feat: handle CORS in cloud gateway

cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/config/HttpConfig.java

@@ -11,7 +11,6 @@
 package org.zowe.apiml.cloudgatewayservice.config;
 
 import com.netflix.appinfo.ApplicationInfoManager;
-import com.netflix.appinfo.EurekaInstanceConfig;
 import com.netflix.appinfo.HealthCheckHandler;
 import com.netflix.discovery.AbstractDiscoveryClientOptionalArgs;
 import com.netflix.discovery.EurekaClient;
@@ -31,24 +30,32 @@
 import org.springframework.cloud.client.circuitbreaker.Customizer;
 import org.springframework.cloud.client.discovery.ReactiveDiscoveryClient;
 import org.springframework.cloud.context.config.annotation.RefreshScope;
+import org.springframework.cloud.gateway.config.GlobalCorsProperties;
 import org.springframework.cloud.gateway.config.HttpClientCustomizer;
 import org.springframework.cloud.gateway.discovery.DiscoveryLocatorProperties;
 import org.springframework.cloud.gateway.filter.FilterDefinition;
+import org.springframework.cloud.gateway.handler.RoutePredicateHandlerMapping;
 import org.springframework.cloud.netflix.eureka.CloudEurekaClient;
 import org.springframework.cloud.netflix.eureka.MutableDiscoveryClientOptionalArgs;
 import org.springframework.cloud.util.ProxyUtils;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.reactive.CorsConfigurationSource;
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
+import org.springframework.web.util.pattern.PathPatternParser;
 import org.zowe.apiml.cloudgatewayservice.service.ProxyRouteLocator;
 import org.zowe.apiml.cloudgatewayservice.service.RouteLocator;
 import org.zowe.apiml.security.HttpsConfig;
 import org.zowe.apiml.security.HttpsFactory;
+import org.zowe.apiml.util.CorsUtils;
 import reactor.netty.tcp.SslProvider;
 
 import java.time.Duration;
-import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 
 @Configuration
@@ -81,7 +88,6 @@ public class HttpConfig {
     @Value("${server.ssl.keyStoreType:PKCS12}")
     private String keyStoreType;
 
-
     @Value("${apiml.security.ssl.verifySslCertificatesOfServices:true}")
     private boolean verifySslCertificatesOfServices;
 
@@ -99,6 +105,10 @@ public class HttpConfig {
 
     @Value("${apiml.gateway.timeout:60}")
     private int requestTimeout;
+    @Value("${apiml.service.corsEnabled:false}")
+    private boolean corsEnabled;
+    @Value("${apiml.service.ignoredHeadersWhenCorsEnabled:-}")
+    private String ignoredHeadersWhenCorsEnabled;
     private final ApplicationContext context;
 
     public HttpConfig(ApplicationContext context) {
@@ -132,8 +142,9 @@ HttpClientCustomizer apimlCustomizer() {
     @Bean(destroyMethod = "shutdown")
     @RefreshScope
     @ConditionalOnMissingBean(EurekaClient.class)
-    public EurekaClient eurekaClient(ApplicationInfoManager manager, EurekaClientConfig config, @Qualifier("apimlEurekaJerseyClient") EurekaJerseyClient eurekaJerseyClient,
-                                     EurekaInstanceConfig instance, @Autowired(required = false) HealthCheckHandler healthCheckHandler) {
+    public EurekaClient eurekaClient(ApplicationInfoManager manager, EurekaClientConfig config,
+                                     @Qualifier("apimlEurekaJerseyClient") EurekaJerseyClient eurekaJerseyClient,
+                                     @Autowired(required = false) HealthCheckHandler healthCheckHandler) {
         ApplicationInfoManager appManager;
         if (AopUtils.isAopProxy(manager)) {
             appManager = ProxyUtils.getTargetObject(manager);
@@ -153,15 +164,15 @@ public EurekaClient eurekaClient(ApplicationInfoManager manager, EurekaClientCon
     @Bean
     @ConditionalOnProperty(name = "apiml.service.gateway.proxy.enabled", havingValue = "false")
     public RouteLocator apimlDiscoveryRouteDefLocator(
-        ReactiveDiscoveryClient discoveryClient, DiscoveryLocatorProperties properties, List<FilterDefinition> filters) {
-        return new RouteLocator(discoveryClient, properties, filters);
+        ReactiveDiscoveryClient discoveryClient, DiscoveryLocatorProperties properties, List<FilterDefinition> filters, ApplicationContext context, CorsUtils corsUtils) {
+        return new RouteLocator(discoveryClient, properties, filters, context, corsUtils);
     }
 
