mixel/DocuSphere
1
0
Fork 0
Code Issues 6 Pull requests 1 Actions Packages Projects Releases Wiki Activity

store this all as todo Dependency Cycle issues I couldn't resolve

Browse source
This commit is contained in:
Mika Bomm 2024-09-08 13:23:15 +02:00
parent 569581951f
commit 3e8321b9b6
11 changed files with 294 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
server/src/main/java/com/mixel/docusphere/config/SecurityConfig.java
View file

@ -1,22 +1,66 @@
package com.mixel.docusphere.config;
import com.mixel.docusphere.config.jwt.JwtAuthenticationEntryPoint;
import com.mixel.docusphere.config.jwt.JwtRequestFilter;
import com.mixel.docusphere.service.CustomUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
private final CustomUserDetailsService customUserDetailsService;
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
private final JwtRequestFilter jwtRequestFilter;
private final PasswordEncoder passwordEncoder;
public SecurityConfig(CustomUserDetailsService customUserDetailsService, JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint, @Lazy JwtRequestFilter jwtRequestFilter, PasswordEncoder passwordEncoder) {
this.customUserDetailsService = customUserDetailsService;
this.jwtAuthenticationEntryPoint = jwtAuthenticationEntryPoint;
this.jwtRequestFilter = jwtRequestFilter;
this.passwordEncoder = passwordEncoder;
}
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);
}
// TODO: use PasswordService instead of BCryptPasswordEncoder
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable()) // Disable CSRF protection
http.csrf(csrf -> csrf.disable())
.authorizeHttpRequests(auth -> auth
.anyRequest().permitAll() // Allow all requests without authentication
);
.requestMatchers("/authenticate", "/register").permitAll()
.anyRequest().authenticated()
)
.exceptionHandling(exception -> exception.authenticationEntryPoint(jwtAuthenticationEntryPoint))
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}

20
server/src/main/java/com/mixel/docusphere/config/jwt/JwtAuthenticationEntryPoint.java Normal file
View file

@ -0,0 +1,20 @@
package com.mixel.docusphere.config.jwt;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import java.io.IOException;
@Component
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
}

21
server/src/main/java/com/mixel/docusphere/config/jwt/JwtConfig.java Normal file
View file

@ -0,0 +1,21 @@
package com.mixel.docusphere.config.jwt;
import io.github.cdimascio.dotenv.Dotenv;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class JwtConfig {
private final Dotenv dotenv = Dotenv.configure().load();
@Bean
public String jwtSecret() {
return dotenv.get("JWT_SECRET_KEY");
}
@Bean
public long jwtExpirationTime() {
return Long.parseLong(dotenv.get("JWT_EXPIRATION_TIME", "3600000")); // Default 1 hour
}
}

69
server/src/main/java/com/mixel/docusphere/config/jwt/JwtRequestFilter.java Normal file
View file

@ -0,0 +1,69 @@
package com.mixel.docusphere.config.jwt;
import com.mixel.docusphere.service.CustomUserDetailsService;
import com.mixel.docusphere.service.JwtService;
import io.jsonwebtoken.ExpiredJwtException;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
private final JwtService jwtService;
private final CustomUserDetailsService userDetailsService;
@Autowired
public JwtRequestFilter(JwtService jwtService, @Lazy CustomUserDetailsService userDetailsService) {
this.jwtService = jwtService;
this.userDetailsService = userDetailsService;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
final String requestTokenHeader = request.getHeader("Authorization");
String username = null;
String jwtToken = null;
if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
jwtToken = requestTokenHeader.substring(7);
try {
username = jwtService.getUsernameFromToken(jwtToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has expired");
}
} else {
logger.warn("JWT Token does not begin with Bearer String");
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (jwtService.validateToken(jwtToken, userDetails.getUsername())) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
chain.doFilter(request, response);
}
}

4
server/src/main/java/com/mixel/docusphere/controller/AuthController.java Normal file
View file

@ -0,0 +1,4 @@
package com.mixel.docusphere.controller;
public class AuthController {
}

14
server/src/main/java/com/mixel/docusphere/dto/response/JwtResponseDTO.java Normal file
View file

