Compare commits
5 Commits
1ed976b039
...
d77f38b405
| Author | SHA1 | Date | |
|---|---|---|---|
|
d77f38b405 | ||
|
|
525f98a054 | ||
|
|
43aadac503 | ||
|
|
07f66f65ed | ||
|
|
6e5651c527 |
16
Makefile
16
Makefile
@ -1,7 +1,10 @@
|
||||
help:
|
||||
@echo "make [clean dev-front prod dev-back]"
|
||||
@echo "make [clean dev-front prod dev-back dev]"
|
||||
|
||||
clean:
|
||||
@cp config/frontdev.env front/MyINPulse-front/.env
|
||||
@cp config/frontdev.env .env
|
||||
@cp config/frontdev.env MyINPulse-back/.env
|
||||
@cp config/prod.docker-compose.yaml docker-compose.yaml
|
||||
@docker compose down
|
||||
@rm -f docker-compose.yaml
|
||||
@ -42,4 +45,13 @@ dev-back:
|
||||
@docker compose up -d --build
|
||||
@echo "cd MyINPulse-back" && echo 'export $$(cat .env | xargs)'
|
||||
@echo "./gradlew bootRun --args='--server.port=8081'"
|
||||
|
||||
|
||||
dev: clean vite
|
||||
@cp config/dev.env front/MyINPulse-front/.env
|
||||
@cp config/dev.env .env
|
||||
@cp config/dev.env MyINPulse-back/.env
|
||||
@cp config/dev.docker-compose.yaml docker-compose.yaml
|
||||
@docker compose up -d --build
|
||||
@echo "cd MyINPulse-back" && echo 'export $$(cat .env | xargs)'
|
||||
@echo "./gradlew bootRun --args='--server.port=8081'"
|
||||
@cd ./front/MyINPulse-front/ && npm run dev &
|
||||
|
||||
@ -1,43 +1,24 @@
|
||||
package enseirb.myinpulse.api;
|
||||
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
|
||||
import java.security.Principal;
|
||||
|
||||
@SpringBootApplication
|
||||
@RestController
|
||||
public class GetUserInfo {
|
||||
// TODO: understand how to get data
|
||||
@GetMapping("/getUserInfo")
|
||||
public Object user(Principal principal) {
|
||||
System.out.println("GetUserInfo + " + principal);
|
||||
System.out.println(SecurityContextHolder.getContext().getAuthentication());
|
||||
return SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||
}
|
||||
|
||||
@CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
|
||||
@GetMapping("/random")
|
||||
@GetMapping("/unauth/random")
|
||||
public boolean rand() {
|
||||
System.err.println("HELLO");
|
||||
return Math.random() > 0.5;
|
||||
}
|
||||
|
||||
@CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
|
||||
@GetMapping("/random2")
|
||||
@GetMapping("/admin/random")
|
||||
public boolean rand2() {
|
||||
System.err.println("HELLO2");
|
||||
return Math.random() > 0.5;
|
||||
}
|
||||
|
||||
@CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
|
||||
@GetMapping("/random3")
|
||||
@GetMapping("/entrepreneur/random")
|
||||
public boolean rand3() {
|
||||
System.err.println("HELLO");
|
||||
return Math.random() > 0.5;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package enseirb.myinpulse.config;
|
||||
|
||||
import enseirb.myinpulse.security.KeycloakJwtRolesConverter;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
@ -14,37 +15,55 @@ import java.util.List;
|
||||
|
||||
import static org.springframework.security.authorization.AuthorityAuthorizationManager.hasRole;
|
||||
|
||||
|
||||
@Configuration
|
||||
public class WebSecurityCustomConfiguration{
|
||||
public class WebSecurityCustomConfiguration {
|
||||
// CORS configuration
|
||||
// TODO: make sure to only accept our own domains
|
||||
|
||||
@Value("${VITE_APP_URL}")
|
||||
private String frontendUrl;
|
||||
|
||||
/**
|
||||
* Configure the CORS (Cross Origin Ressource Sharing -- a security feature) configuration.
|
||||
* The only allowed website is the frontend, defined in the .env file.
|
||||
*
|
||||
* @return the CORS configuration used by the backend
|
||||
*/
|
||||
@Bean
|
||||
public CorsConfigurationSource corsConfigurationSource() {
|
||||
CorsConfiguration configuration = new CorsConfiguration();
|
||||
configuration.setAllowedOrigins(List.of("*"));
|
||||
configuration.setAllowedOrigins(List.of(frontendUrl));
|
||||
configuration.setAllowedMethods(Arrays.asList("GET", "OPTIONS"));
|
||||
configuration.setAllowedHeaders(
|
||||
Arrays.asList(
|
||||
"authorization",
|
||||
"content-type",
|
||||
"x-auth-token")); // Do not remove, this fixes the CORS errors when
|
||||
// unauthenticated
|
||||
"x-auth-token"));
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
source.registerCorsConfiguration("/**", configuration);
|
||||
|
||||
return source;
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure the authorisation required for each path.
|
||||
* admin endpoints are under /admin/* and entrepreneur are under /entrepreneur/*
|
||||
* If endpoints dont require authentication, they are under /unauth/
|
||||
*
|
||||
* @param http automatically filled in by spring.
|
||||
* @return a securityfilterchain, automatically used by spring.