     @Bean
     @ConditionalOnProperty(name = "apiml.service.gateway.proxy.enabled", havingValue = "true")
     public RouteLocator proxyRouteDefLocator(
-        ReactiveDiscoveryClient discoveryClient, DiscoveryLocatorProperties properties, List<FilterDefinition> filters) {
-        return new ProxyRouteLocator(discoveryClient, properties, filters);
+        ReactiveDiscoveryClient discoveryClient, DiscoveryLocatorProperties properties, List<FilterDefinition> filters, ApplicationContext context, CorsUtils corsUtils) {
+        return new ProxyRouteLocator(discoveryClient, properties, filters, context, corsUtils);
     }
 
     @Bean
@@ -173,15 +184,38 @@ public Customizer<ReactiveResilience4JCircuitBreakerFactory> defaultCustomizer()
     @Bean
     public List<FilterDefinition> filters() {
         FilterDefinition circuitBreakerFilter = new FilterDefinition();
-        FilterDefinition retryFilter = new FilterDefinition();
-
         circuitBreakerFilter.setName("CircuitBreaker");
+        FilterDefinition retryFilter = new FilterDefinition();
         retryFilter.setName("Retry");
 
         retryFilter.addArg("retries", "5");
         retryFilter.addArg("statuses", "SERVICE_UNAVAILABLE");
+        List<FilterDefinition> filters = new ArrayList<>();
+        filters.add(circuitBreakerFilter);
+        filters.add(retryFilter);
+        for (String headerName : ignoredHeadersWhenCorsEnabled.split(",")) {
+            FilterDefinition removeHeaders = new FilterDefinition();
+            removeHeaders.setName("RemoveRequestHeader");
+            Map<String, String> args = new HashMap<>();
+            args.put("name", headerName);
+            removeHeaders.setArgs(args);
+            filters.add(removeHeaders);
+        }
+        return filters;
+    }
 
-        return Arrays.asList(circuitBreakerFilter, retryFilter);
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource(RoutePredicateHandlerMapping handlerMapping, GlobalCorsProperties globalCorsProperties, CorsUtils corsUtils) {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
+        source.setCorsConfigurations(globalCorsProperties.getCorsConfigurations());
+        corsUtils.registerDefaultCorsConfiguration(source::registerCorsConfiguration);
+        handlerMapping.setCorsConfigurationSource(source);
+        return source;
+    }
+
+    @Bean
+    public CorsUtils corsUtils() {
+        return new CorsUtils(corsEnabled);
     }
 
 }

cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/service/ProxyRouteLocator.java

@@ -16,8 +16,10 @@
 import org.springframework.cloud.gateway.filter.FilterDefinition;
 import org.springframework.cloud.gateway.handler.predicate.PredicateDefinition;
 import org.springframework.cloud.gateway.route.RouteDefinition;
+import org.springframework.context.ApplicationContext;
 import org.springframework.expression.Expression;
 import org.zowe.apiml.product.routing.RoutedService;
+import org.zowe.apiml.util.CorsUtils;
 
 import java.net.URI;
 import java.util.LinkedHashMap;
@@ -26,8 +28,8 @@
 
 public class ProxyRouteLocator extends RouteLocator {
 
-    public ProxyRouteLocator(ReactiveDiscoveryClient discoveryClient, DiscoveryLocatorProperties properties, List<FilterDefinition> filters) {
-        super(discoveryClient, properties, filters);
+    public ProxyRouteLocator(ReactiveDiscoveryClient discoveryClient, DiscoveryLocatorProperties properties, List<FilterDefinition> filters, ApplicationContext context, CorsUtils corsUtils) {
+        super(discoveryClient, properties, filters, context, corsUtils);
 
     }
 

cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/service/RouteLocator.java

@@ -18,11 +18,14 @@
 import org.springframework.cloud.gateway.handler.predicate.PredicateDefinition;
 import org.springframework.cloud.gateway.route.RouteDefinition;
 import org.springframework.cloud.gateway.route.RouteDefinitionLocator;
+import org.springframework.context.ApplicationContext;
 import org.springframework.expression.Expression;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
 import org.springframework.expression.spel.support.SimpleEvaluationContext;
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
 import org.zowe.apiml.eurekaservice.client.util.EurekaMetadataParser;
 import org.zowe.apiml.product.routing.RoutedService;
+import org.zowe.apiml.util.CorsUtils;
 import reactor.core.publisher.Flux;
 
 import java.net.URI;
@@ -41,13 +44,28 @@ public class RouteLocator implements RouteDefinitionLocator {
 
