Streamlines the ongoing Hunt endpoint

Reviewed-on: #5

Dockerfile

@@ -3,7 +3,7 @@ WORKDIR /app
 COPY gradlew .
 COPY gradle/ gradle/
 COPY build.gradle.kts settings.gradle.kts ./
-RUN ./gradlew dependencies --no-daemon
+RUN chmod +x gradlew && ./gradlew dependencies --no-daemon
 COPY src/ src/
 RUN ./gradlew bootJar --no-daemon
 

docker-compose.yml

@@ -1,20 +1,13 @@
-# All services use host networking so inter-service traffic goes over loopback with no bridge overhead.
-# Ports (all bound directly on the host):
-#   API:           8080
-#   MariaDB:       3306
-#   Adminer:       8888
-#   MinIO API:     9000
-#   MinIO Console: 9001
-
 services:
   mariadb:
-    image: mariadb:11
+    image: mariadb
-    network_mode: host
     environment:
-      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
+      MARIADB_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
-      MYSQL_DATABASE: ${DB_NAME}
+      MARIADB_DATABASE: ${DB_NAME}
-      MYSQL_USER: ${DB_USER}
+      MARIADB_USER: ${DB_USER}
-      MYSQL_PASSWORD: ${DB_PASSWORD}
+      MARIADB_PASSWORD: ${DB_PASSWORD}
+    ports:
+      - 3306:3306
     volumes:
       - mariadb_data:/var/lib/mysql
     healthcheck:
@@ -24,55 +17,54 @@ services:
       timeout: 5s
       retries: 5
     restart: unless-stopped
-
   adminer:
     image: adminer
-    network_mode: host
+    ports:
-    command: php -S [::]:8888 -t /var/www/html
+      - 8080:8080
     restart: unless-stopped
-
   minio:
     image: minio/minio
-    network_mode: host
+    command: server /data --console-address ":9001"
-    command: server /data --console-address :9001
     environment:
       MINIO_ROOT_USER: ${MINIO_ACCESS_KEY}
       MINIO_ROOT_PASSWORD: ${MINIO_SECRET_KEY}
+    ports:
+      - 15900:9000 # API
+      - 15901:9001 # Web UI
     volumes:
       - minio_data:/data
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
+      test: ["CMD", "curl", "-f", "http://192.168.187.181:15900/minio/health/live"]
       start_period: 10s
       interval: 10s
       timeout: 5s
       retries: 5
     restart: unless-stopped
-
   api:
-    build: .
+    image: git.halfbinary.net/aarbit/scavengerhunt-api:2
-    network_mode: host
     environment:
-      DB_URL: jdbc:mariadb://localhost:3306/${DB_NAME}
+      DB_URL: jdbc:mariadb://192.168.187.181:3306/${DB_NAME}
       DB_USER: ${DB_USER}
       DB_PASSWORD: ${DB_PASSWORD}
       JWT_SECRET: ${JWT_SECRET}
-      MINIO_ENDPOINT: http://localhost:9000
+      MINIO_ENDPOINT: http://192.168.187.181:15900
       MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
       MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
       MINIO_BUCKET: ${MINIO_BUCKET}
+    ports:
+      - 15808:8080
     depends_on:
       mariadb:
         condition: service_healthy
       minio:
         condition: service_healthy
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8080/actuator/health"]
+      test: ["CMD", "curl", "-f", "http://192.168.187.181:15808/actuator/health"]
       start_period: 30s
       interval: 15s
       timeout: 5s
       retries: 5
     restart: unless-stopped
-
 volumes:
   mariadb_data:
   minio_data:

src/main/kotlin/net/halfbinary/scavengerhuntapi/config/JwtUtil.kt

@@ -27,9 +27,10 @@ class JwtUtil {
     }
 
     // Generate JWT token
-    fun generateToken(email: String): String {
+    fun generateToken(email: String, isAdmin: Boolean): String {
         return Jwts.builder()
             .subject(email)
+            .claim("isAdmin", isAdmin)
             .issuedAt(Date())
             .expiration(Date(System.currentTimeMillis() + jwtExpirationMs))
             .signWith(key)

src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt

@@ -7,7 +7,6 @@ import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
-import org.springframework.security.config.annotation.web.configurers.CorsConfigurer
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
 import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
 import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
@@ -16,6 +15,10 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+import org.springframework.web.cors.CorsConfiguration
+import org.springframework.web.cors.CorsConfigurationSource
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource
+
 
 
 @Configuration
@@ -48,13 +51,25 @@ class SecurityConfig(private val authEntrypointJwt: AuthEntrypointJwt,
         return BCryptPasswordEncoder()
     }
 
