From bfd71f42d47c75e6e92c23d56aaf49b24dd0a4f7 Mon Sep 17 00:00:00 2001 From: "stepan.moc" Date: Thu, 16 May 2024 09:40:27 +0200 Subject: [PATCH 1/4] =?UTF-8?q?feature/vylep=C5=A1en=C3=AD=20pipeliny=20(#?= =?UTF-8?q?92)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * changed build-frontend.yml and build-backend.yml, application-prod.yml, application.yml and deploy-app.yml Co-authored-by: Štěpán Moc --- .github/workflows/build-backend.yml | 45 ++++++++----------- .github/workflows/build-frontend.yml | 11 +++-- .github/workflows/deploy-app.yml | 2 - backend/gradlew | 0 .../base/config/JwtAuthenticationFilter.kt | 4 +- .../backend/auth/base/service/JwtService.kt | 3 +- .../backend/auth/base/service/TokenFilter.kt | 5 ++- .../src/main/resources/application-prod.yml | 2 +- backend/src/main/resources/application.yml | 2 +- .../interceptor/http-error.interceptor.ts | 2 + frontend/src/environments/environment.prod.ts | 2 +- 11 files changed, 37 insertions(+), 41 deletions(-) mode change 100644 => 100755 backend/gradlew diff --git a/.github/workflows/build-backend.yml b/.github/workflows/build-backend.yml index b3fabbf..fb121b1 100644 --- a/.github/workflows/build-backend.yml +++ b/.github/workflows/build-backend.yml @@ -3,9 +3,9 @@ run-name: "Run ${{github.run_id}}, triggered by ${{github.actor}}" on: push: - branches: ["main"] + branches: [ "main" ] pull_request: - branches: ["main"] + branches: [ "main" ] jobs: backend: @@ -16,29 +16,22 @@ jobs: run: working-directory: backend steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4 - - name: Set up JDK 17 for backend - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: temurin + - name: Build and test backend + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '17' + cache: 'gradle' + cache-dependency-path: | + backend/*.gradle* + backend/**/gradle-wrapper.properties + - run: ./gradlew build --no-daemon - - name: setup Gradle - uses: gradle/actions/setup-gradle@v3 - with: - generate-job-summary: true - add-job-summary-as-pr-comment: on-failure - cache-disabled: true - - name: Set execute permissions for backend gradlew - run: chmod +x gradlew - - - name: Build backend and run tests with Gradle Wrapper - run: ./gradlew build - - - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v4.0.1 - with: - token: ${{ secrets.CODECOV_TOKEN }} - flags: backend - file: backend/build/reports/jacoco/test/html/jacocoTestReport.xml + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4.0.1 + with: + token: ${{ secrets.CODECOV_TOKEN }} + flags: backend + file: backend/build/reports/jacoco/test/html/jacocoTestReport.xml diff --git a/.github/workflows/build-frontend.yml b/.github/workflows/build-frontend.yml index 5488e81..b83cf82 100644 --- a/.github/workflows/build-frontend.yml +++ b/.github/workflows/build-frontend.yml @@ -3,9 +3,9 @@ run-name: "Run ${{github.run_id}}, triggered by ${{github.actor}}" on: push: - branches: ["main"] + branches: [ "main" ] pull_request: - branches: ["main"] + branches: [ "main" ] jobs: build: @@ -17,14 +17,13 @@ jobs: working-directory: frontend steps: - uses: actions/checkout@v3 - - name: Use Node.js 20.x + + - name: Install dependencies uses: actions/setup-node@v3 with: - node-version: 20.x + node-version: 20 cache: 'npm' cache-dependency-path: frontend/package-lock.json - - - name: Install dependencies run: npm install - name: Build diff --git a/.github/workflows/deploy-app.yml b/.github/workflows/deploy-app.yml index aa4cb34..5971e72 100644 --- a/.github/workflows/deploy-app.yml +++ b/.github/workflows/deploy-app.yml @@ -15,7 +15,6 @@ jobs: heroku_api_key: ${{secrets.HEROKU_API_KEY}} heroku_app_name: ${{ secrets.HEROKU_BACKEND_NAME }} heroku_email: ${{ secrets.HEROKU_EMAIL }} - healthcheck: false branch: 'main' appdir: 'backend' procfile: 'web: java $JAVA_OPTS -Dserver.port=$PORT -jar build/libs/backend-1.0.0.jar --spring.profiles.active=prod' @@ -30,6 +29,5 @@ jobs: heroku_api_key: ${{secrets.HEROKU_API_KEY}} heroku_app_name: ${{ secrets.HEROKU_FRONTEND_NAME }} heroku_email: ${{ secrets.HEROKU_EMAIL }} - healthcheck: false branch: 'main' appdir: 'frontend' diff --git a/backend/gradlew b/backend/gradlew old mode 100644 new mode 100755 diff --git