7 changed files with 39 additions and 124 deletions
--- a/14
+++ b/14
@ -1,10 +1,7 @@
 help:
-	@echo "make [clean dev-front prod dev-back dev]"
+	@echo "make [clean dev-front prod dev-back]"
 clean: 
 	@cp config/frontdev.env front/MyINPulse-front/.env
 	@cp config/frontdev.env .env
 	@cp config/frontdev.env MyINPulse-back/.env
 	@cp config/prod.docker-compose.yaml docker-compose.yaml
 	@docker compose down
 	@rm -f docker-compose.yaml
@ -46,12 +43,3 @@ dev-back:
 	@echo "cd MyINPulse-back" && echo 'export $$(cat .env | xargs)'
 	@echo "./gradlew bootRun --args='--server.port=8081'"
 dev: clean vite
 	@cp config/dev.env front/MyINPulse-front/.env
 	@cp config/dev.env .env
 	@cp config/dev.env MyINPulse-back/.env
 	@cp config/dev.docker-compose.yaml docker-compose.yaml
 	@docker compose up -d --build
 	@echo "cd MyINPulse-back" && echo 'export $$(cat .env | xargs)'
 	@echo "./gradlew bootRun --args='--server.port=8081'"
 	@cd ./front/MyINPulse-front/ && npm run dev &
--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/api/GetUserInfo.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/api/GetUserInfo.java
@ -1,24 +1,43 @@
 package enseirb.myinpulse.api;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import java.security.Principal;
@SpringBootApplication
@RestController
 public class GetUserInfo {
-    @GetMapping("/unauth/random")
+    // TODO: understand how to get data
    @GetMapping("/getUserInfo")
    public Object user(Principal principal) {
        System.out.println("GetUserInfo + " + principal);
        System.out.println(SecurityContextHolder.getContext().getAuthentication());
        return SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    }
    @CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
    @GetMapping("/random")
    public boolean rand() {
        System.err.println("HELLO");
        return Math.random() > 0.5;
    }
-    @GetMapping("/admin/random")
+    @CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
    @GetMapping("/random2")
    public boolean rand2() {
        System.err.println("HELLO2");
        return Math.random() > 0.5;
    }
-    @GetMapping("/entrepreneur/random")
+    @CrossOrigin(methods = {RequestMethod.GET, RequestMethod.OPTIONS})
    @GetMapping("/random3")
    public boolean rand3() {
        System.err.println("HELLO");
        return Math.random() > 0.5;
    }
 }
--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java
@ -1,7 +1,6 @@
 package enseirb.myinpulse.config;
 import enseirb.myinpulse.security.KeycloakJwtRolesConverter;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@ -15,55 +14,37 @@ import java.util.List;
 import static org.springframework.security.authorization.AuthorityAuthorizationManager.hasRole;
@Configuration
 public class WebSecurityCustomConfiguration{
    // CORS configuration
-
+    // TODO: make sure to only accept our own domains
    @Value("${VITE_APP_URL}")
    private String frontendUrl;
    /**
     * Configure the CORS (Cross Origin Ressource Sharing -- a security feature) configuration.
     * The only allowed website is the frontend, defined in the .env file.
     *
     * @return the CORS configuration used by the backend
     */
    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(List.of(frontendUrl));
+        configuration.setAllowedOrigins(List.of("*"));
        configuration.setAllowedMethods(Arrays.asList("GET", "OPTIONS"));
        configuration.setAllowedHeaders(
                Arrays.asList(
                        "authorization",
                        "content-type",
-                        "x-auth-token"));
+                        "x-auth-token")); // Do not remove, this fixes the CORS errors when
        // unauthenticated
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
    /**
     * Configure the authorisation required for each path.
     * admin endpoints are under /admin/* and entrepreneur are under /entrepreneur/*
     * If endpoints dont require authentication, they are under /unauth/
     *
     * @param http automatically filled in by spring.
     * @return a securityfilterchain, automatically used by spring.
