commit 4e75e25d626ecdc19b79875f5c72e0cad712c37a Author: Max W. <66736561+Walzen665@users.noreply.github.com> Date: Mon Sep 9 00:06:55 2024 +0200 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c2065bc --- /dev/null +++ b/.gitignore @@ -0,0 +1,37 @@ +HELP.md +.gradle +build/ +!gradle/wrapper/gradle-wrapper.jar +!**/src/main/**/build/ +!**/src/test/**/build/ + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache +bin/ +!**/src/main/**/bin/ +!**/src/test/**/bin/ + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr +out/ +!**/src/main/**/out/ +!**/src/test/**/out/ + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ + +### VS Code ### +.vscode/ diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..1898dc7 --- /dev/null +++ b/build.gradle @@ -0,0 +1,50 @@ +plugins { + id 'java' + id 'org.springframework.boot' version '3.3.3' + id 'io.spring.dependency-management' version '1.1.6' +} + +group = 'de.w665' +version = '0.0.1-SNAPSHOT' + +java { + toolchain { + languageVersion = JavaLanguageVersion.of(21) + } +} + +configurations { + compileOnly { + extendsFrom annotationProcessor + } +} + +repositories { + mavenCentral() +} + +dependencies { + implementation 'org.springframework.boot:spring-boot-starter-security' + implementation 'org.springframework.boot:spring-boot-starter-web' + compileOnly 'org.projectlombok:lombok' + developmentOnly 'org.springframework.boot:spring-boot-devtools' + annotationProcessor 'org.projectlombok:lombok' + testImplementation 'org.springframework.boot:spring-boot-starter-test' + testImplementation 'org.springframework.security:spring-security-test' + testRuntimeOnly 'org.junit.platform:junit-platform-launcher' + + implementation 'com.rethinkdb:rethinkdb-driver:2.4.4' + implementation 'com.google.code.gson:gson:2.11.0' + + // https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-api + implementation group: 'io.jsonwebtoken', name: 'jjwt-api', version: '0.12.6' + // https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-impl + runtimeOnly group: 'io.jsonwebtoken', name: 'jjwt-impl', version: '0.12.6' + // https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-orgjson + runtimeOnly group: 'io.jsonwebtoken', name: 'jjwt-orgjson', version: '0.12.6' + +} + +tasks.named('test') { + useJUnitPlatform() +} diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..a4b76b9 Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..9355b41 --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,7 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip +networkTimeout=10000 +validateDistributionUrl=true +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew new file mode 100644 index 0000000..f5feea6 --- /dev/null +++ b/gradlew @@ -0,0 +1,252 @@ +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +# This is normally unused +# shellcheck disable=SC2034 +APP_BASE_NAME=${0##*/} +# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036) +APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s +' "$PWD" ) || exit + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + if ! command -v java >/dev/null 2>&1 + then + die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC2039,SC3045 + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC2039,SC3045 + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Collect all arguments for the java command: +# * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments, +# and any embedded shellness will be escaped. +# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be +# treated as '${Hostname}' itself on the command line. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..9d21a21 --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,94 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem +@rem SPDX-License-Identifier: Apache-2.0 +@rem + +@if "%DEBUG%"=="" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if %ERRORLEVEL% equ 0 goto execute + +echo. 1>&2 +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. 