a/backend/src/main/kotlin/com/tul/backend/auth/base/config/JwtAuthenticationFilter.kt b/backend/src/main/kotlin/com/tul/backend/auth/base/config/JwtAuthenticationFilter.kt index 63af61f..e490c50 100644 --- a/backend/src/main/kotlin/com/tul/backend/auth/base/config/JwtAuthenticationFilter.kt +++ b/backend/src/main/kotlin/com/tul/backend/auth/base/config/JwtAuthenticationFilter.kt @@ -8,7 +8,9 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.context.SecurityContextHolder import org.springframework.stereotype.Component import org.springframework.web.filter.OncePerRequestFilter +import io.github.oshai.kotlinlogging.KotlinLogging +private val log = KotlinLogging.logger {} @Component class JwtAuthenticationFilter( @@ -21,7 +23,7 @@ class JwtAuthenticationFilter( filterChain: FilterChain ) { val validClaims = tokenFilter.validateRequest(request) - + log.error { "Claims: $validClaims" } if (validClaims != null) { val authToken = UsernamePasswordAuthenticationToken(validClaims, null, listOf(validClaims.authUserRole)) SecurityContextHolder.getContext().authentication = authToken diff --git a/backend/src/main/kotlin/com/tul/backend/auth/base/service/JwtService.kt b/backend/src/main/kotlin/com/tul/backend/auth/base/service/JwtService.kt index 8b340a3..e1ff32b 100644 --- a/backend/src/main/kotlin/com/tul/backend/auth/base/service/JwtService.kt +++ b/backend/src/main/kotlin/com/tul/backend/auth/base/service/JwtService.kt @@ -6,7 +6,6 @@ import io.jsonwebtoken.Jwts import io.jsonwebtoken.io.Decoders import io.jsonwebtoken.security.Keys - class JwtService( secret: String ) { @@ -37,4 +36,4 @@ class JwtService( null } } -} \ No newline at end of file +} diff --git a/backend/src/main/kotlin/com/tul/backend/auth/base/service/TokenFilter.kt b/backend/src/main/kotlin/com/tul/backend/auth/base/service/TokenFilter.kt index 05ca900..055dd74 100644 --- a/backend/src/main/kotlin/com/tul/backend/auth/base/service/TokenFilter.kt +++ b/backend/src/main/kotlin/com/tul/backend/auth/base/service/TokenFilter.kt @@ -4,6 +4,9 @@ import com.tul.backend.auth.base.dto.AccessTokenClaims import jakarta.servlet.http.HttpServletRequest import org.springframework.stereotype.Component import org.springframework.web.util.WebUtils +import io.github.oshai.kotlinlogging.KotlinLogging + +private val log = KotlinLogging.logger {} @Component class TokenFilter( @@ -12,7 +15,7 @@ class TokenFilter( fun validateRequest(request: HttpServletRequest): AccessTokenClaims? { val token = WebUtils.getCookie(request, accessTokenService.COOKIE_NAME) - + log.error { "Token: $token" } if (token != null) { return accessTokenService.extractClaims(token.value) } diff --git a/backend/src/main/resources/application-prod.yml b/backend/src/main/resources/application-prod.yml index da7c9d6..df21e9c 100644 --- a/backend/src/main/resources/application-prod.yml +++ b/backend/src/main/resources/application-prod.yml @@ -31,6 +31,6 @@ spring: password: ${SECURITY_PASSWORD} jwt: secure: true - sameSite: "none" + sameSite: "Lax" duration: 86400000 # 1 day secret: ${JWT_SECRET} diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 45cda93..b2a8f32 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -21,6 +21,6 @@ spring: default_schema: public jwt: secure: true - sameSite: "none" + sameSite: "Lax" duration: 86400000 # 1 day secret: "7A25432A462D4A614E645267556B58703272357538782F413F4428472B4B6250" # random string in base64, should be changed in production diff --git a/frontend/src/app/shared/http/interceptor/http-error.interceptor.ts b/frontend/src/app/shared/http/interceptor/http-error.interceptor.ts index c31b9d6..cef371b 100644 --- a/frontend/src/app/shared/http/interceptor/http-error.interceptor.ts +++ b/frontend/src/app/shared/http/interceptor/http-error.interceptor.ts @@ -3,6 +3,7 @@ import {inject, Injectable} from "@angular/core"; import {catchError, Observable, throwError} from "rxjs"; import {NotificationService} from "../../notification/service/notification.service"; import {Router} from "@angular/router"; +import {AuthService} from "../../../auth/service/auth.service"; @Injectable() export class HttpErrorInterceptor implements HttpInterceptor { @@ -14,6 +15,7 @@ export class HttpErrorInterceptor implements HttpInterceptor { catchError((error: HttpErrorResponse) => { if (error.status == 401) { this.notificationService.errorNotification("You do not have access to this feature, please login") + sessionStorage.removeItem('auth') this.router.navigate(['/signIn']) } return throwError(error) diff --git a/frontend/src/environments/environment.prod.ts b/frontend/src/environments/environment.prod.ts index c6774a6..c84b8a0 100644 --- a/frontend/src/environments/environment.prod.ts +++ b/frontend/src/environments/environment.prod.ts @@ -1,5 +1,5 @@ export const environment = { - baseUrl: 'https://moc-backend-weather-app-d8c5764193db.herokuapp.com/', + baseUrl: 'http://www.weather-app-backend.moc-backend.cz/', production: true, version: '1.0.0' }; From 34b8f1775b6de9f5ce0914d39b43d47d1299134b Mon Sep 17 00:00:00 2001 From: "stepan.moc" Date: Thu, 16 May 2024 09:48:10 +0200 Subject: [PATCH 2/4] repairs for build-frontend.yml (#94) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * changed node-version in build-frontend.yml Co-authored-by: Štěpán Moc --- .github/workflows/build-frontend.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-frontend.yml b/.github/workflows/build-frontend.yml index b83cf82..bbf29de 100644 --- a/.github/workflows/build-frontend.yml +++ b/.github/workflows/build-frontend.yml @@ -8,7 +8,7 @@ on: branches: [ "main" ] jobs: - build: + frontend: runs-on: ubuntu-latest permissions: contents: read @@ -21,9 +21,11 @@ jobs: - name: Install dependencies uses: actions/setup-node@v3 with: - node-version: 20 + node-version: 20.0.0 cache: 'npm' cache-dependency-path: frontend/package-lock.json + + - name: Install dependencies run: npm install - name: Build From 18872c8321208db8310a74accd0a6f5b1ba48ef4 Mon Sep 17 00:00:00 2001 From: "stepan.moc" Date: Thu, 16 May 2024 10:39:39 +0200 Subject: [PATCH 3/4] changed baseUrl for environment.prod.ts (#96) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Štěpán Moc --- frontend/src/environments/environment.prod.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/environments/environment.prod.ts b/frontend/src/environments/environment.prod.ts index c84b8a0..112157a 100644 --- a/frontend/src/environments/environment.prod.ts +++ b/frontend/src/environments/environment.prod.ts @@ -1,5 +1,5 @@ export const environment = { - baseUrl: 'http://www.weather-app-backend.moc-backend.cz/', + baseUrl: 'https://www.weather-app-backend.moc-backend.cz/', production: true, version: '1.0.0' }; From 77d799c3e27df3743a8894287b00293c1df543d5 Mon Sep 17 00:00:00 2001 From: "stepan.moc" Date: Thu, 16 May 2024 11:19:41 +0200 Subject: [PATCH 4/4] formatting (#98) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * changed cookies setting --------- Co-authored-by: Štěpán Moc --- .../auth/base/config/JwtAuthenticationFilter.kt | 5 +---- .../auth/base/config/SecurityConfiguration.kt | 5 ++++- .../com/tul/backend/auth/base/service/TokenFilter.kt | 5 +---- backend/src/main/resources/application-prod.yml | 1 + backend/src/main/resources/application.yml | 1 + .../auth/base/config/SecurityConfigurationTests.kt | 12 +++++++----- 6 files changed, 15 insertions(+), 14 deletions(-) diff --git a/backend/src/main/kotlin/com/tul/backend/auth/base/config/JwtAuthenticationFilter.kt b/backend/src/main/kotlin/com/tul/backend/auth/base/config/JwtAuthenticationFilter.kt index e490c50..981e882 100644 --- a/backend/src/main/kotlin/com/tul/backend/auth/base/config/JwtAuthenticationFilter.kt +++ b/backend/src/main/kotlin/com/tul/backend/auth/base/config/JwtAuthenticationFilter.kt @@ -8,9 +8,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.context.SecurityContextHolder import org.springframework.stereotype.Component import org.springframework.web.filter.OncePerRequestFilter -import io.github.oshai.kotlinlogging.KotlinLogging - -private val log = KotlinLogging.logger {} @Component class JwtAuthenticationFilter( @@ -23,7 +20,7 @@ class JwtAuthenticationFilter( filterChain: FilterChain ) { val validClaims = tokenFilter.validateRequest(request) - log.error { "Claims: $validClaims" } + if (validClaims != null) { val authToken = UsernamePasswordAuthenticationToken(validClaims, null, listOf(validClaims.authUserRole)) SecurityContextHolder.getContext().authentication = authToken diff --git