From e1359ca49e810c1655bf987b09c0e5d43e0469a2 Mon Sep 17 00:00:00 2001
From: lincmba <lincolncmba@gmail.com>
Date: Tue, 30 Apr 2024 10:57:38 +0300
Subject: [PATCH 1/5] Add cors headers to custom endpoints  fixes
 https://github.com/onaio/fhir-gateway-extension/issues/51

---
 .../fhir/gateway/plugins/Constants.java              |  7 +++++++
 .../gateway/plugins/LocationHierarchyEndpoint.java   |  1 +
 .../gateway/plugins/PractitionerDetailEndpoint.java  |  1 +
 .../fhir/gateway/plugins/RestUtils.java              | 12 ++++++++++++
 4 files changed, 21 insertions(+)

diff --git a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/Constants.java b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/Constants.java
index 71b95b7..429a232 100644
--- a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/Constants.java
+++ b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/Constants.java
@@ -35,6 +35,13 @@ public class Constants {
     public static final String ROLE_ALL_LOCATIONS = "ALL_LOCATIONS";
     public static final String MODE = "mode";
     public static final String LIST = "list";
+    public static final String CORS_ALLOW_HEADERS_KEY = "Access-Control-Allow-Headers";
+    public static final String CORS_ALLOW_HEADERS_VALUE = "authorization, cache-control";
+    public static final String CORS_ALLOW_METHODS_KEY = "Access-Control-Allow-Methods";
+    public static final String CORS_ALLOW_METHODS_VALUE = "DELETE,POST,GET,OPTIONS,PUT,PATCH";
+    public static final String CORS_ALLOW_ORIGIN_KEY = "Access-Control-Allow-Origin";
+    public static final String CORS_ALLOW_ORIGIN_VALUE = "*";
+    public static final String CORS_ALLOW_ORIGIN_ENV = "CORS_ALLOW_ORIGIN";
 
     public interface Literals {
         String EQUALS = "=";
diff --git a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/LocationHierarchyEndpoint.java b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/LocationHierarchyEndpoint.java
index 085ae24..8870853 100644
--- a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/LocationHierarchyEndpoint.java
+++ b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/LocationHierarchyEndpoint.java
@@ -36,6 +36,7 @@ public LocationHierarchyEndpoint() throws IOException {
     @Override
     protected void doGet(HttpServletRequest request, HttpServletResponse response)
             throws IOException {
+        RestUtils.addCorsHeaders(response);
         try {
             RestUtils.checkAuthentication(request, tokenVerifier);
             String identifier = request.getParameter(Constants.IDENTIFIER);
diff --git a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/PractitionerDetailEndpoint.java b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/PractitionerDetailEndpoint.java
index 11067b1..18b4e75 100755
--- a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/PractitionerDetailEndpoint.java
+++ b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/PractitionerDetailEndpoint.java
@@ -32,6 +32,7 @@ public PractitionerDetailEndpoint() throws IOException {
     @Override
     protected void doGet(HttpServletRequest request, HttpServletResponse response)
             throws IOException {
+        RestUtils.addCorsHeaders(response);
         try {
             RestUtils.checkAuthentication(request, tokenVerifier);
             String keycloakUuid = request.getParameter(KEYCLOAK_UUID);
diff --git a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/RestUtils.java b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/RestUtils.java
index 6052fa5..5afb3a4 100644
--- a/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/RestUtils.java
+++ b/plugins/src/main/java/org/smartregister/fhir/gateway/plugins/RestUtils.java
@@ -3,6 +3,7 @@
 import static org.smartregister.fhir.gateway.plugins.Constants.AUTHORIZATION;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -25,4 +26,15 @@ public static void checkAuthentication(
         }
         tokenVerifier.decodeAndVerifyBearerToken(authHeader);
     }
+
+    public static void addCorsHeaders(HttpServletResponse response) {
+        response.addHeader(Constants.CORS_ALLOW_HEADERS_KEY, Constants.CORS_ALLOW_HEADERS_VALUE);
+        response.addHeader(Constants.CORS_ALLOW_METHODS_KEY, Constants.CORS_ALLOW_METHODS_VALUE);
+        String corsAllowOrigin = System.getenv(Constants.CORS_ALLOW_ORIGIN_ENV);
+        response.addHeader(
+                Constants.CORS_ALLOW_ORIGIN_KEY,
+                corsAllowOrigin != null && !corsAllowOrigin.isEmpty()
+                        ? corsAllowOrigin
+                        : Constants.CORS_ALLOW_ORIGIN_VALUE);
+    }
 }

From edbdbd5e223bb7dc8a9afa2b955485bdc65f98ac Mon Sep 17 00:00:00 2001
From: lincmba <lincolncmba@gmail.com>
Date: Tue, 30 Apr 2024 10:58:02 +0300
Subject: [PATCH 2/5] Add tests

