diff --git a/api/Dockerfile b/api/Dockerfile new file mode 100644 index 0000000..c270892 --- /dev/null +++ b/api/Dockerfile @@ -0,0 +1,21 @@ +FROM maven:3.9.6-eclipse-temurin-21 AS build + +WORKDIR /app + +COPY pom.xml . +COPY src ./src + +RUN mvn clean package -DskipTests + + +FROM eclipse-temurin:21-jre + +WORKDIR /app + +COPY --from=build /app/target/*.jar app.jar +COPY .env .env + + +EXPOSE 8080 + +ENTRYPOINT ["java", "-jar", "app.jar"] \ No newline at end of file diff --git a/api/HELP.md b/api/HELP.md new file mode 100644 index 0000000..08c2c99 --- /dev/null +++ b/api/HELP.md @@ -0,0 +1,34 @@ +# Getting Started + +### Reference Documentation +For further reference, please consider the following sections: + +* [Official Apache Maven documentation](https://maven.apache.org/guides/index.html) +* [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/3.5.6/maven-plugin) +* [Create an OCI image](https://docs.spring.io/spring-boot/3.5.6/maven-plugin/build-image.html) +* [Spring Data JPA](https://docs.spring.io/spring-boot/3.5.6/reference/data/sql.html#data.sql.jpa-and-spring-data) +* [Spring Boot DevTools](https://docs.spring.io/spring-boot/3.5.6/reference/using/devtools.html) +* [Spring Security](https://docs.spring.io/spring-boot/3.5.6/reference/web/spring-security.html) +* [Validation](https://docs.spring.io/spring-boot/3.5.6/reference/io/validation.html) +* [Spring Web](https://docs.spring.io/spring-boot/3.5.6/reference/web/servlet.html) + +### Guides +The following guides illustrate how to use some features concretely: + +* [Accessing Data with JPA](https://spring.io/guides/gs/accessing-data-jpa/) +* [Accessing data with MySQL](https://spring.io/guides/gs/accessing-data-mysql/) +* [Securing a Web Application](https://spring.io/guides/gs/securing-web/) +* [Spring Boot and OAuth2](https://spring.io/guides/tutorials/spring-boot-oauth2/) +* [Authenticating a User with LDAP](https://spring.io/guides/gs/authenticating-ldap/) +* [Validation](https://spring.io/guides/gs/validating-form-input/) +* [Building a RESTful Web Service](https://spring.io/guides/gs/rest-service/) +* [Serving Web Content with Spring MVC](https://spring.io/guides/gs/serving-web-content/) +* [Building REST services with Spring](https://spring.io/guides/tutorials/rest/) + +### Maven Parent overrides + +Due to Maven's design, elements are inherited from the parent POM to the project POM. +While most of the inheritance is fine, it also inherits unwanted elements like `` and `` from the parent. +To prevent this, the project POM contains empty overrides for these elements. +If you manually switch to a different parent and actually want the inheritance, you need to remove those overrides. + diff --git a/api/mvnw b/api/mvnw new file mode 100644 index 0000000..bd8896b --- /dev/null +++ b/api/mvnw @@ -0,0 +1,295 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Apache Maven Wrapper startup batch script, version 3.3.4 +# +# Optional ENV vars +# ----------------- +# JAVA_HOME - location of a JDK home dir, required when download maven via java source +# MVNW_REPOURL - repo url base for downloading maven distribution +# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output +# ---------------------------------------------------------------------------- + +set -euf +[ "${MVNW_VERBOSE-}" != debug ] || set -x + +# OS specific support. +native_path() { printf %s\\n "$1"; } +case "$(uname)" in +CYGWIN* | MINGW*) + [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" + native_path() { cygpath --path --windows "$1"; } + ;; +esac + +# set JAVACMD and JAVACCMD +set_java_home() { + # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched + if [ -n "${JAVA_HOME-}" ]; then + if [ -x "$JAVA_HOME/jre/sh/java" ]; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACCMD="$JAVA_HOME/jre/sh/javac" + else + JAVACMD="$JAVA_HOME/bin/java" + JAVACCMD="$JAVA_HOME/bin/javac" + + if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then + echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 + echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 + return 1 + fi + fi + else + JAVACMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v java + )" || : + JAVACCMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v javac + )" || : + + if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then + echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 + return 1 + fi + fi +} + +# hash string like Java String::hashCode +hash_string() { + str="${1:-}" h=0 + while [ -n "$str" ]; do + char="${str%"${str#?}"}" + h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296)) + str="${str#?}" + done + printf %x\\n $h +} + +verbose() { :; } +[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } + +die() { + printf %s\\n "$1" >&2 + exit 1 +} + +trim() { + # MWRAPPER-139: + # Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds. + # Needed for removing poorly interpreted newline sequences when running in more + # exotic environments such as mingw bash on Windows. + printf "%s" "${1}" | tr -d '[:space:]' +} + +scriptDir="$(dirname "$0")" +scriptName="$(basename "$0")" + +# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties +while IFS="=" read -r key value; do + case "${key-}" in + distributionUrl) distributionUrl=$(trim "${value-}") ;; + distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;; + esac +done <"$scriptDir/.mvn/wrapper/maven-wrapper.properties" +[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" + +case "${distributionUrl##*/}" in +maven-mvnd-*bin.*) + MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ + case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in + *AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;; + :Darwin*x86_64) distributionPlatform=darwin-amd64 ;; + :Darwin*arm64) distributionPlatform=darwin-aarch64 ;; + :Linux*x86_64*) distributionPlatform=linux-amd64 ;; + *) + echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 + distributionPlatform=linux-amd64 + ;; + esac + distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" + ;; +maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; +*) MVN_CMD="mvn${scriptName#mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; +esac + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" +distributionUrlName="${distributionUrl##*/}" +distributionUrlNameMain="${distributionUrlName%.