Compare commits
9 Commits
5d422e1608
..
v1.0.0
| Author | SHA1 | Date | |
|---|---|---|---|
 litoral05
|
0bb25521a1 | ||
|
litoral05
|
8de3e42576 | ||
|
litoral05
|
d5ef831efc | ||
|
litoral05
|
15e73677c4 | ||
|
litoral05
|
a72ee91bd4 | ||
|
litoral05
|
102e906b36 | ||
|
litoral05
|
45419f23c1 | ||
|
litoral05
|
2203b0f2c3 | ||
|
litoral05
|
4b67ba9995 |
@@ -31,3 +31,5 @@ build/
|
||||
|
||||
### VS Code ###
|
||||
.vscode/
|
||||
|
||||
.env
|
||||
|
||||
Binary file not shown.
@@ -2,6 +2,7 @@ package com.litoralregas.backend_gateway.auth;
|
||||
|
||||
import com.litoralregas.backend_gateway.auth.dto.LoginRequest;
|
||||
import com.litoralregas.backend_gateway.auth.dto.LoginResponse;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
@RestController
|
||||
@@ -9,13 +10,19 @@ import org.springframework.web.bind.annotation.*;
|
||||
public class AuthController {
|
||||
|
||||
private final AuthService authService;
|
||||
private final PasswordEncoder passwordEncoder;
|
||||
|
||||
public AuthController(AuthService authService) {
|
||||
public AuthController(
|
||||
AuthService authService,
|
||||
PasswordEncoder passwordEncoder
|
||||
) {
|
||||
this.authService = authService;
|
||||
this.passwordEncoder = passwordEncoder;
|
||||
}
|
||||
|
||||
@PostMapping("/login")
|
||||
public LoginResponse login(@RequestBody LoginRequest request) {
|
||||
System.out.println(passwordEncoder.encode("admin123"));
|
||||
return authService.login(request);
|
||||
}
|
||||
}
|
||||
@@ -7,4 +7,5 @@ import java.util.Optional;
|
||||
public interface ClientRepository extends JpaRepository<ClientEntity, Long> {
|
||||
|
||||
Optional<ClientEntity> findByName(String name);
|
||||
Optional<ClientEntity> findByIdAndEnabledTrue(Long id);
|
||||
}
|
||||
@@ -0,0 +1,33 @@
|
||||
package com.litoralregas.backend_gateway.client;
|
||||
|
||||
import com.litoralregas.backend_gateway.security.AuthenticatedUser;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@Service
|
||||
public class ClientResolver {
|
||||
|
||||
private final ClientRepository clientRepository;
|
||||
|
||||
public ClientResolver(ClientRepository clientRepository) {
|
||||
this.clientRepository = clientRepository;
|
||||
}
|
||||
|
||||
public ClientEntity resolveCurrentClient() {
|
||||
|
||||
Authentication authentication =
|
||||
SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if (authentication == null) {
|
||||
throw new RuntimeException("Not authenticated");
|
||||
}
|
||||
|
||||
AuthenticatedUser user =
|
||||
(AuthenticatedUser) authentication.getPrincipal();
|
||||
|
||||
return clientRepository
|
||||
.findByIdAndEnabledTrue(user.clientId())
|
||||
.orElseThrow(() -> new RuntimeException("Client not found"));
|
||||
}
|
||||
}
|
||||
@@ -1,22 +1,32 @@
|
||||
package com.litoralregas.backend_gateway.config;
|
||||
|
||||
import com.litoralregas.backend_gateway.security.JwtAuthenticationFilter;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
@Configuration
|
||||
public class SecurityConfig {
|
||||
private final JwtAuthenticationFilter jwtAuthenticationFilter;
|
||||
|
||||
public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter) {
|
||||
this.jwtAuthenticationFilter = jwtAuthenticationFilter;
|
||||
}
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
return http
|
||||
.csrf(csrf -> csrf.disable())
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers("/auth/**").permitAll()
|
||||
.requestMatchers("/admin/**").hasRole("ADMIN")
|
||||
.requestMatchers("/api/backend/**").authenticated()
|
||||
.anyRequest().permitAll()
|
||||
)
|
||||
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
|
||||
.build();
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
package com.litoralregas.backend_gateway.gateway;
|
||||
|
||||
import com.litoralregas.backend_gateway.client.ClientResolver;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.HttpStatus;
|
||||
@@ -12,19 +13,18 @@ import org.springframework.web.reactive.function.client.WebClientResponseExcepti
|
||||
public class BackendProxyService {
|
||||
|
||||
private final WebClient webClient;
|
||||
private final ProxyProperties proxyProperties;
|
||||
private final ClientResolver clientResolver;
|
||||
|
||||
public BackendProxyService(WebClient webClient, ProxyProperties proxyProperties) {
|
||||
public BackendProxyService(
|
||||
WebClient webClient,
|
||||
ClientResolver clientResolver
|
||||
) {
|
||||
this.webClient = webClient;
|
||||
this.proxyProperties = proxyProperties;
|
||||
this.clientResolver = clientResolver;
|
||||
}
|
||||
|
||||
public String getHealth() {
|
||||
return webClient.get()
|
||||
.uri(proxyProperties.getBackendBaseUrl() + "/actuator/health")
|
||||
.retrieve()
|
||||
.bodyToMono(String.class)
|
||||
.block();
|
||||
return "UP";
|
||||
}
|
||||
|
||||
public ResponseEntity<String> proxy(HttpServletRequest request, String body) {
|
||||
@@ -33,7 +33,7 @@ public class BackendProxyService {
|
||||
String query = request.getQueryString();
|
||||
|
||||
String targetUrl =
|
||||
