[#632] Enable CORS (#634)

* update logging library to v2 * revert testing changes [#624] * upgrade core-auth-library-go to v2.1.0, add empty enc APIs policy [#624] * remove individual web auth entities, use claimsCheck functions * upgrade auth-lib and logging-lib versions [#624] * clean up unnecessary schema files, upgrade dependencies, trouble with openapi3 example validation [#624] * downgrade openapi to 0.110.0, remove more unnecessary schemas [#624] * update error messages with new logutils strings [#624] * update swagger docs to only use yaml syntax [#624] * update changelog * fix typo * logging adjustments, fix comment * bug fixes * do not store access tokens in DB, encrypt oidc tokens in login session params * return raw oidc tokens in login, refresh responses, only store encrypted refresh token, add decryption function * remove whitespace from decrypted refresh tokens * store hashed refresh tokens, prefix refresh tokens with session ID, remove some refresh token logging * first implementation of session ID rate limit * delete login session on rate limit hit * add allow legacy refresh flag to env vars, don't send oidc refresh tokens to client * update login and refresh response docs * limit block size in pkcs7 padding * limit ciphertext size * don't allow negative ciphertext size * fix padded ciphertext length * use AES encryption in GCM mode instead of CBC, store nonce in session params [#628] * update usage of global configs, will probably update to be used more like bb template configs [#628] * start refactoring GlobalConfig into Config [#628] * add new files * finish global_configs -> configs refactor, bug fixes [#628] * handle backward compatibility * use Log.SendHTTPResponse * setup CORS handler in web adapter * update go mod * fix go mod * update changelog * update config data type [#632] * gen mocks * fix configs, docs * fix admin update config API [#632] * fix changelog, merge changes from develop * update configs APIs [#632] * bug fixes * do not setup cors if there are no allowed origins [#632] * move storage out of web package, upgrade dependencies --------- Co-authored-by: Stephen Hurwit <[email protected]>
rokwire · Jun 28, 2023 · 7b2bbfa · 7b2bbfa
1 parent b5c6af9
commit 7b2bbfa
Show file tree

