fix(back-end): fix load product

2026-03-22 21:11:33 +01:00
parent 653082868a
commit 74d1b16b7c
18 changed files with 261 additions and 122 deletions
--- a/backend/src/main/java/com/printcalculator/config/CorsConfig.java
+++ b/backend/src/main/java/com/printcalculator/config/CorsConfig.java
@@ -1,27 +1,27 @@
 package com.printcalculator.config;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.List;

@Configuration
-public class CorsConfig implements WebMvcConfigurer {
+public class CorsConfig {

-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOrigins(
-                        "http://localhost",
-                        "http://localhost:4200",
-                        "http://localhost:80",
-                        "http://127.0.0.1",
-                        "https://dev.3d-fab.ch",
-                        "https://int.3d-fab.ch",
-                        "https://3d-fab.ch"
-                )
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")
-                .allowedHeaders("*")
-                .allowCredentials(true);
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource(AllowedOriginService allowedOriginService) {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(allowedOriginService.getAllowedOrigins());
+        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
+        configuration.setAllowedHeaders(List.of("*"));
+        configuration.setAllowCredentials(true);
+        configuration.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
    }
 }
--- a/backend/src/main/java/com/printcalculator/config/SecurityConfig.java
+++ b/backend/src/main/java/com/printcalculator/config/SecurityConfig.java
@@ -1,5 +1,6 @@
 package com.printcalculator.config;

+import com.printcalculator.security.AdminCsrfProtectionFilter;
 import com.printcalculator.security.AdminSessionAuthenticationFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -18,6 +19,7 @@ public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(
            HttpSecurity http,
+            AdminCsrfProtectionFilter adminCsrfProtectionFilter,
            AdminSessionAuthenticationFilter adminSessionAuthenticationFilter
    ) throws Exception {
        http
@@ -40,7 +42,8 @@ public class SecurityConfig {
                    response.setContentType(MediaType.APPLICATION_JSON_VALUE);
                    response.getWriter().write("{\"error\":\"UNAUTHORIZED\"}");
                }))
-                .addFilterBefore(adminSessionAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+                .addFilterBefore(adminCsrfProtectionFilter, UsernamePasswordAuthenticationFilter.class)
+                .addFilterAfter(adminSessionAuthenticationFilter, AdminCsrfProtectionFilter.class);

        return http.build();
    }
--- a/backend/src/main/java/com/printcalculator/service/shop/PublicShopCatalogService.java
+++ b/backend/src/main/java/com/printcalculator/service/shop/PublicShopCatalogService.java
@@ -399,6 +399,8 @@ public class PublicShopCatalogService {
                                                      Map<String, String> variantColorHexByMaterialAndColor,
                                                      String language) {
        List<PublicMediaUsageDto> images = productMediaBySlug.getOrDefault(productMediaUsageKey(entry.product()), List.of());
+        String normalizedLanguage = normalizeLanguage(language);
+        String publicPathSegment = ShopPublicPathSupport.buildProductPathSegment(entry.product(), normalizedLanguage);
        Map<String, String> localizedPaths = ShopPublicPathSupport.buildLocalizedProductPaths(entry.product());
        return new ShopProductSummaryDto(
                entry.product().getId(),
@@ -417,7 +419,7 @@ public class PublicShopCatalogService {
                toVariantDto(entry.defaultVariant(), entry.defaultVariant(), variantColorHexByMaterialAndColor, language),
                selectPrimaryMedia(images),
                toProductModelDto(entry),
-                localizedPaths.getOrDefault(normalizeLanguage(language), localizedPaths.get("it")),
+                publicPathSegment,
                localizedPaths
        );
    }
@@ -429,9 +431,10 @@ public class PublicShopCatalogService {
        List<PublicMediaUsageDto> images = productMediaBySlug.getOrDefault(productMediaUsageKey(entry.product()), List.of());
        String localizedSeoTitle = entry.product().getSeoTitleForLanguage(language);
        String localizedSeoDescription = entry.product().getSeoDescriptionForLanguage(language);
+        String normalizedLanguage = normalizeLanguage(language);
+        String publicPathSegment = ShopPublicPathSupport.buildProductPathSegment(entry.product(), normalizedLanguage);
        Map<String, String> localizedPaths = ShopPublicPathSupport.buildLocalizedProductPaths(entry.product());
-        return new ShopProductDetailDto(
-                entry.product().getId(),
+        return new ShopProductDetailDto(entry.product().getId(),
                entry.product().getSlug(),
                entry.product().getNameForLanguage(language),
                entry.product().getExcerptForLanguage(language),
@@ -458,7 +461,7 @@ public class PublicShopCatalogService {
                selectPrimaryMedia(images),
                images,
                toProductModelDto(entry),
-                localizedPaths.getOrDefault(normalizeLanguage(language), localizedPaths.get("it")),
+                publicPathSegment,
                localizedPaths
        );
    }
--- a/backend/src/main/resources/application.properties
+++ b/backend/src/main/resources/application.properties
@@ -56,6 +56,7 @@ app.mail.contact-request.admin.enabled=${APP_MAIL_CONTACT_REQUEST_ADMIN_ENABLED:
 app.mail.contact-request.admin.address=${APP_MAIL_CONTACT_REQUEST_ADMIN_ADDRESS:info@3d-fab.ch}
 app.mail.contact-request.customer.enabled=${APP_MAIL_CONTACT_REQUEST_CUSTOMER_ENABLED:true}
 app.frontend.base-url=${APP_FRONTEND_BASE_URL:http://localhost:4200}
+app.cors.additional-allowed-origins=${APP_CORS_ADDITIONAL_ALLOWED_ORIGINS:}
 app.sitemap.shop.cache-seconds=${APP_SITEMAP_SHOP_CACHE_SECONDS:3600}
 openai.translation.api-key=${OPENAI_API_KEY:}
 openai.translation.base-url=${OPENAI_BASE_URL:https://api.openai.com/v1}