1>&2 +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if %ERRORLEVEL% equ 0 goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..6bf6dfd --- /dev/null +++ b/settings.gradle @@ -0,0 +1 @@ +rootProject.name = 'biblenotes' diff --git a/src/main/java/de/w665/biblenotes/BiblenotesApplication.java b/src/main/java/de/w665/biblenotes/BiblenotesApplication.java new file mode 100644 index 0000000..88caf1a --- /dev/null +++ b/src/main/java/de/w665/biblenotes/BiblenotesApplication.java @@ -0,0 +1,13 @@ +package de.w665.biblenotes; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class BiblenotesApplication { + + public static void main(String[] args) { + SpringApplication.run(BiblenotesApplication.class, args); + } + +} diff --git a/src/main/java/de/w665/biblenotes/config/SecurityConfig.java b/src/main/java/de/w665/biblenotes/config/SecurityConfig.java new file mode 100644 index 0000000..04f9544 --- /dev/null +++ b/src/main/java/de/w665/biblenotes/config/SecurityConfig.java @@ -0,0 +1,52 @@ +package de.w665.biblenotes.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +@Configuration +@EnableWebSecurity +public class SecurityConfig { + + private final JwtAuthenticationFilter jwtAuthenticationFilter; + + public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter) { + this.jwtAuthenticationFilter = jwtAuthenticationFilter; + } + + // This bean is required for Spring Security, though it's not used in this project + // Prevents Spring from generating a default password + @Bean + UserDetailsService emptyDetailsService() { + return username -> { throw new UsernameNotFoundException("no local users, only JWT tokens allowed"); }; + } + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + + // TODO: Fix security config for this project (currently old state from sharepulse) + + http + .csrf(csrf -> csrf.ignoringRequestMatchers("/api/v1/**")) // Disable CSRF for API routes + .sessionManagement(sessionManagement -> sessionManagement + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // No session will be created by Spring Security + ) + .authorizeHttpRequests(authorize -> authorize + .requestMatchers("/api/v1/secure/**").authenticated() // Secure these endpoints + .anyRequest().permitAll() // All other requests are allowed without authentication + ) + .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) // Apply JWT filter + .logout(LogoutConfigurer::permitAll) + .rememberMe(Customizer.withDefaults()); + + return http.build(); + } +} diff --git a/src/main/java/de/w665/biblenotes/db/RethinkDBConfig.java b/src/main/java/de/w665/biblenotes/db/RethinkDBConfig.java new file mode 100644 index 0000000..d893c9b --- /dev/null +++ b/src/main/java/de/w665/biblenotes/db/RethinkDBConfig.java @@ -0,0 +1,18 @@ +package de.w665.biblenotes.db; + +import lombok.Getter; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Configuration; + +@Getter +@Configuration +public class RethinkDBConfig { + @Value("${rethinkdb.host}") + private String host; + + @Value("${rethinkdb.port}") + private int port; + + @Value("${rethinkdb.database}") + private String database; +} diff --git a/src/main/java/de/w665/biblenotes/db/RethinkDBConnector.java b/src/main/java/de/w665/biblenotes/db/RethinkDBConnector.java new file mode 100644 index 0000000..72c9bca --- /dev/null +++ b/src/main/java/de/w665/biblenotes/db/RethinkDBConnector.java @@ -0,0 +1,27 @@ +package de.w665.biblenotes.db; + +import com.rethinkdb.RethinkDB; +import com.rethinkdb.net.Connection; +import jakarta.annotation.PostConstruct; +import lombok.Getter; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +@Slf4j +@Component +@RequiredArgsConstructor +public class RethinkDBConnector { + + private final RethinkDBConfig config; + @Getter + private final RethinkDB r = RethinkDB.r; + @Getter + private Connection connection; + + @PostConstruct + public void connectToDatabae() { + connection = r.connection().hostname(config.getHost()).port(config.getPort()).connect(); + log.info("Connected to RethinkDB at " + config.getHost() + ":" + config.getPort() + " on database " + config.getDatabase()); + } +} diff --git a/src/main/java/de/w665/biblenotes/db/RethinkDBService.java b/src/main/java/de/w665/biblenotes/db/RethinkDBService.java new file mode 100644 index 0000000..67686fc --- /dev/null +++ b/src/main/java/de/w665/biblenotes/db/RethinkDBService.java @@ -0,0 +1,154 @@ +package de.w665.biblenotes.db; + +import com.rethinkdb.RethinkDB; +import com.rethinkdb.gen.exc.ReqlOpFailedError; +import com.rethinkdb.net.Connection; +import de.w665.biblenotes.db.repo.UserRepository; +import de.w665.biblenotes.model.User; +import jakarta.annotation.PostConstruct; +import