     private Flux<List<ServiceInstance>> serviceInstances;
     private List<FilterDefinition> filters;
+    private ApplicationContext context;
+
+    private UrlBasedCorsConfigurationSource corsConfigurationSource;
+    private CorsUtils corsUtils;
 
     public RouteLocator(ReactiveDiscoveryClient discoveryClient,
-                        DiscoveryLocatorProperties properties, List<FilterDefinition> filters) {
+                        DiscoveryLocatorProperties properties, List<FilterDefinition> filters, ApplicationContext context, CorsUtils corsUtils) {
         this(properties);
         this.filters = filters;
         serviceInstances = discoveryClient.getServices()
             .flatMap(service -> discoveryClient.getInstances(service).collectList());
+        this.context = context;
+        this.corsUtils = corsUtils;
+    }
+
+
+    public UrlBasedCorsConfigurationSource getConfigSource() {
+        if (corsConfigurationSource != null) {
+            return corsConfigurationSource;
+        }
+        corsConfigurationSource = context.getBean(UrlBasedCorsConfigurationSource.class);
+        return corsConfigurationSource;
     }
 
     private RouteLocator(DiscoveryLocatorProperties properties) {
@@ -81,6 +99,7 @@ public Flux<RouteDefinition> getRouteDefinitions() {
 
                     definitionsForInstance.add(routeDefinition);
                 }
+                corsUtils.setCorsConfiguration(instance.getServiceId().toLowerCase(), instance.getMetadata(), (prefix, serviceId, config) -> getConfigSource().registerCorsConfiguration("/" + serviceId + "/**", config));
                 return definitionsForInstance;
             }).flatMapIterable(list -> list);
     }

cloud-gateway-service/src/main/resources/application.yml

@@ -10,6 +10,8 @@ apiml:
         id: cloud-gateway
         port: 10023
         hostname: localhost
+        corsEnabled: true
+        ignoredHeadersWhenCorsEnabled: Access-Control-Request-Method,Access-Control-Request-Headers,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Headers,Access-Control-Allow-Credentials,Origin
         gateway:
             proxy:
                 enabled: true

cloud-gateway-service/src/test/java/org/zowe/apiml/cloudgatewayservice/acceptance/CorsPerServiceTest.java

@@ -0,0 +1,40 @@
+/*
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License v2.0 which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-v20.html
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Copyright Contributors to the Zowe Project.
+ */
+
+package org.zowe.apiml.cloudgatewayservice.acceptance;
+
+import org.hamcrest.Matchers;
+import org.junit.jupiter.api.Test;
+import org.zowe.apiml.cloudgatewayservice.acceptance.common.AcceptanceTest;
+import org.zowe.apiml.cloudgatewayservice.acceptance.common.AcceptanceTestWithTwoServices;
+
+import java.io.IOException;
+
+import static io.restassured.RestAssured.given;
+import static org.apache.http.HttpStatus.SC_OK;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@AcceptanceTest
+class CorsPerServiceTest extends AcceptanceTestWithTwoServices {
+
+    @Test
+    void routeToServiceWithCorsEnabled() throws IOException {
+        mockServerWithSpecificHttpResponse(200, "serviceid2", 4000, (headers) ->
+            assertTrue(headers != null && headers.get("Origin") == null)
+        );
+        given()
+            .header("Origin", "https://localhost:3000")
+            .header("X-Request-Id", "serviceid2localhost")
+            .when()
+            .get(basePath + serviceWithDefaultConfiguration.getPath())
+            .then().statusCode(Matchers.is(SC_OK));
+    }
+
+}

cloud-gateway-service/src/test/java/org/zowe/apiml/cloudgatewayservice/acceptance/RequestInstanceTest.java

@@ -21,8 +21,7 @@
 import java.io.IOException;
 
 import static io.restassured.RestAssured.given;
-import static org.apache.http.HttpStatus.SC_NOT_FOUND;
-import static org.apache.http.HttpStatus.SC_OK;
+import static org.apache.http.HttpStatus.*;
 import static org.hamcrest.core.Is.is;
 
 @AcceptanceTest
@@ -31,9 +30,10 @@ class RequestInstanceTest extends AcceptanceTestWithTwoServices {
 
     @BeforeEach
     void setUp() throws IOException {
-        mockServerWithSpecificHttpResponse(200, "serviceid1", 4000);
+        mockServerWithSpecificHttpResponse(200, "serviceid1", 4000, (headers) -> {
+        });
     }
-    
+
     @Nested
     class WhenValidInstanceId {
 
