Close #126, Add cors to nginx

Api/api-app/src/main/resources/application-docker.yml

@@ -15,9 +15,6 @@ spring:
     allow-bean-definition-overriding: true
 
 app:
-  cors:
-    allowed-hosts: https://opex.dev, http://localhost:3000
-    allowed-patterns: http://192.168.*
   accountant:
     url: lb://opex-accountant
   matching-gateway:

Api/api-ports/api-binance-rest/src/main/kotlin/co/nilin/opex/port/api/binance/config/SecurityConfig.kt

@@ -19,7 +19,6 @@ class SecurityConfig(private val webClient: WebClient) {
     @Bean
     fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain? {
         http.csrf().disable()
-            .cors().and()
             .authorizeExchange()
             .pathMatchers("/hello").permitAll()
             .pathMatchers("/actuator/**").permitAll()
@@ -31,7 +30,6 @@ class SecurityConfig(private val webClient: WebClient) {
             .pathMatchers("/v3/ticker/**").permitAll()
             .pathMatchers("/v3/exchangeInfo").permitAll()
             .pathMatchers("/v3/klines").permitAll()
-            .pathMatchers(HttpMethod.OPTIONS, "/**").permitAll()
             .pathMatchers("/**").hasAuthority("SCOPE_trust")
             .anyExchange().authenticated()
             .and()

BlockchainGateway/bc-gateway-app/src/main/kotlin/co/nilin/opex/bcgateway/app/config/SecurityConfig.kt

@@ -3,19 +3,12 @@ package co.nilin.opex.bcgateway.app.config
 import org.springframework.beans.factory.annotation.Qualifier
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.context.annotation.Bean
-import org.springframework.core.io.ClassPathResource
-import org.springframework.core.io.Resource
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
 import org.springframework.security.config.web.server.ServerHttpSecurity
 import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder
 import org.springframework.security.web.server.SecurityWebFilterChain
-import org.springframework.util.Base64Utils
-import org.springframework.util.FileCopyUtils
 import org.springframework.web.reactive.function.client.WebClient
-import java.security.KeyFactory
-import java.security.interfaces.RSAPublicKey
-import java.security.spec.X509EncodedKeySpec
 
 @EnableWebFluxSecurity
 class SecurityConfig(@Qualifier("loadBalanced") private val webClient: WebClient) {

Deployment/docker-compose.yml

@@ -307,7 +307,7 @@ services:
       restart_policy:
         condition: on-failure
   nginx:
-    image: nginx:latest
+    image: jboesl/docker-nginx-headers-more
     container_name: opex_nginx
     volumes:
       - ./nginx.conf:/etc/nginx/nginx.conf

Deployment/nginx.conf

@@ -1,66 +1,84 @@
 worker_processes 1;
-events { worker_connections 1024; }
+
+events {
+    worker_connections 1024;
+}
+
 http {
-        sendfile on;
-        upstream docker-wallet {
-            server wallet:8091;
+    sendfile on;
+
+    upstream docker-wallet {
+        server wallet:8091;
+    }
+
+    upstream docker-auth {
+        server auth:8083;
+    }
+
+    upstream docker-matching-gateway {
+        server matching-gateway:8093;
+    }
+
+    upstream docker-api {
+        server api:8094;
+    }
+
+    upstream docker-storage {
+        server storage:8096;
+    }
+
+    proxy_set_header   Host $host;
+    proxy_set_header   X-Real-IP $remote_addr;
+    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Host $server_name;
+
+    server {
+        server_name api.opex.dev;
+
+        more_set_headers 'Access-Control-Allow-Origin: *';
+        more_set_headers 'Access-Control-Allow-Headers: *';
+        more_set_headers 'Access-Control-Allow-Methods: POST, PUT, PATCH, GET, DELETE, OPTIONS, HEAD';
+
+        location /auth {
+            proxy_pass http://docker-auth;
+        }
+
+        location /wallet/transfer {
+            return 403;
         }
-        upstream docker-auth {
-            server auth:8083;
+
+        location /wallet/deposit {
+            return 403;
         }
-        upstream docker-matching-gateway {
-            server matching-gateway:8093;
+
+        location /wallet {
+            proxy_pass http://docker-wallet;
+            rewrite ^/wallet(.*)$ $1 break;
         }
-        upstream docker-api {
-            server api:8094;
+
+        location /gateway {
+            proxy_pass http://docker-matching-gateway;
+            rewrite ^/gateway(.*)$ $1 break;
         }
-        upstream docker-storage {
-            server storage:8096;
+
+        location /storage {
+            proxy_pass http://docker-storage;
+            rewrite ^/storage/(.*)$ /$1 break;
+        }
+
+        location /api {
+            proxy_pass http://docker-api;
+            rewrite ^/api(.*)$ $1 break;
+        }
+
+        location /sapi {
+            proxy_pass http://docker-api;
+            rewrite ^/sapi(.*)$ $1 break;
         }
 
-        proxy_set_header   Host $host;
-        proxy_set_header   X-Real-IP $remote_addr;
-        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header   X-Forwarded-Host $server_name;
-
-        server {
-            server_name api.opex.dev;
-
-            location /auth {
-                proxy_pass http://docker-auth;
-            }
-
-            location /wallet/transfer {
-                return 403;
-            }
-
-            location /wallet/deposit {
-                return 403;
-            }
-
-            location /wallet {
-                proxy_pass http://docker-wallet;
-                rewrite ^/wallet(.*)$ $1 break;
-            }
-
-            location /gateway {
-                proxy_pass http://docker-matching-gateway;
-                rewrite ^/gateway(.*)$ $1 break;
-            }
-
-            location /storage {
-                proxy_pass http://docker-storage;
-                rewrite ^/storage/(.*)$ /$1 break;
-            }
-
-            location /api {
-                proxy_pass http://docker-api;
-                rewrite ^/api(.*)$ $1 break;
-            }
-
-            location /sapi {
-                proxy_pass http://docker-api;
-                rewrite ^/sapi(.*)$ $1 break;
-            }
+        location /api/v3/klines {
+            proxy_set_header Host api.binance.com;
+            proxy_pass https://api.binance.com;
         }
+    }
 }

Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/config/SecurityConfig.kt

@@ -22,7 +22,6 @@ class SecurityConfig(private val webClient: WebClient) {
     @Bean
     fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain? {
         http.csrf().disable()
-            .cors().and()
             .authorizeExchange()
             .pathMatchers("/hello").permitAll()
             .pathMatchers("/actuator/**").permitAll()
@@ -37,7 +36,6 @@ class SecurityConfig(private val webClient: WebClient) {
                     AuthorizationDecision(granted)
                 }
             }
-            .pathMatchers(HttpMethod.OPTIONS, "/**").permitAll()
             .pathMatchers("/**").hasAuthority("SCOPE_trust")
             .anyExchange().authenticated()
             .and()

Wallet/wallet-app/src/main/resources/application-docker.yml

@@ -16,8 +16,3 @@ spring:
     consul:
       host: ${CONSUL_HOST}
       port: 8500
-
-app:
-  cors:
-    allowed-hosts: https://opex.dev, http://localhost:3000
-    allowed-patterns: http://192.168.*