jakarta.annotation.PreDestroy; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.stereotype.Service; + +import java.util.Optional; + +@Slf4j +@Service +public class RethinkDBService { + + private final RethinkDBConfig config; + private final RethinkDB r; + private final Connection connection; + private final UserRepository userRepository; + + @Value("${biblenotes.auto-reset-on-startup}") + private boolean autoResetOnStartup; + @Value("${biblenotes.management.user.username}") + private String defaultUsername; + @Value("${biblenotes.management.user.password}") + private String defaultPassword; + + private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); + + @Autowired + public RethinkDBService(RethinkDBConfig config, RethinkDBConnector connector, UserRepository userRepository) { + this.config = config; + + // mapping to private vars for easier access + this.r = connector.getR(); + this.connection = connector.getConnection(); + this.userRepository = userRepository; + } + + @PostConstruct + public void initialize() { + + // rethinkdb check if database exists + try { + r.dbCreate(config.getDatabase()).run(connection).stream(); + log.debug("Database " + config.getDatabase() + " created"); + } catch (ReqlOpFailedError e) { + log.debug("Database " + config.getDatabase() + " already exists. Error: " + e.getClass().getSimpleName()); + } + + // rethinkdb check if table file_uploads exists + try { + r.db(config.getDatabase()).tableCreate("file_uploads").run(connection).stream(); + log.debug("Table 'file_uploads' created successfully."); + } catch (ReqlOpFailedError e) { + log.debug("Table 'file_uploads' already exists."); + if(autoResetOnStartup) { + log.debug("Clearing content..."); + r.db(config.getDatabase()).table("file_uploads").delete().run(connection); + log.debug("Table 'file_uploads' cleared successfully."); + } + } + + // rethinkdb check if table id_store exists + try { + r.db(config.getDatabase()).tableCreate("id_store").run(connection).stream(); + log.debug("Table 'id_store' created successfully."); + } catch (ReqlOpFailedError e) { + log.debug("Table 'id_store' already exists."); + if(autoResetOnStartup) { + log.debug("Clearing content..."); + r.db(config.getDatabase()).table("id_store").delete().run(connection); + log.debug("Table 'id_store' cleared successfully."); + } + } + + // rethinkdb check if table expired_file_uploads exists + try { + r.db(config.getDatabase()).tableCreate("expired_file_uploads").run(connection).stream(); + log.debug("Table 'expired_file_uploads' created successfully."); + } catch (ReqlOpFailedError e) { + log.debug("Table 'expired_file_uploads' already exists."); + if(autoResetOnStartup) { + log.debug("Clearing content..."); + r.db(config.getDatabase()).table("expired_file_uploads").delete().run(connection); + log.debug("Table 'expired_file_uploads' cleared successfully."); + } + } + + // rethinkdb check if table users exists + try { + r.db(config.getDatabase()).tableCreate("users").run(connection).stream(); + log.debug("Table 'users' created successfully."); + } catch (ReqlOpFailedError e) { + log.debug("Table 'users' already exists."); + if(autoResetOnStartup) { + log.debug("Clearing content..."); + r.db(config.getDatabase()).table("users").delete().run(connection); + log.debug("Table 'users' cleared successfully."); + } + } + + // rethinkdb check if table user_logins exists + try { + r.db(config.getDatabase()).tableCreate("user_logins").run(connection).stream(); + log.debug("Table 'user_logins' created successfully."); + } catch (ReqlOpFailedError e) { + log.debug("Table 'user_logins' already exists."); + if(autoResetOnStartup) { + log.debug("Clearing content..."); + r.db(config.getDatabase()).table("user_logins").delete().run(connection); + log.debug("Table 'user_logins' cleared successfully."); + } + } finally { + try { + r.db(config.getDatabase()).table("user_logins").indexCreate("loginTime").run(connection); + log.debug("Secondary index 'loginTime' on table 'user_logins' successfully created."); + } catch (ReqlOpFailedError e) { + log.debug("Secondary index 'loginTime' already exists."); + } finally { + r.db(config.getDatabase()).table("user_logins").indexWait("loginTime").run(connection); + } + } + + initializeAdminUser(); + + log.info("Database ready for operation!"); + } + + private void