initial commit

src/main/java/de/w665/biblenotes/BiblenotesApplication.java

@@ -0,0 +1,13 @@
+package de.w665.biblenotes;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class BiblenotesApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(BiblenotesApplication.class, args);
+	}
+
+}

src/main/java/de/w665/biblenotes/config/SecurityConfig.java

@@ -0,0 +1,52 @@
+package de.w665.biblenotes.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    private final JwtAuthenticationFilter jwtAuthenticationFilter;
+
+    public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter) {
+        this.jwtAuthenticationFilter = jwtAuthenticationFilter;
+    }
+
+    // This bean is required for Spring Security, though it's not used in this project
+    // Prevents Spring from generating a default password
+    @Bean
+    UserDetailsService emptyDetailsService() {
+        return username -> { throw new UsernameNotFoundException("no local users, only JWT tokens allowed"); };
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+
+        // TODO: Fix security config for this project (currently old state from sharepulse)
+
+        http
+                .csrf(csrf -> csrf.ignoringRequestMatchers("/api/v1/**")) // Disable CSRF for API routes
+                .sessionManagement(sessionManagement -> sessionManagement
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // No session will be created by Spring Security
+                )
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/api/v1/secure/**").authenticated() // Secure these endpoints
+                        .anyRequest().permitAll() // All other requests are allowed without authentication
+                )
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) // Apply JWT filter
+                .logout(LogoutConfigurer::permitAll)
+                .rememberMe(Customizer.withDefaults());
+
+        return http.build();
+    }
+}

src/main/java/de/w665/biblenotes/db/RethinkDBConfig.java

@@ -0,0 +1,18 @@
+package de.w665.biblenotes.db;
+
+import lombok.Getter;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+
+@Getter
+@Configuration
+public class RethinkDBConfig {
+    @Value("${rethinkdb.host}")
+    private String host;
+
+    @Value("${rethinkdb.port}")
+    private int port;
+
+    @Value("${rethinkdb.database}")
+    private String database;
+}

src/main/java/de/w665/biblenotes/db/RethinkDBConnector.java

@@ -0,0 +1,27 @@
+package de.w665.biblenotes.db;
+
+import com.rethinkdb.RethinkDB;
+import com.rethinkdb.net.Connection;
+import jakarta.annotation.PostConstruct;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class RethinkDBConnector {
+
+    private final RethinkDBConfig config;
+    @Getter
+    private final RethinkDB r = RethinkDB.r;
+    @Getter
+    private Connection connection;
+
+    @PostConstruct
+    public void connectToDatabae() {
+        connection = r.connection().hostname(config.getHost()).port(config.getPort()).connect();
+        log.info("Connected to RethinkDB at " + config.getHost() + ":" + config.getPort() + " on database " + config.getDatabase());
+    }
+}

