BSStudio · csikb · Apr 11, 2024 · Apr 11, 2024 · Apr 11, 2024 · Apr 19, 2024
diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,20 @@
 FROM bellsoft/liberica-openjdk-alpine-musl:21.0.1-16 AS build
 WORKDIR /usr/src/app
 # cache dependencies
-COPY ./gradlew                         ./
-COPY ./gradle.properties               ./
-COPY ./settings.gradle.kts             ./
-COPY ./gradle                          ./gradle/
-COPY ./buildSrc/src                    ./buildSrc/src/
-COPY ./buildSrc/*.gradle.kts           ./buildSrc/
-COPY ./server/build.gradle.kts         ./server/
-COPY ./server/web/build.gradle.kts     ./server/web/
-COPY ./server/service/build.gradle.kts ./server/service/
-COPY ./server/data/build.gradle.kts    ./server/data/
-COPY ./server/model/build.gradle.kts   ./server/model/
-COPY ./server/common/build.gradle.kts  ./server/common/
+COPY ./gradlew                           ./
+COPY ./gradle.properties                 ./
+COPY ./settings.gradle.kts               ./
+COPY ./gradle                            ./gradle/
+COPY ./buildSrc/src                      ./buildSrc/src/
+COPY ./buildSrc/*.gradle.kts             ./buildSrc/
+COPY ./server/client/build.gradle.kts    ./server/client/
+COPY ./server/common/build.gradle.kts    ./server/common/
+COPY ./server/data/build.gradle.kts      ./server/data/
+COPY ./server/model/build.gradle.kts     ./server/model/
+COPY ./server/operation/build.gradle.kts ./server/operation/
+COPY ./server/service/build.gradle.kts   ./server/service/
+COPY ./server/web/build.gradle.kts       ./server/web/
+COPY ./server/build.gradle.kts           ./server/
 RUN ./gradlew
 # build
 COPY ./buildSrc ./buildSrc

diff --git a/buildSrc/src/main/kotlin/testing-conventions.gradle.kts b/buildSrc/src/main/kotlin/testing-conventions.gradle.kts
@@ -5,10 +5,6 @@ plugins {
 
 dependencies {
     testImplementation("org.springframework.boot:spring-boot-starter-test")
-    // kotlin related dependencies should move to kotlin-testing-conventions
-    testImplementation("io.mockk:mockk-jvm:1.13.10")
-    testImplementation("com.ninja-squad:springmockk:4.0.2")
-    testImplementation("io.kotest:kotest-assertions-core-jvm:5.8.1")
 }
 
 tasks.test {

diff --git a/client/build.gradle.kts b/client/build.gradle.kts
@@ -6,4 +6,5 @@ plugins {
 dependencies {
     api(project(":server:operation"))
     implementation("org.springframework.cloud:spring-cloud-starter-openfeign")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
 }
diff --git a/client/src/main/kotlin/hu/bsstudio/bssweb/config/BssFeignConfig.kt b/client/src/main/kotlin/hu/bsstudio/bssweb/config/BssFeignConfig.kt
@@ -3,4 +3,8 @@ package hu.bsstudio.bssweb.config
 import org.springframework.cloud.openfeign.EnableFeignClients
 
 @EnableFeignClients("hu.bsstudio.bssweb.**.client", defaultConfiguration = [DefaultFeignConfig::class])
-class BssFeignConfig
+class BssFeignConfig constructor() {
+    init {
+        println("BssFeignConfig")
+    }
-class BssFeignConfig constructor() {
-    init {
-        println("BssFeignConfig")
-    }
+class BssFeignConfig constructor() {
+    init {
+        logger.info("BssFeignConfig initialized")
+    }
-class BssFeignConfig constructor() {
-    init {
-        println("BssFeignConfig")
-    }
+class BssFeignConfig constructor() {
+    init {
+        logger.info("BssFeignConfig initialized")
+    }
+}
diff --git a/client/src/main/kotlin/hu/bsstudio/bssweb/config/DefaultFeignConfig.kt b/client/src/main/kotlin/hu/bsstudio/bssweb/config/DefaultFeignConfig.kt
@@ -1,15 +1,11 @@
 package hu.bsstudio.bssweb.config
 
