fix: merge

2025-02-12 19:03:39 +01:00
parent e26f8da662 b4c05f8c59
commit fc73293122
34 changed files with 299 additions and 171 deletions
--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/api/GetUserInfo.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/api/GetUserInfo.java
@ -1,43 +1,24 @@
 package enseirb.myinpulse.api;

 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.bind.annotation.CrossOrigin;
-
-import java.security.Principal;

@SpringBootApplication
@RestController
 public class GetUserInfo {
-    // TODO: understand how to get data
-    @GetMapping("/getUserInfo")
-    public Object user(Principal principal) {
-        System.out.println("GetUserInfo + " + principal);
-        System.out.println(SecurityContextHolder.getContext().getAuthentication());
-        return SecurityContextHolder.getContext().getAuthentication().getPrincipal();
-    }
-
-    @CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
-    @GetMapping("/random")
+    @GetMapping("/unauth/random")
    public boolean rand() {
-        System.err.println("HELLO");
        return Math.random() > 0.5;
    }

-    @CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
-    @GetMapping("/random2")
+    @GetMapping("/admin/random")
    public boolean rand2() {
-        System.err.println("HELLO2");
        return Math.random() > 0.5;
    }

-    @CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
-    @GetMapping("/random3")
+    @GetMapping("/entrepreneur/random")
    public boolean rand3() {
-        System.err.println("HELLO");
        return Math.random() > 0.5;
    }
 }
--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java
@ -1,6 +1,10 @@
 package enseirb.myinpulse.config;

+import static org.springframework.security.authorization.AuthorityAuthorizationManager.hasRole;
+
 import enseirb.myinpulse.security.KeycloakJwtRolesConverter;
+
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@ -12,39 +16,53 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import java.util.Arrays;
 import java.util.List;

-import static org.springframework.security.authorization.AuthorityAuthorizationManager.hasRole;
-
@Configuration
 public class WebSecurityCustomConfiguration {
    // CORS configuration
-    // TODO: make sure to only accept our own domains
+
+    @Value("${VITE_APP_URL}")
+    private String frontendUrl;
+
+    /**
+     * Configure the CORS (Cross Origin Ressource Sharing -- a security feature) configuration. The
+     * only allowed website is the frontend, defined in the .env file.
+     *
+     * @return the CORS configuration used by the backend
+     */
    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(List.of("*"));
+        configuration.setAllowedOrigins(List.of(frontendUrl));
        configuration.setAllowedMethods(Arrays.asList("GET", "OPTIONS"));
        configuration.setAllowedHeaders(
-                Arrays.asList(
-                        "authorization",
-                        "content-type",
-                        "x-auth-token")); // Do not remove, this fixes the CORS errors when
-        // unauthenticated
+                Arrays.asList("authorization", "content-type", "x-auth-token"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);

        return source;
    }

+    /**
+     * Configure the authorisation required for each path.
+     *
+     * <p>admin endpoints are under /admin/* and entrepreneur are under /entrepreneur/*
+     *
+     * <p>If endpoints dont require authentication, they are under /unauth/
+     *
+     * @param http automatically filled in by spring.
+     * @return a securityfilterchain, automatically used by spring.
+     * @throws Exception TODO: figure out when the exception are raised
+     */
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(
                        authorize ->
                                authorize
-                                        .requestMatchers("/random2")
+                                        .requestMatchers("/entrepreneur/**")
                                        .access(hasRole("REALM_MyINPulse-entrepreneur"))
-                                        .requestMatchers("/random")
+                                        .requestMatchers("/admin/**")
                                        .access(hasRole("REALM_MyINPulse-admin"))
-                                        .requestMatchers("/random3")
+                                        .requestMatchers("/unauth/**")
                                        .permitAll()
                                        .anyRequest()
                                        .authenticated())
--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/AdministrateursController.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/AdministrateursController.java
@ -2,12 +2,14 @@ package enseirb.myinpulse.postgres_db.controller;

 import enseirb.myinpulse.postgres_db.model.Administrateurs;
 import enseirb.myinpulse.postgres_db.repository.AdministrateursRepository;
-import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;