src/main/java/de/w665/biblenotes/db/RethinkDBService.java

@@ -0,0 +1,154 @@
+package de.w665.biblenotes.db;
+
+import com.rethinkdb.RethinkDB;
+import com.rethinkdb.gen.exc.ReqlOpFailedError;
+import com.rethinkdb.net.Connection;
+import de.w665.biblenotes.db.repo.UserRepository;
+import de.w665.biblenotes.model.User;
+import jakarta.annotation.PostConstruct;
+import jakarta.annotation.PreDestroy;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import java.util.Optional;
+
+@Slf4j
+@Service
+public class RethinkDBService {
+
+    private final RethinkDBConfig config;
+    private final RethinkDB r;
+    private final Connection connection;
+    private final UserRepository userRepository;
+
+    @Value("${biblenotes.auto-reset-on-startup}")
+    private boolean autoResetOnStartup;
+    @Value("${biblenotes.management.user.username}")
+    private String defaultUsername;
+    @Value("${biblenotes.management.user.password}")
+    private String defaultPassword;
+
+    private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+
+    @Autowired
+    public RethinkDBService(RethinkDBConfig config, RethinkDBConnector connector, UserRepository userRepository) {
+        this.config = config;
+
+        // mapping to private vars for easier access
+        this.r = connector.getR();
+        this.connection = connector.getConnection();
+        this.userRepository = userRepository;
+    }
+
+    @PostConstruct
+    public void initialize() {
+
+        // rethinkdb check if database exists
+        try {
+            r.dbCreate(config.getDatabase()).run(connection).stream();
+            log.debug("Database " + config.getDatabase() + " created");
+        } catch (ReqlOpFailedError e) {
+            log.debug("Database " + config.getDatabase() + " already exists. Error: " + e.getClass().getSimpleName());
+        }
+
+        // rethinkdb check if table file_uploads exists
+        try {
+            r.db(config.getDatabase()).tableCreate("file_uploads").run(connection).stream();
+            log.debug("Table 'file_uploads' created successfully.");
+        } catch (ReqlOpFailedError e) {
+            log.debug("Table 'file_uploads' already exists.");
+            if(autoResetOnStartup) {
+                log.debug("Clearing content...");
+                r.db(config.getDatabase()).table("file_uploads").delete().run(connection);
+                log.debug("Table 'file_uploads' cleared successfully.");
+            }
+        }
+
+        // rethinkdb check if table id_store exists
+        try {
+            r.db(config.getDatabase()).tableCreate("id_store").run(connection).stream();
+            log.debug("Table 'id_store' created successfully.");
+        } catch (ReqlOpFailedError e) {
+            log.debug("Table 'id_store' already exists.");
+            if(autoResetOnStartup) {
+                log.debug("Clearing content...");
+                r.db(config.getDatabase()).table("id_store").delete().run(connection);
+                log.debug("Table 'id_store' cleared successfully.");
+            }
+        }
+
+        // rethinkdb check if table expired_file_uploads exists
+        try {
+            r.db(config.getDatabase()).tableCreate("expired_file_uploads").run(connection).stream();
+            log.debug("Table 'expired_file_uploads' created successfully.");
+        } catch (ReqlOpFailedError e) {
+            log.debug("Table 'expired_file_uploads' already exists.");
+            if(autoResetOnStartup) {
+                log.debug("Clearing content...");
+                r.db(config.getDatabase()).table("expired_file_uploads").delete().run(connection);
+                log.debug("Table 'expired_file_uploads' cleared successfully.");
+            }
+        }
+
+        // rethinkdb check if table users exists
+        try {
+            r.db(config.getDatabase()).tableCreate("users").run(connection).stream();
+            log.debug("Table 'users' created successfully.");
+        } catch (ReqlOpFailedError e) {
+            log.debug("Table 'users' already exists.");
+            if(autoResetOnStartup) {
+                log.debug("Clearing content...");
+                r.db(config.getDatabase()).table("users").delete().run(connection);
+                log.debug("Table 'users' cleared successfully.");
+            }
+        }
+
+        // rethinkdb check if table user_logins exists
+        try {
+            r.db(config.getDatabase()).tableCreate("user_logins").run(connection).stream();
+            log.debug("Table 'user_logins' created successfully.");
+        } catch (ReqlOpFailedError e) {
+            log.debug("Table 'user_logins' already exists.");
+            if(autoResetOnStartup) {
+                log.debug("Clearing content...");
+                r.db(config.getDatabase()).table("user_logins").delete().run(connection);
+                log.debug("Table 'user_logins' cleared successfully.");
+            }
+        } finally {
+            try {
+                r.db(config.getDatabase()).table("user_logins").indexCreate("loginTime").run(connection);
+                log.debug("Secondary index 'loginTime' on table 'user_logins' successfully created.");
+            } catch (ReqlOpFailedError e) {
+                log.debug("Secondary index 'loginTime' already exists.");
+            } finally {
+                r.db(config.getDatabase()).table("user_logins").indexWait("loginTime").run(connection);
+            }
+        }
+
+        initializeAdminUser();
+
+        log.info("Database ready for operation!");
+    }
+
+    private void initializeAdminUser() {
+        Optional<User> adminUser = userRepository.retrieveUserByUsername("admin");
+        if(adminUser.isEmpty()) {
+            User user = new User();
+            user.setUsername(defaultUsername);
+            user.setPassword(passwordEncoder.encode(defaultPassword));
+            user.setRole("ADMIN");
+            userRepository.insertUser(user);
+            log.debug("Admin user created with default credentials. Username: admin, Password: admin");
+        }
+    }
+
+    @PreDestroy
+    public void close() {
+        if (connection != null) {
+            connection.close();
+        }
+    }
+}

