fix: removed exposed ports on the frontend

Makefile

@@ -1,7 +1,10 @@
 help:
-	@echo "make [clean dev-front prod dev-back]"
+	@echo "make [clean dev-front prod dev-back dev]"
 
 clean: 
+	@cp config/frontdev.env front/MyINPulse-front/.env
+	@cp config/frontdev.env .env
+	@cp config/frontdev.env MyINPulse-back/.env
 	@cp config/prod.docker-compose.yaml docker-compose.yaml
 	@docker compose down
 	@rm -f docker-compose.yaml
@@ -43,3 +46,12 @@ dev-back:
 	@echo "cd MyINPulse-back" && echo 'export $$(cat .env | xargs)'
 	@echo "./gradlew bootRun --args='--server.port=8081'"
 	
+dev: clean vite
+	@cp config/dev.env front/MyINPulse-front/.env
+	@cp config/dev.env .env
+	@cp config/dev.env MyINPulse-back/.env
+	@cp config/dev.docker-compose.yaml docker-compose.yaml
+	@docker compose up -d --build
+	@echo "cd MyINPulse-back" && echo 'export $$(cat .env | xargs)'
+	@echo "./gradlew bootRun --args='--server.port=8081'"
+	@cd ./front/MyINPulse-front/ && npm run dev &

MyINPulse-back/src/main/java/enseirb/myinpulse/api/GetUserInfo.java

@@ -1,43 +1,24 @@
 package enseirb.myinpulse.api;
 
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.bind.annotation.CrossOrigin;
-
-import java.security.Principal;
 
 @SpringBootApplication
 @RestController
 public class GetUserInfo {
-    // TODO: understand how to get data
+    @GetMapping("/unauth/random")
-    @GetMapping("/getUserInfo")
-    public Object user(Principal principal) {
-        System.out.println("GetUserInfo + " + principal);
-        System.out.println(SecurityContextHolder.getContext().getAuthentication());
-        return SecurityContextHolder.getContext().getAuthentication().getPrincipal();
-    }
-
-    @CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
-    @GetMapping("/random")
     public boolean rand() {
-        System.err.println("HELLO");
         return Math.random() > 0.5;
     }
 
-    @CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
+    @GetMapping("/admin/random")
-    @GetMapping("/random2")
     public boolean rand2() {
-        System.err.println("HELLO2");
         return Math.random() > 0.5;
     }
 
-    @CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
+    @GetMapping("/entrepreneur/random")
-    @GetMapping("/random3")
     public boolean rand3() {
-        System.err.println("HELLO");
         return Math.random() > 0.5;
     }
 }

MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java

@@ -1,6 +1,7 @@
 package enseirb.myinpulse.config;
 
 import enseirb.myinpulse.security.KeycloakJwtRolesConverter;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -14,37 +15,55 @@ import java.util.List;
 
 import static org.springframework.security.authorization.AuthorityAuthorizationManager.hasRole;
 
+
 @Configuration
-public class WebSecurityCustomConfiguration{
+public class WebSecurityCustomConfiguration {
     // CORS configuration
-    // TODO: make sure to only accept our own domains
+
+    @Value("${VITE_APP_URL}")
+    private String frontendUrl;
+
+    /**
+     * Configure the CORS (Cross Origin Ressource Sharing -- a security feature) configuration.
+     * The only allowed website is the frontend, defined in the .env file.
+     *
+     * @return the CORS configuration used by the backend
+     */
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(List.of("*"));
+        configuration.setAllowedOrigins(List.of(frontendUrl));
         configuration.setAllowedMethods(Arrays.asList("GET", "OPTIONS"));
         configuration.setAllowedHeaders(
                 Arrays.asList(
                         "authorization",
                         "content-type",
-                        "x-auth-token")); // Do not remove, this fixes the CORS errors when
+                        "x-auth-token"));
-        // unauthenticated
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
 
         return source;
     }
 
+    /**
+     * Configure the authorisation required for each path.
+     * admin endpoints are under /admin/* and entrepreneur are under /entrepreneur/*
+     * If endpoints dont require authentication, they are under /unauth/
+     *
+     * @param http automatically filled in by spring.
+     * @return a securityfilterchain, automatically used by spring.
+     * @throws Exception TODO: figure out when the exception are raised
+     */
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.authorizeHttpRequests(
                         authorize ->
                                 authorize
-                                        .requestMatchers("/random2")
+                                        .requestMatchers("/entrepreneur/**")
                                         .access(hasRole("REALM_MyINPulse-entrepreneur"))
-                                        .requestMatchers("/random")
+                                        .requestMatchers("/admin/**")
                                         .access(hasRole("REALM_MyINPulse-admin"))
-                                        .requestMatchers("/random3")
+                                        .requestMatchers("/unauth/**")
                                         .permitAll()
                                         .anyRequest()
                                         .authenticated())

