Merge branch 'master' into 1027-migrate-from-springfox-swagger-to-spr…

…ingdoc-openapi

.github/utils/cors_check.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+host=${1}
+port=${2}
+path=${3}
+origin=${4}
+http_code=${5}
+timeout=${6}
+
+function wait_for_preflight() {
+  local url="$1"
+  local origin="$2"
+  local timeout_sec="$3"
+  local expected_http_code="$4"
+  echo "Waiting for preflight response with Origin header: ${origin} for ${url}"
+
+  start_time=$(date +%s)
+  while true; do
+    response=$(curl -s -o /dev/null -w "%{http_code}" \
+      -H "Origin: ${origin}" \
+      -H "Access-Control-Request-Headers: authorization,content-type" \
+      -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/111.0" \
+      -H "Accept: /" \
+      -H "Accept-Language: en-US,en;q=0.5" \
+      -H "Accept-Encoding: gzip, deflate, br" \
+      -H "Access-Control-Request-Method: POST" \
+      -H "Access-Control-Request-Headers: authorization,content-type" \
+      -H "Connection: keep-alive" \
+      -H "Sec-Fetch-Dest: empty" \
+      -H "Sec-Fetch-Mode: cors" \
+      -H "Sec-Fetch-Site: cross-site" \
+      -H "Pragma: no-cache" \
+      -H "Cache-Control: no-cache" \
+      -X OPTIONS "${url}")
+    if [[ "$response" == "${expected_http_code}" ]]; then
+      echo "Preflight request succeeded for ${url} with expected http code ${expected_http_code}"
+      return 0
+    fi
+    current_time=$(date +%s)
+    elapsed_time=$((current_time - start_time))
+    remaining_time=$(( timeout_sec - elapsed_time))
+    if ((elapsed_time >= timeout_sec)); then
+      echo "Timed out waiting for preflight response after ${timeout_sec} seconds for ${url}"
+      return 1
+    fi
+    echo "Preflight request failed with response code ${response} for ${url}, retrying for another ${remaining_time} seconds..."
+    sleep 2
+  done
+}
+
+wait_for_preflight "$host:$port$path" "${origin}" "${timeout}" "${http_code}"

.github/utils/url_check.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+host=${1}
+port=${2}
+path=${3}
+http_code=${4}
+timeout=${5}
+
+function wait_for_url() {
+  local url="$1"
+  local timeout_sec="$2"
+  local expected_http_code="$3"
+  echo "Waiting for response from ${url}"
+
+  start_time=$(date +%s)
+  while true; do
+    response=$(curl -s -o /dev/null -w "%{http_code}" "${url}")
+    if [[ "$response" == "${expected_http_code}" ]]; then
+      echo "Request succeeded for ${url} with expected http code ${expected_http_code}"
+      return 0
+    fi
+    current_time=$(date +%s)
+    elapsed_time=$((current_time - start_time))
+    remaining_time=$(( timeout_sec - elapsed_time))
+    if ((elapsed_time >= timeout_sec)); then
+      echo "Timed out waiting for response after ${timeout_sec} seconds for ${url}"
+      return 1
+    fi
+    echo "GET request failed with response code ${response} for ${url}, retrying for another ${remaining_time} seconds..."
+    sleep 2
+  done
+}
+
+wait_for_url "$host:$port$path" "${timeout}" "${http_code}"

.github/workflows/build-and-publish.yml

@@ -41,6 +41,11 @@ jobs:
         id: buildx
         with:
           install: true
+      - name: Install jq
+        uses: awalsh128/cache-apt-pkgs-action@latest
+        with:
+          packages: jq moreutils
+          version: 1.0
       - name: Build image
         uses: docker/build-push-action@v4
         with:
@@ -51,10 +56,24 @@ jobs:
           build-args: "--platform ${{ needs.prepare_environment.outputs.build_platforms }}"
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - name: Start container from image and wait for successful war deployment
+      - name: Start container from image and wait for successful checks
         run: |
-          docker run -it -d -p 8080:8080 ${{ needs.prepare_environment.outputs.test_image_name }}
-          ./.github/utils/health_check.sh 127.0.0.1 8080 /ors
+          mkdir $(pwd)/graphs $(pwd)/conf
+          sudo chown 1000:1000 $(pwd)/graphs $(pwd)/conf
+          docker run -it -d -p 8080:8080 -v $(pwd)/graphs:/home/ors/ors-core/data/graphs -v $(pwd)/conf:/home/ors/ors-conf --name ors-instance ${{ needs.prepare_environment.outputs.test_image_name }}
+          # Check for health to turn 200 after the graphs are build and spring-boot completely started         
+          ./.github/utils/url_check.sh 127.0.0.1 8080 /ors/v2/health 200 240
+          # Check for correct preflight settings to avoid CORS issues with ORIGIN wildcard from the example config
+          ./.github/utils/cors_check.sh 127.0.0.1 8080 /ors/v2/isochrones/geojson "https://example.org" 200 10
+          ./.github/utils/cors_check.sh 127.0.0.1 8080 /ors/v2/isochrones/geojson "https://example.com" 200 10
+          # Adjust the config file and set ORIGIN to https://example.org
+          sudo sh -c 'jq ".ors.api_settings.cors.allowed.origins[0] = \"https://example.org\"" ./conf/ors-config.json | sponge ./conf/ors-config.json'
+          # Restart the container to apply the config changes
+          docker restart ors-instance
+          # Request preflight with https://example.com and https://example.org to see if it gets applied correctly
+          ./.github/utils/cors_check.sh 127.0.0.1 8080 /ors/v2/isochrones/geojson "https://example.org" 200 50
+          # It should fail with http code 403 for https://example.com since the Origin is not covered.
+          ./.github/utils/cors_check.sh 127.0.0.1 8080 /ors/v2/isochrones/geojson "https://example.com" 403 10
   publish_docker:
     name: Publish the docker image to docker hub
     runs-on: ubuntu-latest

