Stabilize Snake

Author: blacelle

authorization/src/main/java/eu/solven/kumite/account/JwtUserContextHolder.java

@@ -26,4 +26,19 @@ public Mono<UUID> authenticatedAccountId() {
 		});
 	}
 
+	@Override
+	public Mono<UUID> authenticatedPlayerId() {
+		return ReactiveSecurityContextHolder.getContext().map(securityContext -> {
+			Authentication authentication = securityContext.getAuthentication();
+
+			if (authentication instanceof JwtAuthenticationToken jwtAuth) {
+				UUID accountId = UUID.fromString(jwtAuth.getToken().getClaimAsString("playerId"));
+
+				return accountId;
+			} else {
+				throw new LoginRouteButNotAuthenticatedException("Expecting a JWT token");
+			}
+		});
+	}
+
 }

authorization/src/main/java/eu/solven/kumite/oauth2/authorizationserver/KumiteTokenService.java

@@ -79,9 +79,6 @@ public String generateAccessToken(UUID accountId,
 			Set<UUID> playerIds,
 			Duration accessTokenValidity,
 			boolean isRefreshToken) {
-		if (!isRefreshToken && playerIds.size() != 1) {
-			throw new IllegalArgumentException("access_token are generated for a specific single playerId");
-		}
 
 		// Generating a Signed JWT
 		// https://auth0.com/blog/rs256-vs-hs256-whats-the-difference/
@@ -105,8 +102,19 @@ public String generateAccessToken(UUID accountId,
 				.issueTime(Date.from(now))
 				.notBeforeTime(Date.from(now))
 				.expirationTime(Date.from(now.plus(accessTokenValidity)))
-				.claim("refresh_token", isRefreshToken)
-				.claim("playerIds", playerIds);
+				.claim("refresh_token", isRefreshToken);
+
+		if (isRefreshToken) {
+			// A refreshToken may be attached to multiple playerIds
+			claimsSetBuilder.claim("playerIds", playerIds);
+		} else {
+			if (playerIds.size() != 1) {
+				throw new IllegalArgumentException("access_token are generated for a specific single playerId");
+			}
+
+			// Access_token are attached to a single playerId
+			claimsSetBuilder.claim("playerId", playerIds.iterator().next());
+		}
 
 		SignedJWT signedJWT = new SignedJWT(headerBuilder.build(), claimsSetBuilder.build());
 

authorization/src/test/java/eu/solven/kumite/oauth2/authorizationserver/TestKumiteTokenService.java

@@ -33,7 +33,7 @@ public class TestKumiteTokenService {
 	Supplier<KumiteTokenService> tokenService = () -> new KumiteTokenService(env, JdkUuidGenerator.INSTANCE);
 
 	@Test
-	public void testJwt_randomSecret() throws JOSEException, ParseException {
+	public void testJwt_refreshToken() throws JOSEException, ParseException {
 		JWK signatureSecret = KumiteTokenService.generateSignatureSecret(JdkUuidGenerator.INSTANCE);
 		env.setProperty(IKumiteOAuth2Constants.KEY_OAUTH2_ISSUER, "https://some.issuer.domain");
 		env.setProperty(IKumiteOAuth2Constants.KEY_JWT_SIGNINGKEY, signatureSecret.toJSONString());
@@ -47,7 +47,7 @@ public void testJwt_randomSecret() throws JOSEException, ParseException {
 				.details(IKumiteTestConstants.userDetails())
 				.build();
 		String accessToken = tokenService.get()
-				.generateAccessToken(user.getAccountId(), Set.of(playerId), Duration.ofMinutes(1), false);
+				.generateAccessToken(user.getAccountId(), Set.of(playerId), Duration.ofMinutes(1), true);
 