-import feign.auth.BasicAuthRequestInterceptor
-import org.springframework.beans.factory.annotation.Value
+import org.springframework.cloud.openfeign.security.OAuth2AccessTokenInterceptor
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 
 @Configuration
-class DefaultFeignConfig(
-    @Value("\${bss.client.username}") val username: String,
-    @Value("\${bss.client.password}") val password: String,
-) {
-    @Bean
-    fun interceptor() = BasicAuthRequestInterceptor(this.username, this.password)
+class DefaultFeignConfig {
+//    @Bean
+//    fun interceptor(oauth: OAuth2AccessTokenInterceptor) = oauth
-class DefaultFeignConfig {
-//    @Bean
-//    fun interceptor(oauth: OAuth2AccessTokenInterceptor) = oauth
+class DefaultFeignConfig {
+    @Bean
+    fun interceptor(oauth: OAuth2AccessTokenInterceptor) = oauth
-class DefaultFeignConfig {
-//    @Bean
-//    fun interceptor(oauth: OAuth2AccessTokenInterceptor) = oauth
+class DefaultFeignConfig {
+    @Bean
+    fun interceptor(oauth: OAuth2AccessTokenInterceptor) = oauth
 }
diff --git a/docker-compose.metrics.yml b/docker-compose.metrics.yml
@@ -18,7 +18,7 @@ services:
     ports:
       - "127.0.0.1:9090:9090"
     volumes:
-      - "./docker/prometheus.yml:/etc/prometheus/prometheus.yml"
+      - "./docker/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml"
     healthcheck:
       test: wget --tries=1 --no-verbose -qO- http://localhost:9090/-/ready | grep -q "Prometheus Server is Ready."
       start_period: 5s

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -15,7 +15,9 @@ services:
       - postgres
     environment:
       bss.file-api.url: "http://mock-file-api:8080"
-      spring.security.user.password: "password"
+      spring.security.oauth2.resourceserver.opaquetoken.introspection-uri: "http://authelia"
+      spring.security.oauth2.resourceserver.opaquetoken.client-id: "client_id"
+      spring.security.oauth2.resourceserver.opaquetoken.client-secret: "client_secret"
       spring.datasource.url: "jdbc:postgresql://postgres:5432/bss?currentSchema=private"
       spring.datasource.username: "user"
       spring.datasource.password: "password"
@@ -37,7 +39,7 @@ services:
       timeout: 5s
       retries: 3
   mock-file-api:
-    image: "wiremock/wiremock:2.35.0"
+    image: "wiremock/wiremock:2.35.1-1"
     ports:
       - "127.0.0.1:8888:8080"
     healthcheck:
@@ -47,4 +49,4 @@ services:
       timeout: 5s
       retries: 3
     volumes:
-      - "./stubs:/home/wiremock/mappings"
+      - "./docker/stubs:/home/wiremock/mappings"
diff --git a/docker/prometheus.yml → docker/prometheus/prometheus.yml b/docker/prometheus.yml → docker/prometheus/prometheus.yml
diff --git a/stubs/file-api/default-mapping.json → docker/stubs/file-api/default-mapping.json b/stubs/file-api/default-mapping.json → docker/stubs/file-api/default-mapping.json
diff --git a/integration/src/intTest/kotlin/hu/bsstudio/bssweb/IntegrationTest.kt b/integration/src/intTest/kotlin/hu/bsstudio/bssweb/IntegrationTest.kt
@@ -1,6 +1,5 @@
 package hu.bsstudio.bssweb
 
-import hu.bsstudio.bssweb.config.BssFeignConfig
 import hu.bsstudio.bssweb.event.repository.DetailedEventRepository
 import hu.bsstudio.bssweb.eventvideo.repository.EventVideoRepository
 import hu.bsstudio.bssweb.label.repository.LabelRepository
@@ -12,16 +11,21 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.test.context.TestPropertySource
 import org.springframework.test.context.junit.jupiter.SpringJUnitConfig
 