MyINPulse-back/src/main/resources/application.properties

@@ -6,4 +6,3 @@ spring.datasource.url=jdbc:postgresql://${DATABASE_URL}/${BACKEND_DB}
 spring.datasource.username=${BACKEND_USER}
 spring.datasource.password=${BACKEND_PASSWORD}
 spring.jpa.hibernate.ddl-auto=update
-spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect

config/dev.docker-compose.yaml

@@ -0,0 +1,52 @@
+services:
+  postgres:
+    env_file: .env
+    build:
+      context: postgres/
+      dockerfile: Dockerfile
+    container_name: MyINPulse-DB
+    ports:
+      - 5433:5432
+    volumes:
+      - ./postgres/data:/var/lib/postgresql/data
+
+
+  keycloak:
+    container_name: MyINPulse-keycloak
+    build:
+      context: ./keycloak
+      dockerfile: Dockerfile
+      args:
+        KC_DB: postgres
+        KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
+        KC_DB_USERNAME: ${POSTGRES_USER}
+        KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+    environment:
+      KC_HOSTNAME_PORT: 7080
+      KC_HOSTNAME_STRICT_BACKCHANNEL: "true"
+      KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
+      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      KC_LOG_LEVEL: info
+    command: ["start-dev", "--http-port", "7080", "--https-port", "7443", "--hostname", "${KEYCLOAK_HOSTNAME}"]
+    ports:
+      - "7080:7080"
+      - "7443:7443"
+    depends_on:
+      - postgres
+
+  #front:
+  #  build:
+  #    context: ./front/
+  #    dockerfile: Dockerfile
+  #  container_name: MyINPulse-front
+  #  ports:
+  #    - "8080:80"
+
+  #back:
+  #  build:
+  #    context: ./MyINPulse-back/
+  #    dockerfile: Dockerfile
+  #  container_name: MyINPulse-back
+  #  ports:
+  #    - "8081:8080"
+  

config/dev.env

@@ -0,0 +1,22 @@
+POSTGRES_DB=postgres_db
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres_db_user_password
+
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=admin
+KEYCLOAK_HOSTNAME=localhost
+KEYCLOAK_DB=keycloak_db
+KEYCLOAK_USER=keycloak_db_user
+KEYCLOAK_PASSWORD=keycloak_db_user_password
+
+BACKEND_DB=backend_db
+BACKEND_USER=backend_db_user
+BACKEND_PASSWORD=backend_db_user_password
+
+DATABASE_URL=localhost:5433
+
+VITE_KEYCLOAK_URL=http://localhost:7080
+VITE_KEYCLOAK_CLIENT_ID=myinpulse-dev
+VITE_KEYCLOAK_REALM=test
+VITE_APP_URL=http://localhost:5173
+VITE_BACKEND_URL=http://localhost:8081/

config/prod.docker-compose.yaml

@@ -30,10 +30,10 @@ services:
       KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
       KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
       KC_LOG_LEVEL: info
-    command: ["start-dev", "--http-port", "7080", "--https-port", "7443", "--hostname", "${KEYCLOAK_HOSTNAME}"]
+    command: ["start-dev", "--http-port", "7080", "--https-port", "7443", "--hostname", "${KEYCLOAK_HOSTNAME}"] # TODO: remove start-dev
-    ports:
+    #ports:
-      - "7080:7080"
+    #  - "7080:7080"
-      - "7443:7443"
+    #  - "7443:7443"
     depends_on:
       - postgres
 
@@ -50,6 +50,6 @@ services:
       context: ./MyINPulse-back/
       dockerfile: Dockerfile
     container_name: MyINPulse-back
-    ports:
+    #ports:
-      - "8081:8080"
+    #  - "8081:8080"