 		{
 			JWSVerifier verifier = new MACVerifier((OctetSequenceKey) signatureSecret);
@@ -67,4 +67,40 @@ public void testJwt_randomSecret() throws JOSEException, ParseException {
 		Assertions.assertThat(jwt.getAudience()).containsExactly("Kumite-Server");
 		Assertions.assertThat(jwt.getClaimAsStringList("playerIds")).isEqualTo(List.of(playerId.toString()));
 	}
+
+	@Test
+	public void testJwt_accessToken() throws JOSEException, ParseException {
+		JWK signatureSecret = KumiteTokenService.generateSignatureSecret(JdkUuidGenerator.INSTANCE);
+		env.setProperty(IKumiteOAuth2Constants.KEY_OAUTH2_ISSUER, "https://some.issuer.domain");
+		env.setProperty(IKumiteOAuth2Constants.KEY_JWT_SIGNINGKEY, signatureSecret.toJSONString());
+
+		UUID accountId = UUID.randomUUID();
+		UUID playerId = UUID.randomUUID();
+		KumiteUser user = KumiteUser.builder()
+				.accountId(accountId)
+				.playerId(playerId)
+				.rawRaw(IKumiteTestConstants.userRawRaw())
+				.details(IKumiteTestConstants.userDetails())
+				.build();
+		String accessToken = tokenService.get()
+				.generateAccessToken(user.getAccountId(), Set.of(playerId), Duration.ofMinutes(1), false);
+
+		{
+			JWSVerifier verifier = new MACVerifier((OctetSequenceKey) signatureSecret);
+
+			SignedJWT signedJWT = SignedJWT.parse(accessToken);
+			Assertions.assertThat(signedJWT.verify(verifier)).isTrue();
+		}
+
+		JwtReactiveAuthenticationManager authManager = new JwtReactiveAuthenticationManager(
+				new KumiteResourceServerConfiguration().jwtDecoder(env, JdkUuidGenerator.INSTANCE));
+
+		Authentication auth = authManager.authenticate(new BearerTokenAuthenticationToken(accessToken)).block();
+
+		Assertions.assertThat(auth.getPrincipal()).isOfAnyClassIn(Jwt.class);
+		Jwt jwt = (Jwt) auth.getPrincipal();
+		Assertions.assertThat(jwt.getSubject()).isEqualTo(accountId.toString());
+		Assertions.assertThat(jwt.getAudience()).containsExactly("Kumite-Server");
+		Assertions.assertThat(jwt.getClaimAsString("playerId")).isEqualTo(playerId.toString());
+	}
 }

contest-core/src/main/java/eu/solven/kumite/app/KumiteServerComponentsConfiguration.java

@@ -1,7 +1,10 @@
 package eu.solven.kumite.app;
 
-import java.util.concurrent.Executor;
+import java.util.List;
+import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
 
 import org.greenrobot.eventbus.EventBus;
 import org.greenrobot.eventbus.Logger;
@@ -15,7 +18,9 @@
 import eu.solven.kumite.app.persistence.InMemoryKumiteConfiguration;
 import eu.solven.kumite.board.BoardLifecycleManager;
 import eu.solven.kumite.board.BoardLifecycleManagerHelper;
+import eu.solven.kumite.board.BoardMutator;
 import eu.solven.kumite.board.BoardsRegistry;
+import eu.solven.kumite.board.EnabledPlayers;
 import eu.solven.kumite.board.realtime.RealTimeBoardManager;
 import eu.solven.kumite.contest.ContestsRegistry;
 import eu.solven.kumite.eventbus.ActivityLogger;
@@ -58,32 +63,41 @@
 
 		KumiteAutomatedSpringConfig.class,
 
+		EnabledPlayers.class,
 		BoardLifecycleManagerHelper.class,
 
 })
 @Slf4j
 public class KumiteServerComponentsConfiguration {
 
 	@Bean
-	@Qualifier(IGameMetadataConstants.TAG_TURNBASED)
-	public BoardLifecycleManager tbBoardLifecycleManager(BoardLifecycleManagerHelper helper) {
-		final Executor boardEvolutionExecutor = Executors.newFixedThreadPool(4);
-		boardEvolutionExecutor
-				.execute(() -> log.info("This flags the tbThreadPool threadName={}", Thread.currentThread().getName()));
+	BoardMutator boardMutator(BoardLifecycleManagerHelper helper, EnabledPlayers enabledPlayer) {
+		int nbThreads = 4;
+		List<ExecutorService> boardMutationExecutors = IntStream.range(0, nbThreads).mapToObj(i -> {
+			ExecutorService es = Executors.newSingleThreadExecutor();
+			es.execute(() -> log.info("This flags the boardMutator threadPool #{} threadName={}",
+					i,
+					Thread.currentThread().getName()));
+			return es;
+		}).collect(Collectors.toList());
+
+		return new BoardMutator(helper, enabledPlayer, boardMutationExecutors);
+	}
 