*}" +distributionUrlNameMain="${distributionUrlNameMain%-bin}" +MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}" +MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" + +exec_maven() { + unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : + exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" +} + +if [ -d "$MAVEN_HOME" ]; then + verbose "found existing MAVEN_HOME at $MAVEN_HOME" + exec_maven "$@" +fi + +case "${distributionUrl-}" in +*?-bin.zip | *?maven-mvnd-?*-?*.zip) ;; +*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; +esac + +# prepare tmp dir +if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then + clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } + trap clean HUP INT TERM EXIT +else + die "cannot create temp dir" +fi + +mkdir -p -- "${MAVEN_HOME%/*}" + +# Download and Install Apache Maven +verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +verbose "Downloading from: $distributionUrl" +verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +# select .zip or .tar.gz +if ! command -v unzip >/dev/null; then + distributionUrl="${distributionUrl%.zip}.tar.gz" + distributionUrlName="${distributionUrl##*/}" +fi + +# verbose opt +__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' +[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v + +# normalize http auth +case "${MVNW_PASSWORD:+has-password}" in +'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; +has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; +esac + +if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then + verbose "Found wget ... using wget" + wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl" +elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then + verbose "Found curl ... using curl" + curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl" +elif set_java_home; then + verbose "Falling back to use Java to download" + javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" + targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" + cat >"$javaSource" <<-END + public class Downloader extends java.net.Authenticator + { + protected java.net.PasswordAuthentication getPasswordAuthentication() + { + return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); + } + public static void main( String[] args ) throws Exception + { + setDefault( new Downloader() ); + java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); + } + } + END + # For Cygwin/MinGW, switch paths to Windows format before running javac and java + verbose " - Compiling Downloader.java ..." + "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java" + verbose " - Running Downloader.java ..." + "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" +fi + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +if [ -n "${distributionSha256Sum-}" ]; then + distributionSha256Result=false + if [ "$MVN_CMD" = mvnd.sh ]; then + echo "Checksum validation is not supported for maven-mvnd." >&2 + echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + elif command -v sha256sum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c - >/dev/null 2>&1; then + distributionSha256Result=true + fi + elif command -v shasum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then + distributionSha256Result=true + fi + else + echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 + echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + fi + if [ $distributionSha256Result = false ]; then + echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 + echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 + exit 1 + fi +fi + +# unzip and move +if command -v unzip >/dev/null; then + unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip" +else + tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar" +fi + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +actualDistributionDir="" + +# First try the expected directory name (for regular distributions) +if [ -d "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" ]; then + if [ -f "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/bin/$MVN_CMD" ]; then + actualDistributionDir="$distributionUrlNameMain" + fi +fi + +# If not found, search for any directory with the Maven executable (for snapshots) +if [ -z "$actualDistributionDir" ]; then + # enable globbing to iterate over items + set +f + for dir in "$TMP_DOWNLOAD_DIR"/*; do + if [ -d "$dir" ]; then + if [ -f "$dir/bin/$MVN_CMD" ]; then + actualDistributionDir="$(basename "$dir")" + break + fi + fi + done + set -f +fi + +if [ -z "$actualDistributionDir" ]; then + verbose "Contents of $TMP_DOWNLOAD_DIR:" + verbose "$(ls -la "$TMP_DOWNLOAD_DIR")" + die "Could not find Maven distribution directory in extracted archive" +fi + +verbose "Found extracted Maven distribution directory: $actualDistributionDir" +printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$actualDistributionDir/mvnw.url" +mv -- "$TMP_DOWNLOAD_DIR/$actualDistributionDir" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" + +clean || : +exec_maven "$@" diff --git a/api/mvnw.cmd b/api/mvnw.cmd new file mode 100644 index 0000000..92450f9 --- /dev/null +++ b/api/mvnw.cmd @@ -0,0 +1,189 @@ +<# : batch portion +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM http://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Apache Maven Wrapper startup batch script, version 3.3.4 +@REM +@REM Optional ENV vars +@REM MVNW_REPOURL - repo url base for downloading maven distribution +@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output +@REM ---------------------------------------------------------------------------- + +@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) +@SET __MVNW_CMD__= +@SET __MVNW_ERROR__= +@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% +@SET PSModulePath= +@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( + IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) +) +@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% +@SET __MVNW_PSMODULEP_SAVE= +@SET __MVNW_ARG0_NAME__= +@SET MVNW_USERNAME= +@SET MVNW_PASSWORD= +@IF NOT "%__MVNW_CMD__%"=="" ("%__MVNW_CMD__%" %*) +@echo Cannot start maven from wrapper >&2 && exit /b 1 +@GOTO :EOF +: end batch / begin powershell #> + +$ErrorActionPreference = "Stop" +if ($env:MVNW_VERBOSE -eq "true") { + $VerbosePreference = "Continue" +} + +# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties +$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl +if (!