Add Authorisation and integrate sign up for users

skill-tree /.gitignore

@@ -31,3 +31,4 @@ build/
 
 ### VS Code ###
 .vscode/
+dev.env

skill-tree /pom.xml

@@ -14,7 +14,9 @@
 	<name>skill-tree</name>
 	<description>skill tree project</description>
 	<properties>
+		<start-class>com.RDS.skilltree.SkillTreeApplication</start-class>
 		<java.version>17</java.version>
+		<io.jsonwebtoken.version>0.11.2</io.jsonwebtoken.version>
 	</properties>
 	<dependencies>
 		<dependency>
@@ -56,11 +58,52 @@
 				</exclusion>
 			</exclusions>
 		</dependency>
+
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springdoc</groupId>
+			<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+			<version>2.1.0</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.jetbrains</groupId>
+			<artifactId>annotations</artifactId>
+			<version>17.0.0</version>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>${io.jsonwebtoken.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<version>${io.jsonwebtoken.version}</version>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId>
+			<version>${io.jsonwebtoken.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
+
 	</dependencies>
 
 	<build>

skill-tree /src/main/java/com/RDS/skilltree/Authentication/AuthEntryPoint.java

@@ -0,0 +1,31 @@
+package com.RDS.skilltree.Authentication;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+@Component
+public class AuthEntryPoint implements AuthenticationEntryPoint {
+
+    /**
+     * A description of the entire Java function.
+     *
+     * @param  request				the HttpServletRequest object representing the client's request
+     * @param  response				the HttpServletResponse object representing the server's response
+     * @param  authException		the AuthenticationException object representing the exception that occurred during authentication
+     * @throws IOException			if an I/O error occurs while writing the response
+     * @throws ServletException	if the request could not be handled
+     */
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        PrintWriter writer = response.getWriter();
+        writer.println("Access Denied !! " + authException.getMessage());
+    }
+}

skill-tree /src/main/java/com/RDS/skilltree/Authentication/UserAuthenticationToken.java

@@ -0,0 +1,31 @@
+package com.RDS.skilltree.Authentication;
+
+import com.RDS.skilltree.User.UserModel;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import javax.security.auth.Subject;
+
+public class UserAuthenticationToken extends AbstractAuthenticationToken {
+
+    private final UserModel user;
+
+    public UserAuthenticationToken(UserModel user) {
+        super(null);
+        this.user = user;
+        setAuthenticated(true);
+    }
+
+    @Override
+    public Object getCredentials() {
+        return null;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return user;
+    }
+
+    @Override
+    public boolean implies(Subject subject) {
+        return super.implies(subject);
+    }
+}

skill-tree /src/main/java/com/RDS/skilltree/Config/SecurityConfig.java

@@ -0,0 +1,42 @@
+package com.RDS.skilltree.Config;
+
+import com.RDS.skilltree.Authentication.AuthEntryPoint;
+import com.RDS.skilltree.Filters.JWTAuthenticationFilter;
+import com.RDS.skilltree.User.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@EnableWebSecurity
+@Configuration
+public class SecurityConfig {
+    private final UserService userService;
+    private final AuthEntryPoint authEntryPoint;
+
+    @Autowired
+    public SecurityConfig(UserService userService, AuthEntryPoint authEntryPoint) {
+        this.userService = userService;
+        this.authEntryPoint = authEntryPoint;
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests(auth->auth.requestMatchers("/**").authenticated())
+                .exceptionHandling(ex->ex.authenticationEntryPoint(authEntryPoint))
+                .sessionManagement(session->session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+        http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+        return http.build();
+    }
+
+    @Bean
+    public JWTAuthenticationFilter jwtAuthenticationFilter(){
+        return new JWTAuthenticationFilter(userService);
+    }
+}

