store this all as todo Dependency Cycle issues I couldn't resolve

server/build.gradle

@@ -31,7 +31,7 @@ dependencies {
     // Minio S3 Storage
     implementation 'io.minio:minio:8.5.12'
 
-    // JWT token libary (jjwt)
+    // JWT token library (jjwt)
     implementation 'io.jsonwebtoken:jjwt-api:0.12.6'
     runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.6'
     runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.6' // or 'io.jsonwebtoken:jjwt-gson:0.12.6' for gson

server/src/main/java/com/mixel/docusphere/config/SecurityConfig.java

@@ -1,22 +1,66 @@
 package com.mixel.docusphere.config;
 
+import com.mixel.docusphere.config.jwt.JwtAuthenticationEntryPoint;
+import com.mixel.docusphere.config.jwt.JwtRequestFilter;
+import com.mixel.docusphere.service.CustomUserDetailsService;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
 
+    private final CustomUserDetailsService customUserDetailsService;
+    private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
+    private final JwtRequestFilter jwtRequestFilter;
+    private final PasswordEncoder passwordEncoder;
+
+    public SecurityConfig(CustomUserDetailsService customUserDetailsService, JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint, @Lazy JwtRequestFilter jwtRequestFilter, PasswordEncoder passwordEncoder) {
+        this.customUserDetailsService = customUserDetailsService;
+        this.jwtAuthenticationEntryPoint = jwtAuthenticationEntryPoint;
+        this.jwtRequestFilter = jwtRequestFilter;
+        this.passwordEncoder = passwordEncoder;
+    }
+
+    @Autowired
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);
+    }
+
+    // TODO: use PasswordService instead of BCryptPasswordEncoder
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
+    }
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http
-                .csrf(csrf -> csrf.disable()) // Disable CSRF protection
+        http.csrf(csrf -> csrf.disable())
                 .authorizeHttpRequests(auth -> auth
-                        .anyRequest().permitAll() // Allow all requests without authentication
-                );
+                        .requestMatchers("/authenticate", "/register").permitAll()
+                        .anyRequest().authenticated()
+                )
+                .exceptionHandling(exception -> exception.authenticationEntryPoint(jwtAuthenticationEntryPoint))
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+
+        http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }

server/src/main/java/com/mixel/docusphere/config/jwt/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,20 @@
+package com.mixel.docusphere.config.jwt;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+                         AuthenticationException authException) throws IOException {
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+    }
+
+}

server/src/main/java/com/mixel/docusphere/config/jwt/JwtConfig.java

@@ -0,0 +1,21 @@
+package com.mixel.docusphere.config.jwt;
+
+import io.github.cdimascio.dotenv.Dotenv;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class JwtConfig {
+
+    private final Dotenv dotenv = Dotenv.configure().load();
+
+    @Bean
+    public String jwtSecret() {
+        return dotenv.get("JWT_SECRET_KEY");
+    }
+
+    @Bean
+    public long jwtExpirationTime() {
+        return Long.parseLong(dotenv.get("JWT_EXPIRATION_TIME", "3600000")); // Default 1 hour
+    }
+}

server/src/main/java/com/mixel/docusphere/config/jwt/JwtRequestFilter.java

@@ -0,0 +1,69 @@
+package com.mixel.docusphere.config.jwt;
+
+import com.mixel.docusphere.service.CustomUserDetailsService;
+import com.mixel.docusphere.service.JwtService;
+import io.jsonwebtoken.ExpiredJwtException;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+public class JwtRequestFilter extends OncePerRequestFilter {
+
+    private final JwtService jwtService;
+
+    private final CustomUserDetailsService userDetailsService;
+
+    @Autowired
+    public JwtRequestFilter(JwtService jwtService, @Lazy CustomUserDetailsService userDetailsService) {
+        this.jwtService = jwtService;
+        this.userDetailsService = userDetailsService;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+        throws ServletException, IOException {
+
+        final String requestTokenHeader = request.getHeader("Authorization");
+
+        String username = null;
+        String jwtToken = null;
+
+        if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
+            jwtToken = requestTokenHeader.substring(7);
+            try {
+                username = jwtService.getUsernameFromToken(jwtToken);
+            } catch (IllegalArgumentException e) {
+                System.out.println("Unable to get JWT Token");
+            } catch (ExpiredJwtException e) {
+                System.out.println("JWT Token has expired");
+            }
+        } else {
+            logger.warn("JWT Token does not begin with Bearer String");
+        }
+
+        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
+
+            if (jwtService.validateToken(jwtToken, userDetails.getUsername())) {
+                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
+                        new UsernamePasswordAuthenticationToken(
+                                userDetails, null, userDetails.getAuthorities());
+                usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
+            }
+        }
+        chain.doFilter(request, response);
+    }
+}

