MyINPulse/MyINPulse-back/src/main/java/enseirb/myinpulse/service/KeycloakApi.java

package enseirb.myinpulse.service;

import static org.springframework.http.MediaType.APPLICATION_JSON;

import enseirb.myinpulse.exception.UserNotFoundException;
import enseirb.myinpulse.model.RoleRepresentation;
import enseirb.myinpulse.model.UserRepresentation;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.web.client.RestClient;

import java.util.List;

import javax.management.relation.RoleNotFoundException;

public class KeycloakApi {

    protected static final Logger logger = LogManager.getLogger();
    static final String keycloakUrl;
    static final String realmName;

    static {
        if (System.getenv("VITE_KEYCLOAK_URL") == null) {
            System.exit(-1);
        }
        keycloakUrl = System.getenv("VITE_KEYCLOAK_URL");
    }

    static {
        if (System.getenv("VITE_KEYCLOAK_REALM") == null) {
            System.exit(-1);
        }
        realmName = System.getenv("VITE_KEYCLOAK_REALM");
    }

    static String toBearer(String b) {
        return "Bearer " + b;
    }

    /**
     * Uses Keycloak API to retrieve a role representation of a role by its name
     *
     * @param roleName name of the role
     * @param token authorization header used by the client to authenticate to keycloak
     */
    public static RoleRepresentation getRoleRepresentationByName(String roleName, String token)
            throws RoleNotFoundException {
        RoleRepresentation response =
                RestClient.builder()
                        .baseUrl(keycloakUrl)
                        .defaultHeader("Authorization", toBearer(token))
                        .build()
                        .get()
                        .uri("/admin/realms/{realmName}/roles/{roleName}", realmName, roleName)
                        .retrieve()
                        .body(RoleRepresentation.class);
        /*
        {"id":"7a845f2e-c832-4465-8cd8-894d72bc13f1","name":"MyINPulse-entrepreneur","description":"Role for entrepreneur","composite":false,"clientRole":false,"containerId":"0d6f691b-e328-471a-b89e-c30bd7e5b6b0","attributes":{}}
         */
        // TODO: check what happens when role does not exist
        return response;
    }

    /**
     * Use keycloak API to to retreive a userID via his name or email.
     *
     * @param username username or mail of the user
     * @param token bearer of the user, allowing access to database
     * @return the userid, as a String
     * @throws UserNotFoundException
     */
    public static String getUserIdByName(String username, String token)
            throws UserNotFoundException {
        UserRepresentation[] response =
                RestClient.builder()
                        .baseUrl(keycloakUrl)
                        .defaultHeader("Authorization", toBearer(token))
                        .build()
                        .get()
                        .uri(
                                "/admin/realms/{realmName}/users?username={username}",
                                realmName,
                                username)
                        .retrieve()
                        .body(UserRepresentation[].class);

        if (response == null || response.length == 0) {
            throw new UserNotFoundException("User not found");
        }
        return response[0].id;
    }

    /**
     * TODO: check for error
     *
     * <p>Set a keycloak role to a keycloak user.
     *
     * <p>Usual roles should be `MyINPulse-admin` and `MyINPulse-entrepreneur`
     *
     * @param username
     * @param roleName
     * @param token
     * @throws RoleNotFoundException
     * @throws UserNotFoundException
     */
    public static void setRoleToUser(String username, String roleName, String token)
            throws RoleNotFoundException, UserNotFoundException {
        RoleRepresentation roleRepresentation = getRoleRepresentationByName(roleName, token);
        String userId = getUserIdByName(username, token);
        List<RoleRepresentation> rolesToAdd = List.of(roleRepresentation);
        logger.debug("Adding role {} to user {}", roleRepresentation.id, userId);
        RestClient.builder()
                .baseUrl(keycloakUrl)
                .defaultHeader("Authorization", toBearer(token))
                .build()
                .post()
                .uri("/admin/realms/" + realmName + "/users/" + userId + "/role-mappings/realm")
                .body(rolesToAdd)
                .contentType(APPLICATION_JSON)
                .retrieve()
                .toBodilessEntity();
    }

    /**
     * Delete a user from Keycloak database. TODO: check the bearer permission.
     *
     * @param username
     * @param bearer
     * @throws UserNotFoundException
     */
    public static void deleteUser(String username, String bearer) throws UserNotFoundException {
        String userId = getUserIdByName(username, bearer);

        RestClient.builder()
                .baseUrl(keycloakUrl)
                .defaultHeader("Authorization", bearer)
                .build()
                .delete()
                .uri("/admin/realms/${realmName}/users/${userId}", realmName, userId)
                .retrieve();
    }
}