fix:added cors error api fix

Author: vishwab1

src/main/java/com/iemr/ecd/config/CorsConfig.java

@@ -24,13 +24,33 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import java.util.Arrays;
+import org.springframework.beans.factory.annotation.Value;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @Configuration
 public class WebConfiguration implements WebMvcConfigurer {
 
+	private static final Logger logger = LoggerFactory.getLogger(WebConfiguration.class);
+
+	@Value("${cors.allowed-origins}")
+	private String allowedOrigins;
+
 	@Override
 	public void addCorsMappings(CorsRegistry registry) {
-		registry.addMapping("/**").allowedMethods("*");
-	}
+		String[] originPatterns = Arrays.stream(allowedOrigins.split(","))
+				.map(String::trim)
+				.toArray(String[]::new);
 
+		logger.info("Initializing CORS configuration with allowed origins: {}", Arrays.toString(originPatterns));
+
+		registry.addMapping("/**")
+				.allowedOriginPatterns(originPatterns)
+				.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+				.allowedHeaders("*")
+				.exposedHeaders("Authorization", "Jwttoken")
+				.allowCredentials(true)
+				.maxAge(3600);
+	}
 }

src/main/java/com/iemr/ecd/config/WebConfiguration.java

@@ -3,17 +3,26 @@
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import org.springframework.beans.factory.annotation.Value;
 
 @Configuration
 public class FilterConfig {
 
+	@Value("${cors.allowed-origins}")
+	private String allowedOrigins;
+
 	@Bean
 	public FilterRegistrationBean<JwtUserIdValidationFilter> jwtUserIdValidationFilter(
 			JwtAuthenticationUtil jwtAuthenticationUtil) {
 		FilterRegistrationBean<JwtUserIdValidationFilter> registrationBean = new FilterRegistrationBean<>();
-		registrationBean.setFilter(new JwtUserIdValidationFilter(jwtAuthenticationUtil));
+
+		// Pass allowedOrigins explicitly to the filter constructor
+		JwtUserIdValidationFilter filter = new JwtUserIdValidationFilter(jwtAuthenticationUtil, allowedOrigins);
+
+		registrationBean.setFilter(filter);
+		registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
 		registrationBean.addUrlPatterns("/*"); // Apply filter to all API endpoints
 		return registrationBean;
 	}
-
 }

src/main/java/com/iemr/ecd/utils/mapper/FilterConfig.java

@@ -4,7 +4,6 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
 
 import com.iemr.ecd.utils.constants.Constants;
 import com.iemr.ecd.utils.http_request_interceptor.AuthorizationHeaderRequestWrapper;
@@ -17,15 +16,18 @@
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import java.util.Arrays;
 
-@Component
 public class JwtUserIdValidationFilter implements Filter {
 
 	private final JwtAuthenticationUtil jwtAuthenticationUtil;
 	private final Logger logger = LoggerFactory.getLogger(this.getClass().getName());
+	private final String allowedOrigins;
 
-	public JwtUserIdValidationFilter(JwtAuthenticationUtil jwtAuthenticationUtil) {
+	public JwtUserIdValidationFilter(JwtAuthenticationUtil jwtAuthenticationUtil,
+			String allowedOrigins) {
 		this.jwtAuthenticationUtil = jwtAuthenticationUtil;
+		this.allowedOrigins = allowedOrigins;
 	}
 
 	@Override
@@ -34,6 +36,22 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
 		HttpServletResponse response = (HttpServletResponse) servletResponse;
 
+		String origin = request.getHeader("Origin");
+		if (origin != null && isOriginAllowed(origin)) {
+			response.setHeader("Access-Control-Allow-Origin", origin);
+			response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+			response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept, Jwttoken");
+			response.setHeader("Access-Control-Allow-Credentials", "true");
+		} else {
+			logger.warn("Origin [{}] is NOT allowed. CORS headers NOT added.", origin);
+		}
+
+		if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+			logger.info("OPTIONS request - skipping JWT validation");
+			response.setStatus(HttpServletResponse.SC_OK);
+			return;
+		}
+
 		String path = request.getRequestURI();
 		String contextPath = request.getContextPath();
 		logger.info("JwtUserIdValidationFilter invoked for path: " + path);
@@ -103,18 +121,39 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 
 			logger.warn("No valid authentication token found");
 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token");
-		
+
 		} catch (Exception e) {
 			logger.error("Authorization error: ", e);
 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization error: " + e.getMessage());
 		}
 	}
+
+	private boolean isOriginAllowed(String origin) {
+		if (origin == null || allowedOrigins == null || allowedOrigins.trim().isEmpty()) {
+			logger.warn("No allowed origins configured or origin is null");
+			return false;
+		}
+
+		return Arrays.stream(allowedOrigins.split(","))
+				.map(String::trim)
+				.anyMatch(pattern -> {
+					String regex = pattern
+							.replace(".", "\\.")
+							.replace("*", ".*")
+							.replace("http://localhost:.*", "http://localhost:\\d+"); // special case for wildcard port
+
+					boolean matched = origin.matches(regex);
+					return matched;
+				});
+	}
+
 	private boolean isMobileClient(String userAgent) {
 		if (userAgent == null)
 			return false;
 		userAgent = userAgent.toLowerCase();
 		return userAgent.contains(Constants.OKHTTP);
 	}
+
 	private String getJwtTokenFromCookies(HttpServletRequest request) {
 		Cookie[] cookies = request.getCookies();
 		if (cookies != null) {