server/src/main/java/com/mixel/docusphere/controller/AuthController.java

@@ -0,0 +1,4 @@
+package com.mixel.docusphere.controller;
+
+public class AuthController {
+}

server/src/main/java/com/mixel/docusphere/dto/response/JwtResponseDTO.java

@@ -0,0 +1,14 @@
+package com.mixel.docusphere.dto.response;
+
+public class JwtResponseDTO {
+
+    private final String jwtToken;
+
+    public JwtResponseDTO(String jwtToken){
+        this.jwtToken = jwtToken;
+    }
+
+    public String getJwtToken(){
+        return jwtToken;
+    }
+}

server/src/main/java/com/mixel/docusphere/entity/User.java

@@ -62,6 +62,8 @@ public class User implements UserDetails {
         this.userId = userId;
     }
 
+    // TODO: Figure out if this is necessary here since getUsername() should be used on the Entity however this references the interface
+    @Override
     public String getUsername() {
         return username;
     }
@@ -113,11 +115,10 @@ public class User implements UserDetails {
     // UserDetails interface methods
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
-        // Return the authorities granted to the user
-        return Collections.emptyList(); // Implement this based on your requirements
+        // Return the authorities (roles) from user which haven't been implemented yet
+        return Collections.emptyList(); // Return empty list since no roles exist yet
     }
 
-    @JsonIgnore
     @Override
     public String getPassword() {
         return passwordHash;

server/src/main/java/com/mixel/docusphere/repository/UserRepository.java

@@ -2,7 +2,10 @@ package com.mixel.docusphere.repository;
 
 import com.mixel.docusphere.entity.User;
 import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
 import java.util.UUID;
 
 public interface UserRepository extends JpaRepository<User, UUID> {
+    Optional<User> findByUsername(String username);
 }

server/src/main/java/com/mixel/docusphere/service/CustomUserDetailsService.java

@@ -0,0 +1,26 @@
+package com.mixel.docusphere.service;
+
+import com.mixel.docusphere.repository.UserRepository;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.ArrayList;
+
+@Service
+public class CustomUserDetailsService implements UserDetailsService {
+
+    private final UserRepository userRepository;
+
+    public CustomUserDetailsService(UserRepository userRepository) {
+        this.userRepository = userRepository;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        com.mixel.docusphere.entity.User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new UsernameNotFoundException("User not found with username: " + username));
+        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPasswordHash(), new ArrayList<>());
+    }
+}

server/src/main/java/com/mixel/docusphere/service/JwtService.java

@@ -0,0 +1,84 @@
+package com.mixel.docusphere.service;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.security.Key;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+@Service
+public class JwtService {
+
+    private final String jwtSecret;
+    private final long jwtExpiration;
+
+    @Autowired
+    public JwtService(String jwtSecret, long jwtExpirationTime) {
+        this.jwtSecret = jwtSecret;
+        this.jwtExpiration = jwtExpirationTime;
+    }
+
+    private Key getSigningKey() {
+        byte[] keyBytes = Decoders.BASE64.decode(jwtSecret);
+        return Keys.hmacShaKeyFor(keyBytes);
+    }
+
+    public String getUserIdFromToken(String token) {
+        return getClaimFromToken(token, Claims::getId);
+    }
+
+    public String getUsernameFromToken(String token) {
+        return getClaimFromToken(token, Claims::getSubject);
+    }
+
+    public Date getExpirationDateFromToken(String token) {
+        return getClaimFromToken(token, Claims::getExpiration);
+    }
+
+    public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
+        final Claims claims = getAllClaimsFromToken(token);
+        return claimsResolver.apply(claims);
+    }
+
+    private Boolean isTokenExpired(String token) {
+        final Date expiration = getExpirationDateFromToken(token);
+        return expiration.before(new Date());
+    }
+
+    public String generateToken(String username) {
+        Map<String, Object> claims = new HashMap<>();
+        return doGenerateToken(claims, username);
+    }
+
+    public Boolean validateToken(String token, String username) {
+        final String usernameFromToken = getUsernameFromToken(token);
+        return (username.equals(usernameFromToken) && !isTokenExpired(token));
+    }
+
+    private String doGenerateToken(Map<String, Object> claims, String subject) {
+        return Jwts.builder()
+                .setClaims(claims)
+                .setSubject(subject)
+                .setIssuedAt(new Date(System.currentTimeMillis()))
+                .setExpiration(new Date(System.currentTimeMillis() + jwtExpiration))
+                .signWith(getSigningKey(), SignatureAlgorithm.HS256)
+                .compact();
+    }
+
+    private Claims getAllClaimsFromToken(String token) {
+        return Jwts
+                .parser()
+                .setSigningKey(getSigningKey())
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+}

