FIX: 🛂 Allow cross-origin requests & require access token for manager controller [@asegers]

src/main/java/com/afp/ordermanagement/config/AuthWebFilter.java

@@ -16,12 +16,16 @@ public class AuthWebFilter implements WebFilter {
 
     @Override
     public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
-//         String origin = serverWebExchange.getRequest().getHeaders().getOrigin();
-//        if (managerTokenVerifier.hasTokenHeader(serverWebExchange)) {
-//            String token = managerTokenVerifier.getTokenHeader(serverWebExchange);
-//            if (managerTokenVerifier.isTokenValid(token))
+        String path = serverWebExchange.getRequest().getPath().toString();
+
+        if (!path.contains("/api/managers/")) return webFilterChain.filter(serverWebExchange);
+
+        if (managerTokenVerifier.hasTokenHeader(serverWebExchange)) {
+            String token = managerTokenVerifier.getTokenHeader(serverWebExchange);
+            if (managerTokenVerifier.isTokenValid(token))
                 return webFilterChain.filter(serverWebExchange);
-//        }
-//        return Mono.error(new BadAccessTokenException());
+        }
+
+        return Mono.error(new BadAccessTokenException());
     }
 }

src/main/java/com/afp/ordermanagement/controller/ManagerController.java

@@ -18,6 +18,7 @@ import javax.validation.Valid;
 @RestController
 @AuthManagerController
 @RequestMapping("/api/managers/")
+@CrossOrigin
 public class ManagerController {
     @Autowired
     ManagerService managerService;