CHANGELOG.md

@@ -37,10 +37,10 @@ RELEASING:
 ### Added
 - migration from Junit4 to Junit5  ([#1320](https://github.com/GIScience/openrouteservice/pull/1320))
 - GTFS support for routing  ([#1316](https://github.com/GIScience/openrouteservice/pull/1316))
-- support for API time parameters  ([#1315](https://github.com/GIScience/openrouteservice/pull/1315))
 - upgrade to spring-boot 2.7.9 and dependency alignment for the api-tests [#1310](https://github.com/GIScience/openrouteservice/pull/1310)
 - moved all api tests into `openrouteservice` module [#1352](https://github.com/GIScience/openrouteservice/pull/1352)
 - migrate java from 11 to 17 [#1353](https://github.com/GIScience/openrouteservice/pull/1353)
+- time-dependent core routing algorithms ([#1388](https://github.com/GIScience/openrouteservice/pull/1388))
 
 ### Fixed
 - update docker setup description ([#1326](https://github.com/GIScience/openrouteservice/pull/1326))
@@ -50,6 +50,7 @@ RELEASING:
 - support for API time parameters  ([#1315](https://github.com/GIScience/openrouteservice/pull/1315))
 - upgrade spring-boot from 2.7.9 to 2.7.10  ([#1372](https://github.com/GIScience/openrouteservice/pull/1372))
 - upgrade graphhopper version to v4.4 for correct flushing of graph storages [#1378](https://github.com/GIScience/openrouteservice/pull/1378)
+- Handle warning regarding transient dependencies [#1383](https://github.com/GIScience/openrouteservice/issues/1383)
 
 ## [7.0.1] - 2023-03-08
 ### Fixed

docs/installation/Configuration.md

@@ -14,12 +14,13 @@ and adjusted as needed.
 ## ors
 The top level element.
 
-| key | type | description | example value |
-|-----|------|-------------|-------|
-| info  |  object | the topmost element to provide basic information about the service for signing and information purposes           |  [info](#orsinfo)   |
-| services   |  object |   an object comprising the services       |   [services](#orsservices)    |  
-| logging  |  object | the logging properties      |  [logging](#orslogging)   |
-| system_message   |  list |   List of system message objects       |   [system messages](#orssystem_message)    |
+| key               | type   | description                                                                                             | example value                         |
+|-------------------|--------|---------------------------------------------------------------------------------------------------------|---------------------------------------|
+| info              | object | the topmost element to provide basic information about the service for signing and information purposes | [info](#orsinfo)                      |
+| api_settings.cors | object | general api settings (e.g. access control)                                                              | [api settings](#orsapi_settings)      |
+| services          | object | an object comprising the services                                                                       | [services](#orsservices)              |  
+| logging           | object | the logging properties                                                                                  | [logging](#orslogging)                |
+| system_message    | list   | List of system message objects                                                                          | [system messages](#orssystem_message) |
 
 ---
 
@@ -35,6 +36,31 @@ The top level element.
 
 ---
 
+### ors.api_settings
+Currently only [cors](#orsapi_settingscors) member for api access control
+
+---
+
+### ors.api_settings.cors
+
+| key               | type    | description                                                                         | example value                                         |
+|-------------------|---------|-------------------------------------------------------------------------------------|-------------------------------------------------------|
+| allowed           | object  | CORS settings for origins and headers                                               | [allowed](#orsapi_settingscorsallowed)                |
+| exposed.headers   | list    | Configures the Access-Control-Expose-Headers CORS header                            | `["Access-Control-Allow-Origin", "X-Requested-With"]` |
+| preflight_max_age | integer | Duration in seconds. Specifies how long the OPTIONS response is cached by browsers  | `600`                                                 |
+
+---
+
+
+### ors.api_settings.cors.allowed
+
+| key               | type | description                                                                  | example value                                       |
+|-------------------|------|------------------------------------------------------------------------------|-----------------------------------------------------|
+| origins           | list | Configures the Access-Control-Allow-Origins CORS header. `*` for all origins | `["https://my-app.com","https://my-other-app.com"]` |
+| headers           | list | Configures the Access-Control-Allow-Headers CORS header. `*` for all headers | `["Authorization","X-Requested-With"]`              |
+
+---
+
 ### ors.services
 