$distributionUrl) { + Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" +} + +switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { + "maven-mvnd-*" { + $USE_MVND = $true + $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" + $MVN_CMD = "mvnd.cmd" + break + } + default { + $USE_MVND = $false + $MVN_CMD = $script -replace '^mvnw','mvn' + break + } +} + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +if ($env:MVNW_REPOURL) { + $MVNW_REPO_PATTERN = if ($USE_MVND -eq $False) { "/org/apache/maven/" } else { "/maven/mvnd/" } + $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace "^.*$MVNW_REPO_PATTERN",'')" +} +$distributionUrlName = $distributionUrl -replace '^.*/','' +$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' + +$MAVEN_M2_PATH = "$HOME/.m2" +if ($env:MAVEN_USER_HOME) { + $MAVEN_M2_PATH = "$env:MAVEN_USER_HOME" +} + +if (-not (Test-Path -Path $MAVEN_M2_PATH)) { + New-Item -Path $MAVEN_M2_PATH -ItemType Directory | Out-Null +} + +$MAVEN_WRAPPER_DISTS = $null +if ((Get-Item $MAVEN_M2_PATH).Target[0] -eq $null) { + $MAVEN_WRAPPER_DISTS = "$MAVEN_M2_PATH/wrapper/dists" +} else { + $MAVEN_WRAPPER_DISTS = (Get-Item $MAVEN_M2_PATH).Target[0] + "/wrapper/dists" +} + +$MAVEN_HOME_PARENT = "$MAVEN_WRAPPER_DISTS/$distributionUrlNameMain" +$MAVEN_HOME_NAME = ([System.Security.Cryptography.SHA256]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' +$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" + +if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { + Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" + Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" + exit $? +} + +if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { + Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" +} + +# prepare tmp dir +$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile +$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" +$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null +trap { + if ($TMP_DOWNLOAD_DIR.Exists) { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } + } +} + +New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null + +# Download and Install Apache Maven +Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +Write-Verbose "Downloading from: $distributionUrl" +Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +$webclient = New-Object System.Net.WebClient +if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { + $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) +} +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum +if ($distributionSha256Sum) { + if ($USE_MVND) { + Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." + } + Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash + if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { + Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." + } +} + +# unzip and move +Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +$actualDistributionDir = "" + +# First try the expected directory name (for regular distributions) +$expectedPath = Join-Path "$TMP_DOWNLOAD_DIR" "$distributionUrlNameMain" +$expectedMvnPath = Join-Path "$expectedPath" "bin/$MVN_CMD" +if ((Test-Path -Path $expectedPath -PathType Container) -and (Test-Path -Path $expectedMvnPath -PathType Leaf)) { + $actualDistributionDir = $distributionUrlNameMain +} + +# If not found, search for any directory with the Maven executable (for snapshots) +if (!$actualDistributionDir) { + Get-ChildItem -Path "$TMP_DOWNLOAD_DIR" -Directory | ForEach-Object { + $testPath = Join-Path $_.FullName "bin/$MVN_CMD" + if (Test-Path -Path $testPath -PathType Leaf) { + $actualDistributionDir = $_.Name + } + } +} + +if (!$actualDistributionDir) { + Write-Error "Could not find Maven distribution directory in extracted archive" +} + +Write-Verbose "Found extracted Maven distribution directory: $actualDistributionDir" +Rename-Item -Path "$TMP_DOWNLOAD_DIR/$actualDistributionDir" -NewName $MAVEN_HOME_NAME | Out-Null +try { + Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null +} catch { + if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { + Write-Error "fail to move MAVEN_HOME" + } +} finally { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } +} + +Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" diff --git a/api/pom.xml b/api/pom.xml new file mode 100644 index 0000000..1377aa6 --- /dev/null +++ b/api/pom.xml @@ -0,0 +1,119 @@ + + + 4.0.0 + fr.gameovergne + api + 0.0.1-SNAPSHOT + api + api + + + org.springframework.boot + spring-boot-starter-parent + 3.5.4 + + + + + 21 + 21 + vincentguillet + + + + + + org.springframework.boot + spring-boot-starter-web + + + + + org.springframework.boot + spring-boot-starter-security + + + + + org.springframework.boot + spring-boot-starter-validation + + + + + org.springframework.boot + spring-boot-starter-data-jpa + + + + + com.mysql + mysql-connector-j + + + + + io.jsonwebtoken + jjwt-api + 0.11.5 + + + + io.jsonwebtoken + jjwt-jackson + 0.11.5 + runtime + + + + io.jsonwebtoken + jjwt-impl + 0.11.5 + runtime + + + + + org.projectlombok + lombok + true + + + + + org.springdoc + springdoc-openapi-starter-webmvc-ui + 2.8.9 + + + + + me.paulschwarz + spring-dotenv + 4.0.0 + + + + + org.springframework.boot + spring-boot-starter-test + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + maven-compiler-plugin + + ${maven.compiler.release} + + + + + \ No newline at end of file diff --git a/api/src/main/java/fr/gameovergne/api/GameOvergneApplication.java b/api/src/main/java/fr/gameovergne/api/GameOvergneApplication.java new file mode 100644 index 0000000..7a2290b --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/GameOvergneApplication.java @@ -0,0 +1,13 @@ +package fr.gameovergne.api; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class GameOvergneApplication { + + public static void main(String[] args) { + SpringApplication.run(GameOvergneApplication.class, args); + } + +} diff --git a/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java b/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java new file mode 100644 index 0000000..ef90cd8 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java @@ -0,0 +1,86 @@ +package fr.gameovergne.api.config; + +import fr.gameovergne.api.service.security.JpaUserDetailsService; +import fr.gameovergne.api.service.security.filter.JwtAuthFilter; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.servlet.config.annotation.CorsRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +@Configuration +@EnableWebSecurity +@EnableMethodSecurity +public class SecurityConfig { + + private final JwtAuthFilter jwtAuthFilter; + private final JpaUserDetailsService userDetailsService; + + public SecurityConfig(JwtAuthFilter jwtAuthFilter, JpaUserDetailsService userDetailsService) { + this.jwtAuthFilter = jwtAuthFilter; + this.userDetailsService = userDetailsService; + } + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + http + .csrf(AbstractHttpConfigurer::disable) + .authorizeHttpRequests(authz -> authz + .requestMatchers("/api/auth/**").permitAll() + .requestMatchers("/api/users/**").authenticated() + .anyRequest().permitAll() + ) + + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authenticationProvider(authenticationProvider()) + .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class) + + .httpBasic(AbstractHttpConfigurer::disable) + .formLogin(AbstractHttpConfigurer::disable); + return http.build(); + } + + @Bean + public WebMvcConfigurer corsConfigurer() { + return new WebMvcConfigurer() { + @Override + public void addCorsMappings(CorsRegistry registry) { + registry.addMapping("/**") + .allowedOrigins("http://localhost:4200", "http://127.0.0.1:4200") // Ton front + .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") + .allowedHeaders("*") + .allowCredentials(true); + } + }; + } + + @Bean + public AuthenticationProvider authenticationProvider() { + DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); + authProvider.setUserDetailsService(userDetailsService); + authProvider.setPasswordEncoder(passwordEncoder()); + return authProvider; + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception { + return config.getAuthenticationManager(); + } +} diff --git a/api/src/main/java/fr/gameovergne/api/controller/auth/AuthController.java b/api/src/main/java/fr/gameovergne/api/controller/auth/AuthController.java new file mode 100644 index 0000000..82d02f8 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/controller/auth/AuthController.java @@ -0,0 +1,108 @@ +package fr.gameovergne.api.controller.auth; + +import jakarta.servlet.http.Cookie; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import fr.gameovergne.api.dto.auth.AuthResponse; +import fr.gameovergne.api.dto.user.UserDTO; +import fr.gameovergne.api.dto.auth.AuthRequest; +import fr.gameovergne.api.mapper.user.UserMapper; +import fr.gameovergne.api.service.auth.AuthService; +import org.springframework.http.HttpHeaders; +import org.springframework.http.ResponseCookie; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.*; + +import java.util.Arrays; + +@RestController +@RequestMapping("/api/auth") +public class AuthController { + + private final AuthService authService; + + public AuthController(AuthService authService) { + this.authService = authService; + } + + @PostMapping("/register") + public ResponseEntity register(@RequestBody UserDTO dto) { + System.out.println("Registering: " + dto); + return authService.register(UserMapper.fromDto(dto)) + .map((ResponseEntity::ok)) + .orElse(ResponseEntity.badRequest().build()); + } + + @PostMapping("/login") + public ResponseEntity authenticate(@RequestBody AuthRequest request, HttpServletResponse response) { + System.out.println("Authenticating: " + request); + return authService.authenticate(request) + .map(authResponse -> createAuthResponse(authResponse, response)) + .orElse(ResponseEntity.badRequest().build()); + } + + @GetMapping("/logout") + public ResponseEntity logout(HttpServletResponse response) { + // Supprime le cookie de refresh token + ResponseCookie cookie = ResponseCookie.from("refreshToken", "") + .httpOnly(true) + .secure(false) // true en prod + .path("/") + .maxAge(0) // Expire immédiatement + .sameSite("Lax") + .build(); + response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); + return ResponseEntity.ok().build(); + } + + @GetMapping("/me") + public ResponseEntity getCurrentUser(HttpServletRequest request) { + String username = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : null; + if (username == null) { + return ResponseEntity.status(401).build(); // Unauthorized + } + + return authService.getCurrentUser(username) + .map(user -> ResponseEntity.ok(UserMapper.toDto(user))) + .orElse(ResponseEntity.notFound().build()); + } + + @PostMapping("/refresh") + public ResponseEntity refresh(HttpServletRequest request, HttpServletResponse response) { + String refreshToken = null; + if (request.getCookies() != null) { + refreshToken = Arrays.stream(request.getCookies()) + .filter(c -> "refreshToken".equals(c.getName())) + .findFirst() + .map(Cookie::getValue) + .orElse(null); + } + if (refreshToken == null) { + // Pas de cookie -> pas d'erreur réseau + return ResponseEntity.noContent().build(); + } + + return authService.refresh(refreshToken) + .map(authResponse -> createAuthResponse(authResponse, response)) + // Token inconnu/expiré -> pas d'erreur réseau non plus + .orElse(ResponseEntity.noContent().build()); + } + + private ResponseEntity createAuthResponse(AuthResponse authResponse, HttpServletResponse response) { + ResponseCookie cookie = ResponseCookie.from("refreshToken", authResponse.refreshToken()) + .httpOnly(true) + .secure(false) // true en prod + .path("/") + .maxAge(60 * 60 * 24 * 7) // 7 jours + .sameSite("Lax") + .build(); + response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); + + // Ne pas renvoyer le refresh token dans le body + return ResponseEntity.ok(new AuthResponse( + authResponse.username(), + authResponse.accessToken(), + null + )); + } +} \ No newline at end of file diff --git a/api/src/main/java/fr/gameovergne/api/controller/user/UserController.java b/api/src/main/java/fr/gameovergne/api/controller/user/UserController.java new file mode 100644 index 0000000..d09c3c8 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/controller/user/UserController.java @@ -0,0 +1,54 @@ +package fr.gameovergne.api.controller.user; + +import fr.gameovergne.api.model.user.User; +import fr.gameovergne.api.service.user.UserService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.*; + +import java.util.List; + +@RestController +@RequestMapping("/users") +public class UserController { + + private final UserService userService; + + @Autowired + public UserController(UserService userService) { + this.userService = userService; + } + + @GetMapping + public List getAllUsers() { + return userService.getAllUsers(); + } + + @GetMapping("/{id}") + public ResponseEntity getUserById(@PathVariable Long id) { + return userService.getUserById(id) + .map(ResponseEntity::ok) + .orElse(ResponseEntity.notFound().build()); + } + + @PostMapping + public void saveUser(@RequestBody User user) { + userService.saveUser(user); + } + + @PutMapping("/{id}") + public ResponseEntity updateUser(@PathVariable Long id, @RequestBody User user) { + return userService.getUserById(id) + .map(existingUser -> userService.updateUser(user) + .map(ResponseEntity::ok) + .orElse(ResponseEntity.notFound().build())) + .orElse(ResponseEntity.notFound().build()); + } + + @DeleteMapping("/{id}") + public ResponseEntity deleteUserById(@PathVariable Long id) { + return userService.deleteUserById(id) + .map(user -> ResponseEntity.ok().body(user)) + .orElse(ResponseEntity.notFound().build()); + } +} diff --git a/api/src/main/java/fr/gameovergne/api/dto/auth/AuthRequest.java b/api/src/main/java/fr/gameovergne/api/dto/auth/AuthRequest.java new file mode 100644 index 0000000..ca02fdc --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/dto/auth/AuthRequest.java @@ -0,0 +1,6 @@ +package fr.gameovergne.api.dto.auth; + +public record AuthRequest( + String username, + String password +) {} diff --git a/api/src/main/java/fr/gameovergne/api/dto/auth/AuthResponse.java b/api/src/main/java/fr/gameovergne/api/dto/auth/AuthResponse.java new file mode 100644 index 0000000..ef76673 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/dto/auth/AuthResponse.java @@ -0,0 +1,7 @@ +package fr.gameovergne.api.dto.auth; + +public record AuthResponse( + String username, + String accessToken, + String refreshToken +) {} \ No newline at end of file diff --git a/api/src/main/java/fr/gameovergne/api/dto/user/UserDTO.java b/api/src/main/java/fr/gameovergne/api/dto/user/UserDTO.java new file mode 100644 index 0000000..e3a76e6 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/dto/user/UserDTO.java @@ -0,0 +1,17 @@ +package fr.gameovergne.api.dto.user; + +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@AllArgsConstructor +@NoArgsConstructor +public class UserDTO { + private String firstName; + private String lastName; + private String username; + private String email; + private String password; // Note: In a real application, avoid sending passwords in DTOs + private String role; +} diff --git a/api/src/main/java/fr/gameovergne/api/mapper/user/UserMapper.java b/api/src/main/java/fr/gameovergne/api/mapper/user/UserMapper.java new file mode 100644 index 0000000..0aba25d --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/mapper/user/UserMapper.java @@ -0,0 +1,29 @@ +package fr.gameovergne.api.mapper.user; + +import fr.gameovergne.api.dto.user.UserDTO; +import fr.gameovergne.api.model.user.Role; +import fr.gameovergne.api.model.user.User; + +public class UserMapper { + + public static User fromDto(UserDTO userDTO) { + User user = new User(); + user.setFirstName(userDTO.getFirstName()); + user.setLastName(userDTO.getLastName()); + user.setUsername(userDTO.getUsername()); + user.setEmail(userDTO.getEmail()); + user.setPassword(userDTO.getPassword()); + user.setRole(Role.valueOf(userDTO.getRole() != null ? userDTO.getRole() : "USER")); + return user; + } + + public static UserDTO toDto(User user) { + UserDTO userDTO = new UserDTO(); + userDTO.setFirstName(user.getFirstName()); + userDTO.setLastName(user.getLastName()); + userDTO.setUsername(user.getUsername()); + userDTO.setEmail(user.getEmail()); + userDTO.setRole(user.getRole() != null ? user.getRole().getDisplayName() : null); + return userDTO; + } +} diff --git a/api/src/main/java/fr/gameovergne/api/model/security/Token.java b/api/src/main/java/fr/gameovergne/api/model/security/Token.java new file mode 100644 index 0000000..38145ae --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/model/security/Token.java @@ -0,0 +1,33 @@ +package fr.gameovergne.api.model.security; + +import com.fasterxml.jackson.annotation.JsonBackReference; +import fr.gameovergne.api.model.user.User; +import jakarta.persistence.