commit a059083612ef00912256854acbedaa84e6114f6a Author: ac-f Date: Mon Nov 14 01:40:14 2022 +0800 add: some auth config diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c2065bc --- /dev/null +++ b/.gitignore @@ -0,0 +1,37 @@ +HELP.md +.gradle +build/ +!gradle/wrapper/gradle-wrapper.jar +!**/src/main/**/build/ +!**/src/test/**/build/ + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache +bin/ +!**/src/main/**/bin/ +!**/src/test/**/bin/ + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr +out/ +!**/src/main/**/out/ +!**/src/test/**/out/ + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ + +### VS Code ### +.vscode/ diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..aa81044 --- /dev/null +++ b/build.gradle @@ -0,0 +1,50 @@ +plugins { + id 'java' + id 'org.springframework.boot' version '2.7.5' + id 'io.spring.dependency-management' version '1.0.15.RELEASE' +} + + + +allprojects{ + apply plugin: 'java' + apply plugin: 'org.springframework.boot' + apply plugin: 'io.spring.dependency-management' + group = 'org.fycd' + version = '0.0.1-SNAPSHOT' + + sourceCompatibility = 17 + targetCompatibility = 17 + repositories { + mavenCentral() + } + configurations { + compileOnly { + extendsFrom annotationProcessor + } + } + dependencies { + implementation 'org.springframework.boot:spring-boot-starter-data-jdbc' + implementation 'org.springframework.boot:spring-boot-starter-jooq' + implementation 'org.springframework.boot:spring-boot-starter-web' + implementation 'org.springframework.boot:spring-boot-starter-security' + implementation 'org.flywaydb:flyway-core' + implementation 'org.flywaydb:flyway-mysql' + compileOnly 'org.projectlombok:lombok' + developmentOnly 'org.springframework.boot:spring-boot-devtools' + runtimeOnly 'com.h2database:h2' + runtimeOnly 'org.mariadb.jdbc:mariadb-java-client' + annotationProcessor 'org.projectlombok:lombok' + testImplementation 'org.springframework.boot:spring-boot-starter-test' + } + + tasks.named('test') { + useJUnitPlatform() + } + +} + +dependencies { + implementation project(':security-core') +} + diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..249e583 Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..ae04661 --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,5 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-7.5.1-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew new file mode 100755 index 0000000..a69d9cb --- /dev/null +++ b/gradlew @@ -0,0 +1,240 @@ +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit + +APP_NAME="Gradle" +APP_BASE_NAME=${0##*/} + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..53a6b23 --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,91 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%"=="" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%"=="" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if %ERRORLEVEL% equ 0 goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if %ERRORLEVEL% equ 0 goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/security-core/build.gradle b/security-core/build.gradle new file mode 100644 index 0000000..8b5f43b --- /dev/null +++ b/security-core/build.gradle @@ -0,0 +1,15 @@ +plugins { + id 'java' +} + + +dependencies { + implementation 'org.jetbrains:annotations:20.1.0' + implementation 'io.jsonwebtoken:jjwt-api:0.11.5' + runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5' + runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5' +} + +test { + useJUnitPlatform() +} \ No newline at end of file diff --git a/security-core/src/main/java/org/fycd/bigdata/config/WebSecurityConfig.java b/security-core/src/main/java/org/fycd/bigdata/config/WebSecurityConfig.java new file mode 100644 index 0000000..2ac23b0 --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/config/WebSecurityConfig.java @@ -0,0 +1,74 @@ +package org.fycd.bigdata.config; + +import lombok.RequiredArgsConstructor; +import org.fycd.bigdata.config.jwt.AuthEntryPointJwt; +import org.fycd.bigdata.config.jwt.AuthTokenFilter; +import org.fycd.bigdata.service.UserDetailsServiceImpl; +import