001/* 002 * Stallion Core: A Modern Web Framework 003 * 004 * Copyright (C) 2015 - 2016 Stallion Software LLC. 005 * 006 * This program is free software: you can redistribute it and/or modify it under the terms of the 007 * GNU General Public License as published by the Free Software Foundation, either version 2 of 008 * the License, or (at your option) any later version. This program is distributed in the hope that 009 * it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of 010 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 011 * License for more details. You should have received a copy of the GNU General Public License 012 * along with this program. If not, see <http://www.gnu.org/licenses/gpl-2.0.html>. 013 * 014 * 015 * 016 */ 017 018package io.stallion.settings.childSections; 019 020import io.stallion.settings.SettingMeta; 021 022import java.util.ArrayList; 023import java.util.List; 024import java.util.regex.Pattern; 025 026import static io.stallion.utils.Literals.*; 027import static io.stallion.Context.*; 028 029 030/** 031 * Configure Cross-Origin Resource Sharing 032 */ 033public class CorsSettings implements SettingsSection { 034 @SettingMeta(valBoolean = false) 035 private Boolean allowAll; 036 037 @SettingMeta(valBoolean = true) 038 private Boolean allowAllForFonts; 039 040 @SettingMeta(cls = ArrayList.class) 041 private List<String> originWhitelist; 042 @SettingMeta(cls = ArrayList.class) 043 private List<String> originRegexWhitelist; 044 private List<Pattern> originPatternWhitelist; 045 @SettingMeta(valBoolean = false) 046 private boolean allowCredentials = false; 047 @SettingMeta(val = "") 048 private String urlsRegex; 049 private Pattern urlPattern; 050 @SettingMeta(cls=ArrayList.class) 051 private List<String> exposeHeaders; 052 @SettingMeta(cls=ArrayList.class) 053 private List<String> allowHeaders; 054 055 @SettingMeta(cls=ArrayList.class) 056 private List<String> allowedMethods; 057 058 private String allowedMethodsString; 059 060 @SettingMeta(valInt = 86400) 061 private Integer preflightMaxAge; 062 063 064 private String exposeHeadersString; 065 066 067 public void postLoad() { 068 if (originPatternWhitelist == null) { 069 originPatternWhitelist = list(); 070 for (String s:originRegexWhitelist) { 071 originPatternWhitelist.add(Pattern.compile(s)); 072 } 073 } 074 if (urlPattern == null && !empty(urlsRegex)) { 075 urlPattern = Pattern.compile(urlsRegex); 076 } 077 if (exposeHeadersString == null && exposeHeaders.size() > 0) { 078 exposeHeadersString = String.join(",", exposeHeaders); 079 } 080 if (empty(allowHeaders)) { 081 allowHeaders = list("x-requested-with", "content-type", "accept", "origin", "authorization", "x-csrftoken"); 082 } 083 084 List<String> allowHeaderLowered = list(); 085 for (String header: allowHeaders) { 086 allowHeaderLowered.add(header.toLowerCase()); 087 } 088 allowHeaders = allowHeaderLowered; 089 090 if (empty(allowedMethods)) { 091 allowedMethods = list("GET", "POST", "DELETE", "PUT", "PATCH", "OPTIONS"); 092 } 093 094 if (empty(allowedMethodsString)) { 095 allowedMethodsString = String.join(",", allowedMethods); 096 } 097 } 098 099 public boolean isAllowAll() { 100 return allowAll; 101 } 102 103 public CorsSettings setAllowAll(boolean allowAll) { 104 this.allowAll = allowAll; 105 return this; 106 } 107 108 public List<String> getOriginWhitelist() { 109 return originWhitelist; 110 } 111 112 public CorsSettings setOriginWhitelist(List<String> originWhitelist) { 113 this.originWhitelist = originWhitelist; 114 return this; 115 } 116 117 public List<String> getOriginRegexWhitelist() { 118 return originRegexWhitelist; 119 } 120 121 public CorsSettings setOriginRegexWhitelist(List<String> originRegexWhitelist) { 122 this.originRegexWhitelist = originRegexWhitelist; 123 return this; 124 } 125 126 public List<Pattern> getOriginPatternWhitelist() { 127 return originPatternWhitelist; 128 } 129 130 public CorsSettings setOriginPatternWhitelist(List<Pattern> originPatternWhitelist) { 131 this.originPatternWhitelist = originPatternWhitelist; 132 return this; 133 } 134 135 public boolean isAllowCredentials() { 136 return allowCredentials; 137 } 138 139 public CorsSettings setAllowCredentials(boolean allowCredentials) { 140 this.allowCredentials = allowCredentials; 141 return this; 142 } 143 144 public String getUrlsRegex() { 145 return urlsRegex; 146 } 147 148 public CorsSettings setUrlsRegex(String urlsRegex) { 149 this.urlsRegex = urlsRegex; 150 return this; 151 } 152 153 public Pattern getUrlPattern() { 154 return urlPattern; 155 } 156 157 public CorsSettings setUrlPattern(Pattern urlPattern) { 158 this.urlPattern = urlPattern; 159 return this; 160 } 161 162 public List<String> getExposeHeaders() { 163 return exposeHeaders; 164 } 165 166 public CorsSettings setExposeHeaders(List<String> exposeHeaders) { 167 this.exposeHeaders = exposeHeaders; 168 return this; 169 } 170 171 public String getExposeHeadersString() { 172 return exposeHeadersString; 173 } 174 175 176 public List<String> getAllowHeaders() { 177 return allowHeaders; 178 } 179 180 public CorsSettings setAllowHeaders(List<String> allowHeaders) { 181 this.allowHeaders = allowHeaders; 182 return this; 183 } 184 185 public List<String> getAllowedMethods() { 186 return allowedMethods; 187 } 188 189 public CorsSettings setAllowedMethods(List<String> allowedMethods) { 190 this.allowedMethods = allowedMethods; 191 return this; 192 } 193 194 public Integer getPreflightMaxAge() { 195 return preflightMaxAge; 196 } 197 198 public CorsSettings setPreflightMaxAge(Integer preflightMaxAge) { 199 this.preflightMaxAge = preflightMaxAge; 200 return this; 201 } 202 203 public String getAllowedMethodsString() { 204 return allowedMethodsString; 205 } 206 207 public boolean isAllowAllForFonts() { 208 return allowAllForFonts; 209 } 210 211 public CorsSettings setAllowAllForFonts(boolean allowAllForFonts) { 212 this.allowAllForFonts = allowAllForFonts; 213 return this; 214 } 215}