feat(cors): Global CORS Configuration for AMRIT API Services

[kevalkanp1011]

…ch methods.

📋 Description

JIRA ID:

Please provide a summary of the change and the motivation behind it. Include relevant context and details.

This PR introduces a global CORS configuration for the AMRIT platform API services, in alignment with requirements. The goal is to enhance cross-origin request handling by removing controller-level CORS annotations and setting up centralized, environment-based CORS policies.

✅ Type of Change

• 🐞 Bug fix (non-breaking change which resolves an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 🔥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 🛠 Refactor (change that is neither a fix nor a new feature)
• ⚙️ Config change (configuration file or build script updates)
• 📚 Documentation (updates to docs or readme)
• 🧪 Tests (adding new or updating existing tests)
• 🎨 UI/UX (changes that affect the user interface)
• 🚀 Performance (improves performance)
• 🧹 Chore (miscellaneous changes that don't modify src or test files)

---

ℹ️ Additional Information

Please describe how the changes were tested, and include any relevant screenshots, logs, or other information that provides additional context.

Summary by CodeRabbit

• New Features

  • Centralized and enhanced CORS (Cross-Origin Resource Sharing) configuration for all endpoints, allowing flexible control of allowed origins via configuration files.

• Refactor

  • Removed individual CORS annotations from all controller endpoints to streamline and unify CORS policy management.

• Chores

  • Updated configuration files to support new CORS origin settings.
  • Improved logging for JWT token validation outcomes.

[coderabbitai]

Walkthrough

This change centralizes Cross-Origin Resource Sharing (CORS) management for the application. It introduces a new CorsConfig class that configures CORS globally using externalized properties, and removes all @CrossOrigin annotations from individual controller methods and classes. Configuration files are updated to support the new property cors.allowed-origins. Additionally, logging in the JWT token validation filter is enhanced to provide clearer feedback on token validation outcomes, without affecting the core logic or error handling.

Changes

File(s)	Change Summary
src/main/java/com/iemr/admin/config/CorsConfig.java	New class added to globally configure CORS using application properties and the WebMvcConfigurer interface.
src/main/environment/admin_ci.properties, src/main/environment/admin_example.properties	Added new property cors.allowed-origins for CORS configuration.
All controller files under src/main/java/com/iemr/admin/controller/...	Removed all @CrossOrigin annotations from controller methods and classes to delegate CORS handling to the new global configuration.
src/main/java/com/iemr/admin/utils/JwtUserIdValidationFilter.java	Enhanced JWT validation logic with additional logging for missing, valid, and invalid tokens; no changes to control flow or error handling.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant SpringApp
    participant CorsConfig
    participant Controller

    Client->>SpringApp: HTTP Request (with Origin)
    SpringApp->>CorsConfig: Check CORS configuration
    CorsConfig-->>SpringApp: Provide allowed origins, headers, methods
    SpringApp->>Controller: Route request if CORS allowed
    Controller-->>SpringApp: Process and respond
    SpringApp-->>Client: HTTP Response (with CORS headers if allowed)

Loading

Possibly related issues

• [C4GT Community]: Global CORS Configuration for AMRIT API Services AMRIT#47: This PR directly implements centralized, global CORS configuration and removal of per-method @CrossOrigin annotations as described in the issue.

Poem

Hooray for CORS, now neat and wide,
No more annotations scattered inside!
A config to rule the origins true,
With logging for JWTs—clearer for you.
Controllers breathe easy, their code now clean,
Centralized settings, the best ever seen!
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate failed

Failed conditions
13.9% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (3)

src/main/java/com/iemr/admin/controller/labmodule/SmartDiagnosticsController.java (2)

55-55: ⚠️ Potential issue

Fix logging placeholder without argument
The call logger.info("getIOTProcedure request : {}"); includes a {} placeholder but no argument is passed. Either remove the placeholder or supply the intended value to avoid confusing logs.

---

75-75: ⚠️ Potential issue

Fix logging placeholder without argument
The call logger.info("getIOTComponent request : {}"); includes a {} placeholder but no argument is passed. Either remove the placeholder or supply the intended value to avoid confusing logs.

src/main/java/com/iemr/admin/controller/createorder/CareStreamCreateOrderController.java (1)

71-119: ⚠️ Potential issue

Security concerns in network connectivity code

The controller contains hardcoded IP addresses (192.168.1.199) and directly manages socket connections, which presents several concerns:

1. Hardcoded IP addresses should be externalized to configuration
2. Network operations directly in the controller violate separation of concerns
3. No proper connection error handling or resource cleanup in the catch block
4. Potential for connection leaks if exceptions occur before socket.close()

Consider refactoring this code to:

