feat: Implement settings frontend for allowed CORS domains

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

apps/settings/appinfo/routes.php

@@ -76,6 +76,8 @@
 		['name' => 'TwoFactorSettings#index', 'url' => '/settings/api/admin/twofactorauth', 'verb' => 'GET' , 'root' => ''],
 		['name' => 'TwoFactorSettings#update', 'url' => '/settings/api/admin/twofactorauth', 'verb' => 'PUT' , 'root' => ''],
 		['name' => 'AISettings#update', 'url' => '/settings/api/admin/ai', 'verb' => 'PUT' , 'root' => ''],
+		['name' => 'CORSSettings#updateUserEnabled', 'url' => '/settings/api/admin/cors/allowusers', 'verb' => 'PUT' , 'root' => ''],
+		['name' => 'CORSSettings#allowedDomains', 'url' => '/settings/api/admin/cors/domains', 'verb' => 'PUT' , 'root' => ''],
 
 		['name' => 'Help#help', 'url' => '/settings/help/{mode}', 'verb' => 'GET', 'defaults' => ['mode' => ''] , 'root' => ''],
 

apps/settings/composer/composer/autoload_classmap.php

@@ -21,6 +21,7 @@
     'OCA\\Settings\\Controller\\AppSettingsController' => $baseDir . '/../lib/Controller/AppSettingsController.php',
     'OCA\\Settings\\Controller\\AuthSettingsController' => $baseDir . '/../lib/Controller/AuthSettingsController.php',
     'OCA\\Settings\\Controller\\AuthorizedGroupController' => $baseDir . '/../lib/Controller/AuthorizedGroupController.php',
+    'OCA\\Settings\\Controller\\CORSSettingsController' => $baseDir . '/../lib/Controller/CORSSettingsController.php',
     'OCA\\Settings\\Controller\\ChangePasswordController' => $baseDir . '/../lib/Controller/ChangePasswordController.php',
     'OCA\\Settings\\Controller\\CheckSetupController' => $baseDir . '/../lib/Controller/CheckSetupController.php',
     'OCA\\Settings\\Controller\\CommonSettingsTrait' => $baseDir . '/../lib/Controller/CommonSettingsTrait.php',

apps/settings/composer/composer/autoload_static.php

@@ -36,6 +36,7 @@ class ComposerStaticInitSettings
         'OCA\\Settings\\Controller\\AppSettingsController' => __DIR__ . '/..' . '/../lib/Controller/AppSettingsController.php',
         'OCA\\Settings\\Controller\\AuthSettingsController' => __DIR__ . '/..' . '/../lib/Controller/AuthSettingsController.php',
         'OCA\\Settings\\Controller\\AuthorizedGroupController' => __DIR__ . '/..' . '/../lib/Controller/AuthorizedGroupController.php',
+        'OCA\\Settings\\Controller\\CORSSettingsController' => __DIR__ . '/..' . '/../lib/Controller/CORSSettingsController.php',
         'OCA\\Settings\\Controller\\ChangePasswordController' => __DIR__ . '/..' . '/../lib/Controller/ChangePasswordController.php',
         'OCA\\Settings\\Controller\\CheckSetupController' => __DIR__ . '/..' . '/../lib/Controller/CheckSetupController.php',
         'OCA\\Settings\\Controller\\CommonSettingsTrait' => __DIR__ . '/..' . '/../lib/Controller/CommonSettingsTrait.php',

apps/settings/lib/Controller/CORSSettingsController.php

@@ -0,0 +1,88 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2023 Ferdinand Thiessen <opensource@fthiessend.de>
+ *
+ * @license AGPL-3.0-or-later
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License
+ * as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ */
+namespace OCA\Settings\Controller;
+
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\IConfig;
+use OCP\IRequest;
+use OCP\Util;
+
+class CORSSettingsController extends Controller {
+
+	/**
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param IConfig $config
+	 */
+	public function __construct(
+		$appName,
+		IRequest $request,
+		private IConfig $config,
+	) {
+		parent::__construct($appName, $request);
+	}
+
+	/**
+	 * Set whether users can configure their own list of allowed CORS domains
+	 *
+	 * @AuthorizedAdminSetting(settings=OCA\Settings\Settings\Admin\Security)
+	 *
+	 * @param bool $value
+	 * @return DataResponse
+	 */
+	public function updateUserEnabled($value) {
+		if (!is_bool($value)) {
+			return new DataResponse([], Http::STATUS_BAD_REQUEST);
+		}
+
+		$this->config->setSystemValue('cors.allow-user-domains', $value);
+
+		return new DataResponse();
+	}
+
+	/**
+	 * Set list of globally allowed CORS domains
+	 *
+	 * @AuthorizedAdminSetting(settings=OCA\Settings\Settings\Admin\Security)
+	 *
+	 * @param array $value
+	 * @return DataResponse
+	 */
+	public function allowedDomains(array $value) {
+		try {
+			foreach ($value as $entry) {
+				if (!is_string($entry) || $entry === '' || Util::getFullDomain($entry) === '') {
+					return new DataResponse([], HTTP::STATUS_BAD_REQUEST);
+				}
+			}
+		} catch (\InvalidArgumentException $e) {
+			return new DataResponse([], Http::STATUS_BAD_REQUEST);
+		}
+
+		$this->config->setSystemValue('cors.allowed-domains', $value);
+
+		return new DataResponse();
+	}
+}

apps/settings/lib/Settings/Admin/Security.php

@@ -30,6 +30,7 @@
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
 use OCP\Encryption\IManager;
+use OCP\IConfig;
 use OCP\IUserManager;
 use OCP\IURLGenerator;
 use OCP\Settings\ISettings;
@@ -40,17 +41,20 @@ class Security implements ISettings {
 	private MandatoryTwoFactor $mandatoryTwoFactor;
 	private IInitialState $initialState;
 	private IURLGenerator $urlGenerator;
+	private IConfig $config;
 
 	public function __construct(IManager $manager,
 								IUserManager $userManager,
 								MandatoryTwoFactor $mandatoryTwoFactor,
 								IInitialState $initialState,
-								IURLGenerator $urlGenerator) {
+								IURLGenerator $urlGenerator,
+								IConfig $config) {
 		$this->manager = $manager;
 		$this->userManager = $userManager;
 		$this->mandatoryTwoFactor = $mandatoryTwoFactor;
 		$this->initialState = $initialState;
 		$this->urlGenerator = $urlGenerator;
+		$this->config = $config;
 	}
 
 	/**
@@ -76,6 +80,11 @@ public function getForm(): TemplateResponse {
 		$this->initialState->provideInitialState('encryption-modules', $encryptionModuleList);
 		$this->initialState->provideInitialState('encryption-admin-doc', $this->urlGenerator->linkToDocs('admin-encryption'));
 
+		$this->initialState->provideInitialState('cors-allowed-domains', $this->config->getSystemValue('cors.allowed-domains', []));
+		$this->initialState->provideInitialState('cors-allow-user-domains', $this->config->getSystemValue('cors.allow-user-domains', false));
+		$this->initialState->provideInitialState('cors-settings-admin-docs', $this->urlGenerator->linkToDocs('admin-cors'));
+
+
 		return new TemplateResponse('settings', 'settings/admin/security', [], '');
 	}