Merge pull request #5 from zerodaycode/develop

Develop to Main

Author: TheRustifyer

.github/workflows/deploy-pre-chatbot.yml

@@ -0,0 +1,46 @@
+name: Handle Deploy Commands in PR Comments
+
+on:
+  issue_comment:
+    types:
+      - created
+
+jobs:
+  handle-slash-command:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Step 1: Check if the command is `/deploy-pre`
+      - name: Check for `/deploy-pre` Command
+        id: check_command
+        uses: peter-evans/slash-command-action@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          command: /deploy-pre
+
+      # Step 2: Extract Branch Reference from PR
+      - name: Get Pull Request Details
+        if: steps.check_command.outputs.command == 'true'
+        id: pr_details
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const pr = context.payload.issue.pull_request;
+            if (!pr) {
+              throw new Error("The /deploy-pre command must be used in a pull request comment.");
+            }
+            return pr.head.ref;
+          result-encoding: string
+
+      # Step 3: Trigger Deploy Workflow for the PR Branch
+      - name: Trigger Deploy Workflow
+        if: steps.check_command.outputs.command == 'true'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.actions.createWorkflowDispatch({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              workflow_id: "deploy-pre.yml", # Replace with your workflow filename
+              ref: "${{ steps.pr_details.outputs.result }}"
+            })

.github/workflows/deploy-pre.yml

@@ -0,0 +1,52 @@
+name: Deploy API Gateway to DigitalOcean (PRE)
+
+on:
+  workflow_dispatch: # Allows manual triggering
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Set up Docker
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build Docker Image
+        run: |
+          docker build -t api-gateway:latest .
+
+      - name: Save Docker Image
+        run: |
+          docker save api-gateway:latest | gzip > api-gateway.tar.gz
+
+      - name: Copy Docker Image and Compose File to Droplet
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USER }}
+          key: ${{ secrets.SSH_KEY }}
+          source: |
+            ./api-gateway.tar.gz
+            ./docker-compose.yml
+          target: /opt/api-gateway/
+
+      - name: Deploy with Docker Compose
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USERNAME }}
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            cd /opt/api-gateway
+
+            # Stop and remove old services
+            docker-compose down || true
+
+            # Load the new Docker image
+            gunzip -c api-gateway.tar.gz | docker load
+
+            # Start the service with the new image
+            docker-compose up -d

docker/Dockerfile

@@ -0,0 +1,27 @@
+# Stage 1: Build the application
+FROM maven:3.9.9-ibm-semeru-23-jammy AS build
+WORKDIR /app
+
+COPY ../mvnw ./
+COPY ../.mvn .mvn
+COPY ../pom.xml ./
+COPY ../src/ ./src
+
+RUN chmod +x mvnw && \
+#    ./mvnw clean install
+    ./mvnw install -DskipTests
+# Package the application (this creates the JAR file)
+RUN mvn clean package -DskipTests
+
+# Stage 2: Run the application
+FROM openjdk:23-jdk-slim
+WORKDIR /app
+
+# Copy the built JAR from the first stage
+COPY --from=build /app/target/summonerssync.apigateway-0.0.1-SNAPSHOT.jar app.jar
+
+# Expose the port the app runs on
+EXPOSE 8080
+
+# Run Spring Boot app
+CMD ["java", "-jar", "app.jar"]

docker/docker-compose.yml

@@ -0,0 +1,14 @@
+services:
+  api-gateway:
+    container_name: api-gateway
+    build:
+      context: ..
+      dockerfile: docker/Dockerfile
+    ports:
+      - "8080:8080"
+    environment:
+      SPRING_DATASOURCE_URL: jdbc:postgresql://database:5432/gatewaydb
+      SPRING_DATASOURCE_USERNAME: admin
+      SPRING_DATASOURCE_PASSWORD: admin
+      SPRING_PROFILES_ACTIVE: dev
+