• Move socket handling logic to a dedicated service
• Externalize IP addresses and ports to configuration properties
• Ensure proper resource cleanup with try-with-resources
• Add proper error handling for network exceptions

🧰 Tools

🪛 ast-grep (0.31.1)

[info] 100-100: "Detected use of a Java socket that is not encrypted. As a result, the
traffic could be read by an attacker intercepting the network traffic. Use
an SSLSocket created by 'SSLSocketFactory' or 'SSLServerSocketFactory'
instead."
Context: new Socket(ip, port)
Note: [CWE-319] Cleartext Transmission of Sensitive Information [REFERENCES]
- https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(unencrypted-socket-java)

🧹 Nitpick comments (32)

src/main/java/com/iemr/admin/controller/facilitytype/FacilitytypeController.java (1)

31-31: Remove unused CrossOrigin import
The @CrossOrigin annotation has been removed from this controller; the import at line 31 is now unused and can be safely removed to clean up imports.

src/main/java/com/iemr/admin/controller/labmodule/SmartDiagnosticsController.java (1)

30-30: Remove unused CrossOrigin import
The @CrossOrigin import is no longer needed after centralizing CORS; it should be removed to avoid unused imports.

src/main/java/com/iemr/admin/controller/stockEntry/StockEntryController.java (1)

29-29: Remove unused CrossOrigin import
The @CrossOrigin import can be removed since all per-method annotations have been deleted in favor of global configuration.

src/main/java/com/iemr/admin/controller/parkingPlace/ParkingPlaceTalukMappingController.java (1)

27-27: Remove unused CrossOrigin import
Since all method-level CORS annotations have been removed, the @CrossOrigin import is no longer required.

src/main/java/com/iemr/admin/controller/villageMaster/VillageMasterController.java (1)

27-27: Remove unused CrossOrigin import
Since controller‑level @CrossOrigin annotations no longer exist, the import is unused and can be cleaned up for clarity.

- import org.springframework.web.bind.annotation.CrossOrigin;

src/main/java/com/iemr/admin/controller/emailconfig/EmailConfigController.java (1)

32-32: Remove unused CrossOrigin import
The org.springframework.web.bind.annotation.CrossOrigin import is no longer needed and can be deleted.

- import org.springframework.web.bind.annotation.CrossOrigin;

src/main/java/com/iemr/admin/controller/vanMaster/VanMasterController.java (2)

28-28: Remove unused CrossOrigin import
The import for CrossOrigin is no longer used and should be removed to tidy up the code.

- import org.springframework.web.bind.annotation.CrossOrigin;

---

131-131: Inconsistent method naming
The method updateZoneData is mapped to /update/vanDetails and updates van details. For consistency, consider renaming to updateVanDetails.

- public String updateZoneData(...)
+ public String updateVanDetails(...)

src/main/java/com/iemr/admin/controller/labmodule/LabModuleController.java (1)

28-28: Remove unused CrossOrigin import
Since there are no @CrossOrigin usages here, the import can be removed.

- import org.springframework.web.bind.annotation.CrossOrigin;

src/main/java/com/iemr/admin/controller/drugstrength/DrugStrength.java (1)

31-31: Remove unused CrossOrigin import
The CrossOrigin import is obsolete after annotation removal and should be cleaned up.

- import org.springframework.web.bind.annotation.CrossOrigin;

src/main/java/com/iemr/admin/controller/locationmaster/LocationMasterController.java (2)

32-32: Remove unused import

The CrossOrigin annotation is no longer used in this controller class after moving to the centralized CORS configuration. Consider removing this unused import for better code cleanliness.

-import org.springframework.web.bind.annotation.CrossOrigin;

---

63-63: Clean up extra blank lines

Consider removing these extra blank lines that remain after deleting the @CrossOrigin() annotations to improve code readability.

Also applies to: 107-107, 171-171, 209-209, 239-239, 268-268, 297-297, 346-346, 385-385, 418-418, 466-466, 515-515, 561-561

src/main/java/com/iemr/admin/controller/parkingPlace/ParkingPlaceController.java (2)

28-28: Remove unused import

The CrossOrigin annotation is no longer used in this controller class after moving to the centralized CORS configuration. Consider removing this unused import for better code cleanliness.

-import org.springframework.web.bind.annotation.CrossOrigin;

---

53-53: Clean up extra blank lines

Consider removing these extra blank lines that remain after deleting the @CrossOrigin() annotations to improve code readability.

Also applies to: 78-78, 100-100, 127-127, 165-165, 187-187, 210-210

src/main/java/com/iemr/admin/controller/servicePoint/ServicePointController.java (2)

28-28: Remove unused import

The CrossOrigin annotation is no longer used in this controller class after moving to the centralized CORS configuration. Consider removing this unused import for better code cleanliness.

