higher/health/facility", headers = "Authorization", consumes = "application/json", produces = "application/json") public class HigherHealthFacilityController { @@ -42,7 +41,6 @@ public class HigherHealthFacilityController { @Autowired private HigherHealthFacilityServiceImpl higherHealthFacilityServiceImpl; - @CrossOrigin @Operation(summary = "Update beneficiary id for higher health facility") @PostMapping(value = { "/update/bengenid" }) public String feedPatientDemographicData(@RequestBody ResourceRequestHandler resourceRequestHandler) { @@ -64,7 +62,6 @@ public String feedPatientDemographicData(@RequestBody ResourceRequestHandler res } - @CrossOrigin @Operation(summary = "Get clinical data from higher health facility") @PostMapping(value = { "/get/clinical/data" }) public String getCLinicalDataHigherhealthFacility(@RequestBody ResourceRequestHandler resourceRequestHandler) { diff --git a/src/main/java/com/wipro/fhir/controller/patientdatahandler/PatientDataGatewayController.java b/src/main/java/com/wipro/fhir/controller/patientdatahandler/PatientDataGatewayController.java index a929faa..c3b5ec2 100644 --- a/src/main/java/com/wipro/fhir/controller/patientdatahandler/PatientDataGatewayController.java +++ b/src/main/java/com/wipro/fhir/controller/patientdatahandler/PatientDataGatewayController.java @@ -26,7 +26,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; @@ -41,7 +41,6 @@ import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/patient/data", headers = "Authorization", consumes = "application/json", produces = "application/json") public class PatientDataGatewayController { @@ -51,7 +50,6 @@ public class PatientDataGatewayController { private final Logger logger = LoggerFactory.getLogger(this.getClass().getName()); - @CrossOrigin @Operation(summary = "Patient profile search from Mongo, search parameter - healthId, healthIdNo, amritId, externalId, phoneNo, state, district, village") @PostMapping(value = { "/profile/search/demographic" }) public String patientDataSearchFromMongo(@RequestBody ResourceRequestHandler resourceRequestHandler, @@ -72,7 +70,6 @@ public String patientDataSearchFromMongo(@RequestBody ResourceRequestHandler res } - @CrossOrigin @Operation(summary = "Patient profile search from Mongo, all data based on page no") @GetMapping(value = { "/searchWithPagination/{pageNo}" }, produces = MediaType.APPLICATION_JSON) public String patientDataSearchFromMongoPagination(@PathVariable("pageNo") Integer pageNo) { diff --git a/src/main/java/com/wipro/fhir/controller/test/Test.java b/src/main/java/com/wipro/fhir/controller/test/Test.java index 2873a05..719047c 100644 --- a/src/main/java/com/wipro/fhir/controller/test/Test.java +++ b/src/main/java/com/wipro/fhir/controller/test/Test.java @@ -24,7 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestHeader; @@ -42,7 +42,6 @@ import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/feeds", headers = "Authorization") public class Test { @@ -53,7 +52,6 @@ public class Test { @Autowired private OPConsultRecordBundleImpl oPConsultRecordBundleImpl; - @CrossOrigin @Operation(summary = "Test parse ATOM Feeds") @PostMapping(value = { "/parse/feed/ATOM" }) public String parseFeeds(@RequestBody ResourceRequestHandler resourceRequestHandler, diff --git a/src/main/java/com/wipro/fhir/controller/v3/abha/CreateAbhaV3Controller.java b/src/main/java/com/wipro/fhir/controller/v3/abha/CreateAbhaV3Controller.java index 4e277d9..4d95154 100644 --- a/src/main/java/com/wipro/fhir/controller/v3/abha/CreateAbhaV3Controller.java +++ b/src/main/java/com/wipro/fhir/controller/v3/abha/CreateAbhaV3Controller.java @@ -3,7 +3,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -15,7 +15,6 @@ import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/abhaCreation", headers = "Authorization") public class CreateAbhaV3Controller { @@ -24,8 +23,6 @@ public class CreateAbhaV3Controller { @Autowired private CreateAbhaV3Service createAbhaV3Service; - - @CrossOrigin @Operation(summary = "Generate OTP for ABHA enrollment") @PostMapping(value = { "/requestOtpForAbhaEnrollment" }) public String requestOtpForEnrollment(@RequestBody String request) { @@ -44,8 +41,6 @@ public String requestOtpForEnrollment(@RequestBody String request) { logger.info("NDHM_FHIR generate OTP for ABHA card API response " + response.toString()); return response.toString(); } - - @CrossOrigin @Operation(summary = "ABHA enrollment by Aadhaar") @PostMapping(value = { "/abhaEnrollmentByAadhaar" }) public String abhaEnrollmentByAadhaar(@RequestBody String request) { @@ -65,8 +60,6 @@ public String abhaEnrollmentByAadhaar(@RequestBody String request) { logger.info("NDHM_FHIR generate OTP for ABHA card API response " + response.toString()); return response.toString(); } - - @CrossOrigin @Operation(summary = "Verify Auth By ABDM for ABHA enrollment") @PostMapping(value = { "/verifyAuthByAbdm" }) public String verifyMobileForAuth(@RequestBody String request) { @@ -85,8 +78,6 @@ public String verifyMobileForAuth(@RequestBody String request) { logger.info("NDHM_FHIR Verify Auth OTP for ABHA enrollment API response " + response.toString()); return response.toString(); } - - @CrossOrigin @Operation(summary = "Print Abha card") @PostMapping(value = { "/printAbhaCard" }) public String printAbhaCard(@RequestBody String request) { diff --git a/src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java b/src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java index 7d69230..6c37a92 100644 --- a/src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java +++ b/src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java @@ -3,7 +3,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.CrossOrigin; + import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -15,7 +15,6 @@ import io.swagger.v3.oas.annotations.Operation; -@CrossOrigin @RestController @RequestMapping(value = "/abhaLogin", headers = "Authorization") public class LoginAbhaV3Controller { @@ -25,7 +24,6 @@ public class LoginAbhaV3Controller { @Autowired private LoginAbhaV3Service loginAbhaV3Service; - @CrossOrigin @Operation(summary = "Request OTP for Abha LOgin") @PostMapping(value = { "/abhaLoginRequestOtp" }) public String requestOtpForAbhaLogin(@RequestBody String request) { @@ -44,8 +42,6 @@ public String requestOtpForAbhaLogin(@RequestBody String request) { logger.info("NDHM_FHIR generate OTP for ABHA login API response " + response.toString()); return response.toString(); } - - @CrossOrigin @Operation(summary = "verify OTP for Abha LOgin") @PostMapping(value = { "/verifyAbhaLogin" }) public String verifyAbhaLogin(@RequestBody String request) { @@ -64,8 +60,6 @@ public String verifyAbhaLogin(@RequestBody String request) { logger.info("NDHM_FHIR Verify abha login API response " + response.toString()); return response.toString(); } - - @CrossOrigin @Operation(summary = "Print PHR card - abha address web login") @PostMapping(value = { "/printWebLoginPhrCard" }) public String printWebLoginPhrCard(@RequestBody String request) { diff --git a/src/main/java/com/wipro/fhir/utils/FilterConfig.java b/src/main/java/com/wipro/fhir/utils/FilterConfig.java index 5a7ef36..89e7731 100644 --- a/src/main/java/com/wipro/fhir/utils/FilterConfig.java +++ b/src/main/java/com/wipro/fhir/utils/FilterConfig.java @@ -3,17 +3,26 @@ import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.Ordered; +import org.springframework.beans.factory.annotation.Value; @Configuration public class FilterConfig { + @Value("${cors.allowed-origins}") + private String allowedOrigins; + @Bean public FilterRegistrationBean jwtUserIdValidationFilter( JwtAuthenticationUtil jwtAuthenticationUtil) { FilterRegistrationBean registrationBean = new FilterRegistrationBean<>(); - registrationBean.setFilter(new JwtUserIdValidationFilter(jwtAuthenticationUtil)); + + // Pass allowedOrigins explicitly to the filter constructor + JwtUserIdValidationFilter filter = new JwtUserIdValidationFilter(jwtAuthenticationUtil, allowedOrigins); + + registrationBean.setFilter(filter); + registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); registrationBean.addUrlPatterns("/*"); // Apply filter to all API endpoints return registrationBean; } - } diff --git a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java index ef30deb..aa33029 100644 --- a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java +++ b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java @@ -1,6 +1,7 @@ package com.wipro.fhir.utils; import java.io.IOException; +import java.util.Arrays; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -17,23 +18,45 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -@Component public class JwtUserIdValidationFilter implements Filter { private final JwtAuthenticationUtil jwtAuthenticationUtil; private final Logger