pom.xml

@@ -47,7 +47,6 @@
 			<groupId>org.springframework.cloud</groupId>
 			<artifactId>spring-cloud-starter-gateway</artifactId>
 		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-devtools</artifactId>
@@ -59,6 +58,25 @@
 			<artifactId>lombok</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>com.auth0</groupId>
+			<artifactId>java-jwt</artifactId>
+			<version>4.4.0</version>
+		</dependency>
+		<!--		<dependency>-->
+		<!--			<groupId>io.jsonwebtoken</groupId>-->
+		<!--			<artifactId>jjwt-api</artifactId>-->
+		<!--			<version>0.11.5</version>-->
+		<!--			<scope>runtime</scope>-->
+		<!--		</dependency>-->
+<!--		<dependency>-->
+<!--			<groupId>io.jsonwebtoken</groupId>-->
+<!--			<artifactId>jjwt-impl</artifactId>-->
+<!--			<version>0.11.5</version>-->
+<!--			<scope>runtime</scope>-->
+<!--		</dependency>-->
+
+		<!-- Testing -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
@@ -74,6 +92,17 @@
 			<artifactId>spring-security-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-contract-wiremock</artifactId>
+			<version>4.1.2</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>jakarta.servlet</groupId>
+			<artifactId>jakarta.servlet-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
 	</dependencies>
 	<dependencyManagement>
 		<dependencies>

…ummonerssync/apigateway/Application.java …/apigateway/SummonersSyncApiGateway.javasrc/main/java/com/zerodaycode/summonerssync/apigateway/Application.java renamed to src/main/java/com/zerodaycode/summonerssync/apigateway/SummonersSyncApiGateway.java src/main/java/com/zerodaycode/summonerssync/apigateway/Application.java renamed to src/main/java/com/zerodaycode/summonerssync/apigateway/SummonersSyncApiGateway.java

@@ -4,10 +4,8 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
 @SpringBootApplication
-public class Application {
-
+public class SummonersSyncApiGateway {
 	public static void main(String[] args) {
-		SpringApplication.run(Application.class, args);
+		SpringApplication.run(SummonersSyncApiGateway.class, args);
 	}
-
 }

src/main/java/com/zerodaycode/summonerssync/apigateway/config/AuthFilter.java

@@ -0,0 +1,49 @@
+//package com.zerodaycode.summonerssync.apigateway.config;
+//
+//import org.springframework.cloud.gateway.filter.GatewayFilter;
+//import org.springframework.cloud.gateway.filter.GatewayFilterChain;
+//import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
+//import org.springframework.context.annotation.Configuration;
+//import org.springframework.http.HttpHeaders;
+//import org.springframework.http.HttpStatus;
+//import org.springframework.http.server.reactive.ServerHttpRequest;
+//import org.springframework.http.server.reactive.ServerHttpResponse;
+//import org.springframework.web.server.ServerWebExchange;
+//import reactor.core.publisher.Mono;
+//
+//@Configuration
+//public class AuthFilter implements GatewayFilter {
+//
+//    @Override
+//    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
+//        ServerHttpRequest request = exchange.getRequest();
+////        if (routerValidator.isSecured.test(request)) {
+////            if (this.isAuthMissing(request))
+////                return this.onError(exchange, "Authorization header is missing in request", HttpStatus.UNAUTHORIZED);
+////            final String token = this.getAuthHeader(request);
+////            if (jwtUtil.isInvalid(token))
+////                return this.onError(exchange, "Authorization header is invalid", HttpStatus.UNAUTHORIZED);
+////            this.populateRequestWithHeaders(exchange, token);
+////        }
+//        return chain.filter(exchange);
+//    }
+//    /*PRIVATE*/
+//    private Mono<Void> onError(ServerWebExchange exchange, String err, HttpStatus httpStatus) {
+//        ServerHttpResponse response = exchange.getResponse();
+//        response.setStatusCode(httpStatus);
+//        return response.setComplete();
+//    }
+//    private String getAuthHeader(ServerHttpRequest request) {
+//        return request.getHeaders().getOrEmpty("Authorization").getFirst();
+//    }
+//    private boolean isAuthMissing(ServerHttpRequest request) {
+//        return !request.getHeaders().containsKey("Authorization");
+//    }
+//    private void populateRequestWithHeaders(ServerWebExchange exchange, String token) {
+//        Claims claims = jwtUtil.getAllClaimsFromToken(token);
+//        exchange.getRequest().mutate()
+//            .header("id", String.valueOf(claims.get("id")))
+//            .header("role", String.valueOf(claims.get("role")))
+//            .build();
+//    }
+//}

src/main/java/com/zerodaycode/summonerssync/apigateway/config/CustomAuthenticationEntryPoint.java

