Merge pull request #854 from wultra/develop

Merge develop to master

.github/dependabot.yml

@@ -9,3 +9,8 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in the default location of `.github/workflows`. (You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.)
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/codeql-analysis.yml

@@ -4,9 +4,6 @@ on:
   workflow_dispatch:
   push:
     branches: [ 'develop', 'master', 'releases/**' ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ 'develop', 'master', 'releases/**' ]
   schedule:
     - cron: '19 7 * * 4'
 

.github/workflows/scp-deploy.yml

@@ -7,9 +7,9 @@ jobs:
   scp-deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up JDK 21
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: 21
           distribution: 'temurin'

docs-private/Developer-How-To-Start.md

@@ -21,3 +21,24 @@ Others (like URL, username, password) depend on your environment.
 ```shell
 liquibase --changelog-file=./docs/db/changelog/changesets/powerauth-push-server/db.changelog-module.xml --url=jdbc:postgresql://localhost:5432/powerauth --username=powerauth status
 ``` 
+
+To generate SQL script run following command:
+
+#### PostgreSQL
+
+```shell
+liquibase --changeLogFile=./docs/db/changelog/changesets/powerauth-push-server/db.changelog-module.xml --output-file=./docs/sql/postgresql/migration_1.7.0_1.8.0.sql updateSQL --url=offline:postgresql
+```
+
+#### Oracle
+
+```shell
+liquibase --changeLogFile=./docs/db/changelog/changesets/powerauth-push-server/db.changelog-module.xml --output-file=./docs/sql/oracle/migration_1.7.0_1.8.0.sql updateSQL --url=offline:oracle
+```
+
+
+#### MSSQL
+
+```shell
+liquibase --changeLogFile=./docs/db/changelog/changesets/powerauth-push-server/db.changelog-module.xml --output-file=./docs/sql/mssql/migration_1.7.0_1.8.0.sql updateSQL --url=offline:mssql
+```

docs/Configuration-Properties.md

@@ -14,12 +14,14 @@ The Push Server uses the following public configuration properties:
 
 ##  PowerAuth Service Configuration
 
-| Property | Default | Note |
-|---|---|---|
-| `powerauth.service.url` | `http://localhost:8080/powerauth-java-server/rest` | PowerAuth service REST API base URL | 
-| `powerauth.service.security.clientToken` | `_empty_` | PowerAuth REST API authentication token | 
-| `powerauth.service.security.clientSecret` | `_empty_` | PowerAuth REST API authentication secret / password |
-| `powerauth.service.ssl.acceptInvalidSslCertificate` | `false` | Flag indicating if connections using untrusted TLS certificate should be made to the PowerAuth Service |
+| Property                                             | Default                                            | Note                                                                                                   |
+|------------------------------------------------------|----------------------------------------------------|--------------------------------------------------------------------------------------------------------|
+| `powerauth.service.url`                              | `http://localhost:8080/powerauth-java-server/rest` | PowerAuth service REST API base URL                                                                    |
+| `powerauth.service.restClientConfig.responseTimeout` | `60s`                                              | PowerAuth REST API response timeout.                                                                   |
+| `powerauth.service.restClientConfig.maxIdleTime`     | `200s`                                             | PowerAuth REST API max idle time.                                                                      |
+| `powerauth.service.security.clientToken`             | `_empty_`                                          | PowerAuth REST API authentication token                                                                | 
+| `powerauth.service.security.clientSecret`            | `_empty_`                                          | PowerAuth REST API authentication secret / password                                                    |
+| `powerauth.service.ssl.acceptInvalidSslCertificate`  | `false`                                            | Flag indicating if connections using untrusted TLS certificate should be made to the PowerAuth Service |
 
 ## PowerAuth Push Service Configuration
 
@@ -99,8 +101,10 @@ The Push Server uses the following public configuration properties:
 
 
 ## Monitoring and Observability
+
 | Property                                  | Default | Note                                                                                                                                                                        |
 |-------------------------------------------|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `management.tracing.sampling.probability` | `1.0`   | Specifies the proportion of requests that are sampled for tracing. A value of 1.0 means that 100% of requests are sampled, while a value of 0 effectively disables tracing. |
+
 The WAR file includes the `micrometer-registry-prometheus` dependency.
 Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics).

docs/Deploying-Push-Server.md

@@ -46,14 +46,6 @@ powerauth.service.url=http://localhost:8080/powerauth-java-server/rest
 
 There are several optional configuration options you may want to set up.
 