*; +import jakarta.validation.constraints.NotNull; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.Date; + +@Entity +@Data +@AllArgsConstructor +@NoArgsConstructor +@Table(name = "tokens") +public class Token { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + @NotNull + private String value; + + private Date expirationDate; + + @OneToOne + @JoinColumn(name = "user_id", referencedColumnName = "id") + @JsonBackReference + private User user; +} diff --git a/api/src/main/java/fr/gameovergne/api/model/user/Role.java b/api/src/main/java/fr/gameovergne/api/model/user/Role.java new file mode 100644 index 0000000..e253f76 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/model/user/Role.java @@ -0,0 +1,15 @@ +package fr.gameovergne.api.model.user; + +import lombok.Getter; + +@Getter +public enum Role { + USER("User"), + ADMIN("Administrator"); + + private final String displayName; + + Role(String displayName) { + this.displayName = displayName; + } +} diff --git a/api/src/main/java/fr/gameovergne/api/model/user/User.java b/api/src/main/java/fr/gameovergne/api/model/user/User.java new file mode 100644 index 0000000..80635ee --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/model/user/User.java @@ -0,0 +1,63 @@ +package fr.gameovergne.api.model.user; + +import com.fasterxml.jackson.annotation.JsonManagedReference; +import jakarta.validation.constraints.Email; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; +import fr.gameovergne.api.model.security.Token; +import jakarta.persistence.*; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; + +import java.util.Collection; +import java.util.List; + +@Entity +@Data +@AllArgsConstructor +@NoArgsConstructor +@Table(name = "users") +public class User implements UserDetails { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + @NotBlank + @Column(length = 50, nullable = false) + private String firstName; + + @NotBlank + @Column(length = 50, nullable = false) + private String lastName; + + @NotBlank + @Column(length = 50, unique = true, nullable = false) + private String username; + + @Email + @NotBlank + @Column(length = 100, unique = true, nullable = false) + private String email; + + @NotBlank + @Column(length = 120, nullable = false) + private String password; + + @NotNull + @Enumerated(EnumType.STRING) + private Role role = Role.USER; + + @OneToOne(mappedBy = "user") + @JsonManagedReference + private Token token; + + @Override + public Collection getAuthorities() { + return List.of(new SimpleGrantedAuthority(Role.USER.name())); + } +} diff --git a/api/src/main/java/fr/gameovergne/api/repository/security/TokenRepository.java b/api/src/main/java/fr/gameovergne/api/repository/security/TokenRepository.java new file mode 100644 index 0000000..a3d0bfc --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/repository/security/TokenRepository.java @@ -0,0 +1,12 @@ +package fr.gameovergne.api.repository.security; + +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; +import fr.gameovergne.api.model.security.Token; + +import java.util.Optional; + +@Repository +public interface TokenRepository extends JpaRepository { + Optional findByValue(String value); +} diff --git a/api/src/main/java/fr/gameovergne/api/repository/user/UserRepository.java b/api/src/main/java/fr/gameovergne/api/repository/user/UserRepository.java new file mode 100644 index 0000000..552f552 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/repository/user/UserRepository.java @@ -0,0 +1,12 @@ +package fr.gameovergne.api.repository.user; + +import fr.gameovergne.api.model.user.User; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import java.util.Optional; + +@Repository +public interface UserRepository extends JpaRepository { + Optional findByUsername(String username); +} diff --git a/api/src/main/java/fr/gameovergne/api/service/auth/AuthService.java b/api/src/main/java/fr/gameovergne/api/service/auth/AuthService.java new file mode 100644 index 0000000..7715321 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/service/auth/AuthService.java @@ -0,0 +1,131 @@ +package fr.gameovergne.api.service.auth; + +import jakarta.transaction.Transactional; +import lombok.RequiredArgsConstructor; +import fr.gameovergne.api.dto.auth.AuthRequest; +import fr.gameovergne.api.dto.auth.AuthResponse; +import fr.gameovergne.api.model.user.User; +import fr.gameovergne.api.model.security.Token; +import fr.gameovergne.api.repository.user.UserRepository; +import fr.gameovergne.api.repository.security.TokenRepository; +import fr.gameovergne.api.service.security.JpaUserDetailsService; +import fr.gameovergne.api.service.security.JwtService; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.stereotype.Service; + +import java.util.Date; +import java.util.Optional; + +@Service +@RequiredArgsConstructor +public class AuthService { + + private final AuthenticationManager authenticationManager; + private final JwtService jwtService; + private final JpaUserDetailsService userDetailsService; + private final TokenRepository tokenRepository; + private final UserRepository userRepository; + private final PasswordEncoder passwordEncoder; + + private final int REFRESH_TOKEN_EXPIRATION_TIME = 1000 * 60 * 60 * 24 * 7; // 7 jours + + public Optional register(User user) { + String username = user.getUsername(); + + if (userRepository.findByUsername(username).isPresent()) { + System.err.println("User already exists: " + username); + return Optional.empty(); + } + + user.setPassword(passwordEncoder.encode(user.getPassword())); + userDetailsService.registerNewUser(user); + + return Optional.of(new AuthResponse(username, null, null)); + } + + @Transactional + public Optional authenticate(AuthRequest request) { + String accessToken = jwtService.generateToken(request.username()); + + UserDetails userDetails = userDetailsService.loadUserByUsername(request.username()); + + User user = userRepository.findByUsername(userDetails.getUsername()) + .orElseThrow(() -> new RuntimeException("User not found: " + userDetails.getUsername())); + + Token token = user.getToken() != null + ? tokenRepository.findById(user.getToken().getId()).orElse(null) + : null; + + if (token == null || isRefreshTokenExpired(token)) { + System.out.println("[Authenticate] Refresh token absent ou expiré pour user: " + user.getUsername()); + token = generateNewRefreshToken(user); + } + + authenticationManager.authenticate( + new UsernamePasswordAuthenticationToken(request.username(), request.password()) + ); + return Optional.of(new AuthResponse( + user.getUsername(), + accessToken, + token.getValue() + )); + } + + @Transactional + public Optional getCurrentUser(String username) { + return userRepository.findByUsername(username) + .map(user -> { + if (user.getToken() != null && isRefreshTokenExpired(user.getToken())) { + System.out.println("[AuthService] Refresh token expired for user: " + user.getUsername()); + user.setToken(null); + userRepository.save(user); + } + return user; + }); + } + + @Transactional + public Optional refresh(String refreshTokenValue) { + Token savedToken = tokenRepository.findByValue(refreshTokenValue) + .orElseThrow(() -> new RuntimeException("Refresh token not found: " + refreshTokenValue)); + + User user = savedToken.getUser(); + + if (isRefreshTokenExpired(savedToken)) { + return Optional.empty(); + } + + String newAccessToken = jwtService.generateToken(user.getUsername()); + return Optional.of(new AuthResponse( + user.getUsername(), + newAccessToken, + refreshTokenValue + )); + } + + private Token generateNewRefreshToken(User user) { + if (user.getToken() != null && tokenRepository.findById(user.getToken().getId()).isPresent()) { + System.out.println("[AuthService] Deleting existing refresh token for user: " + user.getUsername()); + tokenRepository.delete(user.getToken()); + user.setToken(null); + userRepository.save(user); + tokenRepository.flush(); + } + + Token newToken = new Token(); + newToken.setUser(user); + newToken.setValue(jwtService.generateToken(user.getUsername())); + newToken.setExpirationDate(new Date(System.currentTimeMillis() + REFRESH_TOKEN_EXPIRATION_TIME)); + tokenRepository.save(newToken); + user.setToken(newToken); + userRepository.save(user); + return newToken; + } + + private boolean isRefreshTokenExpired(Token token) { + return token.getExpirationDate().getTime() < System.currentTimeMillis(); + } +} \ No newline at end of file diff --git a/api/src/main/java/fr/gameovergne/api/service/security/JpaUserDetailsService.java b/api/src/main/java/fr/gameovergne/api/service/security/JpaUserDetailsService.java new file mode 100644 index 0000000..488d5f8 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/service/security/JpaUserDetailsService.java @@ -0,0 +1,31 @@ +package fr.gameovergne.api.service.security; + +import fr.gameovergne.api.model.user.User; +import fr.gameovergne.api.repository.user.UserRepository; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; + +@Service +public class JpaUserDetailsService implements UserDetailsService { + + private final UserRepository userRepository; + + public JpaUserDetailsService(UserRepository userRepository) { + this.userRepository = userRepository; + } + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + return userRepository.findByUsername(username) + .orElseThrow(() -> new UsernameNotFoundException("User not found: " + username)); + } + + public void registerNewUser(User user) { + if (userRepository.findByUsername(user.getUsername()).isPresent()) { + throw new IllegalArgumentException("Username already exists: " + user.getUsername()); + } + userRepository.save(user); + } +} diff --git a/api/src/main/java/fr/gameovergne/api/service/security/JwtService.java b/api/src/main/java/fr/gameovergne/api/service/security/JwtService.java new file mode 100644 index 0000000..c5921b2 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/service/security/JwtService.java @@ -0,0 +1,65 @@ +package fr.gameovergne.api.service.security; + +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.SignatureAlgorithm; +import io.jsonwebtoken.security.Keys; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Service; + +import java.security.Key; +import java.util.Base64; +import java.util.Date; +import java.util.function.Function; + +@Service +public class JwtService { + + private static final long EXPIRATION_TIME = 1000 * 60 * 10; // 10min + + private final Key signingKey; + + public JwtService(@Value("${jwt.secret}") String secret) { + this.signingKey = Keys.hmacShaKeyFor(Base64.getDecoder().decode(secret)); + } + + public String generateToken(String username) { + return Jwts.builder() + .setSubject(username) + .setIssuedAt(new Date()) + .setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME)) + .signWith(signingKey, SignatureAlgorithm.HS256) + .compact(); + } + + public Claims extractAllClaims(String token) { + return Jwts.parserBuilder() + .setSigningKey(signingKey) + .build() + .parseClaimsJws(token) + .getBody(); + } + + public T extractClaim(String token, Function claimsResolver) { + final Claims claims = extractAllClaims(token); + return claimsResolver.apply(claims); + } + + public String extractUsername(String token) { + return extractClaim(token, Claims::getSubject); + } + + private Date extractExpiration(String token) { + return extractClaim(token, Claims::getExpiration); + } + + private boolean isTokenExpired(String token) { + return extractExpiration(token).before(new Date()); + } + + public boolean isTokenValid(String token, UserDetails userDetails) { + final String username = extractUsername(token); + return (username.equals(userDetails.getUsername()) && !isTokenExpired(token)); + } +} diff --git a/api/src/main/java/fr/gameovergne/api/service/security/TokenService.java b/api/src/main/java/fr/gameovergne/api/service/security/TokenService.java new file mode 100644 index 0000000..b74f0b2 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/service/security/TokenService.java @@ -0,0 +1,51 @@ +package fr.gameovergne.api.service.security; + +import fr.gameovergne.api.model.security.Token; +import fr.gameovergne.api.repository.security.TokenRepository; +import jakarta.transaction.Transactional; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.util.List; +import java.util.Optional; + +@Service +public class TokenService { + + private final TokenRepository tokenRepository; + + @Autowired + public TokenService(TokenRepository tokenRepository) { + this.tokenRepository = tokenRepository; + } + + @Transactional + public void saveToken(Token token) { + if (token.getId() == null) { + tokenRepository.save(token); + } + } + + public Optional getTokenById(Long id) { + return tokenRepository.findById(id); + } + + public List getAllTokens() { + return tokenRepository.findAll(); + } + + @Transactional + public Optional updateToken(Token token) { + return tokenRepository.findById(token.getId()).map(existingToken -> { + existingToken.setValue(token.getValue()); + return tokenRepository.save(existingToken); + }); + } + + @Transactional + public Optional deleteTokenById(Long id) { + Optional token = tokenRepository.findById(id); + token.ifPresent(tokenRepository::delete); + return token; + } +} diff --git a/api/src/main/java/fr/gameovergne/api/service/security/filter/JwtAuthFilter.java b/api/src/main/java/fr/gameovergne/api/service/security/filter/JwtAuthFilter.java new file mode 100644 index 0000000..d6d935b --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/service/security/filter/JwtAuthFilter.java @@ -0,0 +1,65 @@ +package fr.gameovergne.api.service.security.filter; + +import fr.gameovergne.api.service.security.JpaUserDetailsService; +import fr.gameovergne.api.service.security.JwtService; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.io.IOException; + +@Component +public class JwtAuthFilter extends OncePerRequestFilter { + private final JwtService jwtService; + private final JpaUserDetailsService userDetailsService; + + public JwtAuthFilter(JwtService jwtService, JpaUserDetailsService userDetailsService) { + this.jwtService = jwtService; + this.userDetailsService = userDetailsService; + } + + @Override + protected void doFilterInternal(HttpServletRequest request, + HttpServletResponse response, + FilterChain filterChain + ) throws ServletException, IOException { + + final String authHeader = request.getHeader("Authorization"); + + if (authHeader == null || !authHeader.startsWith("Bearer ")) { + filterChain.doFilter(request, response); + return; + } + + final String jwt = authHeader.substring(7); + + final String username = jwtService.extractUsername(jwt); + + if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) { + + UserDetails userDetails = this.userDetailsService.loadUserByUsername(username); + + if (jwtService.isTokenValid(jwt, userDetails)) { + + UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( + userDetails, + null, + userDetails.getAuthorities() + ); + + authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); + + SecurityContextHolder.getContext().setAuthentication(authToken); + } + } + + filterChain.doFilter(request, response); + } +} diff --git a/api/src/main/java/fr/gameovergne/api/service/user/UserService.java b/api/src/main/java/fr/gameovergne/api/service/user/UserService.java new file mode 100644 index 0000000..3dd9f53 --- /dev/null +++ b/api/src/main/java/fr/gameovergne/api/service/user/UserService.java @@ -0,0 +1,55 @@ +package fr.gameovergne.api.service.user; + +import fr.gameovergne.api.model.user.User; +import fr.gameovergne.api.repository.user.UserRepository; +import jakarta.transaction.Transactional; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.util.List; +import java.util.Optional; + +@Service +public class UserService { + + private final UserRepository userRepository; + + @Autowired + public UserService(UserRepository userRepository) { + this.userRepository = userRepository; + } + + @Transactional + public void saveUser(User user) { + if (user.getId() == null) { + userRepository.save(user); + } + } + + public Optional getUserById(Long id) { + return userRepository.findById(id); + } + + public List getAllUsers() { + return userRepository.findAll(); + } + + @Transactional + public Optional updateUser(User user) { + return userRepository.findById(user.getId()).map(existingUser -> { + existingUser.setFirstName(user.getFirstName()); + existingUser.setLastName(user.getLastName()); + existingUser.setEmail(user.getEmail()); + existingUser.setUsername(user.getUsername()); + existingUser.setPassword(user.getPassword()); + return userRepository.save(existingUser); + }); + } + + @Transactional + public Optional deleteUserById(Long id) { + Optional user = userRepository.findById(id); + user.ifPresent(userRepository::delete); + return user; + } +} diff --git a/api/src/main/resources/application.properties b/api/src/main/resources/application.properties new file mode 100644 index 0000000..bffd692 --- /dev/null +++ b/api/src/main/resources/application.properties @@ -0,0 +1,13 @@ +spring.application.name=api + +server.port=3000 + +spring.datasource.url=jdbc:mysql://192.168.20.112:3306/gameovergne_app?useSSL=false&allowPublicKeyRetrieval=true +spring.datasource.username=gameovergne +spring.datasource.password=gameovergne + +spring.jpa.hibernate.ddl-auto=update +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect +spring.jpa.show-sql=true + +jwt.secret=a23ac96ce968bf13099d99410b951dd498118851bdfc996a3f844bd68b1b2afd \ No newline at end of file diff --git a/api/src/test/java/fr/gameovergne/api/GameOvergneApplicationTests.java b/api/src/test/java/fr/gameovergne/api/GameOvergneApplicationTests.java new file mode 100644 index 0000000..b39c143 --- /dev/null +++ b/api/src/test/java/fr/gameovergne/api/GameOvergneApplicationTests.java @@ -0,0 +1,13 @@ +package fr.gameovergne.api; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class GameOvergneApplicationTests { + + @Test + void contextLoads() { + } + +}