+    @Bean
+    fun corsConfigurationSource(): CorsConfigurationSource {
+        val config = CorsConfiguration()
+        config.allowedOriginPatterns = listOf("*")
+        config.allowedMethods = listOf("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
+        config.allowedHeaders = listOf("*")
+        config.allowCredentials = true
+        val source = UrlBasedCorsConfigurationSource()
+        source.registerCorsConfiguration("/**", config)
+        return source
+    }
+
     @Bean
     @Throws(Exception::class)
     fun securityFilterChain(http: HttpSecurity): SecurityFilterChain? {
         // Updated configuration for Spring Security 6.x
         http
-            .csrf { csrf: CsrfConfigurer<HttpSecurity> -> csrf.disable() } // Disable CSRF
+            .csrf { csrf: CsrfConfigurer<HttpSecurity> -> csrf.disable() }
-            .cors { cors: CorsConfigurer<HttpSecurity> -> cors.disable() } // Disable CORS (or configure if needed)
+            .cors { cors -> cors.configurationSource(corsConfigurationSource()) }
             .exceptionHandling { exceptionHandling: ExceptionHandlingConfigurer<HttpSecurity> ->
                 exceptionHandling.authenticationEntryPoint(
                     authEntrypointJwt
@@ -67,7 +82,7 @@ class SecurityConfig(private val authEntrypointJwt: AuthEntrypointJwt,
             }
             .authorizeHttpRequests { authorizeRequests ->
                 authorizeRequests
-                    .requestMatchers("/auth/**", "/signup", "/docs/**")
+                    .requestMatchers("/auth/**", "/signup", "/docs/**", "/actuator/**")
                     .permitAll()
                     .anyRequest().authenticated()
             }

src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/AuthController.kt

@@ -24,9 +24,9 @@ class AuthController(private val loginService: LoginService, private val jwtUtil
     @PostMapping("/login")
     fun login(@Valid @RequestBody body: LoginRequest): ResponseEntity<LoginResponse> {
         val result = loginService.login(body.toDomain())
-        val accessToken = jwtUtils.generateToken(result.email)
+        val accessToken = jwtUtils.generateToken(result.email, result.isAdmin)
         val refreshToken  = refreshTokenService.generateRefreshToken(result.email)
-        val loginResponse = LoginResponse(accessToken, refreshToken)
+        val loginResponse = LoginResponse(accessToken, refreshToken, result.name)
         return ResponseEntity.ok(loginResponse)
     }
 

src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/HunterController.kt

@@ -16,7 +16,6 @@ import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestMapping
-import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
 
 @RestController
@@ -27,13 +26,13 @@ class HunterController(private val hunterService: HunterService,
 
     @GetMapping("/hunt/ongoing")
     @Operation(summary = "Gets list of all currently running Hunts (filtered by the calling hunter)")
-    fun getOngoingHunts(authentication: Authentication, @RequestParam status: HuntStatus?): ResponseEntity<List<HuntResponse>> {
+    fun getOngoingHunts(authentication: Authentication): ResponseEntity<List<HuntResponse>> {
         val email = authentication.name
         val isAdmin = hunterService.getHunterByEmail(email).isAdmin
         return if(isAdmin) {
             ResponseEntity.ok(huntService.getAllHunts(HuntStatus.ONGOING).map { it.toResponse() })
         } else {
-            ResponseEntity.ok(huntService.getHuntsByEmail(email, status).map { it.toResponse() })
+            ResponseEntity.ok(huntService.getHuntsByEmail(email, HuntStatus.ONGOING).map { it.toResponse() })
         }
     }
 

src/main/kotlin/net/halfbinary/scavengerhuntapi/model/response/LoginResponse.kt

@@ -4,5 +4,6 @@ import net.halfbinary.scavengerhuntapi.model.RefreshId
 
 data class LoginResponse(
     val accessToken: String,
-    val refreshToken: RefreshId
+    val refreshToken: RefreshId,
+    val name: String
 )

src/main/kotlin/net/halfbinary/scavengerhuntapi/service/RefreshTokenService.kt

@@ -5,6 +5,7 @@ import net.halfbinary.scavengerhuntapi.error.exception.ExpiredRefreshTokenExcept
 import net.halfbinary.scavengerhuntapi.error.exception.InvalidRefreshTokenException
 import net.halfbinary.scavengerhuntapi.model.RefreshId
 import net.halfbinary.scavengerhuntapi.model.record.RefreshTokenRecord
+import net.halfbinary.scavengerhuntapi.repository.HunterRepository
 import net.halfbinary.scavengerhuntapi.repository.RefreshTokenRepository
 import org.slf4j.LoggerFactory
 import org.springframework.data.repository.findByIdOrNull
@@ -13,7 +14,7 @@ import java.time.LocalDateTime
 import java.time.temporal.ChronoUnit
 
 @Service
-class RefreshTokenService(private val refreshTokenRepository: RefreshTokenRepository, private val jwtUtil: JwtUtil) {
+class RefreshTokenService(private val refreshTokenRepository: RefreshTokenRepository, private val jwtUtil: JwtUtil, private val hunterRepository: HunterRepository) {
 
     companion object {
         private val log = LoggerFactory.getLogger(RefreshTokenService::class.java)
@@ -25,7 +26,8 @@ class RefreshTokenService(private val refreshTokenRepository: RefreshTokenReposi
                 removeToken(tokenId)
                 throw ExpiredRefreshTokenException(tokenId)
             } else {
-                jwtUtil.generateToken(refreshToken.email)
+                val isAdmin = hunterRepository.findByEmail(refreshToken.email)?.isAdmin ?: false
+                jwtUtil.generateToken(refreshToken.email, isAdmin)
             }
         }?: throw InvalidRefreshTokenException(tokenId)
     }