feat(security): add CORS support and update security config

frontend/src/app/app.config.ts

@@ -36,7 +36,7 @@ export const appConfig: ApplicationConfig = {
     provideOAuthClient(),
     {
       provide: OAuthStorage,
-      useFactory: () => storageFactory(),
+      useFactory: () => localStorage,
     }
   ],
 };

frontend/src/app/service/auth.service.ts

@@ -4,6 +4,7 @@ import { AuthConfig, OAuthService, OAuthStorage } from 'angular-oauth2-oidc';
 import { UserService } from './user.service';
 import { User } from '../model/User';
 import { Router } from '@angular/router';
+import { environment } from '../../environments/environment';
 
 
 @Injectable({
@@ -12,9 +13,9 @@ import { Router } from '@angular/router';
 export class AuthService {
   private readonly authConfig: AuthConfig = {
     issuer: 'https://oauth.simonis.lol/application/o/casino-dev/',
-    clientId: 'MDqjm1kcWKuZfqHJXjxwAV20i44aT7m4VhhTL3Nm',
-    dummyClientSecret: 'GY2F8te6iAVYt1TNAUVLzWZEXb6JoMNp6chbjqaXNq4gS5xTDL54HqBiAlV1jFKarN28LQ7FUsYX4SbwjfEhZhgeoKuBnZKjR9eiu7RawnGgxIK9ffvUfMkjRxnmiGI5',
-    scope: 'openid profile email',
+    clientId: environment.OAUTH_CLIENT_ID,
+    dummyClientSecret: environment.OAUTH_CLIENT_SECRET,
+    scope: `openid email profile ${environment.OAUTH_CLIENT_ID}`,
     responseType: 'code',
     redirectUri: window.location.origin + '/auth/callback',
     oidc: true,
@@ -22,6 +23,9 @@ export class AuthService {
     strictDiscoveryDocumentValidation: false,
     skipIssuerCheck: true,
     disableAtHashCheck: true,
+    jwks: {
+      skipJwksValidation: true,
+    }
   };
 
   private userService: UserService = inject(UserService);

frontend/src/app/service/user.service.ts

@@ -1,6 +1,6 @@
 import { inject, Injectable } from '@angular/core';
 import { HttpClient } from '@angular/common/http';
-import { catchError, EMPTY, Observable, of, switchMap } from 'rxjs';
+import { catchError, EMPTY, Observable } from 'rxjs';
 import { User } from '../model/User';
 
 @Injectable({
@@ -9,10 +9,6 @@ import { User } from '../model/User';
 export class UserService {
   private http: HttpClient = inject(HttpClient);
 
-  public getUser(id: string): Observable<User | null> {
-    return this.http.get<User | null>(`/backend/user/${id}`).pipe(catchError(() => EMPTY));
-  }
-
   public getCurrentUser(): Observable<User | null> {
     return this.http.get<User | null>('/backend/user').pipe(catchError(() => EMPTY));
   }
@@ -27,10 +23,6 @@ export class UserService {
   public getOrCreateUser(profile: any): Observable<User> {
     const id = profile.info.sub;
     const username = profile.info.preferred_username;
-    try {
-      return this.getUser(id) as Observable<User>;
-    } catch (error) {
-      return this.createUser(id, username);
-    }
+    return this.createUser(id, username);
   }
 }

frontend/src/environments/environment.ts

@@ -1,4 +1,5 @@
 export const environment = {
-  STRIPE_KEY:
-    'pk_test_51QrePYIvCfqz7ANgMizBorPpVjJ8S6gcaL4yvcMQnVaKyReqcQ6jqaQEF7aDZbDu8rNVsTZrw8ABek4ToxQX7KZe00jpGh8naG',
+  STRIPE_KEY: 'pk_test_51QrePYIvCfqz7ANgMizBorPpVjJ8S6gcaL4yvcMQnVaKyReqcQ6jqaQEF7aDZbDu8rNVsTZrw8ABek4ToxQX7KZe00jpGh8naG',
+  OAUTH_CLIENT_ID: 'MDqjm1kcWKuZfqHJXjxwAV20i44aT7m4VhhTL3Nm',
+  OAUTH_CLIENT_SECRET: 'GY2F8te6iAVYt1TNAUVLzWZEXb6JoMNp6chbjqaXNq4gS5xTDL54HqBiAlV1jFKarN28LQ7FUsYX4SbwjfEhZhgeoKuBnZKjR9eiu7RawnGgxIK9ffvUfMkjRxnmiGI5'
 };