feat: JWT Authorizor

.github/workflows/build-and-push-java-docker.yml

@@ -0,0 +1,29 @@
+name: Build Docker
+
+on: [push, pull_request]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      REGISTRY: ghcr.io
+      IMAGENAME: ${{ github.event.repository.name }}
+      TAG: ${{ github.ref_name }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Docker build
+        uses: mr-smithers-excellent/docker-build-push@v6
+        id: build
+        with:
+          directory: java
+          image: ${{ env.IMAGENAME }}
+          dockerfile: java/Dockerfile
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -14,3 +14,6 @@ app/.classpath
 app/.project
 app/.settings
 
+java/.gradle
+java/app/build
+java/gradle

java/Dockerfile

@@ -1,12 +1,23 @@
+FROM gradle:jdk17-jammy as builder
+
+WORKDIR /build
+COPY . ./
+RUN gradle wrapper --gradle-version 8.1.1
+RUN ./gradlew build -x test
+
+##########################################################################
 # Use official Tomcat base image
 FROM tomcat:jre17
 
 # Copy WAR file
-COPY app/build/libs/vss-1.0.war /usr/local/tomcat/webapps/vss.war
+COPY --from=builder /build/app/build/libs/vss-1.0.war /usr/local/tomcat/webapps/vss.war
 
-ENV vss.jdbc.url="jdbc:postgresql://postgres:5432/postgres"
-ENV vss.jdbc.username=postgres
-ENV vss.jdbc.password=YOU_MUST_CHANGE_THIS_PASSWORD
+# All the below are defaults.
+# Pass real values as env variables.
+#ENV vss.jdbc.url="jdbc:postgresql://postgres:5432/postgres"
+#ENV vss.jdbc.username=postgres
+#ENV vss.jdbc.password=YOU_MUST_CHANGE_THIS_PASSWORD
+#ENV vss.jwt.pubkey="-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3t7q3HXhyTWS0nWnY+YIYqEwh/Z/Jtwk0DgkqxF455gdzVlSyLyz5NQfXua1jW437/SMEcbHLWcwjxcowj1jvh9blGpvx+xPNH72J5ruDzrh5fhoq2XC7zNt1UVcjkMIlddP4pwK4fV5FrxOWvmxst3Ngp6ShNg5H0yiMTDBF+QqFhRlVqnO4IrIKczxd/VxCXSKJvKjM357n0PVD1KYFT3FJ5fN+d7Fdko16NbfQDDPsfQchfLAF2Tn/r4KZFzCovCQAt7cKDLHl87TvoHVZ4QBGHDIk/w1cig/gERtTqHECVg+wVctWfx6lb+9YG/4/9UgTQpDxAWVaFVd49CwQIDAQAB-----END PUBLIC KEY-----"
 
 EXPOSE 8080
 CMD ["catalina.sh", "run"]

java/app/src/main/java/org/vss/auth/JwtAuthorizer.java

@@ -35,6 +35,10 @@ public JwtAuthorizer(String pemFormatRSAPublicKey) throws Exception {
 		this.verifier = JWT.require(algorithm).build();
 	}
 
+	public JwtAuthorizer() throws Exception {
+		this(System.getenv("vss.jwt.pubkey"));
+	}
+
 	@Override
 	public AuthResponse verify(HttpHeaders headers) throws AuthException {
 

java/app/src/main/java/org/vss/guice/BaseModule.java

@@ -16,6 +16,7 @@
 import org.vss.auth.Authorizer;
 import org.vss.auth.NoopAuthorizer;
 import org.vss.impl.postgres.PostgresBackendImpl;
+import org.vss.auth.JwtAuthorizer;
 
 public class BaseModule extends AbstractModule {
 
@@ -24,8 +25,8 @@ protected void configure() {
     // Provide PostgresBackend as default implementation for KVStore.
     bind(KVStore.class).to(PostgresBackendImpl.class).in(Singleton.class);
 
-    // Default to Noop Authorizer.
-    bind(Authorizer.class).to(NoopAuthorizer.class).in(Singleton.class);
+    // Use JWT Authorizor.
+    bind(Authorizer.class).to(JwtAuthorizer.class).in(Singleton.class);
   }
 
   @Provides

java/docker-compose.yml

@@ -21,7 +21,8 @@ services:
     depends_on:
       - postgres
     ports:
-      - "8080:8080"
+      # prevent conflict with Alby Hub in development
+      - "8090:8080"
     networks:
       - app-network