feat: reworked ProviderConfiguration + audit filter + ParseRequestFilter

- refactored a lot of the provider setup code to be more clear. Since we
  rely on dynamic properties set in GitProxyProperties to enable/disable
  & tweak providers, we need to use BeanFactorys to create those instances.
  I was running into trouble with dependencies between GitProxyProvider,
  ProviderRepository, GitProxyFilter and GitProxyProviderServlet which requires
  pretty exact ordering.
- ProviderRepository is now used for servlet setup. In the future, we will
  further abstract this to allow users to define their own classes. For now,
  it defaults to an InMemoryProviderRepository
- finish implementing GitHubUserAuthenticatedFilter with configuration support
- created a new WhitelistAggregateFilter which will handle individual
  WhitelistByUrlFilter - before, if a single whitelist filter didn't match,
  the entire request would be blocked. This is not desirable so the aggregate
  looks for the result after passing a request through all applicable whitelists
- add new GitRequestDetails which mimicks the original project. For a given
  fetch or push, get some information about it up front and pass that as a request
  attribute for other filters to process and react to.
- add support for an AuditFilter - the default implementation AuditLogFilter
  simply logs out the request object at the end of the filter chain
- a bunch of spotless formatting
- remove old test that no longer compiles or is relevant

Author: coopernetes

src/main/java/org/finos/gitproxy/api/AuthController.java

@@ -1,5 +1,7 @@
 package org.finos.gitproxy.api;
 
+import java.util.Collections;
+import java.util.Map;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.http.MediaType;
@@ -9,9 +11,6 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.Collections;
-import java.util.Map;
-
 /** https://github.com/finos/git-proxy/blob/363f4ae0588c02b32c8bb3d987919bc0b4268d12/src/service/routes/auth.js */
 @RestController
 @RequestMapping(value = "/api/auth", produces = MediaType.APPLICATION_JSON_VALUE)

src/main/java/org/finos/gitproxy/api/ConfigController.java

@@ -1,7 +1,7 @@
 package org.finos.gitproxy.api;
 
-import org.finos.gitproxy.config.LegacyJSONConfiguration;
 import lombok.RequiredArgsConstructor;
+import org.finos.gitproxy.config.LegacyJSONConfiguration;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;

src/main/java/org/finos/gitproxy/api/GenericErrorController.java

@@ -1,14 +1,14 @@
 package org.finos.gitproxy.api;
 
+import static org.finos.gitproxy.servlet.GitProxyProviderServlet.ERROR_ATTRIBUTE;
+
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.web.servlet.error.ErrorController;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import static org.finos.gitproxy.servlet.filter.GitProxyFilter.ERROR_ATTRIBUTE;
-
 @RestController
 @Slf4j
 public class GenericErrorController implements ErrorController {

src/main/java/org/finos/gitproxy/api/PushController.java

@@ -1,12 +1,11 @@
 package org.finos.gitproxy.api;
 
+import java.util.Map;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
-import java.util.Map;
-
 @RestController
 @RequestMapping(value = "/api/v1/push", produces = MediaType.APPLICATION_JSON_VALUE)
 @Slf4j

src/main/java/org/finos/gitproxy/api/RepoController.java

@@ -1,13 +1,12 @@
 package org.finos.gitproxy.api;
 
+import java.util.ArrayList;
+import java.util.Map;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
-import java.util.ArrayList;
-import java.util.Map;
-
 @RestController
 @RequestMapping(value = "/api/v1/repo", produces = MediaType.APPLICATION_JSON_VALUE)
 @Slf4j

src/main/java/org/finos/gitproxy/api/StaticHealthCheck.java

@@ -1,11 +1,10 @@
 package org.finos.gitproxy.api;
 
+import java.util.Map;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.Map;
-
 // TODO: Deprecate and remove. Health checking is provided by actuator
 // for users, use /actuator/health instead
 @RestController

src/main/java/org/finos/gitproxy/api/UserController.java

@@ -1,5 +1,6 @@
 package org.finos.gitproxy.api;
 
+import java.util.ArrayList;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -8,8 +9,6 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.ArrayList;
-
 @RestController
 @RequestMapping(value = "/api/v1/user", produces = MediaType.APPLICATION_JSON_VALUE)
 @Slf4j

src/main/java/org/finos/gitproxy/config/GitProxyProperties.java

@@ -1,21 +1,24 @@
 package org.finos.gitproxy.config;
 
+import java.net.URI;
+import java.util.*;
+
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.finos.gitproxy.git.HttpAuthScheme;
 import org.finos.gitproxy.provider.BitbucketProvider;
 import org.finos.gitproxy.provider.GitHubProvider;
 import org.finos.gitproxy.provider.GitLabProvider;
 import org.finos.gitproxy.servlet.filter.AuthorizedByUrlFilter;
 import org.finos.gitproxy.servlet.filter.FilterProperties;
-import lombok.Getter;
-import lombok.Setter;
-import lombok.ToString;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
+/**
+ * The main configuration properties for the GitProxy application. This class is used to configure the GitProxy
+ * application, including the providers that are enabled, the filters that are applied to the proxy servlets, and the
+ * base path for the proxy servlets.
+ */
 @ConfigurationProperties(value = "git-proxy", ignoreUnknownFields = false)
 @Getter
 @Setter
@@ -29,16 +32,15 @@ public class GitProxyProperties {
      * The base path for the proxy servlets. This is the path that will be used to register the servlets with the
      * servlet container. For each provider, the servlet will be registered at {@code basePath + provider.servletPath}.
      */
-    private String basePath = "/git";
+    private String basePath = "";
 