|
||||
* @throws Exception TODO: figure out when the exception are raised
|
||||
*/
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests(
|
||||
authorize ->
|
||||
authorize
|
||||
.requestMatchers("/random2")
|
||||
.requestMatchers("/entrepreneur/**")
|
||||
.access(hasRole("REALM_MyINPulse-entrepreneur"))
|
||||
.requestMatchers("/random")
|
||||
.requestMatchers("/admin/**")
|
||||
.access(hasRole("REALM_MyINPulse-admin"))
|
||||
.requestMatchers("/random3")
|
||||
.requestMatchers("/unauth/**")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated())
|
||||
|
||||
@ -6,4 +6,3 @@ spring.datasource.url=jdbc:postgresql://${DATABASE_URL}/${BACKEND_DB}
|
||||
spring.datasource.username=${BACKEND_USER}
|
||||
spring.datasource.password=${BACKEND_PASSWORD}
|
||||
spring.jpa.hibernate.ddl-auto=update
|
||||
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
|
||||
|
||||
52
config/dev.docker-compose.yaml
Normal file
52
config/dev.docker-compose.yaml
Normal file
@ -0,0 +1,52 @@
|
||||
services:
|
||||
postgres:
|
||||
env_file: .env
|
||||
build:
|
||||
context: postgres/
|
||||
dockerfile: Dockerfile
|
||||
container_name: MyINPulse-DB
|
||||
ports:
|
||||
- 5433:5432
|
||||
volumes:
|
||||
- ./postgres/data:/var/lib/postgresql/data
|
||||
|
||||
|
||||
keycloak:
|
||||
container_name: MyINPulse-keycloak
|
||||
build:
|
||||
context: ./keycloak
|
||||
dockerfile: Dockerfile
|
||||
args:
|
||||
KC_DB: postgres
|
||||
KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
|
||||
KC_DB_USERNAME: ${POSTGRES_USER}
|
||||
KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
environment:
|
||||
KC_HOSTNAME_PORT: 7080
|
||||
KC_HOSTNAME_STRICT_BACKCHANNEL: "true"
|
||||
KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
|
||||
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
|
||||
KC_LOG_LEVEL: info
|
||||
command: ["start-dev", "--http-port", "7080", "--https-port", "7443", "--hostname", "${KEYCLOAK_HOSTNAME}"]
|
||||
ports:
|
||||
- "7080:7080"
|
||||
- "7443:7443"
|
||||
depends_on:
|
||||
- postgres
|
||||
|
||||
#front:
|
||||
# build:
|
||||
# context: ./front/
|
||||
# dockerfile: Dockerfile
|
||||
# container_name: MyINPulse-front
|
||||
# ports:
|
||||
# - "8080:80"
|
||||
|
||||
#back:
|
||||
# build:
|
||||
# context: ./MyINPulse-back/
|
||||
# dockerfile: Dockerfile
|
||||
# container_name: MyINPulse-back
|
||||
# ports:
|
||||
# - "8081:8080"
|
||||
|
||||
22
config/dev.env
Normal file
22
config/dev.env
Normal file
@ -0,0 +1,22 @@
|
||||
POSTGRES_DB=postgres_db
|
||||
POSTGRES_USER=postgres
|
||||
POSTGRES_PASSWORD=postgres_db_user_password
|
||||
|
||||
KEYCLOAK_ADMIN=admin
|
||||
KEYCLOAK_ADMIN_PASSWORD=admin
|
||||
KEYCLOAK_HOSTNAME=localhost
|
||||
KEYCLOAK_DB=keycloak_db
|
||||
KEYCLOAK_USER=keycloak_db_user
|
||||
KEYCLOAK_PASSWORD=keycloak_db_user_password
|
||||
|
||||
BACKEND_DB=backend_db
|
||||
BACKEND_USER=backend_db_user
|
||||
BACKEND_PASSWORD=backend_db_user_password
|
||||
|
||||
DATABASE_URL=localhost:5433
|
||||
|
||||
VITE_KEYCLOAK_URL=http://localhost:7080
|
||||
VITE_KEYCLOAK_CLIENT_ID=myinpulse-dev
|
||||
VITE_KEYCLOAK_REALM=test
|
||||
VITE_APP_URL=http://localhost:5173
|
||||
VITE_BACKEND_URL=http://localhost:8081/
|
||||
@ -30,10 +30,10 @@ services:
|
||||
KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
|
||||
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
|
||||
KC_LOG_LEVEL: info
|
||||
command: ["start-dev", "--http-port", "7080", "--https-port", "7443", "--hostname", "${KEYCLOAK_HOSTNAME}"]
|
||||
ports:
|
||||
- "7080:7080"
|
||||
- "7443:7443"
|
||||
command: ["start-dev", "--http-port", "7080", "--https-port", "7443", "--hostname", "${KEYCLOAK_HOSTNAME}"] # TODO: remove start-dev
|
||||
#ports:
|
||||
# - "7080:7080"
|
||||
# - "7443:7443"
|
||||
depends_on:
|
||||
- postgres
|
||||
|
||||
@ -50,6 +50,6 @@ services:
|
||||
context: ./MyINPulse-back/
|
||||
dockerfile: Dockerfile
|
||||
container_name: MyINPulse-back
|
||||
ports:
|
||||
- "8081:8080"
|
||||
#ports:
|
||||
# - "8081:8080"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user