src/main/java/de/w665/biblenotes/db/repo/UserLoginRepository.java

@@ -0,0 +1,67 @@
+package de.w665.biblenotes.db.repo;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.gson.Gson;
+import com.rethinkdb.RethinkDB;
+import com.rethinkdb.net.Connection;
+import com.rethinkdb.net.Result;
+import de.w665.biblenotes.db.RethinkDBConfig;
+import de.w665.biblenotes.db.RethinkDBConnector;
+import de.w665.biblenotes.model.UserLogin;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+@Slf4j
+@Repository
+public class UserLoginRepository {
+    private final RethinkDB r;
+    private final Connection connection;
+    private final RethinkDBConfig config;
+    private final String TABLE_NAME = "user_logins";
+
+    private final Gson gson = new Gson();
+    private final ObjectMapper mapper = new ObjectMapper();
+
+
+    @Autowired
+    public UserLoginRepository(RethinkDBConnector connector, RethinkDBConfig config) {
+        this.r = connector.getR();
+        this.connection = connector.getConnection();
+        this.config = config;
+    }
+
+    public void insertUserLogin(UserLogin userLogin) {
+        String uuid = r.uuid().run(connection, String.class).first();
+        userLogin.setId(uuid);
+        r.db(config.getDatabase()).table(TABLE_NAME).insert(userLogin).run(connection);
+    }
+
+    public UserLogin getLastLogin(String userId) {
+        // Get the second most recent login (the most recent is the current one)
+        Result<UserLogin> result = r.db(config.getDatabase()).table(TABLE_NAME)
+                .orderBy().optArg("index", r.desc("loginTime"))
+                .filter(r.hashMap("userId", userId))
+                .skip(1).limit(1)
+                .run(connection, UserLogin.class);
+        // Return the second most recent login if exists
+        return result.hasNext() ? result.next() : null;
+    }
+
+    public List<UserLogin> getUserLogins(String userId) {
+        Result<UserLogin> result = r.db(config.getDatabase()).table(TABLE_NAME)
+                .orderBy().optArg("index", r.desc("loginTime"))
+                .filter(r.hashMap("userId", userId))
+                .run(connection, UserLogin.class);
+        return result.toList();
+    }
+
+    public void deleteAllUserLogins(String userId) {
+        r.db(config.getDatabase()).table(TABLE_NAME)
+                .filter(r.hashMap("userId", userId))
+                .delete()
+                .run(connection);
+    }
+}

src/main/java/de/w665/biblenotes/db/repo/UserRepository.java

@@ -0,0 +1,55 @@
+package de.w665.biblenotes.db.repo;
+
+import com.rethinkdb.RethinkDB;
+import com.rethinkdb.net.Connection;
+import de.w665.biblenotes.db.RethinkDBConfig;
+import de.w665.biblenotes.db.RethinkDBConnector;
+import de.w665.biblenotes.model.User;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Repository;
+import java.util.*;
+
+@Repository
+public class UserRepository {
+    private final RethinkDB r;
+    private final Connection connection;
+    private final RethinkDBConfig config;
+    @Autowired
+    public UserRepository(RethinkDBConnector connector, RethinkDBConfig config) {
+        this.r = connector.getR();
+        this.connection = connector.getConnection();
+        this.config = config;
+    }
+
+    public Optional<User> retrieveUserByUsername(String username) {
+        try {
+            User user = r.db(config.getDatabase()).table("users")
+                    .filter(r.hashMap("username", username))
+                    .run(connection, User.class)
+                    .next();
+            return Optional.ofNullable(user);
+        } catch (NoSuchElementException e) {
+            return Optional.empty();
+        }
+    }
+
+    public void updateLastLoginForUser(String username, Date lastLogin) {
+        r.db(config.getDatabase()).table("users")
+                .filter(r.hashMap("username", username))
+                .update(r.hashMap("lastLogin", lastLogin.getTime()))
+                .run(connection);
+    }
+
+    public void updateUser(User user) {
+        r.db(config.getDatabase()).table("users")
+                .filter(r.hashMap("id", user.getId()))
+                .update(user)
+                .run(connection);
+    }
+
+    public void insertUser(User user) {
+        String optionalUuid = r.uuid().run(connection, String.class).first();
+        user.setId(optionalUuid);
+        r.db(config.getDatabase()).table("users").insert(user).run(connection);
+    }
+}

src/main/java/de/w665/biblenotes/model/User.java

@@ -0,0 +1,16 @@
+package de.w665.biblenotes.model;
+
+import lombok.*;
+
+@Getter
+@Setter
+@ToString
+@NoArgsConstructor
+@AllArgsConstructor
+public class User {
+    private String id; // ID is auto mapped by RethinkDB
+    private String username;
+    private String password;
+    private String email;
+    private String role;
+}

src/main/java/de/w665/biblenotes/model/UserLogin.java

@@ -0,0 +1,21 @@
+package de.w665.biblenotes.model;
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.util.Date;
+
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+public class UserLogin {
+    String id;
+    String userId;
+    @JsonFormat(timezone = "ETC")
+    Date loginTime;
+    String loginIp;
+}