org.springframework.context.annotation.Bean; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.util.StringUtils; + +import javax.servlet.http.HttpServletRequest; + +@EnableWebSecurity +@EnableGlobalMethodSecurity(prePostEnabled = true) +@RequiredArgsConstructor +public class WebSecurityConfig { + + private final UserDetailsServiceImpl userDetailsService; + private final AuthEntryPointJwt authEntryPointJwt; + + @Bean + public AuthTokenFilter authenticationJwtTokenFilter() { + return new AuthTokenFilter(); + } + + @Bean + public DaoAuthenticationProvider authenticationProvider() { + DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); + + authProvider.setUserDetailsService(userDetailsService); + authProvider.setPasswordEncoder(passwordEncoder()); + + return authProvider; + } + + @Bean + public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception { + return authConfig.getAuthenticationManager(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.cors().and().csrf().disable() + .exceptionHandling().authenticationEntryPoint(authEntryPointJwt).and() + .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() + //讓登入登出可以不用驗證 + .authorizeRequests().antMatchers("/api/auth/**").permitAll() + .antMatchers("/api/test/**").permitAll() + .anyRequest().authenticated(); + + http.authenticationProvider(authenticationProvider()); + + http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class); + + return http.build(); + } + + +} diff --git a/security-core/src/main/java/org/fycd/bigdata/config/jwt/AuthEntryPointJwt.java b/security-core/src/main/java/org/fycd/bigdata/config/jwt/AuthEntryPointJwt.java new file mode 100644 index 0000000..8df83d6 --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/config/jwt/AuthEntryPointJwt.java @@ -0,0 +1,36 @@ +package org.fycd.bigdata.config.jwt; + +import com.fasterxml.jackson.databind.ObjectMapper; +import lombok.extern.slf4j.Slf4j; +import org.springframework.http.MediaType; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.stereotype.Component; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +@Component +@Slf4j +public class AuthEntryPointJwt implements AuthenticationEntryPoint { + + @Override + public void commence(HttpServletRequest request, HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) throws IOException, ServletException { + log.error("Unauthorized error: {}", authException.getMessage()); + + response.setContentType(MediaType.APPLICATION_JSON_VALUE); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + + final Map body = new HashMap<>(); + body.put("statusCode", HttpServletResponse.SC_UNAUTHORIZED); + body.put("error", "未授權的請求"); + body.put("message", authException.getMessage()); + body.put("path", request.getServletPath()); + + final ObjectMapper mapper = new ObjectMapper(); + mapper.writeValue(response.getOutputStream(), body); + } +} diff --git a/security-core/src/main/java/org/fycd/bigdata/config/jwt/AuthTokenFilter.java b/security-core/src/main/java/org/fycd/bigdata/config/jwt/AuthTokenFilter.java new file mode 100644 index 0000000..12ad77c --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/config/jwt/AuthTokenFilter.java @@ -0,0 +1,62 @@ +package org.fycd.bigdata.config.jwt; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.fycd.bigdata.service.UserDetailsImpl; +import org.fycd.bigdata.service.UserDetailsServiceImpl; +import org.fycd.bigdata.utils.JwtUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +import org.springframework.util.StringUtils; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@Slf4j +public class AuthTokenFilter extends OncePerRequestFilter { + + @Autowired + private JwtUtils jwtUtils; + @Autowired + private UserDetailsServiceImpl userDetailsService; + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + { + try { + String jwt = parseJwt(request); + if (jwt != null && jwtUtils.validateJwtToken(jwt)) { + String username = jwtUtils.getUserNameFromJwtToken(jwt); + + UserDetails userDetails = userDetailsService.loadUserByUsername(username); + UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, + userDetails.getAuthorities()); + authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); + + SecurityContextHolder.getContext().setAuthentication(authentication); + } + } catch (Exception e) { + log.error("Cannot set user authentication: {}", e.getMessage()); + } + + filterChain.doFilter(request, response); + } + } + + private String parseJwt(HttpServletRequest request) { + String headerAuth = request.getHeader("Authorization"); + + if (StringUtils.hasText(headerAuth) && headerAuth.startsWith("Bearer ")) { + return headerAuth.substring(7, headerAuth.length()); + } + + return null; + } +} diff --git a/security-core/src/main/java/org/fycd/bigdata/controller/AuthController.java b/security-core/src/main/java/org/fycd/bigdata/controller/AuthController.java new file mode 100644 index 0000000..41b55a1 --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/controller/AuthController.java @@ -0,0 +1,14 @@ +package org.fycd.bigdata.controller; + +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequestMapping("/api/auth") +public class AuthController { + @PostMapping("/login") + public String login() { + return "login"; + } +} diff --git a/security-core/src/main/java/org/fycd/bigdata/enums/UserRole.java b/security-core/src/main/java/org/fycd/bigdata/enums/UserRole.java new file mode 100644 index 0000000..1503937 --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/enums/UserRole.java @@ -0,0 +1,7 @@ +package org.fycd.bigdata.enums; + +public enum UserRole { + ROLE_USER, //一般使用者 + ROLE_MASTER, //點傳師 + ROLE_ADMIN //管理員 +} diff --git a/security-core/src/main/java/org/fycd/bigdata/pojo/RefreshTokenSub.java b/security-core/src/main/java/org/fycd/bigdata/pojo/RefreshTokenSub.java new file mode 100644 index 0000000..f3e4cde --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/pojo/RefreshTokenSub.java @@ -0,0 +1,12 @@ +package org.fycd.bigdata.pojo; + +import lombok.Data; +import java.time.LocalDateTime; + +@Data +public class RefreshTokenSub { + private long id; + private UserSub user; + private String token; + private LocalDateTime expiryDate; +} diff --git a/security-core/src/main/java/org/fycd/bigdata/pojo/RoleSub.java b/security-core/src/main/java/org/fycd/bigdata/pojo/RoleSub.java new file mode 100644 index 0000000..40c98ac --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/pojo/RoleSub.java @@ -0,0 +1,13 @@ +package org.fycd.bigdata.pojo; + +import lombok.Data; +import org.fycd.bigdata.enums.UserRole; + +import java.util.HashSet; +import java.util.Set; + +@Data +public class RoleSub { + private Long id; + private UserRole name; +} diff --git a/security-core/src/main/java/org/fycd/bigdata/pojo/UserSub.java b/security-core/src/main/java/org/fycd/bigdata/pojo/UserSub.java new file mode 100644 index 0000000..b35b7b7 --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/pojo/UserSub.java @@ -0,0 +1,14 @@ +package org.fycd.bigdata.pojo; + +import lombok.Data; + +import java.util.HashSet; +import java.util.Set; + +@Data +public class UserSub { + private Long id; + private String username; + private String password; + private Set roles = new HashSet<>(); +} diff --git a/security-core/src/main/java/org/fycd/bigdata/repository/dao/RefreshTokenDaoSub.java b/security-core/src/main/java/org/fycd/bigdata/repository/dao/RefreshTokenDaoSub.java new file mode 100644 index 0000000..b37fbf0 --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/repository/dao/RefreshTokenDaoSub.java @@ -0,0 +1,11 @@ +package org.fycd.bigdata.repository.dao; + +import org.fycd.bigdata.pojo.RefreshTokenSub; +import org.springframework.stereotype.Repository; + +@Repository +public class RefreshTokenDaoSub { + public RefreshTokenSub findByToken(String token) { + return new RefreshTokenSub(); + } +} diff --git a/security-core/src/main/java/org/fycd/bigdata/repository/dao/UserDaoSub.java b/security-core/src/main/java/org/fycd/bigdata/repository/dao/UserDaoSub.java new file mode 100644 index 0000000..34a333c --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/repository/dao/UserDaoSub.java @@ -0,0 +1,13 @@ +package org.fycd.bigdata.repository.dao; + +import org.fycd.bigdata.pojo.UserSub; +import org.springframework.stereotype.Repository; + +import java.util.Optional; + +@Repository +public class UserDaoSub { + public Optional findByUsername (String username) { + return Optional.of(new UserSub()); + } +} diff --git a/security-core/src/main/java/org/fycd/bigdata/service/UserDetailsImpl.java b/security-core/src/main/java/org/fycd/bigdata/service/UserDetailsImpl.java new file mode 100644 index 0000000..d79b318 --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/service/UserDetailsImpl.java @@ -0,0 +1,98 @@ +package org.fycd.bigdata.service; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import org.fycd.bigdata.pojo.UserSub; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; + +import java.util.Collection; +import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; + +public class UserDetailsImpl implements UserDetails { + private Long id; + + private String username; + + private String email; + + @JsonIgnore + private String password; + + private Collection authorities; + + public UserDetailsImpl(Long id, String username, String password, Collection authorities) { + this.id = id; + this.username = username; + this.password = password; + this.authorities = authorities; + } + + public static UserDetailsImpl build(UserSub user) { + List authorities = user.getRoles().stream() + .map(role -> new SimpleGrantedAuthority(role.getName().name())) + .collect(Collectors.toList()); + + return new UserDetailsImpl( + user.getId(), + user.getUsername(), + user.getPassword(), + authorities); + } + + @Override + public Collection getAuthorities() { + return authorities; + } + + public Long getId() { + return id; + } + + public String getEmail() { + return email; + } + + @Override + public String getPassword() { + return password; + } + + @Override + public String getUsername() { + return username; + } + + @Override + public boolean isAccountNonExpired() { + return true; + } + + @Override + public boolean isAccountNonLocked() { + return true; + } + + @Override + public boolean isCredentialsNonExpired() { + return true; + } + + @Override + public boolean isEnabled() { + return true; + } + + @Override + public boolean equals(Object o) { + if (this == o) + return true; + if (o == null || getClass() != o.getClass()) + return false; + UserDetailsImpl user = (UserDetailsImpl) o; + return Objects.equals(id, user.id); + } +} diff --git a/security-core/src/main/java/org/fycd/bigdata/service/UserDetailsServiceImpl.java b/security-core/src/main/java/org/fycd/bigdata/service/UserDetailsServiceImpl.java new file mode 100644 index 0000000..7c8007d --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/service/UserDetailsServiceImpl.java @@ -0,0 +1,26 @@ +package org.fycd.bigdata.service; + +import lombok.RequiredArgsConstructor; +import org.fycd.bigdata.pojo.UserSub; +import org.fycd.bigdata.repository.dao.UserDaoSub; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +@Service +@RequiredArgsConstructor +public class UserDetailsServiceImpl implements UserDetailsService { + private final UserDaoSub userDao; + + @Override + @Transactional + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + UserSub user = userDao.findByUsername(username) + .orElseThrow(() -> new UsernameNotFoundException("找不到該使用者: " + username)); + + return UserDetailsImpl.build(user); + } +} diff --git a/security-core/src/main/java/org/fycd/bigdata/utils/JwtUtils.java b/security-core/src/main/java/org/fycd/bigdata/utils/JwtUtils.java new file mode 100644 index 0000000..48f42c3 --- /dev/null +++ b/security-core/src/main/java/org/fycd/bigdata/utils/JwtUtils.java @@ -0,0 +1,63 @@ +package org.fycd.bigdata.utils; + +import io.jsonwebtoken.