@@ -59,4 +59,15 @@ void cantRouteToServer() {
                 .statusCode(is(SC_NOT_FOUND));
         }
     }
+
+    @Test
+    void routeToServiceWithCorsDisabled() {
+
+        given()
+            .header("Origin", "https://localhost:3000")
+            .header("X-Request-Id", "serviceid1localhost")
+            .when()
+            .get(basePath + serviceWithCustomConfiguration.getPath())
+            .then().statusCode(Matchers.is(SC_FORBIDDEN));
+    }
 }

cloud-gateway-service/src/test/java/org/zowe/apiml/cloudgatewayservice/acceptance/RetryPerServiceTest.java

@@ -10,12 +10,14 @@
 
 package org.zowe.apiml.cloudgatewayservice.acceptance;
 
+import com.sun.net.httpserver.Headers;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.zowe.apiml.cloudgatewayservice.acceptance.common.AcceptanceTest;
 import org.zowe.apiml.cloudgatewayservice.acceptance.common.AcceptanceTestWithTwoServices;
 
 import java.util.concurrent.atomic.AtomicInteger;
+import java.util.function.Consumer;
 
 import static io.restassured.RestAssured.given;
 import static org.apache.http.HttpStatus.SC_SERVICE_UNAVAILABLE;
@@ -25,23 +27,25 @@
 
 @AcceptanceTest
 class RetryPerServiceTest extends AcceptanceTestWithTwoServices {
+    Consumer<Headers> dummyConsumer = (headers -> {
+    });
 
     @Nested
     class GivenRetryOnAllOperationsIsDisabled {
         @Test
         void whenGetReturnsUnavailable_thenRetry() throws Exception {
-            AtomicInteger counter = mockServerWithSpecificHttpResponse(503, "serviceid2", 4000);
+            AtomicInteger counter = mockServerWithSpecificHttpResponse(503, "serviceid2", 4000, dummyConsumer);
             given()
                 .header("X-Request-Id", "serviceid2localhost")
-            .when()
+                .when()
                 .get(basePath + serviceWithDefaultConfiguration.getPath())
-            .then().statusCode(is(SC_SERVICE_UNAVAILABLE));
+                .then().statusCode(is(SC_SERVICE_UNAVAILABLE));
             assertEquals(6, counter.get());
         }
 
         @Test
         void whenRequestReturnsUnauthorized_thenDontRetry() throws Exception {
-            AtomicInteger counter = mockServerWithSpecificHttpResponse(401, "serviceid2", 4000);
+            AtomicInteger counter = mockServerWithSpecificHttpResponse(401, "serviceid2", 4000, dummyConsumer);
             given()
                 .header("X-Request-Id", "serviceid2localhost")
                 .when()
@@ -76,7 +80,7 @@ void whenRequestReturnsUnauthorized_thenDontRetry() throws Exception {
 
         @Test
         void whenPostReturnsUnavailable_thenDontRetry() throws Exception {
-            AtomicInteger counter = mockServerWithSpecificHttpResponse(503, "serviceid2", 4000);
+            AtomicInteger counter = mockServerWithSpecificHttpResponse(503, "serviceid2", 4000, dummyConsumer);
             given()
                 .header("X-Request-Id", "serviceid2localhost")
                 .when()

cloud-gateway-service/src/test/java/org/zowe/apiml/cloudgatewayservice/acceptance/common/AcceptanceTestWithTwoServices.java

@@ -10,6 +10,7 @@
 
 package org.zowe.apiml.cloudgatewayservice.acceptance.common;
 
+import com.sun.net.httpserver.Headers;
 import com.sun.net.httpserver.HttpServer;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
@@ -21,6 +22,7 @@
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.util.concurrent.atomic.AtomicInteger;
+import java.util.function.Consumer;
 
 @AcceptanceTest
 public class AcceptanceTestWithTwoServices extends AcceptanceTestWithBasePath {
@@ -45,11 +47,13 @@ public void tearDown() {
         server.stop(0);
     }
 
-    protected AtomicInteger mockServerWithSpecificHttpResponse(int statusCode, String serviceId, int port) throws IOException {
-        server = HttpServer.create(new InetSocketAddress(port),0);
+    protected AtomicInteger mockServerWithSpecificHttpResponse(int statusCode, String serviceId, int port, Consumer<Headers> assertion) throws IOException {
+        server = HttpServer.create(new InetSocketAddress(port), 0);
         AtomicInteger counter = new AtomicInteger();
         server.createContext("/" + serviceId + "/test", (t) -> {
-            t.sendResponseHeaders(statusCode,0);
+            t.sendResponseHeaders(statusCode, 0);
+            assertion.accept(t.getRequestHeaders());
+            System.out.println("X-Request-Id: " + t.getRequestHeaders().get("X-Request-Id"));
             t.getResponseBody().close();
             counter.getAndIncrement();
         });