-    // TODO: Find a way to force properties to be instantiated as a bean but early on in the lifecycle while still
-    // delegating to Spring Boot to bind the properties.
-    // This is an open problem with the use of Environment + Binder in the BeanFactoryPostProcessor where
-    // the properties bean is still not bound at the time the factories execute _if_ no "git-proxy.*" properties are
-    // defined at all. Use of that factory for creating beans dynamically implicitly makes it depend on config
-    // properties
-    // always being set. An ideal solution would be to simple create this instance using this method below if
-    // @ConditionalOnMissingBean were true which is the standard idiom for this sort of thing.
+    //TODO: Find a way to force properties to be instantiated as a bean but early on in the lifecycle while still
+    // delegating to Spring Boot to bind the properties. This is an open problem with the use of Environment + Binder
+    // in the BeanFactoryPostProcessor where the properties bean is still not bound at the time the factories execute
+    // _if_ no "git-proxy.*" properties are defined at all. Use of that factory for creating beans dynamically
+    // implicitly makes it depend on config properties always being set. An ideal solution would be to simple create
+    // this instance using this method below if @ConditionalOnMissingBean were true which is the standard idiom for
+    // this sort of thing.
     // https://www.baeldung.com/spring-properties-beanfactorypostprocessor
     public static GitProxyProperties createDefault() {
         var enabledProvider = new Provider();
@@ -84,20 +86,19 @@ public static class Provider {
     @ToString
     public static class Filters {
         private List<WhitelistFilterProperties> whitelists = new ArrayList<>();
-        private GitHubRequiredAuthenticationFilterProperties githubRequiredAuthentication;
+        private GitHubUserAuthenticatedFilterProperties githubUserAuthenticated;
     }
 
     /**
-     * Properties for the GitHub required authentication filter. This filter is used to require that all requests to
-     * GitHub are authenticated. This filter can be configured to require either a bearer token or a basic
+     * Properties for the GitHub user authentication required filter. This filter is used to require that all requests
+     * to GitHub are authenticated. This filter can be configured to require either a bearer token or a basic
      * authentication header.
      */
     @Getter
     @Setter
     @ToString
-    public static class GitHubRequiredAuthenticationFilterProperties extends FilterProperties {
-        private boolean requireBearer = false;
-        private boolean requireBasic = false;
+    public static class GitHubUserAuthenticatedFilterProperties extends FilterProperties {
+        private Set<HttpAuthScheme> requiredAuthSchemes = Set.of(HttpAuthScheme.BEARER);
     }
 
     @Getter

src/main/java/org/finos/gitproxy/config/LegacyJSONConfiguration.java

@@ -1,10 +1,9 @@
 package org.finos.gitproxy.config;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import lombok.Data;
-
 import java.util.List;
 import java.util.Map;
+import lombok.Data;
 
 /** Legacy configuration to bring users of the old configuration into the new configuration. */
 @JsonIgnoreProperties(ignoreUnknown = true)

src/main/java/org/finos/gitproxy/config/UserConfiguration.java

@@ -1,16 +1,17 @@
 package org.finos.gitproxy.config;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.IOException;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.ApplicationArguments;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.PathResource;
 
-import java.io.IOException;
-
 @Configuration
 @Slf4j
+@EnableConfigurationProperties(GitProxyProperties.class)
 public class UserConfiguration {
 
     // TODO: Remove once migrated over to configuration properties

src/main/java/org/finos/gitproxy/git/Commit.java

@@ -0,0 +1,13 @@
+package org.finos.gitproxy.git;
+
+import lombok.Data;
+
+/** Represents a single commit. */
+@Data
+public class Commit {
+    private String id;
+    private Contributor author;
+    private Contributor committer;
+    private String message;
+    private String date;
+}

src/main/java/org/finos/gitproxy/git/Contributor.java

@@ -0,0 +1,10 @@
+package org.finos.gitproxy.git;
+
+import lombok.Data;
+
+/** A generic class that represents a contributor to a git repository. It can either be an author or a committer. */
+@Data
+public class Contributor {
+    private String name;
+    private String email;
+}

src/main/java/org/finos/gitproxy/git/GitClient.java

@@ -44,12 +44,16 @@ public enum SymbolCodes {
 
         // https://codepoints.net/U+2705
         // https://emojipedia.org/check-mark-button#technical
-        CHECK_MARK("\u2705"),
+        HEAVY_CHECK_MARK("\u2705"),
 
         // https://codepoints.net/U+26A0
         // https://emojipedia.org/warning#technical
         WARNING("\u26A0"),
 
