Merge branch 'dev' of https://github.com/touchmegit1/SmallTrend into dev

Author: huyhandsomeee

backend/.env.example

@@ -42,6 +42,10 @@ MAIL_PASSWORD=your_app_password
 # Optional override recipients for inventory notify-manager API (comma-separated emails)
 APP_NOTIFICATIONS_INVENTORY_MANAGER_RECIPIENTS=
 
+# CORS allowed origins (comma-separated). Add your devtunnel frontend URL here when using devtunnels.
+# Example for devtunnels: CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:5174,https://7qb3wvmd-5173.asse.devtunnels.ms
+CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:5174,http://localhost:3000, https://7qb3wvmd-5173.asse.devtunnels.ms/
+
 # Optional recipients for out-of-stock alerts (fallback: active MANAGER accounts)
 APP_NOTIFICATIONS_INVENTORY_OUT_OF_STOCK_RECIPIENTS=
 # Enable/disable daily out-of-stock summary email

backend/src/main/java/com/smalltrend/config/SecurityConfig.java

@@ -1,6 +1,7 @@
 package com.smalltrend.config;
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -21,6 +22,7 @@
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
@@ -30,6 +32,9 @@
 @RequiredArgsConstructor
 public class SecurityConfig {
 
+    @Value("${cors.allowed-origins:http://localhost:5173,http://localhost:5174,http://localhost:3000}")
+    private String corsAllowedOrigins;
+
     private final JwtAuthenticationFilter jwtAuthFilter;
     private final UserDetailsService userDetailsService;
 
@@ -57,8 +62,14 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(
-                Arrays.asList("http://localhost:5173", "http://localhost:5174", "http://localhost:3000"));
+        List<String> origins = new ArrayList<>(Arrays.stream(corsAllowedOrigins.split(","))
+                .map(String::trim)
+                .filter(s -> !s.isEmpty())
+                .toList());
+        origins.add("https://*.devtunnels.ms");
+        origins.add("http://localhost:*");
+        origins.add("https://localhost:*");
+        configuration.setAllowedOriginPatterns(origins.stream().distinct().toList());
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
         configuration.setAllowedHeaders(List.of("*"));
         configuration.setAllowCredentials(true);

backend/src/main/java/com/smalltrend/config/WebConfig.java

@@ -1,17 +1,43 @@
 package com.smalltrend.config;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.lang.NonNull;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 
 @Configuration
 public class WebConfig implements WebMvcConfigurer {
 
+    @Value("${cors.allowed-origins:http://localhost:5173,http://localhost:5174,http://localhost:3000}")
+    private String corsAllowedOrigins;
+
+    @Override
+    public void addCorsMappings(@NonNull CorsRegistry registry) {
+        List<String> origins = new ArrayList<>(Arrays.stream(corsAllowedOrigins.split(","))
+                .map(String::trim)
+                .filter(origin -> !origin.isEmpty())
+                .toList());
+        origins.add("https://*.devtunnels.ms");
+        origins.add("http://localhost:*");
+        origins.add("https://localhost:*");
+
+        registry.addMapping("/**")
+                .allowedOriginPatterns(origins.stream().distinct().toArray(String[]::new))
+                .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")
+                .allowedHeaders("*")
+                .allowCredentials(true);
+    }
+
     @Override
-    public void addResourceHandlers(ResourceHandlerRegistry registry) {
+    public void addResourceHandlers(@NonNull ResourceHandlerRegistry registry) {
         Path uploadDir = Paths.get("uploads");
         String uploadPath = uploadDir.toFile().getAbsolutePath();
 

backend/src/main/java/com/smalltrend/controller/AiChatController.java

@@ -12,7 +12,6 @@
 @RestController
 @RequestMapping("/api/ai")
 @RequiredArgsConstructor
-@CrossOrigin(origins = {"http://localhost:5173", "http://localhost:5174", "http://localhost:3000"})
 public class AiChatController {
 
     private final AiChatService aiChatService;

backend/src/main/java/com/smalltrend/controller/AuditLogController.java

@@ -14,7 +14,6 @@
 @RestController
 @RequestMapping("/api/audit-logs")
 @RequiredArgsConstructor
-@CrossOrigin(origins = { "http://localhost:5173", "http://localhost:5174", "http://localhost:3000" })
 public class AuditLogController {
 
     private final AuditLogService auditLogService;

backend/src/main/java/com/smalltrend/controller/AuthController.java

@@ -27,7 +27,6 @@
 @RestController
 @RequestMapping("/api/auth")
 @RequiredArgsConstructor
-@CrossOrigin(origins = {"http://localhost:5173", "http://localhost:5174", "http://localhost:3000"})
 public class AuthController {
 
     private final UserService userService;

backend/src/main/java/com/smalltrend/controller/CRM/CampaignController.java

@@ -15,7 +15,6 @@
 @RestController
 @RequestMapping("/api/crm/campaigns")
 @RequiredArgsConstructor
-@CrossOrigin(origins = { "http://localhost:5173", "http://localhost:5174", "http://localhost:3000" })
 public class CampaignController {
 
     private final CampaignService campaignService;

backend/src/main/java/com/smalltrend/controller/CRM/CouponController.java

@@ -15,7 +15,6 @@
 @RestController
 @RequestMapping("/api/crm/coupons")
 @RequiredArgsConstructor
-@CrossOrigin(origins = { "http://localhost:5173", "http://localhost:5174", "http://localhost:3000" })
 public class CouponController {
 
     private final CouponService couponService;

backend/src/main/java/com/smalltrend/controller/CRM/CustomerController.java

@@ -15,7 +15,6 @@
 @RestController
 @RequestMapping("/api/crm")
 @RequiredArgsConstructor
-@CrossOrigin(origins = {"http://localhost:5173", "http://localhost:5174", "http://localhost:3000"})
 public class CustomerController {
 
     private final CustomerService customerService;

backend/src/main/java/com/smalltrend/controller/CRM/CustomerTierController.java

@@ -12,7 +12,6 @@
 @RestController
 @RequestMapping("/api/crm/tiers")
 @RequiredArgsConstructor
-@CrossOrigin(origins = { "http://localhost:5173", "http://localhost:5174", "http://localhost:3000" })
 public class CustomerTierController {
 
     private final CustomerTierService customerTierService;