-import org.springframework.web.bind.annotation.CrossOrigin;

---

55-55: Clean up extra blank lines

Consider removing these extra blank lines that remain after deleting the @CrossOrigin() annotations to improve code readability.

Also applies to: 80-80, 103-103, 130-130, 163-163, 188-188, 241-241, 271-271

src/main/java/com/iemr/admin/controller/itemfacilitymapping/MItemFacilityMappingController.java (2)

31-31: Remove unused import

The CrossOrigin annotation is no longer used in this controller class after moving to the centralized CORS configuration. Consider removing this unused import for better code cleanliness.

-import org.springframework.web.bind.annotation.CrossOrigin;

---

56-56: Clean up extra blank lines

Consider removing these extra blank lines that remain after deleting the @CrossOrigin() annotations to improve code readability.

Also applies to: 114-114, 149-149, 180-180, 208-208, 236-236, 260-260

src/main/java/com/iemr/admin/controller/zonemaster/ZoneMasterController.java (1)

28-28: Remove unused CrossOrigin import
The import org.springframework.web.bind.annotation.CrossOrigin; at line 28 is no longer needed after stripping out all @CrossOrigin annotations. Cleaning up unused imports improves readability and prevents confusion.

src/main/java/com/iemr/admin/controller/store/StoreController.java (1)

31-31: Remove unused CrossOrigin import
The import org.springframework.web.bind.annotation.CrossOrigin; at line 31 is no longer used after removing all @CrossOrigin annotations. Please delete this import to avoid dead code.

src/main/java/com/iemr/admin/controller/snomedMapping/SnomedMappingController.java (1)

27-27: Remove unused CrossOrigin import
The import org.springframework.web.bind.annotation.CrossOrigin; at line 27 is no longer needed. Please remove this unused import to keep the codebase clean.

src/main/java/com/iemr/admin/controller/pharmacologicalcategory/PharmacologicalCategoryController.java (1)

31-31: Remove unused CrossOrigin import
Since @CrossOrigin annotations have been removed, the import org.springframework.web.bind.annotation.CrossOrigin; at line 31 is now redundant. Please delete it.

src/main/java/com/iemr/admin/controller/nodalConfig/NodalConfigController.java (1)

32-32: Remove unused CrossOrigin import
The import org.springframework.web.bind.annotation.CrossOrigin; at line 32 is obsolete after removing all @CrossOrigin annotations. Please remove it to avoid unused dependencies.

src/main/java/com/iemr/admin/controller/vanSpokeMapping/VanSpokeMappingController.java (1)

27-27: Remove unused CrossOrigin import
With all per-method @CrossOrigin annotations removed in favor of the centralized CorsConfig, the import

import org.springframework.web.bind.annotation.CrossOrigin;

is no longer used. Please delete it.

src/main/java/com/iemr/admin/controller/item/ItemController.java (1)

30-30: Remove unused CrossOrigin import
After removing all @CrossOrigin annotations, the import

import org.springframework.web.bind.annotation.CrossOrigin;

is unused. Please remove it to tidy up imports.

src/main/java/com/iemr/admin/controller/employeemaster/EmployeeSignatureController.java (1)

33-33: Remove unused CrossOrigin import
With the deletion of all @CrossOrigin annotations, the import

import org.springframework.web.bind.annotation.CrossOrigin;

is no longer needed. Please remove it.

src/main/java/com/iemr/admin/controller/telemedicine/VideoConsultationController.java (1)

29-29: Remove unused CrossOrigin import
Since all per-method @CrossOrigin annotations have been removed, the import

import org.springframework.web.bind.annotation.CrossOrigin;

is unused. Please delete it.

src/main/java/com/iemr/admin/controller/foetalmonitormaster/FoetalMonitorController.java (1)

30-30: Remove unused CrossOrigin import
All @CrossOrigin annotations have been removed in favor of global CORS configuration. The import

import org.springframework.web.bind.annotation.CrossOrigin;

is now unused and should be removed.

src/main/java/com/iemr/admin/controller/employeemaster/EmployeeMasterController.java (1)

35-35: Consider removing the unused CrossOrigin import.

The CrossOrigin annotation is no longer used in this controller since all instances have been removed in favor of centralized CORS configuration. Remove the unused import to keep the code clean.

-import org.springframework.web.bind.annotation.CrossOrigin;

src/main/java/com/iemr/admin/controller/blocking/BlockingController.java (1)

31-31: Consider removing the unused CrossOrigin import.

The CrossOrigin annotation is no longer used in this controller since all instances have been removed in favor of centralized CORS configuration. Remove the unused import to keep the code clean.

