diff --git a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/AuthTokenFilter.kt b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/AuthTokenFilter.kt index ceaa08d..f714cf6 100644 --- a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/AuthTokenFilter.kt +++ b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/AuthTokenFilter.kt @@ -31,7 +31,9 @@ class AuthTokenFilter(private val jwtUtils: JwtUtil, private val hunterDetailsSe userDetails.authorities ) authentication.details = WebAuthenticationDetailsSource().buildDetails(request) - SecurityContextHolder.getContext().authentication = authentication + val context = SecurityContextHolder.createEmptyContext() + context.authentication = authentication + SecurityContextHolder.setContext(context) } } catch (e: Exception) { println("Cannot set user authentication: $e") diff --git a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/JwtUtil.kt b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/JwtUtil.kt index 7657318..3886bd5 100644 --- a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/JwtUtil.kt +++ b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/JwtUtil.kt @@ -7,11 +7,12 @@ import org.springframework.beans.factory.annotation.Value import org.springframework.stereotype.Component import java.util.Date import javax.crypto.SecretKey +import javax.crypto.spec.SecretKeySpec @Component class JwtUtil { @Value($$"${jwt.secret}") - private val jwtSecret: String? = null + private val jwtSecret: String = "" @Value($$"${jwt.expiration}") private val jwtExpirationMs = 0 @@ -22,7 +23,7 @@ class JwtUtil { // preventing the repeated creation of the key and enhancing performance @PostConstruct fun init() { - this.key = Jwts.SIG.HS256.key().build() + this.key = SecretKeySpec(jwtSecret.toByteArray(Charsets.UTF_8), "HmacSHA256") } // Generate JWT token diff --git a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt index 8a590e9..42b70b5 100644 --- a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt +++ b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt @@ -1,5 +1,6 @@ package net.halfbinary.scavengerhuntapi.config +import org.springframework.boot.web.servlet.FilterRegistrationBean import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.security.authentication.AuthenticationManager @@ -27,6 +28,13 @@ class SecurityConfig(private val authEntrypointJwt: AuthEntrypointJwt, return authTokenFilter } + @Bean + fun authTokenFilterRegistration(): FilterRegistrationBean { + val registration = FilterRegistrationBean(authTokenFilter) + registration.isEnabled = false + return registration + } + @Bean @Throws(Exception::class) fun authenticationManager( @@ -59,7 +67,7 @@ class SecurityConfig(private val authEntrypointJwt: AuthEntrypointJwt, } .authorizeHttpRequests { authorizeRequests -> authorizeRequests - .requestMatchers("/auth/**", "/signup") + .requestMatchers("/auth/**", "/signup", "/docs/**") .permitAll() .anyRequest().authenticated() } diff --git a/src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/AuthController.kt b/src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/AuthController.kt index a0d7e6c..92c7cb2 100644 --- a/src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/AuthController.kt +++ b/src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/AuthController.kt @@ -4,10 +4,12 @@ import jakarta.servlet.http.HttpServletResponse import jakarta.validation.Valid import net.halfbinary.scavengerhuntapi.config.JwtUtil import net.halfbinary.scavengerhuntapi.model.converter.toDomain +import net.halfbinary.scavengerhuntapi.model.converter.toRefreshResponse import net.halfbinary.scavengerhuntapi.model.request.LoginRequest import net.halfbinary.scavengerhuntapi.model.request.LogoutRequest import net.halfbinary.scavengerhuntapi.model.request.RefreshRequest import net.halfbinary.scavengerhuntapi.model.response.LoginResponse +import net.halfbinary.scavengerhuntapi.model.response.RefreshResponse import net.halfbinary.scavengerhuntapi.service.LoginService import net.halfbinary.scavengerhuntapi.service.RefreshTokenService import org.springframework.http.ResponseEntity @@ -26,7 +28,6 @@ class AuthController(private val loginService: LoginService, private val jwtUtil @PostMapping("/login") fun login(@Valid @RequestBody body: LoginRequest, response: HttpServletResponse): ResponseEntity { val result = loginService.login(body.toDomain()) - // TODO: Figure out how to use the authorities val hunterAuthorities = if (result.isAdmin) { SimpleGrantedAuthority("ROLE_ADMIN") @@ -41,8 +42,8 @@ class AuthController(private val loginService: LoginService, private val jwtUtil } @PostMapping("/refresh") - fun refresh(@RequestBody body: RefreshRequest): String { - return refreshTokenService.getAccessToken(body.refreshToken) + fun refresh(@RequestBody body: RefreshRequest): ResponseEntity { + return ResponseEntity.ok(refreshTokenService.getAccessToken(body.refreshToken).toRefreshResponse()) } @PostMapping("/logout") diff --git a/src/main/kotlin/net/halfbinary/scavengerhuntapi/model/converter/RefreshConverter.kt b/src/main/kotlin/net/halfbinary/scavengerhuntapi/model/converter/RefreshConverter.kt new file mode 100644 index 0000000..f8bb9fc --- /dev/null +++ b/src/main/kotlin/net/halfbinary/scavengerhuntapi/model/converter/RefreshConverter.kt @@ -0,0 +1,7 @@ +package net.halfbinary.scavengerhuntapi.model.converter + +import net.halfbinary.scavengerhuntapi.model.response.RefreshResponse + +fun String.toRefreshResponse(): RefreshResponse { + return RefreshResponse(this) +} \ No newline at end of file diff --git a/src/main/kotlin/net/halfbinary/scavengerhuntapi/model/response/RefreshResponse.kt b/src/main/kotlin/net/halfbinary/scavengerhuntapi/model/response/RefreshResponse.kt new file mode 100644 index 0000000..8d8a2d2 --- /dev/null +++ b/src/main/kotlin/net/halfbinary/scavengerhuntapi/model/response/RefreshResponse.kt @@ -0,0 +1,5 @@ +package net.halfbinary.scavengerhuntapi.model.response + +data class RefreshResponse( + val accessToken: String +) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 0801a2e..c901910 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -4,10 +4,15 @@ spring.jpa.hibernate.ddl-auto=update spring.jpa.properties.hibernate.type.preferred_uuid_jdbc_type=CHAR -spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver +spring.datasource.driverClassName=org.mariadb.jdbc.Driver spring.datasource.url=${DB_URL} spring.datasource.username=${DB_USER} spring.datasource.password=${DB_PASSWORD} jwt.secret=${JWT_SECRET} -jwt.expiration=30000 \ No newline at end of file +jwt.expiration=300000 + +springdoc.api-docs.enabled=true +springdoc.api-docs.path=/docs/api-docs +springdoc.swagger-ui.enabled=true +springdoc.swagger-ui.path=/docs/swagger-ui.html \ No newline at end of file