     * @throws Exception TODO: figure out when the exception are raised
     */
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(
                        authorize ->
                                authorize
-                                        .requestMatchers("/entrepreneur/**")
+                                        .requestMatchers("/random2")
                                        .access(hasRole("REALM_MyINPulse-entrepreneur"))
-                                        .requestMatchers("/admin/**")
+                                        .requestMatchers("/random")
                                        .access(hasRole("REALM_MyINPulse-admin"))
-                                        .requestMatchers("/unauth/**")
+                                        .requestMatchers("/random3")
                                        .permitAll()
                                        .anyRequest()
                                        .authenticated())
--- a/MyINPulse-back/src/main/resources/application.properties
+++ b/MyINPulse-back/src/main/resources/application.properties
@ -6,3 +6,4 @@ spring.datasource.url=jdbc:postgresql://${DATABASE_URL}/${BACKEND_DB}
 spring.datasource.username=${BACKEND_USER}
 spring.datasource.password=${BACKEND_PASSWORD}
 spring.jpa.hibernate.ddl-auto=update
 spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
--- a/config/dev.docker-compose.yaml
+++ b/config/dev.docker-compose.yaml
@ -1,52 +0,0 @@
 services:
  postgres:
    env_file: .env
    build:
      context: postgres/
      dockerfile: Dockerfile
    container_name: MyINPulse-DB
    ports:
      - 5433:5432
    volumes:
      - ./postgres/data:/var/lib/postgresql/data
  keycloak:
    container_name: MyINPulse-keycloak
    build:
      context: ./keycloak
      dockerfile: Dockerfile
      args:
        KC_DB: postgres
        KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
        KC_DB_USERNAME: ${POSTGRES_USER}
        KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
    environment:
      KC_HOSTNAME_PORT: 7080
      KC_HOSTNAME_STRICT_BACKCHANNEL: "true"
      KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
      KC_LOG_LEVEL: info
    command: ["start-dev", "--http-port", "7080", "--https-port", "7443", "--hostname", "${KEYCLOAK_HOSTNAME}"]
    ports:
      - "7080:7080"
      - "7443:7443"
    depends_on:
      - postgres
  #front:
  #  build:
  #    context: ./front/
  #    dockerfile: Dockerfile
  #  container_name: MyINPulse-front
  #  ports:
  #    - "8080:80"
  #back:
  #  build:
  #    context: ./MyINPulse-back/
  #    dockerfile: Dockerfile
  #  container_name: MyINPulse-back
  #  ports:
  #    - "8081:8080"
--- a/config/dev.env
+++ b/config/dev.env
@ -1,22 +0,0 @@
 POSTGRES_DB=postgres_db
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres_db_user_password
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD=admin
 KEYCLOAK_HOSTNAME=localhost
 KEYCLOAK_DB=keycloak_db
 KEYCLOAK_USER=keycloak_db_user
 KEYCLOAK_PASSWORD=keycloak_db_user_password
 BACKEND_DB=backend_db
 BACKEND_USER=backend_db_user
 BACKEND_PASSWORD=backend_db_user_password
 DATABASE_URL=localhost:5433
 VITE_KEYCLOAK_URL=http://localhost:7080
 VITE_KEYCLOAK_CLIENT_ID=myinpulse-dev
 VITE_KEYCLOAK_REALM=test
 VITE_APP_URL=http://localhost:5173
 VITE_BACKEND_URL=http://localhost:8081/
--- a/config/prod.docker-compose.yaml
+++ b/config/prod.docker-compose.yaml
@ -30,10 +30,10 @@ services:
      KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
      KC_LOG_LEVEL: info
-    command: ["start-dev", "--http-port", "7080", "--https-port", "7443", "--hostname", "${KEYCLOAK_HOSTNAME}"] # TODO: remove start-dev
+    command: ["start-dev", "--http-port", "7080", "--https-port", "7443", "--hostname", "${KEYCLOAK_HOSTNAME}"]
-    #ports:
+    ports:
-    #  - "7080:7080"
+      - "7080:7080"
-    #  - "7443:7443"
+      - "7443:7443"
    depends_on:
      - postgres
@ -50,6 +50,6 @@ services:
      context: ./MyINPulse-back/
      dockerfile: Dockerfile
    container_name: MyINPulse-back
-    #ports:
+    ports:
-    #  - "8081:8080"
+      - "8081:8080"