+import java.util.Optional;
+
@RestController
 public class AdministrateursController {

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/ComptesRendusController.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/ComptesRendusController.java
@ -2,12 +2,14 @@ package enseirb.myinpulse.postgres_db.controller;

 import enseirb.myinpulse.postgres_db.model.ComptesRendus;
 import enseirb.myinpulse.postgres_db.repository.ComptesRendusRepository;
-import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;

+import java.util.Optional;
+
@RestController
 public class ComptesRendusController {

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/EntrepreneursController.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/EntrepreneursController.java
@ -2,12 +2,14 @@ package enseirb.myinpulse.postgres_db.controller;

 import enseirb.myinpulse.postgres_db.model.Entrepreneurs;
 import enseirb.myinpulse.postgres_db.repository.EntrepreneursRepository;
-import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;

+import java.util.Optional;
+
@RestController
 public class EntrepreneursController {

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/ProjetsController.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/ProjetsController.java
@ -2,13 +2,15 @@ package enseirb.myinpulse.postgres_db.controller;

 import enseirb.myinpulse.postgres_db.model.Projets;
 import enseirb.myinpulse.postgres_db.repository.ProjetsRepository;
-import java.time.LocalDate;
-import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;

+import java.time.LocalDate;
+import java.util.Optional;
+
@RestController
 public class ProjetsController {

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/SectionsController.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/SectionsController.java
@ -2,13 +2,15 @@ package enseirb.myinpulse.postgres_db.controller;

 import enseirb.myinpulse.postgres_db.model.Sections;
 import enseirb.myinpulse.postgres_db.repository.SectionsRepository;
-import java.time.LocalDateTime;
-import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;

+import java.time.LocalDateTime;
+import java.util.Optional;
+
@RestController
 public class SectionsController {

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/UtilisateursController.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/controller/UtilisateursController.java
@ -2,12 +2,14 @@ package enseirb.myinpulse.postgres_db.controller;

 import enseirb.myinpulse.postgres_db.model.Utilisateurs;
 import enseirb.myinpulse.postgres_db.repository.UtilisateursRepository;
-import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;

+import java.util.Optional;
+
@RestController
 public class UtilisateursController {

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/model/Administrateurs.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/model/Administrateurs.java
@ -3,6 +3,7 @@ package enseirb.myinpulse.postgres_db.model;
 import jakarta.persistence.*;
 import jakarta.persistence.PrimaryKeyJoinColumn;
 import jakarta.persistence.Table;
+
 import java.util.ArrayList;
 import java.util.List;

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/model/Projets.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/model/Projets.java
@ -2,6 +2,7 @@ package enseirb.myinpulse.postgres_db.model;

 import jakarta.persistence.*;
 import jakarta.validation.constraints.NotNull;
+
 import java.time.LocalDate;
 import java.util.ArrayList;
 import java.util.List;
--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/model/RendezVous.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/model/RendezVous.java
@ -12,30 +12,14 @@ import java.util.List;
@Table(name = "rendez_vous")
 public class RendezVous {

-    @Id
-    @NotNull
-    @GeneratedValue(strategy = GenerationType.IDENTITY)
-    private Long id_rdv;
-
-    private LocalDate date_rdv;
-
-    private LocalTime heure_rdv;
-
-    private LocalTime duree_rdv;
-
-    @Column(length = 255)
-    private String lieu_rdv;
-
-    private String sujet_rdv;
-
    @OneToMany(mappedBy = "rendezVousEntrepreneurs", fetch = FetchType.LAZY, orphanRemoval = true)
-    private List<Entrepreneurs> ListEntrepreneurs = new ArrayList<>();
+    private final List<Entrepreneurs> ListEntrepreneurs = new ArrayList<>();