-### Configuration of Push service URL
-
-Push server contains REST API which needs to be configured in case Push Server runs on non-standard port, non-standard context path or uses HTTPS. You can configure the service URL using following property:
-
-```
-powerauth.push.service.url=http://localhost:8080/powerauth-push-server
-```
-
 ### Enabling Storing of Sent Push Messages
 
 You can enable storing of sent messages in database using following property:

docs/Deploying-Wildfly.md

@@ -6,7 +6,7 @@ Push Server contains the following configuration in `jboss-deployment-structure.
 
 ```xml
 <?xml version="1.0"?>
-<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
+<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.3">
   <deployment>
     <exclude-subsystems>
       <!-- disable the logging subsystem because the application manages its own logging independently -->
@@ -83,15 +83,14 @@ Use the `logback.xml` file to configure logging, for example:
 The `application-ext.properties` file is used to override default configuration properties, for example:
 
 ```
+spring.datasource.jndi-name=java:/jdbc/powerauth
+
 # PowerAuth 2.0 Client configuration
 powerauth.service.url=https://[host]:[port]/powerauth-java-server/rest
 ```
 
-Push Server Spring application uses the `ext` Spring profile which activates overriding of default properties by `application-ext.properties`.
-
-### Bouncy Castle Installation
+Mind that you should specify `spring.datasource.jndi-name` to use the application server datasource (its declaration is out of the scope of this guideline).
+When configure `spring.datasource.url`, the hikari connection pool is used.
+Spring Boot running on WildFly or JBoos initializes [JtaTransactionManager](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/transaction/jta/JtaTransactionManager.html).
 
-The Bouncy Castle module for JBoss / Wildfly needs to be enabled as a global module for Push Server.
-
-Follow the instructions in the [Installing Bouncy Castle](https://github.com/wultra/powerauth-server/blob/develop/docs/Installing-Bouncy-Castle.md) chapter of PowerAuth Server documentation.
-Note that the instructions differ based on Java version and application server type.
+Push Server Spring application uses the `ext` Spring profile which activates overriding of default properties by `application-ext.properties`.

docs/Migration-Instructions.md

@@ -2,6 +2,7 @@
 
 This page contains PowerAuth Push Server migration instructions.
 
+- [PowerAuth Push Server 1.8.0](./PowerAuth-Push-Server-1.8.0.md)
 - [PowerAuth Push Server 1.7.0](./PowerAuth-Push-Server-1.7.0.md)
 - [PowerAuth Push Server 1.6.0](./PowerAuth-Push-Server-1.6.0.md)
 - [PowerAuth Push Server 1.5.0](./PowerAuth-Push-Server-1.5.0.md)

docs/PowerAuth-Push-Server-1.8.0.md

@@ -0,0 +1,16 @@
+# Migration from 1.7.x to 1.8.x
+
+This guide contains instructions for migration from PowerAuth Push Server version `1.7.x` to version `1.8.x`.
+
+
+## Database Changes
+
+For convenience, you can use liquibase for your database migration.
+
+**Important: Upgrading to version 1.8.x includes database column renaming required for the Inbox functionality, resulting in incompatible changes. Therefore, ensure all Push Server nodes are upgraded simultaneously during a scheduled service window.**
+
+If you prefer to make manual DB schema changes, please use the following SQL scripts:
+
+- [PostgreSQL script](./sql/postgresql/migration_1.7.0_1.8.0.sql)
+- [Oracle script](./sql/oracle/migration_1.7.0_1.8.0.sql)
+- [MSSQL script](./sql/mssql/migration_1.7.0_1.8.0.sql)

docs/db/changelog/changesets/powerauth-push-server/1.8.x/20240708-column-renaming-keywords.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd">
+
+    <changeSet id="1" logicalFilePath="powerauth-push-server/1.8.x/20240708-column-renaming-keywords.xml" author="Roman Strobl">
+        <preConditions onFail="MARK_RAN">
+            <and>
+                <tableExists tableName="push_inbox"/>
+                <columnExists tableName="push_inbox" columnName="read"/>
+                <columnExists tableName="push_inbox" columnName="type"/>
+            </and>
+        </preConditions>
+        <comment>Rename columns read to is_read and type to message_type in push_inbox table</comment>
+        <renameColumn tableName="push_inbox" oldColumnName="read" newColumnName="is_read" columnDataType="boolean"/>
+        <renameColumn tableName="push_inbox" oldColumnName="type" newColumnName="message_type" columnDataType="varchar(32)"/>
+    </changeSet>
+
+</databaseChangeLog>

docs/db/changelog/changesets/powerauth-push-server/1.8.x/db.changelog-version.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd">
+
+    <include file="20240708-column-renaming-keywords.xml" relativeToChangelogFile="true" />
+
+</databaseChangeLog>

docs/db/changelog/changesets/powerauth-push-server/db.changelog-module.xml

@@ -10,5 +10,6 @@
     <include file="1.4.x/db.changelog-version.xml" relativeToChangelogFile="true" />
     <include file="1.5.x/db.changelog-version.xml" relativeToChangelogFile="true" />
     <include file="1.7.x/db.changelog-version.xml" relativeToChangelogFile="true" />
+    <include file="1.8.x/db.changelog-version.xml" relativeToChangelogFile="true" />
 
 </databaseChangeLog>