@@ -0,0 +1,46 @@
+package com.zerodaycode.summonerssync.apigateway.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.server.reactive.ServerHttpResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
+
+import java.time.LocalDateTime;
+
+@Configuration
+public class CustomAuthenticationEntryPoint implements ServerAuthenticationEntryPoint {
+
+    @Override
+    public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException exception) {
+        ServerHttpResponse response = exchange.getResponse();
+        response.setStatusCode(HttpStatus.UNAUTHORIZED);
+
+        // Custom JSON error message
+        ErrorResponse errorResponse = new ErrorResponse(
+            HttpStatus.UNAUTHORIZED.value(),
+            "Unauthorized Access",
+            LocalDateTime.now()
+        );
+
+        return response.writeWith(Mono.just(response.bufferFactory().wrap(errorResponse.toJson().getBytes())));
+    }
+}
+
+class ErrorResponse {
+    private final int status;
+    private final String message;
+    private final LocalDateTime timestamp;
+
+    public ErrorResponse(int status, String message, LocalDateTime timestamp) {
+        this.status = status;
+        this.message = message;
+        this.timestamp = timestamp;
+    }
+
+    public String toJson() {
+        return String.format("{\"status\":%d,\"message\":\"%s\",\"timestamp\":\"%s\"}", status, message, timestamp);
+    }
+}

src/main/java/com/zerodaycode/summonerssync/apigateway/config/SecurityConfig.java

@@ -0,0 +1,37 @@
+package com.zerodaycode.summonerssync.apigateway.config;
+
+import com.zerodaycode.summonerssync.apigateway.security.SecurityContextRepository;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+@Configuration
+@EnableWebFluxSecurity
+@EnableReactiveMethodSecurity
+public class SecurityConfig {
+    private final SecurityContextRepository securityContextRepository;
+
+    public SecurityConfig(SecurityContextRepository securityContextRepository) {
+        this.securityContextRepository = securityContextRepository;
+    }
+
+    @Bean
+    SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
+        http.csrf(ServerHttpSecurity.CsrfSpec::disable)
+            .formLogin(ServerHttpSecurity.FormLoginSpec::disable)
+            .httpBasic(ServerHttpSecurity.HttpBasicSpec::disable);
+
+        http.securityContextRepository(securityContextRepository);
+        http.authorizeExchange(authorize -> authorize
+            .pathMatchers("/auth/**")
+                .permitAll()
+            .anyExchange()
+            .authenticated()
+        );
+        http.exceptionHandling(exception -> exception.authenticationEntryPoint(new CustomAuthenticationEntryPoint()));
+        return http.build();
+    }
+}

src/main/java/com/zerodaycode/summonerssync/apigateway/security/AuthenticationManager.java

@@ -0,0 +1,52 @@
+package com.zerodaycode.summonerssync.apigateway.security;
+
+import com.auth0.jwt.interfaces.DecodedJWT;
+import org.springframework.security.authentication.ReactiveAuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.stereotype.Component;
+import reactor.core.publisher.Mono;
+
+import java.util.Collection;
+import java.util.List;
+
+@Component
+public class AuthenticationManager implements ReactiveAuthenticationManager {
+    private final JwtUtil jwtUtil;
+
+    public AuthenticationManager(JwtUtil jwtUtil) {
+        this.jwtUtil = jwtUtil;
+    }
+
+    @Override
+    public Mono<Authentication> authenticate(Authentication authentication) {
+
+        return Mono.just(authentication.getCredentials().toString())
+            .flatMap(this::verifyToken); // we should split this taking the commented code for now
+//            .flatMap(this::getAuthentication);
+    }
+
+//    private Mono<Authentication> getAuthentication(AuthenticationTokenData appUser) {
+//        return Mono.just(
+//            new UsernamePasswordAuthenticationToken(getGrantedAuthorities(), appUser,
+//                null)
+//        );
+//    }
+
+    private Collection<SimpleGrantedAuthority> getGrantedAuthorities() {
+        return List.of(new SimpleGrantedAuthority("ROLE_ADMIN"));
+    }
+
+    private Mono<Authentication> verifyToken(String token) {
+        return jwtUtil.validateToken(token)
+//            .filter(decodedJWT -> decodedJWT.getAudience() != null && !decodedJWT.getAudience().isEmpty())
+            .flatMap(tokenData -> getUser(tokenData, token));
+    }
+
+    private Mono<? extends Authentication> getUser(DecodedJWT tokenData, String token) {
+        var c = new SimpleGrantedAuthority(tokenData.getClaim("role").toString());
+        var a = new UsernamePasswordAuthenticationToken(token, null, List.of(c));
+        return Mono.just(a);
+    }
+}