a/backend/src/main/kotlin/com/tul/backend/auth/base/config/SecurityConfiguration.kt b/backend/src/main/kotlin/com/tul/backend/auth/base/config/SecurityConfiguration.kt index 227a982..4ceb4c1 100644 --- a/backend/src/main/kotlin/com/tul/backend/auth/base/config/SecurityConfiguration.kt +++ b/backend/src/main/kotlin/com/tul/backend/auth/base/config/SecurityConfiguration.kt @@ -5,6 +5,7 @@ import com.tul.backend.auth.base.dto.ErrorDTO import com.tul.backend.auth.base.valueobject.AuthUserRole import jakarta.servlet.http.HttpServletRequest import jakarta.servlet.http.HttpServletResponse +import org.springframework.beans.factory.annotation.Value import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.http.MediaType @@ -25,7 +26,8 @@ import org.springframework.web.cors.CorsConfigurationSource @EnableMethodSecurity class SecurityConfiguration( private val objectMapper: ObjectMapper, - private val jwtAuthenticationFilter: JwtAuthenticationFilter + private val jwtAuthenticationFilter: JwtAuthenticationFilter, + @Value("\${spring.jwt.frontendUrl}") private val frontendUrl: String ) { private val userUnsecuredEndpoints = @@ -76,6 +78,7 @@ class SecurityConfiguration( allowedHeaders = listOf("*") exposedHeaders = listOf("Content-Disposition") allowedOriginPatterns = listOf("*") + allowedOrigins = listOf(frontendUrl) allowCredentials = true } } diff --git a/backend/src/main/kotlin/com/tul/backend/auth/base/service/TokenFilter.kt b/backend/src/main/kotlin/com/tul/backend/auth/base/service/TokenFilter.kt index 055dd74..05ca900 100644 --- a/backend/src/main/kotlin/com/tul/backend/auth/base/service/TokenFilter.kt +++ b/backend/src/main/kotlin/com/tul/backend/auth/base/service/TokenFilter.kt @@ -4,9 +4,6 @@ import com.tul.backend.auth.base.dto.AccessTokenClaims import jakarta.servlet.http.HttpServletRequest import org.springframework.stereotype.Component import org.springframework.web.util.WebUtils -import io.github.oshai.kotlinlogging.KotlinLogging - -private val log = KotlinLogging.logger {} @Component class TokenFilter( @@ -15,7 +12,7 @@ class TokenFilter( fun validateRequest(request: HttpServletRequest): AccessTokenClaims? { val token = WebUtils.getCookie(request, accessTokenService.COOKIE_NAME) - log.error { "Token: $token" } + if (token != null) { return accessTokenService.extractClaims(token.value) } diff --git a/backend/src/main/resources/application-prod.yml b/backend/src/main/resources/application-prod.yml index df21e9c..085cc71 100644 --- a/backend/src/main/resources/application-prod.yml +++ b/backend/src/main/resources/application-prod.yml @@ -34,3 +34,4 @@ spring: sameSite: "Lax" duration: 86400000 # 1 day secret: ${JWT_SECRET} + frontendUrl: ${FRONTEND_URL} diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index b2a8f32..9175a55 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -24,3 +24,4 @@ spring: sameSite: "Lax" duration: 86400000 # 1 day secret: "7A25432A462D4A614E645267556B58703272357538782F413F4428472B4B6250" # random string in base64, should be changed in production + frontendUrl: "http://localhost:4200" diff --git a/backend/src/test/kotlin/com/tul/backend/auth/base/config/SecurityConfigurationTests.kt b/backend/src/test/kotlin/com/tul/backend/auth/base/config/SecurityConfigurationTests.kt index 6c0c05c..99a9f6b 100644 --- a/backend/src/test/kotlin/com/tul/backend/auth/base/config/SecurityConfigurationTests.kt +++ b/backend/src/test/kotlin/com/tul/backend/auth/base/config/SecurityConfigurationTests.kt @@ -26,8 +26,9 @@ class SecurityConfigurationTests : FeatureSpec({ val jwtAuthenticationFilter = mockk() val securityConfiguration = SecurityConfiguration( - objectMapper, - jwtAuthenticationFilter + objectMapper, + jwtAuthenticationFilter, + "http://localhost:4200" ) val httpSecurity = mockk() @@ -50,8 +51,9 @@ class SecurityConfigurationTests : FeatureSpec({ val jwtAuthenticationFilter = mockk() val securityConfiguration = SecurityConfiguration( - objectMapper, - jwtAuthenticationFilter + objectMapper, + jwtAuthenticationFilter, + "http://localhost:4200" ) val errorDTO = ErrorDTO("Unauthorized") @@ -76,4 +78,4 @@ class SecurityConfigurationTests : FeatureSpec({ response.status shouldBe HttpServletResponse.SC_UNAUTHORIZED } } -}) \ No newline at end of file +})