---
 .../fhir/gateway/plugins/RestUtilTest.java    | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 plugins/src/test/java/org/smartregister/fhir/gateway/plugins/RestUtilTest.java

diff --git a/plugins/src/test/java/org/smartregister/fhir/gateway/plugins/RestUtilTest.java b/plugins/src/test/java/org/smartregister/fhir/gateway/plugins/RestUtilTest.java
new file mode 100644
index 0000000..b88f97d
--- /dev/null
+++ b/plugins/src/test/java/org/smartregister/fhir/gateway/plugins/RestUtilTest.java
@@ -0,0 +1,23 @@
+package org.smartregister.fhir.gateway.plugins;
+
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Test;
+
+public class RestUtilTest {
+    @Test
+    public void testAddCorsHeadersSetsCorsHeaders() {
+        HttpServletResponse responseMock = mock(HttpServletResponse.class);
+        RestUtils.addCorsHeaders(responseMock);
+        verify(responseMock)
+                .addHeader(Constants.CORS_ALLOW_HEADERS_KEY, Constants.CORS_ALLOW_HEADERS_VALUE);
+        verify(responseMock)
+                .addHeader(Constants.CORS_ALLOW_METHODS_KEY, Constants.CORS_ALLOW_METHODS_VALUE);
+        verify(responseMock).addHeader(eq(Constants.CORS_ALLOW_ORIGIN_KEY), anyString());
+    }
+}

From 9cc6e82cbda3b5e84f335d4604094f6b3acdffe4 Mon Sep 17 00:00:00 2001
From: lincmba <lincolncmba@gmail.com>
Date: Tue, 30 Apr 2024 11:01:44 +0300
Subject: [PATCH 3/5] Update documentation

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 8baf46a..cf52978 100755
--- a/README.md
+++ b/README.md
@@ -119,6 +119,9 @@ environment variables. Below is a list of the required configurations.
 - `BACKEND_TYPE`: The type of backend, either `HAPI` or `GCP`. `HAPI` should be
   used for most FHIR servers, while `GCP` should be used for GCP FHIR stores.
 
+- `CORS_ALLOW_ORIGIN`: Specifies an CORS allowed origin. Only a single origin
+  can be specified. It defaults to `*` if not set
+
 **Logging**
 
 The OpenSRP FHIR Gateway uses Sentry to capture exception logs. The Sentry

From a08a582f2d61f0d726ffab0f72085e351348b694 Mon Sep 17 00:00:00 2001
From: lincmba <lincolncmba@gmail.com>
Date: Tue, 30 Apr 2024 11:08:59 +0300
Subject: [PATCH 4/5] Update release

---
 exec/pom.xml    | 4 ++--
 plugins/pom.xml | 2 +-
 pom.xml         | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/exec/pom.xml b/exec/pom.xml
index 54e1204..2432d65 100755
--- a/exec/pom.xml
+++ b/exec/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.smartregister</groupId>
     <artifactId>opensrp-gateway-plugin</artifactId>
-    <version>1.0.10</version>
+    <version>1.0.11</version>
   </parent>
 
   <artifactId>exec</artifactId>
@@ -70,7 +70,7 @@
     <dependency>
       <groupId>org.smartregister</groupId>
       <artifactId>plugins</artifactId>
-      <version>1.0.10</version>
+      <version>1.0.11</version>
     </dependency>
 
     <dependency>
diff --git a/plugins/pom.xml b/plugins/pom.xml
index d0a6555..2deffca 100644
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.smartregister</groupId>
     <artifactId>opensrp-gateway-plugin</artifactId>
-    <version>1.0.10</version>
+    <version>1.0.11</version>
   </parent>
 
   <artifactId>plugins</artifactId>
diff --git a/pom.xml b/pom.xml
index c463b05..eca71aa 100755
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
 
   <groupId>org.smartregister</groupId>
   <artifactId>opensrp-gateway-plugin</artifactId>
-  <version>1.0.10</version>
+  <version>1.0.11</version>
   <packaging>pom</packaging>
 
   <modules>

From 038c12fae3e4e91bcfa86fc92a5b5e1476620efa Mon Sep 17 00:00:00 2001
From: lincmba <lincolncmba@gmail.com>
Date: Tue, 30 Apr 2024 11:16:55 +0300
Subject: [PATCH 5/5] Fix grammar

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cf52978..719e6d2 100755
--- a/README.md
+++ b/README.md
@@ -119,7 +119,7 @@ environment variables. Below is a list of the required configurations.
 - `BACKEND_TYPE`: The type of backend, either `HAPI` or `GCP`. `HAPI` should be
   used for most FHIR servers, while `GCP` should be used for GCP FHIR stores.
 
-- `CORS_ALLOW_ORIGIN`: Specifies an CORS allowed origin. Only a single origin
+- `CORS_ALLOW_ORIGIN`: Specifies the CORS allowed origin. Only a single origin
   can be specified. It defaults to `*` if not set
 
 **Logging**