server/src/main/java/com/mixel/docusphere/service/PasswordService.java

@@ -0,0 +1,22 @@
+package com.mixel.docusphere.service;
+
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+@Service
+public class PasswordService {
+
+    private final Argon2PasswordEncoder passwordEncoder;
+
+    public PasswordService() {
+        this.passwordEncoder = new Argon2PasswordEncoder(16, 32, 1, 4096, 3);
+    }
+
+    public String hashPassword(String password) {
+        return passwordEncoder.encode(password);
+    }
+
+    public boolean checkPassword(String rawPassword, String encodedPassword) {
+        return passwordEncoder.matches(rawPassword, encodedPassword);
+    }
+}

server/src/main/java/com/mixel/docusphere/service/UserService.java

@@ -5,7 +5,6 @@ import com.mixel.docusphere.dto.response.UserRespondDTO;
 import com.mixel.docusphere.entity.User;
 import com.mixel.docusphere.mapper.UserMapper;
 import com.mixel.docusphere.repository.UserRepository;
-import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
@@ -18,12 +17,12 @@ public class UserService {
 
     private final UserRepository userRepository;
 
-    private final Argon2PasswordEncoder passwordEncoder;
+    private final PasswordService passwordService;
 
     // Constructor
-    public UserService(UserRepository userRepository) {
-        this.passwordEncoder = new Argon2PasswordEncoder(16, 32, 1, 4096, 3);
+    public UserService(UserRepository userRepository, PasswordService passwordService) {
         this.userRepository = userRepository;
+        this.passwordService = passwordService;
     }
 
     public List<UserRespondDTO> findAll() {
@@ -59,7 +58,7 @@ public class UserService {
 
     private void isPasswordAlreadySet(UserRequestDTO userRequestDTO, User user) {
         if (userRequestDTO.getPassword() != null && !userRequestDTO.getPassword().isEmpty()) {
-            user.setPasswordHash(passwordEncoder.encode(userRequestDTO.getPassword()));
+            user.setPasswordHash(passwordService.hashPassword(userRequestDTO.getPassword()));
         }
     }
 

server/src/main/java/com/mixel/docusphere/util/JwtUtil.java

@@ -0,0 +1,5 @@
+package com.mixel.docusphere.util;
+
+
+public class JwtUtil {
+}

server/src/main/resources/application.yml

@@ -21,6 +21,13 @@ logging:
 
 minio:
   endpoint: "http://localhost:9000"  # Your MinIO endpoint URL
-  access-key: ${MINIO_ACCESS_KEY}   # Environment variable for the access key
-  secret-key: ${MINIO_SECRET_KEY}   # Environment variable for the secret key
-  bucket-name: docusphere           # The bucket name you want to use
+  access-key: "${MINIO_ACCESS_KEY}"   # Environment variable for the access key
+  secret-key: "${MINIO_SECRET_KEY}"   # Environment variable for the secret key
+  bucket-name: "docusphere"           # The bucket name you want to use
+
+# Jwt properties
+security:
+  jwt:
+    secret-key: "${JWT_SECRET_KEY}" # Environment variable for the secret key
+    expiration-time: 3600000 # 1 hour
+