-@SpringJUnitConfig(classes = [BssFeignConfig::class, DataConfig::class])
+@SpringJUnitConfig(classes = [DataConfig::class])
 @TestPropertySource(
     properties = [
         "bss.client.url=http://localhost:8080",
-        "bss.client.username=user",
-        "bss.client.password=password",
         "spring.flyway.enabled=false",
         "spring.datasource.url=jdbc:postgresql://localhost:5432/bss?currentSchema=private",
         "spring.datasource.username=user",
         "spring.datasource.password=password",
+        "spring.cloud.openfeign.oauth2.enabled=true",
+        "spring.cloud.openfeign.client.config.event.url=http://localhost:8080",
+        "spring.security.oauth2.client.provider.authelia.issuer-uri=issuer-uri",
+        "spring.security.oauth2.client.registration.bss.provider=authelia",
+        "spring.security.oauth2.client.registration.bss.client-id=client-id",
+        "spring.security.oauth2.client.registration.bss.client-secret=client-secret",
+        "spring.cloud.openfeign.oauth2.clientRegistrationId=bss",
     ],
 )
 open class IntegrationTest {

diff --git a/server/web/build.gradle.kts b/server/web/build.gradle.kts
@@ -10,6 +10,7 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-actuator")
     implementation("org.springframework.boot:spring-boot-starter-web")
     implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
     implementation(libs.springdocOpenapiStarterWebmvcUi)
     implementation("org.springframework.data:spring-data-commons")
     testImplementation("org.springframework.security:spring-security-test")

diff --git a/server/web/src/main/kotlin/hu/bsstudio/bssweb/security/config/SecurityConfig.kt b/server/web/src/main/kotlin/hu/bsstudio/bssweb/security/config/SecurityConfig.kt
@@ -2,22 +2,29 @@ package hu.bsstudio.bssweb.security.config
 
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.security.config.Customizer
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.web.SecurityFilterChain
 
 @Configuration
 @EnableWebSecurity
+@EnableMethodSecurity
 class SecurityConfig {
     @Bean
     fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
         return http
             .authorizeHttpRequests {
-                it.requestMatchers("/api/**").authenticated()
+                it
+                    .requestMatchers("/api/**").authenticated()
                     .anyRequest().permitAll()
             }
-            .httpBasic(Customizer.withDefaults())
+            .oauth2ResourceServer {
+                it.opaqueToken {
+                    // load settings from Spring Boot
+                    // spring.security.oauth2.resourceserver.opaquetoken
+                }
+            }
             .cors { it.disable() }
             .csrf { it.disable() }
             .build()

diff --git a/server/web/src/main/resources/static/open-api.yaml b/server/web/src/main/resources/static/open-api.yaml
@@ -503,12 +503,12 @@ paths:
               schema:
                 $ref: '#/components/schemas/BssMetrics'
 security:
-- basicAuth: []
+- oidc: []
 components:
   securitySchemes:
-    basicAuth:
-      type: http
-      scheme: basic
+    oidc:
+      type: openIdConnect
+      openIdConnectUrl: https://login.bsstudio.hu/.well-known/openid-configuration
   parameters:
     memberId:
       name: memberId

diff --git a/server/web/src/test/kotlin/hu/bsstudio/bssweb/event/controller/EventControllerTest.kt b/server/web/src/test/kotlin/hu/bsstudio/bssweb/event/controller/EventControllerTest.kt
@@ -14,7 +14,7 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
 import org.springframework.http.MediaType
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
-import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.opaqueToken
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.delete
 import org.springframework.test.web.servlet.get
@@ -37,7 +37,7 @@ internal class EventControllerTest(
         every { mockService.findAllEvent() } returns EVENT_LIST
 
         mockMvc.get(BASE_URL) {
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
         }.andExpect {
             status { isOk() }
             content { json(objectMapper.writeValueAsString(EVENT_LIST)) }
@@ -51,7 +51,7 @@ internal class EventControllerTest(
         mockMvc.post(BASE_URL) {
             contentType = MediaType.APPLICATION_JSON
             content = objectMapper.writeValueAsString(CREATE_EVENT)
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
             with(csrf())
         }.andExpect {
             status { isCreated() }
@@ -65,7 +65,7 @@ internal class EventControllerTest(
         every { mockService.findEventById(EVENT_ID) } returns Optional.of(DETAILED_EVENT)
 
         mockMvc.get("$BASE_URL/$EVENT_ID") {
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
         }.andExpect {
             status { isOk() }
             content { json(objectMapper.writeValueAsString(DETAILED_EVENT)) }
@@ -77,7 +77,7 @@ internal class EventControllerTest(
         every { mockService.findEventById(EVENT_ID) } returns Optional.empty()
 