src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationFilter.java

@@ -0,0 +1,72 @@
+package de.w665.biblenotes.rest.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+
+@Component
+@Slf4j
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private final AuthenticationService authenticationService;
+    private final RequestMatcher requestMatcher = new AntPathRequestMatcher("/api/v1/secure/**");
+
+    @Override
+    protected void doFilterInternal(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) throws ServletException, IOException {
+
+        logger.debug("Filtering request: " + request.getRequestURI());
+
+        if(!requestMatcher.matches(request)) {
+            logger.debug("Request does not match the secure path. Skipping JWT authentication.");
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        try {
+            String jwt = getJwtFromRequest(request);
+            if (jwt != null && authenticationService.validateToken(jwt)) {
+                String username = authenticationService.extractSubject(jwt);
+                // Extract the role from the JWT and set it to Spring AuthenticationContext for access control
+                String role = authenticationService.getClaimValue(jwt, "role", String.class);
+                List<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + role));
+
+                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, null, authorities);
+                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+                // SUCCESSFUL AUTHENTICATION
+                filterChain.doFilter(request, response);
+            } else {
+                logger.warn("Unauthorized: Authentication token is missing or invalid.");
+            }
+        } catch (Exception ex) {
+            logger.warn("Could not set user authentication in security context. An error occurred during JWT processing.", ex);
+        }
+
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+    }
+
+    private String getJwtFromRequest(HttpServletRequest request) {
+        String bearerToken = request.getHeader("Authorization");
+        if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
+            return bearerToken.substring(7);
+        }
+        return null;
+    }
+}

src/main/java/de/w665/biblenotes/service/AuthenticationService.java

@@ -0,0 +1,106 @@
+package de.w665.biblenotes.service;
+
+import jakarta.annotation.PostConstruct;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import javax.crypto.SecretKey;
+import java.util.Base64;
+import java.util.Date;
+import java.util.Optional;
+
+@Slf4j
+@Service
+public class AuthenticationService {
+    private final UserRepository userRepository;
+    private final UserLoginRepository userLoginRepository;
+
+    @Value("${secureapi.jwt.secret}")
+    private String secretString;
+    @Value("${secureapi.jwt.expiration}")
+    private long expirationTime; // in milliseconds
+    private SecretKey secretKey;
+
+    private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+
+    public AuthenticationService(UserRepository userRepository, UserLoginRepository userLoginRepository) {
+        this.userRepository = userRepository;
+        this.userLoginRepository = userLoginRepository;
+    }
+
+    @PostConstruct
+    public void init() {
+        log.debug("Initializing secret key");
+        byte[] encodedKey = Base64.getEncoder().encode(secretString.getBytes()); // encode the secret key
+        this.secretKey = Keys.hmacShaKeyFor(encodedKey);
+    }
+
+    public String authenticate(String username, String password, String remoteAddr, long... expirationTime/*FOR TESTING VALIDITY*/) {
+        if(expirationTime.length > 0) {
+            this.expirationTime = expirationTime[0];
+        }
+        Optional<User> optionalUser = userRepository.retrieveUserByUsername(username);
+        if (optionalUser.isPresent() && passwordEncoder.matches(password, optionalUser.get().getPassword())) {
+            User user = optionalUser.get();
+
+            userLoginRepository.insertUserLogin(new UserLogin(""/*Auto generated*/, user.getId(), new Date(), remoteAddr));
+            userRepository.updateLastLoginForUser(user.getUsername(), new Date());
+            return generateToken(user);
+        }
+        return null;
+    }
+
+    private String generateToken(User username) {
+        long nowMillis = System.currentTimeMillis();
+        Date now = new Date(nowMillis);
+        Date expiryDate = new Date(nowMillis + expirationTime);
+
+        return Jwts.builder()
+                .subject("SharePulse Authentication Token")
+                .issuedAt(now)
+                .claim("role", username.getRole())
+                .claim("username", username.getUsername())
+                .expiration(expiryDate)
+                .signWith(secretKey)
+                .compact();
+    }
+
+    public boolean validateToken(String token) {
+        try {
+            Jwt<?,?> jwt = Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token);
+            Claims claims = (Claims) jwt.getPayload();
+            return !claims.getExpiration().before(new Date()); // Checks if the token is expired too
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    public String extractSubject(String token) {
+        return Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token).getPayload().getSubject();
+    }
+
+    /**
+     * Retrieves a typed claim from the JWT.
+     * @param token the JWT from which to extract the claim
+     * @param claimName the name of the claim to retrieve
+     * @param claimType the Class object of <T> the expected type of the claim value
+     * @return the value of the specified claim as type T, or null if not found or in case of an error
+     * Usage example: getClaimValue(token, "role", String.class)
+     */
+    public <T> T getClaimValue(String token, String claimName, Class<T> claimType) {
+        try {
+            Jwt<?, ?> jwt = Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token);
+            Claims claims = (Claims) jwt.getPayload();
+            return claims.get(claimName, claimType);
+        } catch (Exception e) {
+            log.error("Error parsing claims from token: ", e);
+            return null;
+        }
+    }
+
+    public String encodePassword(String password) {
+        return passwordEncoder.encode(password);
+    }
+}

src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.application.name=biblenotes

src/test/java/de/w665/biblenotes/BiblenotesApplicationTests.java

@@ -0,0 +1,13 @@
+package de.w665.biblenotes;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class BiblenotesApplicationTests {
+
+	@Test
+	void contextLoads() {
+	}
+
+}