initializeAdminUser() { + Optional adminUser = userRepository.retrieveUserByUsername("admin"); + if(adminUser.isEmpty()) { + User user = new User(); + user.setUsername(defaultUsername); + user.setPassword(passwordEncoder.encode(defaultPassword)); + user.setRole("ADMIN"); + userRepository.insertUser(user); + log.debug("Admin user created with default credentials. Username: admin, Password: admin"); + } + } + + @PreDestroy + public void close() { + if (connection != null) { + connection.close(); + } + } +} diff --git a/src/main/java/de/w665/biblenotes/db/repo/UserLoginRepository.java b/src/main/java/de/w665/biblenotes/db/repo/UserLoginRepository.java new file mode 100644 index 0000000..d10aa14 --- /dev/null +++ b/src/main/java/de/w665/biblenotes/db/repo/UserLoginRepository.java @@ -0,0 +1,67 @@ +package de.w665.biblenotes.db.repo; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.gson.Gson; +import com.rethinkdb.RethinkDB; +import com.rethinkdb.net.Connection; +import com.rethinkdb.net.Result; +import de.w665.biblenotes.db.RethinkDBConfig; +import de.w665.biblenotes.db.RethinkDBConnector; +import de.w665.biblenotes.model.UserLogin; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Repository; + +import java.util.List; + +@Slf4j +@Repository +public class UserLoginRepository { + private final RethinkDB r; + private final Connection connection; + private final RethinkDBConfig config; + private final String TABLE_NAME = "user_logins"; + + private final Gson gson = new Gson(); + private final ObjectMapper mapper = new ObjectMapper(); + + + @Autowired + public UserLoginRepository(RethinkDBConnector connector, RethinkDBConfig config) { + this.r = connector.getR(); + this.connection = connector.getConnection(); + this.config = config; + } + + public void insertUserLogin(UserLogin userLogin) { + String uuid = r.uuid().run(connection, String.class).first(); + userLogin.setId(uuid); + r.db(config.getDatabase()).table(TABLE_NAME).insert(userLogin).run(connection); + } + + public UserLogin getLastLogin(String userId) { + // Get the second most recent login (the most recent is the current one) + Result result = r.db(config.getDatabase()).table(TABLE_NAME) + .orderBy().optArg("index", r.desc("loginTime")) + .filter(r.hashMap("userId", userId)) + .skip(1).limit(1) + .run(connection, UserLogin.class); + // Return the second most recent login if exists + return result.hasNext() ? result.next() : null; + } + + public List getUserLogins(String userId) { + Result result = r.db(config.getDatabase()).table(TABLE_NAME) + .orderBy().optArg("index", r.desc("loginTime")) + .filter(r.hashMap("userId", userId)) + .run(connection, UserLogin.class); + return result.toList(); + } + + public void deleteAllUserLogins(String userId) { + r.db(config.getDatabase()).table(TABLE_NAME) + .filter(r.hashMap("userId", userId)) + .delete() + .run(connection); + } +} diff --git a/src/main/java/de/w665/biblenotes/db/repo/UserRepository.java b/src/main/java/de/w665/biblenotes/db/repo/UserRepository.java new file mode 100644 index 0000000..5155f69 --- /dev/null +++ b/src/main/java/de/w665/biblenotes/db/repo/UserRepository.java @@ -0,0 +1,55 @@ +package de.w665.biblenotes.db.repo; + +import com.rethinkdb.RethinkDB; +import com.rethinkdb.net.Connection; +import de.w665.biblenotes.db.RethinkDBConfig; +import de.w665.biblenotes.db.RethinkDBConnector; +import de.w665.biblenotes.model.User; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Repository; +import java.util.*; + +@Repository +public class UserRepository { + private final RethinkDB r; + private final Connection connection; + private final RethinkDBConfig config; + @Autowired + public UserRepository(RethinkDBConnector connector, RethinkDBConfig config) { + this.r = connector.getR(); + this.connection = connector.getConnection(); + this.config = config; + } + + public Optional retrieveUserByUsername(String username) { + try { + User user = r.db(config.getDatabase()).table("users") + .filter(r.hashMap("username", username)) + .run(connection, User.class) + .next(); + return Optional.ofNullable(user); + } catch (NoSuchElementException e) { + return Optional.empty(); + } + } + + public void updateLastLoginForUser(String username, Date