         mockMvc.get("$BASE_URL/$EVENT_ID") {
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
         }.andExpect {
             status { isNotFound() }
             content { string("") }
@@ -91,7 +91,7 @@ internal class EventControllerTest(
         mockMvc.put("$BASE_URL/$EVENT_ID") {
             contentType = MediaType.APPLICATION_JSON
             content = objectMapper.writeValueAsString(UPDATE_EVENT)
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
             with(csrf())
         }.andExpect {
             status { isOk() }
@@ -106,7 +106,7 @@ internal class EventControllerTest(
         mockMvc.put("$BASE_URL/$EVENT_ID") {
             contentType = MediaType.APPLICATION_JSON
             content = objectMapper.writeValueAsString(UPDATE_EVENT)
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
             with(csrf())
         }.andExpect {
             status { isNotFound() }
@@ -119,7 +119,7 @@ internal class EventControllerTest(
         every { mockService.removeEvent(EVENT_ID) } returns Unit
 
         mockMvc.delete("$BASE_URL/$EVENT_ID") {
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
             with(csrf())
         }.andExpect {
             status { isNoContent() }
@@ -129,8 +129,6 @@ internal class EventControllerTest(
 
     private companion object {
         private const val BASE_URL = "/api/v1/event"
-        private const val USERNAME = "user"
-        private const val PASSWORD = "password"
         private const val URL = "url"
         private const val TITLE = "title"
         private const val DESCRIPTION = "description"

diff --git a/.../web/src/test/kotlin/hu/bsstudio/bssweb/eventvideo/controller/EventVideoControllerTest.kt b/.../web/src/test/kotlin/hu/bsstudio/bssweb/eventvideo/controller/EventVideoControllerTest.kt
@@ -9,7 +9,7 @@ import org.junit.jupiter.api.Test
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
-import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.opaqueToken
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.delete
 import org.springframework.test.web.servlet.post
@@ -32,7 +32,7 @@ internal class EventVideoControllerTest(
         mockMvc.post(BASE_URL) {
             param("eventId", EVENT_ID.toString())
             param("videoId", VIDEO_ID.toString())
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
             with(csrf())
         }.andExpectAll {
             status { isOk() }
@@ -47,7 +47,7 @@ internal class EventVideoControllerTest(
         mockMvc.delete(BASE_URL) {
             param("eventId", EVENT_ID.toString())
             param("videoId", VIDEO_ID.toString())
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
             with(csrf())
         }.andExpectAll {
             status { isOk() }
@@ -57,8 +57,6 @@ internal class EventVideoControllerTest(
 
     private companion object {
         private const val BASE_URL = "/api/v1/eventVideo"
-        private const val USERNAME = "user"
-        private const val PASSWORD = "password"
         private val EVENT_ID = UUID.randomUUID()
         private val VIDEO_ID = UUID.randomUUID()
         private val DETAILED_EVENT =

diff --git a/server/web/src/test/kotlin/hu/bsstudio/bssweb/label/controller/LabelControllerTest.kt b/server/web/src/test/kotlin/hu/bsstudio/bssweb/label/controller/LabelControllerTest.kt
@@ -11,7 +11,7 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest
 import org.springframework.http.MediaType
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
-import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.opaqueToken
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.delete
 import org.springframework.test.web.servlet.get
@@ -31,7 +31,7 @@ internal class LabelControllerTest(
         every { mockService.findAllLabels() } returns LABEL_LIST
 
         mockMvc.get(BASE_URL) {
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
         }.andExpectAll {
             status { isOk() }
             content { objectMapper.writeValueAsString(LABEL_LIST) }
@@ -45,7 +45,7 @@ internal class LabelControllerTest(
         mockMvc.post(BASE_URL) {
             contentType = MediaType.APPLICATION_JSON
             content = objectMapper.writeValueAsString(CREATE_LABEL)
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
             with(csrf())
         }.andExpectAll {
             status { isCreated() }
@@ -59,7 +59,7 @@ internal class LabelControllerTest(
         every { mockService.removeLabel(LABEL_ID) } returns Unit
 
         mockMvc.delete("$BASE_URL/$LABEL_ID") {
-            with(httpBasic(USERNAME, PASSWORD))
+            with(opaqueToken())
             with(csrf())
         }.andExpectAll {
             status { isNoContent() }