-import org.springframework.web.bind.annotation.CrossOrigin;

src/main/java/com/iemr/admin/controller/provideronboard/ProviderOnBoardController.java (1)

24-34: Import statement for CrossOrigin is no longer used

Since all @CrossOrigin() annotations have been removed from the controller methods, the import statement for org.springframework.web.bind.annotation.CrossOrigin on line 34 is no longer used.

-import org.springframework.web.bind.annotation.CrossOrigin;

src/main/java/com/iemr/admin/controller/createorder/CareStreamCreateOrderController.java (1)

32-32: Unused import statement for CrossOrigin

The import for org.springframework.web.bind.annotation.CrossOrigin is no longer needed as all @CrossOrigin() annotations have been removed from the controller methods.

-import org.springframework.web.bind.annotation.CrossOrigin;

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 19cdc37 and 5b1112a.

📒 Files selected for processing (44)

• src/main/environment/admin_ci.properties (1 hunks)
• src/main/environment/admin_example.properties (1 hunks)
• src/main/java/com/iemr/admin/config/CorsConfig.java (1 hunks)
• src/main/java/com/iemr/admin/controller/blocking/BlockingController.java (20 hunks)
• src/main/java/com/iemr/admin/controller/calibration/CalibrationController.java (4 hunks)
• src/main/java/com/iemr/admin/controller/createorder/CareStreamCreateOrderController.java (3 hunks)
• src/main/java/com/iemr/admin/controller/drugstrength/DrugStrength.java (4 hunks)
• src/main/java/com/iemr/admin/controller/drugtype/DrugtypeController.java (4 hunks)
• src/main/java/com/iemr/admin/controller/emailconfig/EmailConfigController.java (3 hunks)
• src/main/java/com/iemr/admin/controller/employeemaster/EmployeeMasterController.java (58 hunks)
• src/main/java/com/iemr/admin/controller/employeemaster/EmployeeSignatureController.java (3 hunks)
• src/main/java/com/iemr/admin/controller/facilitytype/FacilitytypeController.java (5 hunks)
• src/main/java/com/iemr/admin/controller/foetalmonitormaster/FoetalMonitorController.java (13 hunks)
• src/main/java/com/iemr/admin/controller/item/ItemController.java (21 hunks)
• src/main/java/com/iemr/admin/controller/itemfacilitymapping/MItemFacilityMappingController.java (7 hunks)
• src/main/java/com/iemr/admin/controller/labmodule/LabModuleController.java (15 hunks)
• src/main/java/com/iemr/admin/controller/labmodule/SmartDiagnosticsController.java (2 hunks)
• src/main/java/com/iemr/admin/controller/locationmaster/LocationMasterController.java (13 hunks)
• src/main/java/com/iemr/admin/controller/manufacturer/ManufacturerController.java (5 hunks)
• src/main/java/com/iemr/admin/controller/nodalConfig/NodalConfigController.java (3 hunks)
• src/main/java/com/iemr/admin/controller/parkingPlace/ParkingPlaceController.java (7 hunks)
• src/main/java/com/iemr/admin/controller/parkingPlace/ParkingPlaceTalukMappingController.java (7 hunks)
• src/main/java/com/iemr/admin/controller/pharmacologicalcategory/PharmacologicalCategoryController.java (5 hunks)
• src/main/java/com/iemr/admin/controller/provideronboard/ProviderOnBoardController.java (88 hunks)
• src/main/java/com/iemr/admin/controller/questionnaire/QuestionnaireController.java (4 hunks)
• src/main/java/com/iemr/admin/controller/rolemaster/RoleMasterController.java (17 hunks)
• src/main/java/com/iemr/admin/controller/servicePoint/ServicePointController.java (9 hunks)
• src/main/java/com/iemr/admin/controller/snomedMapping/SnomedMappingController.java (4 hunks)
• src/main/java/com/iemr/admin/controller/stockEntry/StockEntryController.java (3 hunks)
• src/main/java/com/iemr/admin/controller/stockExit/StockExitController.java (1 hunks)
• src/main/java/com/iemr/admin/controller/store/StoreController.java (10 hunks)
• src/main/java/com/iemr/admin/controller/supplier/SupplierMasterController.java (5 hunks)
• src/main/java/com/iemr/admin/controller/telemedicine/TeleMedicineController.java (5 hunks)
• src/main/java/com/iemr/admin/controller/telemedicine/VideoConsultationController.java (6 hunks)
• src/main/java/com/iemr/admin/controller/uom/UomController.java (5 hunks)
• src/main/java/com/iemr/admin/controller/uptsu/FacilityController.java (4 hunks)
• src/main/java/com/iemr/admin/controller/userParkingPlaceMap/UserParkingPlaceMapController.java (9 hunks)
• src/main/java/com/iemr/admin/controller/vanMaster/VanMasterController.java (9 hunks)
• src/main/java/com/iemr/admin/controller/vanServicePointMapping/VanServicePointMappingController.java (4 hunks)
• src/main/java/com/iemr/admin/controller/vanSpokeMapping/VanSpokeMappingController.java (3 hunks)
• src/main/java/com/iemr/admin/controller/version/VersionController.java (1 hunks)
• src/main/java/com/iemr/admin/controller/villageMaster/VillageMasterController.java (4 hunks)
• src/main/java/com/iemr/admin/controller/zonemaster/ZoneMasterController.java (9 hunks)
• src/main/java/com/iemr/admin/utils/JwtUserIdValidationFilter.java (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