@ -0,0 +1,14 @@
package com.mixel.docusphere.dto.response;
public class JwtResponseDTO {
private final String jwtToken;
public JwtResponseDTO(String jwtToken){
this.jwtToken = jwtToken;
}
public String getJwtToken(){
return jwtToken;
}
}

3
server/src/main/java/com/mixel/docusphere/repository/UserRepository.java
View file

@ -2,7 +2,10 @@ package com.mixel.docusphere.repository;
import com.mixel.docusphere.entity.User;
import org.springframework.data.jpa.repository.JpaRepository;
import java.util.Optional;
import java.util.UUID;
public interface UserRepository extends JpaRepository<User, UUID> {
Optional<User> findByUsername(String username);
}

26
server/src/main/java/com/mixel/docusphere/service/CustomUserDetailsService.java Normal file
View file

@ -0,0 +1,26 @@
package com.mixel.docusphere.service;
import com.mixel.docusphere.repository.UserRepository;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
@Service
public class CustomUserDetailsService implements UserDetailsService {
private final UserRepository userRepository;
public CustomUserDetailsService(UserRepository userRepository) {
this.userRepository = userRepository;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
com.mixel.docusphere.entity.User user = userRepository.findByUsername(username)
.orElseThrow(() -> new UsernameNotFoundException("User not found with username: " + username));
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPasswordHash(), new ArrayList<>());
}
}

84
server/src/main/java/com/mixel/docusphere/service/JwtService.java Normal file
View file

@ -0,0 +1,84 @@
package com.mixel.docusphere.service;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.security.Key;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
@Service
public class JwtService {
private final String jwtSecret;
private final long jwtExpiration;
@Autowired
public JwtService(String jwtSecret, long jwtExpirationTime) {
this.jwtSecret = jwtSecret;
this.jwtExpiration = jwtExpirationTime;
}
private Key getSigningKey() {
byte[] keyBytes = Decoders.BASE64.decode(jwtSecret);
return Keys.hmacShaKeyFor(keyBytes);
}
public String getUserIdFromToken(String token) {
return getClaimFromToken(token, Claims::getId);
}
public String getUsernameFromToken(String token) {
return getClaimFromToken(token, Claims::getSubject);
}
public Date getExpirationDateFromToken(String token) {
return getClaimFromToken(token, Claims::getExpiration);
}
public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
final Claims claims = getAllClaimsFromToken(token);
return claimsResolver.apply(claims);
}
private Boolean isTokenExpired(String token) {
final Date expiration = getExpirationDateFromToken(token);
return expiration.before(new Date());
}
public String generateToken(String username) {
Map<String, Object> claims = new HashMap<>();
return doGenerateToken(claims, username);
}
public Boolean validateToken(String token, String username) {
final String usernameFromToken = getUsernameFromToken(token);
return (username.equals(usernameFromToken) && !isTokenExpired(token));
}
private String doGenerateToken(Map<String, Object> claims, String subject) {
return Jwts.builder()
.setClaims(claims)
.setSubject(subject)
.setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + jwtExpiration))
.signWith(getSigningKey(), SignatureAlgorithm.HS256)
.compact();
}
private Claims getAllClaimsFromToken(String token) {
return Jwts
.parser()
.setSigningKey(getSigningKey())
.build()
.parseClaimsJws(token)
.getBody();
}
}

2
server/src/main/java/com/mixel/docusphere/service/UserService.java
View file

@ -5,7 +5,6 @@ import com.mixel.docusphere.dto.response.UserRespondDTO;
import com.mixel.docusphere.entity.User;
import com.mixel.docusphere.mapper.UserMapper;
import com.mixel.docusphere.repository.UserRepository;
import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.List;
@ -21,7 +20,6 @@ public class UserService {
private final PasswordService passwordService;
// Constructor
public UserService(UserRepository userRepository, PasswordService passwordService) {
this.userRepository = userRepository;
this.passwordService = passwordService;

5
server/src/main/java/com/mixel/docusphere/util/JwtUtil.java Normal file
View file

@ -0,0 +1,5 @@
package com.mixel.docusphere.util;
public class JwtUtil {
}