Hide file tree

Showing 37 changed files with 1,796 additions and 678 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -109,12 +109,6 @@
     },
     {
       "path": "detect_secrets.filters.heuristic.is_templated_secret"
-    },
-    {
-      "path": "detect_secrets.filters.regex.should_exclude_file",
-      "pattern": [
-        "go.sum"
-      ]
     }
   ],
   "results": {
@@ -124,8 +118,7 @@
         "filename": "README.md",
         "hashed_secret": "112bb791304791ddcf692e29fd5cf149b35fea37",
         "is_verified": false,
-        "line_number": 37,
-        "is_secret": false
+        "line_number": 37
       }
     ],
     "core/app_shared.go": [
@@ -134,8 +127,7 @@
         "filename": "core/app_shared.go",
         "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c",
         "is_verified": false,
-        "line_number": 41,
-        "is_secret": false
+        "line_number": 41
       }
     ],
     "core/auth/apis.go": [
@@ -154,31 +146,31 @@
         "filename": "core/auth/auth.go",
         "hashed_secret": "417355fe2b66baa6826739a6d8006ab2ddcf5186",
         "is_verified": false,
-        "line_number": 151,
+        "line_number": 154,
         "is_secret": false
       },
       {
         "type": "Secret Keyword",
         "filename": "core/auth/auth.go",
-        "hashed_secret": "700f93e97a8aaf0664601a8f298ac5ad0ff13c37",
+        "hashed_secret": "bbdb97274c94b9605a766e317fca26186c34c510",
         "is_verified": false,
-        "line_number": 153,
+        "line_number": 156,
         "is_secret": false
       },
       {
         "type": "Secret Keyword",
         "filename": "core/auth/auth.go",
         "hashed_secret": "58f3388441fbce0e48aef2bf74413a6f43f6dc70",
         "is_verified": false,
-        "line_number": 933,
+        "line_number": 936,
         "is_secret": false
       },
       {
         "type": "Secret Keyword",
         "filename": "core/auth/auth.go",
         "hashed_secret": "94a7f0195bbbd2260c4e4d02b6348fbcd90b2b30",
         "is_verified": false,
-        "line_number": 2440,
+        "line_number": 2442,
         "is_secret": false
       }
     ],
@@ -188,56 +180,49 @@
         "filename": "core/auth/auth_type_email.go",
         "hashed_secret": "f3f2fb17a3bf9f307cb6e79b61b9d4baf07dd681",
         "is_verified": false,
-        "line_number": 75,
-        "is_secret": false
+        "line_number": 75
       },
       {
         "type": "Secret Keyword",
         "filename": "core/auth/auth_type_email.go",
         "hashed_secret": "fe70d8c51780596c0b3399573122bba943a461da",
         "is_verified": false,
-        "line_number": 76,
-        "is_secret": false
+        "line_number": 76
       },
       {
         "type": "Secret Keyword",
         "filename": "core/auth/auth_type_email.go",
         "hashed_secret": "06354d205ab5a3b6c7ad2333c58f1ddc810c97ba",
         "is_verified": false,
-        "line_number": 87,
-        "is_secret": false
+        "line_number": 87
       },
       {
         "type": "Secret Keyword",
         "filename": "core/auth/auth_type_email.go",
         "hashed_secret": "7cbe6dcf7274355d223e3174e4d8a7ffb55a9227",
         "is_verified": false,
-        "line_number": 156,
-        "is_secret": false
+        "line_number": 156
       },
       {
         "type": "Secret Keyword",
         "filename": "core/auth/auth_type_email.go",
         "hashed_secret": "69411040443be576ce64fc793269d7c26dd0866a",
         "is_verified": false,
-        "line_number": 253,
-        "is_secret": false
+        "line_number": 253
       },
       {
         "type": "Secret Keyword",
         "filename": "core/auth/auth_type_email.go",
         "hashed_secret": "cba104f0870345d3ec99d55c06441bdce9fcf584",
         "is_verified": false,
-        "line_number": 390,
-        "is_secret": false
+        "line_number": 390
       },
       {
         "type": "Secret Keyword",
         "filename": "core/auth/auth_type_email.go",
         "hashed_secret": "c74f3640d83fd19d941a4f44b28fbd9e57f59eef",
         "is_verified": false,
-        "line_number": 391,
-        "is_secret": false
+        "line_number": 391
       }
     ],
     "core/auth/auth_type_oidc.go": [
@@ -246,8 +231,7 @@
         "filename": "core/auth/auth_type_oidc.go",
         "hashed_secret": "0ade4f3edccc8888bef404fe6b3c92c13cdfad6b",
         "is_verified": false,
-        "line_number": 376,
-        "is_secret": false
+        "line_number": 376
       }
     ],
     "core/auth/auth_type_username.go": [
@@ -306,8 +290,7 @@
         "filename": "core/auth/service_static_token.go",
         "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c",
         "is_verified": false,
-        "line_number": 78,
-        "is_secret": false
+        "line_number": 78
       }
     ],
     "driven/emailer/adapter.go": [
@@ -316,8 +299,7 @@
         "filename": "driven/emailer/adapter.go",
         "hashed_secret": "9df4524d2441f00999342c4541a39932198d4bb4",
         "is_verified": false,
-        "line_number": 70,
-        "is_secret": false
+        "line_number": 70
       }
     ],
     "driven/profilebb/adapter.go": [
@@ -326,8 +308,7 @@
         "filename": "driven/profilebb/adapter.go",
         "hashed_secret": "36c48d6ac9d10902792fa78b9c2d7d535971c2cc",
         "is_verified": false,
-        "line_number": 224,
-        "is_secret": false
+        "line_number": 224
       }
     ],
     "driven/storage/database.go": [
@@ -336,8 +317,7 @@
         "filename": "driven/storage/database.go",
         "hashed_secret": "6547f385c6d867e20f8217018a4d468a7d67d638",
         "is_verified": false,
-        "line_number": 209,
-        "is_secret": false
+        "line_number": 209
       }
     ],
     "driver/web/apis_system.go": [
@@ -346,8 +326,7 @@
         "filename": "driver/web/apis_system.go",
         "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c",
         "is_verified": false,
-        "line_number": 700,
-        "is_secret": false
+        "line_number": 637
       }
     ],
     "driver/web/docs/gen/def.yaml": [
@@ -356,8 +335,7 @@
         "filename": "driver/web/docs/gen/def.yaml",
         "hashed_secret": "448ed7416fce2cb66c285d182b1ba3df1e90016d",
         "is_verified": false,
-        "line_number": 55,
-        "is_secret": false
+        "line_number": 55
       }
     ],
     "driver/web/docs/gen/gen_types.go": [
@@ -366,7 +344,7 @@
         "filename": "driver/web/docs/gen/gen_types.go",
         "hashed_secret": "c9739eab2dfa093cc0e450bf0ea81a43ae67b581",
         "is_verified": false,
-        "line_number": 1673,
+        "line_number": 1717,
         "is_secret": false
       }
     ],
@@ -376,8 +354,7 @@
         "filename": "driver/web/docs/resources/admin/auth/login.yaml",
         "hashed_secret": "448ed7416fce2cb66c285d182b1ba3df1e90016d",
         "is_verified": false,
-        "line_number": 26,
-        "is_secret": false
+        "line_number": 26
       }
     ],
     "driver/web/docs/resources/services/auth/account/auth-type/link.yaml": [
@@ -386,8 +363,7 @@
         "filename": "driver/web/docs/resources/services/auth/account/auth-type/link.yaml",
         "hashed_secret": "448ed7416fce2cb66c285d182b1ba3df1e90016d",
         "is_verified": false,
-        "line_number": 26,
-        "is_secret": false
+        "line_number": 26
       }
     ],
     "driver/web/docs/resources/services/auth/login.yaml": [
@@ -396,10 +372,9 @@
         "filename": "driver/web/docs/resources/services/auth/login.yaml",
         "hashed_secret": "448ed7416fce2cb66c285d182b1ba3df1e90016d",
         "is_verified": false,
-        "line_number": 24,
-        "is_secret": false
+        "line_number": 24
       }
     ]
   },
-  "generated_at": "2023-05-02T15:15:38Z"
+  "generated_at": "2023-06-07T20:22:07Z"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,7 +6,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
+### Added
+- Enable CORS [#632](https://github.com/rokwire/core-building-block/issues/632)
+
 ## [1.33.0] - 2023-05-02
+### Added
 - Username and password authentication [#658](https://github.com/rokwire/core-building-block/issues/658)
 