skill-tree /src/main/java/com/RDS/skilltree/Filters/JWTAuthenticationFilter.java

@@ -0,0 +1,87 @@
+package com.RDS.skilltree.Filters;
+
+import com.RDS.skilltree.Authentication.UserAuthenticationToken;
+import com.RDS.skilltree.User.*;
+import com.RDS.skilltree.utils.FetchAPI;
+import com.RDS.skilltree.utils.JWTUtils;
+import com.RDS.skilltree.utils.RDSUser.Response;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.concurrent.CompletableFuture;
+
+@Slf4j
+public class JWTAuthenticationFilter extends OncePerRequestFilter {
+
+    @Autowired
+    private JWTUtils jwtUtils;
+
+    @Autowired
+    private FetchAPI fetchAPI;
+
+    private final UserService userService;
+
+    @Autowired
+    private UserRepository userRepository;
+
+    public JWTAuthenticationFilter(UserService userService){
+        this.userService = userService;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+        String token = getJWTFromRequest(request);
+        try {
+            if (StringUtils.hasText(token) && jwtUtils.validateToken(token)) {
+                String rdsUserId = jwtUtils.getRDSUserId(token);
+
+
+                UserModel userModel;
+
+                if (userRepository.existsByRdsUserId(rdsUserId)) {
+                    userModel = userRepository.findByRdsUserId(rdsUserId).get();
+                } else {
+                    CompletableFuture<Response> userResponse = fetchAPI.getRDSUserData(rdsUserId);
+                    CompletableFuture.anyOf(userResponse).join();
+                    Response rdsUserResponse = userResponse.get();
+                    UserDRO userDRO = UserDRO.builder()
+                            .rdsUserId(rdsUserId)
+                            .firstName(rdsUserResponse.getUser().getFirst_name())
+                            .lastName(rdsUserResponse.getUser().getLast_name())
+                            .imageUrl(new URL(rdsUserResponse.getUser().getPicture().getUrl()))
+                            .role(UserRole.USER)
+                            .build();
+                    userModel = UserDRO.toModel(userDRO);
+                    userService.createUser(userDRO);
+                }
+
+                UserAuthenticationToken authentication = new UserAuthenticationToken(userModel);
+                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+        } catch (Exception e) {
+            log.error("Error in fetching the user details, error : {}", e.getMessage(), e);
+            throw new RuntimeException(e);
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    private String getJWTFromRequest(HttpServletRequest request) {
+        String bearerToken = request.getHeader("Authorization");
+        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
+            return bearerToken.substring(7);
+        }
+        return null;
+    }
+}

skill-tree /src/main/java/com/RDS/skilltree/SkillTreeApplication.java

@@ -1,12 +1,27 @@
 package com.RDS.skilltree;
 
+import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
+
 @SpringBootApplication
+@OpenAPIDefinition(
+        info = @Info(
+                title = "Skill Tree",
+                version = "1.0.0",
+                description = "Skill Tree"
+        ),
+        tags = @Tag(
+                name = "Skill Tree",
+                description = "Skill Tree"
+        )
+)
 public class SkillTreeApplication {
 
-	public static void main(String[] args) {
-		SpringApplication.run(SkillTreeApplication.class, args);
-	}
+    public static void main(String[] args) {
+        SpringApplication.run(SkillTreeApplication.class, args);
+    }
 }

skill-tree /src/main/java/com/RDS/skilltree/User/UserRepository.java

@@ -3,8 +3,12 @@
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
+import java.util.Optional;
 import java.util.UUID;
 
 @Repository
 public interface UserRepository extends JpaRepository<UserModel, UUID> {
+    Optional<UserModel> findByRdsUserId(String rdsUserId);
+
+    Boolean existsByRdsUserId(String rdsUserId);
 }

skill-tree /src/main/java/com/RDS/skilltree/utils/FetchAPI.java

@@ -0,0 +1,36 @@
+package com.RDS.skilltree.utils;
+
+import com.RDS.skilltree.utils.RDSUser.Response;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.scheduling.annotation.Async;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+
+import java.util.concurrent.CompletableFuture;
+
+@Component
+@Slf4j
+public class FetchAPI {
+    private final RestTemplate restTemplate;
+
+    public FetchAPI(RestTemplateBuilder restTemplateBuilder){
+        restTemplate = restTemplateBuilder.build();
+    }
+
+    @Async
+    public CompletableFuture<Response> getRDSUserData(String userId) {
+        String url = String.format("https://api.realdevsquad.com/users/userId/%s", userId);
+        try{
+            ResponseEntity<Response> response = restTemplate.getForEntity(url, Response.class);
+            Response result = response.getBody();
+            return CompletableFuture.completedFuture(result);
+        }catch (Exception e){
+            log.error("Error in calling the RDS backend, error : {}", e.getMessage(), e);
+            throw new HttpClientErrorException(HttpStatus.INTERNAL_SERVER_ERROR, e.getMessage());
+        }
+    }
+}