src/main/java/com/iemr/admin/controller/foetalmonitormaster/FoetalMonitorController.java (1)

src/main/java/com/iemr/admin/controller/snomedMapping/SnomedMappingController.java (1)

• RequestMapping (42-190)

🔇 Additional comments (62)

src/main/java/com/iemr/admin/controller/version/VersionController.java (1)

46-46: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This is a good architectural improvement that will make CORS policy management more maintainable.

src/main/java/com/iemr/admin/controller/stockExit/StockExitController.java (1)

44-44: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This is a good architectural improvement that will make CORS policy management more maintainable.

src/main/java/com/iemr/admin/controller/vanServicePointMapping/VanServicePointMappingController.java (4)

53-53: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This aligns with the global CORS strategy.

---

91-91: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This aligns with the global CORS strategy.

---

117-117: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This aligns with the global CORS strategy.

---

144-144: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This aligns with the global CORS strategy.

src/main/java/com/iemr/admin/controller/uom/UomController.java (5)

51-51: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This change brings consistency to CORS handling across the application.

---

79-79: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This change brings consistency to CORS handling across the application.

---

105-105: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This change brings consistency to CORS handling across the application.

---

138-138: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This change brings consistency to CORS handling across the application.

---

167-167: CORS annotation removed as part of centralization.

The @CrossOrigin() annotation has been removed from this controller method as part of centralizing CORS configuration. This change brings consistency to CORS handling across the application.

src/main/java/com/iemr/admin/controller/manufacturer/ManufacturerController.java (1)

51-51: Removed method-level CORS annotations to centralize CORS management
All @CrossOrigin annotations have been stripped in favor of the new global CorsConfig. Confirm that the global CORS policy (driven by the cors.allowed-origins property) applies correctly to each of these endpoints and that clients can still perform the necessary cross-origin requests.

Also applies to: 79-79, 107-107, 147-147, 179-179

src/main/environment/admin_ci.properties (1)

22-24: Added cors.allowed-origins property for global CORS configuration
The new property reads from the environment variable CORS_ALLOWED_ORIGINS. Ensure this variable is defined and populated in all deployment environments (CI, staging, production) and that the format (e.g., comma-separated list) aligns with expectations. Cross-reference with admin_example.properties for consistency.

src/main/java/com/iemr/admin/controller/drugtype/DrugtypeController.java (1)

51-51: Removed method-level CORS annotations in DrugtypeController
This aligns with the centralized CORS approach. Please verify that the cors.allowed-origins configuration covers all origins needed by clients of these endpoints and that OPTIONS preflight requests succeed.

Also applies to: 78-78, 105-105, 140-140

src/main/java/com/iemr/admin/controller/questionnaire/QuestionnaireController.java (1)

47-47: Removed method-level CORS annotations in QuestionnaireController
With CORS handled globally, these per-method annotations are no longer needed. Validate that cross-origin requests (including preflight) work correctly against these routes under the new configuration.

Also applies to: 85-85, 103-103

src/main/java/com/iemr/admin/controller/supplier/SupplierMasterController.java (1)

52-52: Removed method-level CORS annotations in SupplierMasterController
Central CORS settings now apply. Ensure your integration tests include scenarios that exercise CORS (e.g., from browser clients) to confirm the global policy behaves as expected.

Also applies to: 73-73, 91-91, 129-129, 151-151

src/main/java/com/iemr/admin/controller/facilitytype/FacilitytypeController.java (4)

52-52: Approve removal of method-level CORS annotation
Removed the @CrossOrigin annotation before getFacility in favor of centralized CORS configuration via CorsConfig.

---

79-79: Approve removal of method-level CORS annotation
Removed the @CrossOrigin annotation before addFacility in favor of centralized CORS configuration via CorsConfig.

---

106-106: Approve removal of method-level CORS annotation
Removed the @CrossOrigin annotation before editFacility in favor of centralized CORS configuration via CorsConfig.

