Add api.osable.net/questions controller.

Only return error pages on osable.net requests
Add CSRF exception debugging for development
Update frontend submodule

Author: katsumag

core/src/main/kotlin/net/osable/core/SecurityConfiguration.kt

@@ -1,7 +1,9 @@
 package net.osable.core
 
+import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.core.env.Environment
 import org.springframework.http.HttpStatus
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.web.SecurityFilterChain
@@ -15,6 +17,8 @@ import org.springframework.web.bind.annotation.RestController
 @Configuration
 class SecurityConfiguration {
 
+    @Autowired private lateinit var environment: Environment
+
     @Bean fun filterChain(http: HttpSecurity): SecurityFilterChain {
         http.authorizeHttpRequests {
 
@@ -33,6 +37,15 @@ class SecurityConfiguration {
             it.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
         }.oauth2Client()
 
+
+        // Useful for debugging CSRF
+        if (environment.activeProfiles.contains("development")) {
+            http.exceptionHandling().accessDeniedHandler { request, response, accessDeniedException ->
+                println("Access denied. Cause: ${accessDeniedException.cause} | Message: ${accessDeniedException.message}")
+                accessDeniedException.printStackTrace()
+            }
+        }
+
         return http.build()
     }
 

core/src/main/kotlin/net/osable/core/model/ContactRequest.kt

@@ -0,0 +1,11 @@
+package net.osable.core.model
+
+class ContactRequest(
+    private val name: String,
+    private val email: String,
+    private val message: String
+) {
+
+    fun asContentString() = "Name: $name\nEmail: $email\nMessage: $message"
+
+}

core/src/main/kotlin/net/osable/core/model/DiscordRequestBody.kt

@@ -0,0 +1,7 @@
+package net.osable.core.model
+
+class DiscordRequestBody (
+    val username: String = "OSable",
+    val avatar_url: String = "https://cdn.discordapp.com/avatars/872531727908753428/c0640a6bf06abb467ca5392591c32c6b.webp",
+    val content: String
+)

core/src/main/kotlin/net/osable/core/web/ErrorController.kt

@@ -1,6 +1,7 @@
 package net.osable.core.web
 
 import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 import net.osable.core.Error
 import net.osable.core.getErrorCode
 import net.osable.core.getHttpStatusMessage
@@ -11,8 +12,15 @@ import org.springframework.web.servlet.ModelAndView
 @Controller
 class ErrorController : org.springframework.boot.web.servlet.error.ErrorController {
 
-    @RequestMapping("/error") fun defaultErrorMapping(request: HttpServletRequest) = ModelAndView("templates/error").apply {
+    @RequestMapping("/error", headers = ["Host=osable.net"])
+    fun defaultErrorMapping(request: HttpServletRequest) = ModelAndView("templates/error").apply {
         addObject("error", Error(request.getErrorCode(), getHttpStatusMessage(request.getErrorCode())))
     }
 
+    @RequestMapping("/error")
+    fun apiErrorMapping(request: HttpServletRequest, response: HttpServletResponse) {
+        val errorCode = request.getErrorCode()
+        response.sendError(errorCode, getHttpStatusMessage(errorCode))
+    }
+
 }

core/src/main/kotlin/net/osable/core/web/FormController.kt

@@ -0,0 +1,42 @@
+package net.osable.core.web
+
+import net.osable.core.model.ContactRequest
+import net.osable.core.model.DiscordRequestBody
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.http.HttpHeaders
+import org.springframework.http.HttpStatus
+import org.springframework.http.MediaType
+import org.springframework.stereotype.Controller
+import org.springframework.web.bind.annotation.CrossOrigin
+import org.springframework.web.bind.annotation.ModelAttribute
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.ResponseStatus
+import org.springframework.web.reactive.function.client.WebClient
+
+@Controller
+class FormController {
+
+    private val webClient = WebClient.builder()
+        .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+        .build()
+
+    @Value("#{environment.QUESTIONS_WEBHOOK_URL}")
+    private lateinit var webhookURL: String
+
+    @PostMapping("/questions", consumes = [MediaType.MULTIPART_FORM_DATA_VALUE], headers = ["Host=api.osable.net"])
+    // Method has a void return type, spring MVC tries to find a /questions page to redirect to without this annotation
+    @ResponseStatus(HttpStatus.OK)
+    // Allow cross-origin requests from ourselves
+    @CrossOrigin(origins = ["https://osable.net"])
+    fun questionsContactRoute(@ModelAttribute contactRequest: ContactRequest) {
+        webClient.post()
+            .uri(webhookURL)
+            .bodyValue(DiscordRequestBody(
+                content = contactRequest.asContentString()
+            ))
+            .retrieve()
+            .toBodilessEntity()
+            .subscribe { }
+    }
+
+}