 ## [1.32.2] - 2023-04-20

diff --git a/core/apis.go b/core/apis.go
@@ -22,6 +22,7 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	"github.com/rokwire/core-auth-library-go/v3/tokenauth"
 	"github.com/rokwire/logging-library-go/v2/errors"
 	"github.com/rokwire/logging-library-go/v2/logs"
 	"github.com/rokwire/logging-library-go/v2/logutils"
@@ -336,6 +337,26 @@ type administrationImpl struct {
 	app *application
 }
 
+func (s *administrationImpl) AdmGetConfig(id string, claims *tokenauth.Claims) (*model.Config, error) {
+	return s.app.admGetConfig(id, claims)
+}
+
+func (s *administrationImpl) AdmGetConfigs(configType *string, claims *tokenauth.Claims) ([]model.Config, error) {
+	return s.app.admGetConfigs(configType, claims)
+}
+
+func (s *administrationImpl) AdmCreateConfig(config model.Config, claims *tokenauth.Claims) (*model.Config, error) {
+	return s.app.admCreateConfig(config, claims)
+}
+
+func (s *administrationImpl) AdmUpdateConfig(config model.Config, claims *tokenauth.Claims) error {
+	return s.app.admUpdateConfig(config, claims)
+}
+
+func (s *administrationImpl) AdmDeleteConfig(id string, claims *tokenauth.Claims) error {
+	return s.app.admDeleteConfig(id, claims)
+}
+
 func (s *administrationImpl) AdmGetTest() string {
 	return s.app.admGetTest()
 }
@@ -514,18 +535,6 @@ type systemImpl struct {
 	app *application
 }
 