---

138-138: Approve removal of method-level CORS annotation
Removed the @CrossOrigin annotation before deleteFacility in favor of centralized CORS configuration via CorsConfig.

src/main/java/com/iemr/admin/controller/labmodule/SmartDiagnosticsController.java (2)

50-50: Approve removal of method-level CORS annotation
Removed the @CrossOrigin annotation before getIOTProcedure to rely on the global CORS configuration.

---

70-70: Approve removal of method-level CORS annotation
Removed the @CrossOrigin annotation before getIOTComponent to rely on the global CORS configuration.

src/main/java/com/iemr/admin/controller/stockEntry/StockEntryController.java (3)

52-52: Approve removal of method-level CORS annotation
Removed the @CrossOrigin annotation before physicalStockEntry, delegating CORS handling to the centralized config.

---

70-70: Approve removal of method-level CORS annotation
Removed the @CrossOrigin annotation before getItemBatchForStoreID, delegating CORS handling to the centralized config.

---

94-94: Approve removal of method-level CORS annotation
Removed the @CrossOrigin annotation before allocateStockFromItemID, delegating CORS handling to the centralized config.

src/main/environment/admin_example.properties (2)

18-18: Approve addition of common-url property
The new common-url entry is correctly added for local development. Ensure consistency with other environment files if needed.

---

20-20: Verify wildcard origin support in CORS config
The cors.allowed-origins property uses wildcards (http://localhost:*,http://127.0.0.1:*). Confirm that CorsConfig uses setAllowedOriginPatterns (not setAllowedOrigins) to support these patterns; otherwise, origins with varying ports won’t match.

src/main/java/com/iemr/admin/controller/parkingPlace/ParkingPlaceTalukMappingController.java (1)

50-50: Approve removal of method-level CORS annotations
All @CrossOrigin annotations preceding endpoint methods have been removed to centralize CORS policy in CorsConfig. This aligns with the PR objective and improves maintainability.

Also applies to: 72-72, 94-94, 125-125, 146-146, 167-167, 192-192

src/main/java/com/iemr/admin/controller/villageMaster/VillageMasterController.java (1)

51-51: Removed per-method CORS annotation in favor of global configuration
The blank line at this location indicates that the @CrossOrigin annotation has been removed. This aligns correctly with the new centralized CORS policy defined in CorsConfig.

src/main/java/com/iemr/admin/controller/emailconfig/EmailConfigController.java (1)

55-55: Removed per-method CORS annotation in favor of global configuration
The blank line here corresponds to the removed @CrossOrigin annotation. Global CORS settings in CorsConfig will now apply to these endpoints.

src/main/java/com/iemr/admin/controller/vanMaster/VanMasterController.java (1)

54-54: Removed per-method CORS annotation in favor of global configuration
The blank line indicates the removal of @CrossOrigin, delegating CORS handling to the centralized CorsConfig.

src/main/java/com/iemr/admin/controller/labmodule/LabModuleController.java (1)

51-51: Removed class‑level CORS annotation in favor of global configuration
This blank line shows where @CrossOrigin was removed. The global settings in CorsConfig will handle CORS for all lab module endpoints.

src/main/java/com/iemr/admin/controller/drugstrength/DrugStrength.java (1)

51-51: Removed per-method CORS annotation in favor of global configuration
The blank line indicates the removal of @CrossOrigin. The centralized CORS policy in CorsConfig will now govern these endpoints.

src/main/java/com/iemr/admin/controller/calibration/CalibrationController.java (4)

55-55: Approve removal of method-level CORS annotation for createCalibrationStrip
The per-endpoint @CrossOrigin annotation has been removed to centralize CORS handling via the new global configuration.

---

88-88: Approve removal of method-level CORS annotation for fetchCalibrationStrips
Consistent with the centralized CORS policy, the controller‑level annotation is no longer needed here.

---

116-116: Approve removal of method-level CORS annotation for deleteCalibrationStrip
This cleanup aligns with the new global CorsConfig.

---

144-144: Approve removal of method-level CORS annotation for updateCalibrationStrip
All controller methods now rely on the externalized CORS settings.

src/main/java/com/iemr/admin/controller/userParkingPlaceMap/UserParkingPlaceMapController.java (1)

56-56: Approve removal of method-level CORS annotations across endpoints
All @CrossOrigin annotations have been stripped from individual methods to leverage the new global CORS configuration in CorsConfig.

Also applies to: 81-81, 106-106, 132-132, 160-160, 189-189, 222-222, 263-263

src/main/java/com/iemr/admin/controller/rolemaster/RoleMasterController.java (1)

67-67: Approve removal of method-level CORS annotations throughout the controller
The removal of @CrossOrigin from all action methods is correct and centralizes CORS policy via the newly introduced CorsConfig.