-		return new BoardLifecycleManager(helper, boardEvolutionExecutor);
+	// Should we keep different BoardLifecycleManager? For now, we rely on a single complex RealTimeBoardManager
+	// @Bean
+	@Qualifier(IGameMetadataConstants.TAG_TURNBASED)
+	public BoardLifecycleManager tbBoardLifecycleManager(BoardLifecycleManagerHelper helper,
+			BoardMutator boardMutator) {
+		return new BoardLifecycleManager(helper, boardMutator);
 	}
 
 	// We can have multiple BoardLifecycleManager/boardEvolutionExecutor as long as a given contest is guaranteed to be
 	// processed by a single executor
 	@Bean
 	@Qualifier(IGameMetadataConstants.TAG_REALTIME)
-	public RealTimeBoardManager rtBoardLifecycleManager(BoardLifecycleManagerHelper helper) {
-		final Executor boardEvolutionExecutor = Executors.newFixedThreadPool(4);
-		boardEvolutionExecutor
-				.execute(() -> log.info("This flags the rtThreadPool threadName={}", Thread.currentThread().getName()));
-
-		return new RealTimeBoardManager(helper, boardEvolutionExecutor);
+	public RealTimeBoardManager rtBoardLifecycleManager(BoardLifecycleManagerHelper helper, BoardMutator boardMutator) {
+		return new RealTimeBoardManager(helper, boardMutator);
 	}
 
 	@Bean

contest-core/src/main/java/eu/solven/kumite/board/BoardAndMetadata.java

@@ -0,0 +1,12 @@
+package eu.solven.kumite.board;
+
+import lombok.Builder;
+import lombok.Value;
+
+@Value
+@Builder
+public class BoardAndMetadata implements IHasBoardAndMetadata {
+	IKumiteBoard board;
+	BoardDynamicMetadata metadata;
+
+}

contest-core/src/main/java/eu/solven/kumite/board/BoardHandler.java

@@ -56,18 +56,18 @@ public Mono<ServerResponse> getBoard(ServerRequest request) {
 		Contest contestMetadata = contest.get(0);
 
 		PlayerContestStatus playingPlayer = contestPlayersRegistry.getPlayingPlayer(playerId, contestMetadata);
-		
-		IKumiteBoard board = boardsRegistry.hasBoard(contestId).get();
 
-		ContestView contestView = makeContestView(contestMetadata, playingPlayer, board);
+		IHasBoardAndMetadata boardAndMetadata = boardsRegistry.getBoardAndMetadata(contestId).get();
+
+		ContestView contestView = makeContestView(contestMetadata, playingPlayer, boardAndMetadata);
 		log.debug("Serving board for contestId={}", contestView.getContestId());
 
 		return KumiteHandlerHelper.okAsJson(contestView);
 	}
 
 	private ContestView makeContestView(Contest contestMetadata,
 			PlayerContestStatus playingPlayer,
-			IKumiteBoard board) {
+			IHasBoardAndMetadata boardAndMetadata) {
 		UUID viewPlayerId;
 		if (playingPlayer.isPlayerHasJoined()) {
 			viewPlayerId = playingPlayer.getPlayerId();
@@ -77,11 +77,12 @@ private ContestView makeContestView(Contest contestMetadata,
 			viewPlayerId = KumitePlayer.PREVIEW_PLAYER_ID;
 		}
 
-		IKumiteBoardView boardView = board.asView(viewPlayerId);
+		IKumiteBoardView boardView = boardAndMetadata.getBoard().asView(viewPlayerId);
 
 		ContestDynamicMetadata dynamicMetadata = Contest.snapshot(contestMetadata).getDynamicMetadata();
 		ContestView contestView = ContestView.fromView(boardView)
 				.contestId(contestMetadata.getContestId())
+				.boardStateId(boardAndMetadata.getMetadata().getBoardStateId())
 				.playerStatus(playingPlayer)
 				.dynamicMetadata(dynamicMetadata)