+        // https://codepoints.net/U+274C
+        // https://emojipedia.org/cross-mark#technical
+        CROSS_MARK("\u274C"),
+
         // Created using codepoints & the Character class due to the point values
         // falling outside the Unicode planes' range supported by Java's \\u escape
         // sequence syntax in Strings

src/main/java/org/finos/gitproxy/git/GitRequestDetails.java

@@ -0,0 +1,33 @@
+package org.finos.gitproxy.git;
+
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import lombok.Data;
+import org.finos.gitproxy.provider.GitProxyProvider;
+import org.finos.gitproxy.servlet.filter.GitProxyFilter;
+
+@Data
+public class GitRequestDetails {
+    private UUID id = UUID.randomUUID();
+    private Instant timestamp = Instant.now();
+    private HttpOperation operation;
+    private String owner;
+    private String name;
+    private String slug;
+    private String branch; // null for fetch requests
+    private List<Commit> commits = new ArrayList<>();
+    private GitProxyProvider provider;
+    private List<GitProxyFilter> filters = new ArrayList<>();
+    private GitResult result = GitResult.PENDING;
+    private String reason;
+
+    public enum GitResult {
+        PENDING,
+        ALLOWED,
+        BLOCKED,
+        ACCEPTED, // for async where a push or fetch is accepted but not yet complete
+        ERROR;
+    }
+}

src/main/java/org/finos/gitproxy/git/HttpAuthScheme.java

@@ -1,11 +1,14 @@
 package org.finos.gitproxy.git;
 
+import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 
 @RequiredArgsConstructor
+@Getter
 public enum HttpAuthScheme {
     BASIC("Basic"),
-    BEARER("Bearer");
+    BEARER("Bearer"),
+    TOKEN("token");
 
-    private final String scheme;
+    private final String hedaderValue;
 }

src/main/java/org/finos/gitproxy/git/TemporaryRepositoryResolver.java

@@ -0,0 +1,19 @@
+package org.finos.gitproxy.git;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.eclipse.jgit.errors.RepositoryNotFoundException;
+import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.transport.ServiceMayNotContinueException;
+import org.eclipse.jgit.transport.resolver.RepositoryResolver;
+import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
+import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
+
+public class TemporaryRepositoryResolver implements RepositoryResolver<HttpServletRequest> {
+
+    @Override
+    public Repository open(HttpServletRequest req, String name)
+            throws RepositoryNotFoundException, ServiceNotAuthorizedException, ServiceNotEnabledException,
+                    ServiceMayNotContinueException {
+        return null;
+    }
+}

src/main/java/org/finos/gitproxy/provider/AbstractGitProxyProvider.java

@@ -1,10 +1,9 @@
 package org.finos.gitproxy.provider;
 
+import java.net.URI;
 import lombok.AllArgsConstructor;
 import lombok.RequiredArgsConstructor;
 
-import java.net.URI;
-
 /** An upstream Git server that will be proxied by the application. */
 @RequiredArgsConstructor
 @AllArgsConstructor
@@ -17,9 +16,9 @@ public abstract class AbstractGitProxyProvider implements GitProxyProvider {
 
     /**
      * Returns the path that the servlet will be mapped to. This is based on the host of the target URL or a custom path
-     * if set.
-     *
-     * @return the servlet path to map to
+     * if set along with an optional application-wide base path. To configure a {@link org.finos.gitproxy.servlet.GitProxyProviderServlet}
+     * for proxying, use {@link #servletMapping()} instead.
+     * @return The base path that this provider will be mapped to.
      */
     @Override
     public String servletPath() {
@@ -28,8 +27,7 @@ public String servletPath() {
 
     /**
      * Returns the servlet mapping for the provider. This is used to map the servlet to a specific path in the
-     * application. If the provider has a custom path set, this will be used as the mapping. Otherwise, the host of the
-     * target URL will be used. Since this mapping is always used for setting up underlying proxying servlet, the
+     * application. Since this mapping is always used for setting up underlying proxying servlet, the
      * mapping will always append a wildcard end of the path to ensure that all matching requests are proxied.
      *
      * <p>Matcher functions should use {@link #servletPath()} instead.

src/main/java/org/finos/gitproxy/provider/BitbucketProvider.java

@@ -1,9 +1,8 @@
 package org.finos.gitproxy.provider;
 
-import org.finos.gitproxy.provider.client.BitbucketApi;
 import jakarta.annotation.Nullable;
-
 import java.net.URI;
+import org.finos.gitproxy.provider.client.BitbucketApi;
 
 public class BitbucketProvider extends AbstractGitProxyProvider implements BitbucketApi {
 

src/main/java/org/finos/gitproxy/provider/GitHubProvider.java

@@ -1,10 +1,9 @@
 package org.finos.gitproxy.provider;
 
+import java.net.URI;
 import org.finos.gitproxy.provider.client.GitHubApi;
 import org.finos.gitproxy.provider.client.GitHubClient;
 
-import java.net.URI;
-
 public class GitHubProvider extends AbstractGitProxyProvider implements GitHubApi {
 
     public static final String NAME = "github";