-func (s *systemImpl) SysCreateGlobalConfig(setting string) (*model.GlobalConfig, error) {
-	return s.app.sysCreateGlobalConfig(setting)
-}
-
-func (s *systemImpl) SysGetGlobalConfig() (*model.GlobalConfig, error) {
-	return s.app.sysGetGlobalConfig()
-}
-
-func (s *systemImpl) SysUpdateGlobalConfig(setting string) error {
-	return s.app.sysUpdateGlobalConfig(setting)
-}
-
 func (s *systemImpl) SysGetApplicationOrganizations(appID *string, orgID *string) ([]model.ApplicationOrganization, error) {
 	return s.app.sysGetApplicationOrganizations(appID, orgID)
 }

diff --git a/core/apis_test.go b/core/apis_test.go
@@ -22,7 +22,9 @@ import (
 	genmocks "core-building-block/core/mocks"
 	"core-building-block/core/model"
 
+	"github.com/rokwire/core-auth-library-go/v3/tokenauth"
 	"github.com/rokwire/logging-library-go/v2/logs"
+	"github.com/stretchr/testify/mock"
 	"gotest.tools/assert"
 )
 
@@ -78,40 +80,39 @@ func TestAdmGetTest(t *testing.T) {
 	}
 }
 
-///
-
-//System
-
-func TestSysCreateGlobalConfig(t *testing.T) {
+func TestAdmCreateConfig(t *testing.T) {
+	anyConfig := mock.AnythingOfType("model.Config")
 	storage := genmocks.Storage{}
-	storage.On("GetGlobalConfig").Return(nil, nil)
-	storage.On("CreateGlobalConfig", nil, &model.GlobalConfig{Setting: "setting"}).Return(nil)
+	storage.On("InsertConfig", anyConfig).Return(nil)
 
 	coreAPIs := buildTestCoreAPIs(&storage)
 
-	gc, _ := coreAPIs.System.SysCreateGlobalConfig("setting")
-	if gc == nil {
-		t.Error("gc is nil")
+	config := model.Config{Type: model.ConfigTypeEnv, AppID: "app", OrgID: "org", System: false, Data: model.EnvConfigData{}}
+	_, err := coreAPIs.Administration.AdmCreateConfig(config, &tokenauth.Claims{AppID: "app", OrgID: "org"})
+	if err != nil {
+		t.Error("we are not expecting error")
 		return
 	}
-	assert.Equal(t, gc.Setting, "setting", "setting is different")
 
 	//second case - error
 	storage2 := genmocks.Storage{}
-	storage2.On("GetGlobalConfig").Return(nil, nil)
-	storage2.On("CreateGlobalConfig", nil, &model.GlobalConfig{Setting: "setting"}).Return(errors.New("error occured"))
+	storage2.On("InsertConfig", anyConfig).Return(errors.New("error occured"))
 
 	coreAPIs = buildTestCoreAPIs(&storage2)
 
-	_, err := coreAPIs.System.SysCreateGlobalConfig("setting")
+	_, err = coreAPIs.Administration.AdmCreateConfig(config, &tokenauth.Claims{AppID: "app", OrgID: "org"})
 	if err == nil {
 		t.Error("we are expecting error")
 		return
 	}
 	errText := err.Error()
-	assert.Equal(t, errText, "core-building-block/core.(*application).sysCreateGlobalConfig() error inserting global config: error occured", "error is different: "+err.Error())
+	assert.Equal(t, errText, "core-building-block/core.(*application).admCreateConfig() error inserting config: error occured", "error is different: "+err.Error())
 }
 
+///
+
+//System
+
 func TestSysGetOrganization(t *testing.T) {
 	storage := genmocks.Storage{}
 	storage.On("FindOrganization", "_id").Return(&model.Organization{ID: "_id"}, nil)