 | key | type | description | example value |

openrouteservice/WebContent/WEB-INF/web.xml

@@ -1,50 +1,16 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
-	<display-name>OpenRouteService API</display-name>
+	<display-name>openrouteservice API</display-name>
 	<!-- FILTERS -->
-    <filter>
-		<filter-name>CorsFilter</filter-name>
-		<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
-		<init-param>
-			<param-name>cors.allowed.origins</param-name>
-			<param-value>*</param-value>
-		</init-param>
-		<init-param>
-			<param-name>cors.allowed.methods</param-name>
-			<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
-		</init-param>
-		<init-param>
-			<param-name>cors.allowed.headers</param-name>
-			<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
-		</init-param>
-		<init-param>
-			<param-name>cors.exposed.headers</param-name>
-			<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
-		</init-param>
-		<init-param>
-			<param-name>cors.support.credentials</param-name>
-			<param-value>false</param-value>
-		</init-param>
-		<init-param>
-			<param-name>cors.preflight.maxage</param-name>
-			<param-value>10</param-value>
-		</init-param>
-	</filter>
-
-	<filter-mapping>
-		<filter-name>CorsFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-
 	<filter>
-		<filter-name>CompressionFilter</filter-name> 
+		<filter-name>CompressionFilter</filter-name>
 		<filter-class>org.heigit.ors.servlet.filters.CompressionFilter</filter-class>
 	</filter>
 	<filter-mapping>
 		<filter-name>CompressionFilter</filter-name>
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
-  
+
 	<filter>
 		<filter-name>StatusCodeHandlerFilter</filter-name>
 		<filter-class>org.heigit.ors.servlet.filters.StatusCodeHandlerFilter</filter-class>

openrouteservice/pom.xml

@@ -48,7 +48,7 @@
         <project.timestamp>${maven.build.timestamp}</project.timestamp>
         <maven.build.timestamp.format>yyyy-MM-dd'T'HH:mm:ss'Z'</maven.build.timestamp.format>
         <geotools.version>28.2</geotools.version>
-        <slf4j.version>2.0.6</slf4j.version>
+        <slf4j.version>2.0.7</slf4j.version>
         <log4j.version>2.20.0</log4j.version>
         <kafka.version>3.4.0</kafka.version>
         <fasterxml.jackson.version>2.14.2</fasterxml.jackson.version>
@@ -130,8 +130,7 @@
                         <configuration>
                             <target>
                                 <echo>Creating version file</echo>
-                                <copy file="${basedir}/target/${project.build.finalName}/WEB-INF/classes/resources/version.properties"
-                                      tofile="${basedir}/target/version.properties"/>
+                                <copy file="${basedir}/target/${project.build.finalName}/WEB-INF/classes/resources/version.properties" tofile="${basedir}/target/version.properties"/>
                             </target>
                         </configuration>
                     </execution>
@@ -362,12 +361,18 @@
             <groupId>org.skyscreamer</groupId>
             <artifactId>jsonassert</artifactId>
             <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.vaadin.external.google</groupId>
+                    <artifactId>android-json</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
             <groupId>com.github.GIScience.graphhopper</groupId>
             <artifactId>graphhopper-core</artifactId>
-            <version>v4.4</version>
+            <version>v4.5</version>
             <exclusions>
                 <exclusion>
                     <groupId>com.fasterxml.jackson.dataformat</groupId>
@@ -379,7 +384,7 @@
         <dependency>
             <groupId>com.github.GIScience.graphhopper</groupId>
             <artifactId>graphhopper-reader-gtfs</artifactId>
-            <version>v4.4</version>
+            <version>v4.5</version>
             <exclusions>
                 <exclusion>
                     <groupId>com.fasterxml.jackson.dataformat</groupId>
@@ -391,7 +396,7 @@
         <dependency>
             <groupId>com.github.GIScience.graphhopper</groupId>
             <artifactId>graphhopper-web-api</artifactId>
-            <version>v4.4</version>
+            <version>v4.5</version>
             <exclusions>
                 <exclusion>
                     <groupId>com.fasterxml.jackson.dataformat</groupId>
@@ -453,7 +458,7 @@
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
-            <version>42.5.4</version>
+            <version>42.6.0</version>
         </dependency>
 
         <dependency>
@@ -521,7 +526,6 @@
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
             <version>20230227</version>
-            <scope>test</scope>
         </dependency>
 
         <dependency>