CORS Configuration for Admin API Services (#87)

* implemented cors check

* fix:cors remove for admin api

* fix: changed ci properties

Author: vishwab1

logs/admin-api.log.json

@@ -23,4 +23,6 @@ logging.file.name=@env.ADMIN_API_LOGGING_FILE_NAME@
 common-url=@env.COMMON_API@
 
 springdoc.api-docs.enabled=@env.SWAGGER_DOC_ENABLED@
-springdoc.swagger-ui.enabled=@env.SWAGGER_DOC_ENABLED@
+springdoc.swagger-ui.enabled=@env.SWAGGER_DOC_ENABLED@
+
+cors.allowed-origins=@env.CORS_ALLOWED_ORIGINS@

logs/admin-api.log.json.2025-06-13.gz

@@ -24,3 +24,5 @@ logging.path=logs/
 logging.file.name=logs/admin-api.log
 
 jwt.secret=my-32-character-ultra-secure-and-ultra-long-secret
+
+cors.allowed-origins=http://localhost:*

src/main/environment/admin_ci.properties

@@ -0,0 +1,28 @@
+package com.iemr.admin.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import java.util.Arrays;
+import org.springframework.beans.factory.annotation.Value;
+
+@Configuration
+public class CorsConfig implements WebMvcConfigurer {
+
+    @Value("${cors.allowed-origins}")
+    private String allowedOrigins;
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+                .allowedOriginPatterns(
+                        Arrays.stream(allowedOrigins.split(","))
+                                .map(String::trim)
+                                .toArray(String[]::new))
+                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                .allowedHeaders("*")
+                .exposedHeaders("Authorization", "Jwttoken")
+                .allowCredentials(true)
+                .maxAge(3600);
+    }
+}

src/main/environment/admin_example.properties

@@ -28,7 +28,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -60,7 +60,6 @@ public void setServiceProvider_ServiceImpl(BlockingInter blockingInter) {
 		this.blockingInter = blockingInter;
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Block provider 1")
 	@RequestMapping(value = "/blockProvider1", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -119,7 +118,6 @@ public String blockProvider1(@RequestBody String providerBlocking) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Block provider")
 	@RequestMapping(value = "/blockProvider", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -178,7 +176,6 @@ public String blockProvider(@RequestBody String providerBlocking) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Block provider by service id")
 	@RequestMapping(value = { "/blockProviderByServiceId" }, method = { RequestMethod.POST }, produces = {
 			"application/json" }, headers = "Authorization")
@@ -239,7 +236,6 @@ public String blockProviderByServiceId(@RequestBody String blockProviderByServic
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get provider status")
 	@RequestMapping(value = "/getProviderStatus", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -266,7 +262,6 @@ public String getProviderStatus(@RequestBody String getProviderStatus) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get provider status 1")
 	@RequestMapping(value = "/getProviderStatus1", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -293,7 +288,6 @@ public String getProviderStatus1(@RequestBody String getProviderStatus) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get service liens using provider")
 	@RequestMapping(value = "/getServiceLinesUsingProvider", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -320,7 +314,6 @@ public String getServiceLiensUsingProvider(@RequestBody String getServiceLiensUs
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get provider status by provider and service id")
 	@RequestMapping(value = "/getProviderStatusByProviderAndServiceId", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -348,7 +341,6 @@ public String getProviderStatusByProviderAndServiceId(@RequestBody String getPro
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Block provider by service")
 	@RequestMapping(value = "/blockProviderByService", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -401,7 +393,6 @@ public String blockProviderByService(@RequestBody String providerServiceBlocking
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get provider status by service")
 	@RequestMapping(value = "/getProviderStatusByService", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -430,7 +421,6 @@ public String getProviderStatusByService(@RequestBody String providerServiceBloc
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Block provider by state")
 	@RequestMapping(value = "/blockProviderByState", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -491,7 +481,6 @@ public String blockProviderByState(@RequestBody String providerStateBlocking) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get provider status by state")
 	@RequestMapping(value = "/getProviderStatusByState", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -520,7 +509,6 @@ public String getProviderStatusByState(@RequestBody String providerStateBlocking
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Block user")
 	@RequestMapping(value = "/blockUser", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -568,7 +556,6 @@ public String blockUser(@RequestBody String blockUser) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get status")
 	@RequestMapping(value = "/getStatus", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -593,7 +580,6 @@ public String getStatus(@RequestBody String getStatus) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Provider state and service lines")
 	@RequestMapping(value = "/addProviderStateAndServiceLines", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -657,7 +643,6 @@ public String ProviderStateAndServiceLines(@RequestBody String ProviderStateAndS
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Delete provider state and service lines")
 	@RequestMapping(value = "/deleteProviderStateAndServiceLines", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -701,7 +686,6 @@ public String deleteProviderStateAndServiceLines(@RequestBody String deleteProvi
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Create cit mapping with service lines")
 	@RequestMapping(value = "/createCitMappingwithServiceLines", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -728,7 +712,6 @@ public String createCitMappingwithServiceLines(@RequestBody String createCitMapp
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get mapped service lines and state to provider")
 	@RequestMapping(value = "/getMappedServiceLinesAndStatetoProvider", headers = "Authorization", method = {
 			RequestMethod.POST }, consumes = { "application/json" }, produces = { "application/json" })
@@ -756,7 +739,6 @@ public String getMappedServiceLinesAndStatetoProvider(@RequestBody String getMap
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Map provider and service lines")
 	@RequestMapping(value = "/mapServiceLinesAndStatetoProvider", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -822,7 +804,6 @@ public String mapProviderAndServiceLines(@RequestBody String mapProviderAndServi
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Edit mapped service lines and state to provider")
 	@RequestMapping(value = "/editMappedServiceLinesAndStatetoProvider", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -856,7 +837,6 @@ public String editMappedServiceLinesAndStatetoProvider(
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Delete mapped service lines and state to provider")
 	@RequestMapping(value = "/deleteMappedServiceLinesAndStatetoProvider", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })

src/main/java/com/iemr/admin/config/CorsConfig.java

@@ -24,7 +24,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -52,7 +52,6 @@ public class CalibrationController {
 	 * @param request
 	 * @return CalibrationStripMasterData
 	 */
-	@CrossOrigin()
 	@Operation(summary = "Create calibration strip")
 	@RequestMapping(value = "/createCalibrationStrip", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -85,7 +84,6 @@ public String createCalibrationStrip(
 	 * @param request
 	 * @return CalibrationStripList
 	 */
-	@CrossOrigin()
 	@Operation(summary = "Fetch calibration strip")
 	@RequestMapping(value = "/fetchCalibrationStrips", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -113,7 +111,6 @@ public String fetchCalibrationStrips(
 	 * @param request
 	 * @return Response
 	 */
-	@CrossOrigin()
 	@Operation(summary = "Delete calibration strip")
 	@RequestMapping(value = "/deleteCalibrationStrip", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -141,7 +138,6 @@ public String deleteCalibrationStrip(
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Update calibration strip")
 	@RequestMapping(value = "/updateCalibrationStrip", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })

src/main/java/com/iemr/admin/controller/blocking/BlockingController.java

@@ -29,7 +29,7 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -49,7 +49,6 @@ public class CareStreamCreateOrderController {
 	private static final char START_OF_BLOCK = '\u000b';
 	private static final char CARRIAGE_RETURN = 13;
 
-	@CrossOrigin()
 	@Operation(summary = "Create order")
 	@RequestMapping(value = "/createOrder", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -118,7 +117,6 @@ public String createOrder(@RequestBody String createOrder) throws UnknownHostExc
 		return response.toString();
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Update order")
 	@RequestMapping(value = "/UpdateOrder", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -174,7 +172,6 @@ public String UpdateOrder(@RequestBody String UpdateOrder) throws UnknownHostExc
 		return response.toString();
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Delete order")
 	@RequestMapping(value = "/deleteOrder", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })

src/main/java/com/iemr/admin/controller/calibration/CalibrationController.java

@@ -28,7 +28,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -48,7 +48,6 @@ public class DrugStrength {
 	@Autowired
 	private DrugStrangthInter durgStrangthInter;
 
-	@CrossOrigin()
 	@Operation(summary = "Create drug strength")
 	@RequestMapping(value = "/createDrugStrangth", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -76,7 +75,6 @@ public String createDrugStrangth(@RequestBody String createDrugStrangth) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get drug strength")
 	@RequestMapping(value = "/getDrugStrangth", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -103,7 +101,6 @@ public String getDrugStrangth(@RequestBody String getDrugStrangth) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Update drug strength")
 	@RequestMapping(value = "/updateDrugStrangth", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })
@@ -136,7 +133,6 @@ public String updateDrugStrangth(@RequestBody String updateDrugStrangth) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Delete drug strength")
 	@RequestMapping(value = "/deleteDrugStrangth", headers = "Authorization", method = {
 			RequestMethod.POST }, produces = { "application/json" })

src/main/java/com/iemr/admin/controller/createorder/CareStreamCreateOrderController.java

@@ -28,7 +28,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -48,7 +48,6 @@ public class DrugtypeController {
 	@Autowired
 	private DrugtypeInter drugtypeInter;
 
-	@CrossOrigin()
 	@Operation(summary = "Create manufacturer")
 	@RequestMapping(value = "/createDrugtype", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -75,7 +74,6 @@ public String createManufacturer(@RequestBody String createDrugtype) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Get manufacturer")
 	@RequestMapping(value = "/getDrugtype", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -102,7 +100,6 @@ public String getManufacturer(@RequestBody String getDrugtype) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Edit manufacturer")
 	@RequestMapping(value = "/editDrugtype", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })
@@ -137,7 +134,6 @@ public String editManufacturer(@RequestBody String editDrugtype) {
 
 	}
 
-	@CrossOrigin()
 	@Operation(summary = "Delete manufacturer")
 	@RequestMapping(value = "/deleteDrugtype", headers = "Authorization", method = { RequestMethod.POST }, produces = {
 			"application/json" })