proxyProperties.getBackendBaseUrl()
|
||||
resolveBackendUrl()
|
||||
+ path
|
||||
+ (query != null ? "?" + query : "");
|
||||
|
||||
@@ -76,4 +76,10 @@ public class BackendProxyService {
|
||||
.body("Backend unavailable");
|
||||
}
|
||||
}
|
||||
|
||||
private String resolveBackendUrl() {
|
||||
return clientResolver
|
||||
.resolveCurrentClient()
|
||||
.getBackendBaseUrl();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
package com.litoralregas.backend_gateway.security;
|
||||
|
||||
import com.litoralregas.backend_gateway.user.UserRole;
|
||||
|
||||
public record AuthenticatedUser(
|
||||
Long userId,
|
||||
Long clientId,
|
||||
String username,
|
||||
UserRole role
|
||||
) {
|
||||
}
|
||||
@@ -0,0 +1,70 @@
|
||||
package com.litoralregas.backend_gateway.security;
|
||||
|
||||
import com.litoralregas.backend_gateway.user.UserRole;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
@Component
|
||||
public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
||||
|
||||
private final JwtService jwtService;
|
||||
|
||||
public JwtAuthenticationFilter(JwtService jwtService) {
|
||||
this.jwtService = jwtService;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
FilterChain filterChain
|
||||
) throws ServletException, IOException {
|
||||
|
||||
String authHeader = request.getHeader("Authorization");
|
||||
|
||||
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
|
||||
filterChain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
|
||||
String token = authHeader.substring(7);
|
||||
|
||||
if (!jwtService.isValid(token)) {
|
||||
filterChain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
|
||||
String username = jwtService.extractUsername(token);
|
||||
Long userId = jwtService.extractUserId(token);
|
||||
Long clientId = jwtService.extractClientId(token);
|
||||
UserRole role = UserRole.valueOf(jwtService.extractRole(token));
|
||||
|
||||
AuthenticatedUser authenticatedUser = new AuthenticatedUser(
|
||||
userId,
|
||||
clientId,
|
||||
username,
|
||||
role
|
||||
);
|
||||
|
||||
UsernamePasswordAuthenticationToken authentication =
|
||||
new UsernamePasswordAuthenticationToken(
|
||||
authenticatedUser,
|
||||
null,
|
||||
List.of(new SimpleGrantedAuthority("ROLE_" + role.name()))
|
||||
);
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,8 @@
|
||||
package com.litoralregas.backend_gateway.security;
|
||||
|
||||
import com.litoralregas.backend_gateway.user.UserEntity;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.JwtException;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
import org.springframework.stereotype.Service;
|
||||
@@ -39,4 +41,61 @@ public class JwtService {
|
||||
jwtProperties.getSecret().getBytes(StandardCharsets.UTF_8)
|
||||
);
|
||||
}
|
||||
|
||||
private Claims getClaims(String token) {
|
||||
|
||||
return Jwts.parser()
|
||||
.verifyWith(getSigningKey())
|
||||
.build()
|
||||
.parseSignedClaims(token)
|
||||
.getPayload();
|
||||
}
|
||||
|
||||
public boolean isValid(String token) {
|
||||
|
||||
try {
|
||||
getClaims(token);
|
||||
return true;
|
||||
} catch (JwtException ex) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public String extractUsername(String token) {
|
||||
return getClaims(token).getSubject();
|
||||
}
|
||||
|
||||
public Long extractClientId(String token) {
|
||||
|
||||
Object value = getClaims(token).get("clientId");
|
||||
|
||||
if (value instanceof Integer integer) {
|
||||
return integer.longValue();
|
||||
}
|
||||
|
||||
if (value instanceof Long longValue) {
|
||||
return longValue;
|
||||
}
|
||||
|
||||
return Long.parseLong(value.toString());
|
||||
}
|
||||
|
||||
public String extractRole(String token) {
|
||||
return getClaims(token).get("role", String.class);
|
||||
}
|
||||
|
||||
public Long extractUserId(String token) {
|
||||
|
||||
Object value = getClaims(token).get("userId");
|
||||
|
||||
if (value instanceof Integer integer) {
|
||||
return integer.longValue();
|
||||
}
|
||||
|
||||
if (value instanceof Long longValue) {
|
||||
return longValue;
|
||||
}
|
||||
|
||||
return Long.parseLong(value.toString());
|
||||
}
|
||||
}
|
||||
@@ -26,5 +26,5 @@ gateway:
|
||||
response-timeout: 10s
|
||||
|
||||
jwt:
|
||||
secret: your-super-long-secret-key-change-me
|
||||
expiration-minutes: 1440
|
||||
secret: ${JWT_SECRET}
|
||||
expiration-minutes: ${JWT_EXPIRATION_MINUTES:1440}
|
||||
@@ -0,0 +1,16 @@
|
||||
INSERT INTO clients (name, backend_base_url, enabled)
|
||||
SELECT 'dev-local', 'http://10.100.1.2:18450', 1
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM clients WHERE name = 'dev-local'
|
||||
);
|
||||
|
||||
INSERT INTO users (client_id, username, password_hash, role, enabled)
|
||||
SELECT
|
||||
(SELECT id FROM clients WHERE name = 'dev-local'),
|
||||
'admin',
|
||||
'$2a$10$it1vy5t1FXISQTWit2A39udaMR0N0yqJtJUnxMqF1Xz4SuNBaam6u',
|
||||
'ADMIN',
|
||||
1
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM users WHERE username = 'admin'
|
||||
);
|
||||
Reference in New Issue
Block a user