Also applies to: 103-103, 138-138, 176-176, 218-218, 269-269, 304-304, 332-332, 392-392, 439-439, 473-473, 513-513, 552-552, 614-614, 646-646, 669-669, 702-702

src/main/java/com/iemr/admin/controller/uptsu/FacilityController.java (1)

52-52: Approve removal of class- and method-level CORS annotations
Both class-level and per-method @CrossOrigin annotations were removed in favor of the global configuration.

Also applies to: 61-61, 86-86, 106-106

src/main/java/com/iemr/admin/controller/telemedicine/TeleMedicineController.java (1)

53-53: Approve removal of method-level CORS annotations across TeleMedicine endpoints
Eliminating scattered @CrossOrigin annotations ensures all TeleMedicine APIs adhere to the centralized CORS policy.

Also applies to: 77-77, 101-101, 125-125, 151-151

src/main/java/com/iemr/admin/controller/locationmaster/LocationMasterController.java (1)

1-592: Centralized CORS configuration is a good architectural improvement

Removing controller-level @CrossOrigin() annotations in favor of a centralized CORS configuration is a positive architectural change. This approach:

1. Reduces code duplication
2. Makes CORS policy changes easier to maintain
3. Ensures consistent CORS behavior across all endpoints
4. Allows for environment-specific CORS configurations

src/main/java/com/iemr/admin/controller/parkingPlace/ParkingPlaceController.java (1)

1-231: Centralized CORS configuration is a good architectural improvement

The removal of controller-level @CrossOrigin() annotations in favor of a centralized configuration improves maintainability and consistency across the application.

src/main/java/com/iemr/admin/controller/servicePoint/ServicePointController.java (1)

1-292: Centralized CORS configuration is a good architectural improvement

The migration from controller-level @CrossOrigin() annotations to a centralized CORS configuration is a good practice that ensures consistent access control across all endpoints.

src/main/java/com/iemr/admin/controller/itemfacilitymapping/MItemFacilityMappingController.java (1)

1-284: Centralized CORS configuration is a good architectural improvement

Moving from scattered @CrossOrigin() annotations to a centralized CORS configuration improves:

1. Security by ensuring consistent enforcement of CORS policies
2. Maintainability by centralizing configuration in one place
3. Flexibility by allowing environment-specific CORS settings

src/main/java/com/iemr/admin/controller/zonemaster/ZoneMasterController.java (1)

54-54: Verify global CORS configuration covers these endpoints
You’ve correctly removed the per-method @CrossOrigin annotations in favor of a centralized CORS setup. Please ensure that your new CorsConfig class is annotated with @Configuration, implements WebMvcConfigurer, and applies CORS mappings to the appropriate path patterns (e.g., /zonemaster/** or /**) using the cors.allowed-origins property. Consider adding an integration test that sends an OPTIONS preflight request to one of these endpoints to confirm the headers are applied.

Also applies to: 77-77, 103-103, 126-126, 155-155, 182-182, 271-271

src/main/java/com/iemr/admin/controller/store/StoreController.java (1)

55-55: Confirm centralized CORS policy is applied
All method-level CORS annotations have been removed; ensure your global CorsConfig bean is active and correctly configures allowed origins, methods, headers, and credentials for the /createStore, /editStore, /getAllStore/**, etc., endpoints. Adding a simple mock integration test for an OPTIONS request can validate that the preflight response includes the expected CORS headers.

Also applies to: 84-84, 119-119, 140-140, 165-165, 190-190, 217-217, 244-244

src/main/java/com/iemr/admin/controller/snomedMapping/SnomedMappingController.java (1)

50-50: Ensure global CORS configuration covers SNOMED endpoints
Per-method @CrossOrigin annotations have been stripped out. Verify that your global CORS configuration in CorsConfig applies to the /snomed/** routes and handles preflight correctly. If you haven’t already, consider a smoke test or lightweight integration test that triggers an OPTIONS request against one of these endpoints.

Also applies to: 93-93, 135-135, 166-166

src/main/java/com/iemr/admin/controller/pharmacologicalcategory/PharmacologicalCategoryController.java (1)

52-52: Validate centralized CORS policy for pharmacological category APIs
You’ve centralized CORS configuration by removing per-method annotations. Confirm that your global CorsConfig handles requests to /createPharmacologicalcategory, /getPharmacologicalcategory, and other related endpoints under the configured origins. A quick automated check with an OPTIONS preflight request will ensure headers are correctly applied.

Also applies to: 82-82, 111-111, 144-144, 177-177

src/main/java/com/iemr/admin/controller/nodalConfig/NodalConfigController.java (1)

56-56: Confirm global CORS settings for nodal config endpoints
Per-method CORS annotations have been stripped. Ensure the global CorsConfig registers the appropriate CORS mappings for /nodal/saveConf, /nodal/getNodalEmailConfigs, and /nodal/updateNodalEmailConfig, based on the cors.allowed-origins property. Consider adding an automated preflight test to validate the CORS headers on these routes.