lastLogin) { + r.db(config.getDatabase()).table("users") + .filter(r.hashMap("username", username)) + .update(r.hashMap("lastLogin", lastLogin.getTime())) + .run(connection); + } + + public void updateUser(User user) { + r.db(config.getDatabase()).table("users") + .filter(r.hashMap("id", user.getId())) + .update(user) + .run(connection); + } + + public void insertUser(User user) { + String optionalUuid = r.uuid().run(connection, String.class).first(); + user.setId(optionalUuid); + r.db(config.getDatabase()).table("users").insert(user).run(connection); + } +} diff --git a/src/main/java/de/w665/biblenotes/model/User.java b/src/main/java/de/w665/biblenotes/model/User.java new file mode 100644 index 0000000..412dfd0 --- /dev/null +++ b/src/main/java/de/w665/biblenotes/model/User.java @@ -0,0 +1,16 @@ +package de.w665.biblenotes.model; + +import lombok.*; + +@Getter +@Setter +@ToString +@NoArgsConstructor +@AllArgsConstructor +public class User { + private String id; // ID is auto mapped by RethinkDB + private String username; + private String password; + private String email; + private String role; +} \ No newline at end of file diff --git a/src/main/java/de/w665/biblenotes/model/UserLogin.java b/src/main/java/de/w665/biblenotes/model/UserLogin.java new file mode 100644 index 0000000..6a23c28 --- /dev/null +++ b/src/main/java/de/w665/biblenotes/model/UserLogin.java @@ -0,0 +1,21 @@ +package de.w665.biblenotes.model; + +import com.fasterxml.jackson.annotation.JsonFormat; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +import java.util.Date; + +@Getter +@Setter +@NoArgsConstructor +@AllArgsConstructor +public class UserLogin { + String id; + String userId; + @JsonFormat(timezone = "ETC") + Date loginTime; + String loginIp; +} \ No newline at end of file diff --git a/src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationFilter.java b/src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationFilter.java new file mode 100644 index 0000000..a46d6b5 --- /dev/null +++ b/src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationFilter.java @@ -0,0 +1,72 @@ +package de.w665.biblenotes.rest.security; + +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.io.IOException; +import java.util.Collections; +import java.util.List; + +@Component +@Slf4j +@RequiredArgsConstructor +public class JwtAuthenticationFilter extends OncePerRequestFilter { + + private final AuthenticationService authenticationService; + private final RequestMatcher requestMatcher = new AntPathRequestMatcher("/api/v1/secure/**"); + + @Override + protected void doFilterInternal(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) throws ServletException, IOException { + + logger.debug("Filtering request: " + request.getRequestURI()); + + if(!requestMatcher.matches(request)) { + logger.debug("Request does not match the secure path. Skipping JWT authentication."); + filterChain.doFilter(request, response); + return; + } + + try { + String jwt = getJwtFromRequest(request); + if (jwt != null && authenticationService.validateToken(jwt)) { + String username = authenticationService.extractSubject(jwt); + // Extract the role from the JWT and set it to Spring AuthenticationContext for access control + String role = authenticationService.getClaimValue(jwt, "role", String.class); + List authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + role)); + + UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, null, authorities); + authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); + SecurityContextHolder.getContext().setAuthentication(authentication); + // SUCCESSFUL AUTHENTICATION + filterChain.doFilter(request, response); + } else { + logger.warn("Unauthorized: Authentication token is missing or invalid."); + } + } catch (Exception ex) { + logger.warn("Could not set user authentication in security context. An error occurred during JWT processing.", ex); + } + + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + + private String getJwtFromRequest(HttpServletRequest request) { + String bearerToken = request.getHeader("Authorization"); + if (bearerToken != null && bearerToken.startsWith("Bearer ")) { + return bearerToken.substring(7); + } + return null; + } +} diff --git a/src/main/java/de/w665/biblenotes/service/AuthenticationService.java b/src/main/java/de/w665/biblenotes/service/AuthenticationService.java new file mode 100644 index 0000000..f90e127 --- /dev/null +++ b/src/main/java/de/w665/biblenotes/service/AuthenticationService.java @@ -0,0 +1,106 @@ +package de.w665.biblenotes.service; + +import jakarta.annotation.PostConstruct; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.stereotype.Service; + +import javax.crypto.SecretKey; +import java.util.Base64; +import java.util.Date; +import java.util.Optional; + +@Slf4j +@Service +public class AuthenticationService { + private final UserRepository userRepository; + private final UserLoginRepository userLoginRepository; + + @Value("${secureapi.jwt.secret}") + private String secretString; + @Value("${secureapi.jwt.expiration}") + private long expirationTime; // in milliseconds + private SecretKey secretKey; + + private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); + + public AuthenticationService(UserRepository userRepository, UserLoginRepository userLoginRepository) { + this.userRepository = userRepository; + this.userLoginRepository = userLoginRepository; + } + + @PostConstruct + public void init() { + log.debug("Initializing secret key"); + byte[] encodedKey = Base64.getEncoder().encode(secretString.getBytes()); // encode the secret key + this.secretKey = Keys.hmacShaKeyFor(encodedKey); + } + + public String authenticate(String username, String password, String remoteAddr, long... expirationTime/*FOR TESTING VALIDITY*/) { + if(expirationTime.length > 0) { + this.expirationTime = expirationTime[0]; + } + Optional optionalUser = userRepository.retrieveUserByUsername(username); + if (optionalUser.isPresent() && passwordEncoder.matches(password, optionalUser.get().getPassword())) { + User user = optionalUser.get(); + + userLoginRepository.insertUserLogin(new UserLogin(""/*Auto generated*/, user.getId(), new Date(), remoteAddr)); + userRepository.updateLastLoginForUser(user.getUsername(), new Date()); + return generateToken(user); + } + return null; + } + + private String generateToken(User username) { + long nowMillis = System.currentTimeMillis(); + Date now = new Date(nowMillis); + Date expiryDate = new Date(nowMillis + expirationTime); + + return Jwts.builder() + .subject("SharePulse Authentication Token") + .issuedAt(now) + .claim("role", username.getRole()) + .claim("username", username.getUsername()) + .expiration(expiryDate) + .signWith(secretKey) + .compact(); + } + + public boolean validateToken(String token) { + try { + Jwt jwt = Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token); + Claims claims = (Claims) jwt.getPayload(); + return !claims.getExpiration().before(new Date()); // Checks if the token is expired too + } catch (Exception e) { + return false; + } + } + + public String extractSubject(String token) { + return Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token).getPayload().getSubject(); + } + + /** + * Retrieves a typed claim from the JWT. + * @param token the JWT from which to extract the claim + * @param claimName the name of the claim to retrieve + * @param claimType the Class object of the expected type of the claim value + * @return the value of the specified claim as type T, or null if not found or in case of an error + * Usage example: getClaimValue(token, "role", String.class) + */ + public T getClaimValue(String token, String claimName, Class claimType) { + try { + Jwt jwt = Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token); + Claims claims = (Claims) jwt.getPayload(); + return claims.get(claimName, claimType); + } catch (Exception e) { + log.error("Error parsing claims from token: ", e); + return null; + } + } + + public String encodePassword(String password) { + return passwordEncoder.encode(password); + } +} diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties new file mode 100644 index 0000000..e541221 --- /dev/null +++ b/src/main/resources/application.properties @@ -0,0 +1 @@ +spring.application.name=biblenotes diff --git a/src/test/java/de/w665/biblenotes/BiblenotesApplicationTests.java b/src/test/java/de/w665/biblenotes/BiblenotesApplicationTests.java new file mode 100644 index 0000000..d9d8b52 --- /dev/null +++ b/src/test/java/de/w665/biblenotes/BiblenotesApplicationTests.java @@ -0,0 +1,13 @@ +package de.w665.biblenotes; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class BiblenotesApplicationTests { + + @Test + void contextLoads() { + } + +}