*; +import io.jsonwebtoken.security.Keys; +import io.jsonwebtoken.security.SignatureException; +import lombok.extern.slf4j.Slf4j; +import org.fycd.bigdata.service.UserDetailsImpl; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; + +import javax.xml.bind.DatatypeConverter; +import java.util.Date; + +@Component +@Slf4j +public class JwtUtils { + @Value("${app.security.jwtSecret}") + private static String jwtSecret; + + @Value("${app.security.jwtExpirationMs}") + private static int jwtExpirationMs; + + private static final byte[] secretKey = DatatypeConverter.parseBase64Binary(jwtSecret); + + public String generateJwtToken(UserDetailsImpl userPrincipal) { + return generateTokenFromUsername(userPrincipal.getUsername()); + } + + public String generateTokenFromUsername(String username) { + return Jwts.builder().setSubject(username).setIssuedAt(new Date()) + .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs)).signWith(SignatureAlgorithm.HS512, jwtSecret) + .compact(); + } + + public boolean validateJwtToken(String authToken) { + try { + Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(authToken); + return true; + } catch (SignatureException e) { + log.error("Invalid JWT signature: {}", e.getMessage()); + } catch (MalformedJwtException e) { + log.error("Invalid JWT token: {}", e.getMessage()); + } catch (ExpiredJwtException e) { + log.error("JWT token is expired: {}", e.getMessage()); + } catch (UnsupportedJwtException e) { + log.error("JWT token is unsupported: {}", e.getMessage()); + } catch (IllegalArgumentException e) { + log.error("JWT claims string is empty: {}", e.getMessage()); + } + + return false; + } + + public String getUserNameFromJwtToken(String token) { + return Jwts + .parserBuilder() + .setSigningKey(Keys.hmacShaKeyFor(secretKey)) + .build() + .parseClaimsJws(token) + .getBody() + .getSubject(); + } +} diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..11b26fa --- /dev/null +++ b/settings.gradle @@ -0,0 +1,3 @@ +rootProject.name = 'big-data' +include 'security-core' + diff --git a/src/main/java/org/fycd/bigdata/BigDataApplication.java b/src/main/java/org/fycd/bigdata/BigDataApplication.java new file mode 100644 index 0000000..391827d --- /dev/null +++ b/src/main/java/org/fycd/bigdata/BigDataApplication.java @@ -0,0 +1,13 @@ +package org.fycd.bigdata; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication(scanBasePackages = "org.fycd.bigdata") +public class BigDataApplication { + + public static void main(String[] args) { + SpringApplication.run(BigDataApplication.class, args); + } + +} diff --git a/src/main/java/org/fycd/bigdata/Controller.java b/src/main/java/org/fycd/bigdata/Controller.java new file mode 100644 index 0000000..bcf17e5 --- /dev/null +++ b/src/main/java/org/fycd/bigdata/Controller.java @@ -0,0 +1,21 @@ +package org.fycd.bigdata; + +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequestMapping("api") +public class Controller { + + @GetMapping("hello") + public String hello() { + return "Hello World!"; + } + + @GetMapping("hellos") + public String hellos() { + return "Hello World!"; + } +} diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml new file mode 100644 index 0000000..44e95ff --- /dev/null +++ b/src/main/resources/application-dev.yml @@ -0,0 +1,4 @@ +app: + security: + jwtSecret: asdnkqldwk;l!@NLKASd12inkasldlxv.,xcvmkasldkqwe + jwtExpirationMs: 86400000 \ No newline at end of file diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml new file mode 100644 index 0000000..44e95ff --- /dev/null +++ b/src/main/resources/application-prod.yml @@ -0,0 +1,4 @@ +app: + security: + jwtSecret: asdnkqldwk;l!@NLKASd12inkasldlxv.,xcvmkasldkqwe + jwtExpirationMs: 86400000 \ No newline at end of file diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml new file mode 100644 index 0000000..caf4dfc --- /dev/null +++ b/src/main/resources/application.yml @@ -0,0 +1,3 @@ +spring: + profiles: + active: dev \ No newline at end of file diff --git a/src/test/java/org/fycd/bigdata/BigDataApplicationTests.java b/src/test/java/org/fycd/bigdata/BigDataApplicationTests.java new file mode 100644 index 0000000..d8be23b --- /dev/null +++ b/src/test/java/org/fycd/bigdata/BigDataApplicationTests.java @@ -0,0 +1,13 @@ +package org.fycd.bigdata; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class BigDataApplicationTests { + + @Test + void contextLoads() { + } + +}