Also applies to: 78-78, 97-97

src/main/java/com/iemr/admin/controller/vanSpokeMapping/VanSpokeMappingController.java (1)

55-55: Per-method CORS annotations removed
These endpoints no longer require individual @CrossOrigin annotations since the global CORS policy in CorsConfig applies to /**. Ensure that the global mapping covers /mapping/save/vanSpokeMapping, /mapping/get/vanSpokeMapping, and /mapping/delete/vanSpokeMapping.

Also applies to: 77-77

src/main/java/com/iemr/admin/controller/item/ItemController.java (1)

56-56: Per-method CORS annotations removed
All @CrossOrigin annotations have been stripped from individual endpoints, as the global CORS configuration in CorsConfig now handles cross-origin requests for all paths (/**).

Also applies to: 79-79, 102-102, 131-131, 155-155, 178-178, 202-202, 226-226, 259-259, 283-283, 307-307, 333-333, 356-356, 378-378, 402-402, 420-420, 441-441, 462-462, 484-484, 505-505, 526-526

src/main/java/com/iemr/admin/controller/employeemaster/EmployeeSignatureController.java (1)

61-61: Per-method CORS annotations removed
The methods uploadFile, fetchFile, and existFile no longer declare @CrossOrigin. These endpoints are now governed by the centralized CORS settings in CorsConfig.

Also applies to: 86-86, 113-113

src/main/java/com/iemr/admin/controller/telemedicine/VideoConsultationController.java (1)

55-55: Per-method CORS annotations removed
The individual @CrossOrigin annotations have been removed; these endpoints will now rely on the global CORS policy defined in CorsConfig.

Also applies to: 81-81, 107-107, 132-132, 158-158

src/main/java/com/iemr/admin/controller/foetalmonitormaster/FoetalMonitorController.java (1)

50-50: Class-level and per-method CORS annotations removed
Both the class-level and all method-level @CrossOrigin annotations have been dropped. Verify that the centralized CorsConfig covers all /fetosense/** endpoints as intended.

Also applies to: 57-57, 77-77, 93-93, 111-111, 136-136, 165-165, 192-192, 239-239, 261-261, 291-291, 321-321, 353-353

src/main/java/com/iemr/admin/utils/JwtUserIdValidationFilter.java (4)

72-72: Good enhancement with explicit error logging.

Adding explicit error logging when no JWT token is found improves the application's observability and helps with troubleshooting authentication issues.

---

77-78: Improved code readability by removing unnecessary boolean variable.

Direct use of the validation method in the if condition simplifies the code structure while maintaining the same functionality.

---

80-80: Enhanced observability with success logging.

Adding an info log entry for successful validation provides better visibility into the authentication flow, which is helpful for monitoring and debugging.

---

83-83: Improved error visibility with explicit logging.

Adding explicit error logging for invalid JWT tokens enhances the application's observability and helps with troubleshooting authentication failures.

src/main/java/com/iemr/admin/controller/provideronboard/ProviderOnBoardController.java (1)

102-162: CORS annotations removed in favor of centralized configuration

The @CrossOrigin() annotations have been removed from all controller methods in this file. This change aligns with the centralized CORS configuration approach introduced via the CorsConfig class.

src/main/java/com/iemr/admin/config/CorsConfig.java (1)

1-25:

✅ Verification successful

Well-structured global CORS configuration

The new CorsConfig class provides a centralized approach to CORS configuration, which is a better practice than scattered @CrossOrigin() annotations. The configuration includes:

1. Reading allowed origins from externalized properties
2. Applying CORS settings to all endpoints (/**)
3. Properly configured headers, methods, and credentials

However, verify that the property cors.allowed-origins is correctly defined in the application properties files:

---

🏁 Script executed:

#!/bin/bash
# Check if cors.allowed-origins is defined in properties files
find src/main/environment -type f -name "*.properties" -exec grep -l "cors.allowed-origins" {} \;

Length of output: 187

---

Global CORS configuration approved and cors.allowed-origins verified

• The CorsConfig class centralizes CORS settings, replacing scattered @CrossOrigin annotations.
• Allowed origins are externalized via ${cors.allowed-origins}.
• The property is defined in:
  • src/main/environment/admin_ci.properties
  • src/main/environment/admin_example.properties
• CORS applies to all endpoints (/**) with correct methods, headers, credentials, and exposed headers.

src/main/java/com/iemr/admin/controller/createorder/CareStreamCreateOrderController.java (1)

46-52: CORS annotations removed in favor of centralized configuration

The @CrossOrigin() annotations have been removed from all controller methods in this class, which is aligned with the centralized CORS configuration approach.