    @OneToMany(mappedBy = "rendezVousAdministrateurs", fetch = FetchType.LAZY, orphanRemoval = true)
-    private List<Administrateurs> ListAdministrateurs = new ArrayList<>();
+    private final List<Administrateurs> ListAdministrateurs = new ArrayList<>();

    @OneToMany(mappedBy = "rendezVousComptesRendus", fetch = FetchType.LAZY, orphanRemoval = true)
-    private List<ComptesRendus> ListComptesRendus = new ArrayList<>();
+    private final List<ComptesRendus> ListComptesRendus = new ArrayList<>();

    @ManyToMany(
            fetch = FetchType.LAZY,
@ -46,6 +30,20 @@ public class RendezVous {
            inverseJoinColumns = @JoinColumn(name = "id_section"))
    List<Sections> ListSections = new ArrayList<>();

+    @Id
+    @NotNull
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id_rdv;
+
+    private LocalDate date_rdv;
+    private LocalTime heure_rdv;
+    private LocalTime duree_rdv;
+
+    @Column(length = 255)
+    private String lieu_rdv;
+
+    private String sujet_rdv;
+
    public RendezVous() {}

    public RendezVous(
--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/AdministrateursRepository.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/AdministrateursRepository.java
@ -1,6 +1,7 @@
 package enseirb.myinpulse.postgres_db.repository;

 import enseirb.myinpulse.postgres_db.model.Administrateurs;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.rest.core.annotation.RepositoryRestResource;

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/ComptesRendusRepository.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/ComptesRendusRepository.java
@ -1,6 +1,7 @@
 package enseirb.myinpulse.postgres_db.repository;

 import enseirb.myinpulse.postgres_db.model.ComptesRendus;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.rest.core.annotation.RepositoryRestResource;

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/EntrepreneursRepository.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/EntrepreneursRepository.java
@ -1,6 +1,7 @@
 package enseirb.myinpulse.postgres_db.repository;

 import enseirb.myinpulse.postgres_db.model.Entrepreneurs;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.rest.core.annotation.RepositoryRestResource;

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/ProjetsRepository.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/ProjetsRepository.java
@ -1,6 +1,7 @@
 package enseirb.myinpulse.postgres_db.repository;

 import enseirb.myinpulse.postgres_db.model.Projets;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.rest.core.annotation.RepositoryRestResource;

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/RendezVousRepository.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/RendezVousRepository.java
@ -1,6 +1,7 @@
 package enseirb.myinpulse.postgres_db.repository;

 import enseirb.myinpulse.postgres_db.model.RendezVous;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.rest.core.annotation.RepositoryRestResource;

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/SectionsRepository.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/SectionsRepository.java
@ -1,6 +1,7 @@
 package enseirb.myinpulse.postgres_db.repository;

 import enseirb.myinpulse.postgres_db.model.Sections;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.rest.core.annotation.RepositoryRestResource;

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/UtilisateursRepository.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/postgres_db/repository/UtilisateursRepository.java
@ -1,6 +1,7 @@
 package enseirb.myinpulse.postgres_db.repository;

 import enseirb.myinpulse.postgres_db.model.Utilisateurs;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.rest.core.annotation.RepositoryRestResource;

--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/security/KeycloakJwtRolesConverter.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/security/KeycloakJwtRolesConverter.java
@ -1,5 +1,7 @@
 package enseirb.myinpulse.security;

+import static java.util.stream.Collectors.toSet;
+
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
@ -14,8 +16,6 @@ import java.util.Map;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;

-import static java.util.stream.Collectors.toSet;
-
 public class KeycloakJwtRolesConverter implements Converter<Jwt, AbstractAuthenticationToken> {
    /** Prefix used for realm level roles. */
    public static final String PREFIX_REALM_ROLE = "ROLE_REALM_";