logger = LoggerFactory.getLogger(this.getClass().getName()); + private final String allowedOrigins; - public JwtUserIdValidationFilter(JwtAuthenticationUtil jwtAuthenticationUtil) { + public JwtUserIdValidationFilter(JwtAuthenticationUtil jwtAuthenticationUtil, + String allowedOrigins) { this.jwtAuthenticationUtil = jwtAuthenticationUtil; + this.allowedOrigins = allowedOrigins; } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; - + HttpServletResponse response = (HttpServletResponse) servletResponse; + String origin = request.getHeader("Origin"); + + logger.debug("Incoming Origin: {}", origin); + logger.debug("Allowed Origins Configured: {}", allowedOrigins); + + if (origin != null && isOriginAllowed(origin)) { + response.setHeader("Access-Control-Allow-Origin", origin); + response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); + response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept, Jwttoken"); + response.setHeader("Access-Control-Allow-Credentials", "true"); + } else { + logger.warn("Origin [{}] is NOT allowed. CORS headers NOT added.", origin); + } + + if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { + logger.info("OPTIONS request - skipping JWT validation"); + response.setStatus(HttpServletResponse.SC_OK); + return; + } + String path = request.getRequestURI(); String contextPath = request.getContextPath(); logger.info("JwtUserIdValidationFilter invoked for path: " + path); @@ -50,7 +73,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo } else { logger.info("No cookies found in the request"); } - + // Skip login and public endpoints if (shouldSkipPath(path, contextPath)) { filterChain.doFilter(servletRequest, servletResponse); @@ -103,6 +126,25 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo } } + private boolean isOriginAllowed(String origin) { + if (origin == null || allowedOrigins == null || allowedOrigins.trim().isEmpty()) { + logger.warn("No allowed origins configured or origin is null"); + return false; + } + + return Arrays.stream(allowedOrigins.split(",")) + .map(String::trim) + .anyMatch(pattern -> { + String regex = pattern + .replace(".", "\\.") + .replace("*", ".*") + .replace("http://localhost:.*", "http://localhost:\\d+"); // special case for wildcard port + + boolean matched = origin.matches(regex); + return matched; + }); + } + private boolean isMobileClient(String userAgent) { if (userAgent == null) return false; From 9e3e2393435be1a66071b88d67e798604456d934 Mon Sep 17 00:00:00 2001 From: vishwab1 Date: Tue, 17 Jun 2025 18:21:44 +0530 Subject: [PATCH 2/2] fix: modification in validation --- src/main/environment/common_ci.properties | 1 + src/main/java/com/wipro/fhir/config/CorsConfig.java | 4 ++-- .../java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/environment/common_ci.properties b/src/main/environment/common_ci.properties index c7b1955..d1a7ec3 100644 --- a/src/main/environment/common_ci.properties +++ b/src/main/environment/common_ci.properties @@ -118,4 +118,5 @@ springdoc.swagger-ui.enabled=@env.SWAGGER_DOC_ENABLED@ # Redis IP spring.redis.host=@env.REDIS_HOST@ + cors.allowed-origins=@env.CORS_ALLOWED_ORIGINS@ diff --git a/src/main/java/com/wipro/fhir/config/CorsConfig.java b/src/main/java/com/wipro/fhir/config/CorsConfig.java index f6878cf..81527b3 100644 --- a/src/main/java/com/wipro/fhir/config/CorsConfig.java +++ b/src/main/java/com/wipro/fhir/config/CorsConfig.java @@ -20,8 +20,8 @@ public void addCorsMappings(CorsRegistry registry) { .map(String::trim) .toArray(String[]::new)) .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") - .allowedHeaders("*") - .exposedHeaders("Authorization", "Jwttoken") + .allowedHeaders("Content-Type", "Authorization") + .exposedHeaders("Authorization") .allowCredentials(true) .maxAge(3600); } diff --git a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java index aa33029..b415fc3 100644 --- a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java +++ b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java @@ -46,6 +46,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo response.setHeader("Access-Control-Allow-Origin", origin); response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept, Jwttoken"); + response.setHeader("Vary", "Origin"); response.setHeader("Access-Control-Allow-Credentials", "true"); } else { logger.warn("Origin [{}] is NOT allowed. CORS headers NOT added.", origin);