Backend: Маркетинг в админ панели #881

src/main/java/io/hexlet/cv/config/SecurityConfig.java

@@ -1,6 +1,7 @@
 package io.hexlet.cv.config;
 
 import io.hexlet.cv.service.CustomUserDetailsService;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Map;
@@ -12,6 +13,7 @@
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -24,6 +26,9 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 @Configuration
 @EnableWebSecurity
@@ -37,6 +42,7 @@ SecurityFilterChain security(HttpSecurity http,
                                  Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthConverter)
             throws Exception {
         http
+                .cors(Customizer.withDefaults())
                 .csrf(csrf -> csrf.disable())
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/admin/**", "/*/admin/**", "/*/admin/").hasRole("ADMIN")
@@ -47,12 +53,51 @@ SecurityFilterChain security(HttpSecurity http,
                 .oauth2ResourceServer(rs -> rs
                         .bearerTokenResolver(cookieTokenResolver)
                         .jwt(jwt -> jwt
-                                .decoder(jwtDecoder)                       // берётся из EncodersConfig
+                                .decoder(jwtDecoder)
                                 .jwtAuthenticationConverter(jwtAuthConverter)
                         ));
         return http.build();
     }
 
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+
+        config.setAllowedOrigins(Arrays.asList(
+                "http://localhost:5173",
+                "http://127.0.0.1:5173"
+        ));
+
+        config.setAllowedMethods(Arrays.asList(
+                "GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"
+        ));
+
+        config.setAllowedHeaders(Arrays.asList(
+                "Authorization",
+                "Content-Type",
+                "X-Requested-With",
+                "X-Inertia",
+                "X-Inertia-Version",
+                "Accept",
+                "Origin",
+                "Access-Control-Request-Method",
+                "Access-Control-Request-Headers"
+        ));
+
+        config.setExposedHeaders(Arrays.asList(
+                "Access-Control-Allow-Origin",
+                "Access-Control-Allow-Credentials"
+        ));
+
+        config.setAllowCredentials(true);
+        config.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+
+        return source;
+    }
+
     @Bean
     public DaoAuthenticationProvider daoAuthProvider(CustomUserDetailsService userService,
                                                      PasswordEncoder passwordEncoder) {

src/main/java/io/hexlet/cv/config/properties/pricing/PricingProperties.java

@@ -0,0 +1,15 @@
+package io.hexlet.cv.config.properties.pricing;
+
+import lombok.Getter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Component
+@Getter
+@ConfigurationProperties(prefix = "app.pricing")
+public class PricingProperties {
+    private int scale = 2;
+    private double freeThreshold = 0.01;
+    private double maxDiscount = 100;
+    private double minPrice = 0.0;
+}