chore: Code-split OAuth2 client repository (#27517)

2023-09-29 13:00:52 +05:30 · 2023-09-29 13:00:52 +05:30 · 0febbf5e4f
commit 0febbf5e4f
parent e1e45a32b5
9 changed files with 94 additions and 13 deletions
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/CustomServerOAuth2AuthorizationRequestResolver.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/CustomServerOAuth2AuthorizationRequestResolver.java
@ -1,6 +1,7 @@
 package com.appsmith.server.authentication.handlers;

 import com.appsmith.server.authentication.handlers.ce.CustomServerOAuth2AuthorizationRequestResolverCE;
+import com.appsmith.server.authentication.oauth2clientrepositories.CustomOauth2ClientRepositoryManager;
 import com.appsmith.server.configurations.CommonConfig;
 import com.appsmith.server.helpers.RedirectHelper;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@ -29,12 +30,14 @@ public class CustomServerOAuth2AuthorizationRequestResolver extends CustomServer
    public CustomServerOAuth2AuthorizationRequestResolver(
            ReactiveClientRegistrationRepository clientRegistrationRepository,
            CommonConfig commonConfig,
-            RedirectHelper redirectHelper) {
+            RedirectHelper redirectHelper,
+            CustomOauth2ClientRepositoryManager oauth2ClientManager) {
        this(
                clientRegistrationRepository,
                new PathPatternParserServerWebExchangeMatcher(DEFAULT_AUTHORIZATION_REQUEST_PATTERN),
                commonConfig,
-                redirectHelper);
+                redirectHelper,
+                oauth2ClientManager);
    }

    /**
@ -49,8 +52,14 @@ public class CustomServerOAuth2AuthorizationRequestResolver extends CustomServer
            ReactiveClientRegistrationRepository clientRegistrationRepository,
            ServerWebExchangeMatcher authorizationRequestMatcher,
            CommonConfig commonConfig,
-            RedirectHelper redirectHelper) {
-        super(clientRegistrationRepository, authorizationRequestMatcher, commonConfig, redirectHelper);
+            RedirectHelper redirectHelper,
+            CustomOauth2ClientRepositoryManager oauth2ClientManager) {
+        super(
+                clientRegistrationRepository,
+                authorizationRequestMatcher,
+                commonConfig,
+                redirectHelper,
+                oauth2ClientManager);
        this.redirectHelper = redirectHelper;
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null");
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/ce/CustomServerOAuth2AuthorizationRequestResolverCE.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/ce/CustomServerOAuth2AuthorizationRequestResolverCE.java
@ -1,5 +1,7 @@
 package com.appsmith.server.authentication.handlers.ce;

+import com.appsmith.server.authentication.oauth2clientrepositories.BaseClientRegistrationRepository;
+import com.appsmith.server.authentication.oauth2clientrepositories.CustomOauth2ClientRepositoryManager;
 import com.appsmith.server.configurations.CommonConfig;
 import com.appsmith.server.constants.Security;
 import com.appsmith.server.exceptions.AppsmithError;
@ -77,22 +79,27 @@ public class CustomServerOAuth2AuthorizationRequestResolverCE implements ServerO

    private final RedirectHelper redirectHelper;

+    private final CustomOauth2ClientRepositoryManager ouath2ClientManager;
+
    /**
     * Creates a new instance
     *
-     * @param clientRegistrationRepository the repository to resolve the {@link ClientRegistration}
+     * @param clientRegistrationRepository  the repository to resolve the {@link ClientRegistration}
     * @param commonConfig
     * @param redirectHelper
+     * @param oauth2ClientManager           Client repository manager to get client repository based on registration id
     */
    public CustomServerOAuth2AuthorizationRequestResolverCE(
            ReactiveClientRegistrationRepository clientRegistrationRepository,
            CommonConfig commonConfig,
-            RedirectHelper redirectHelper) {
+            RedirectHelper redirectHelper,
+            CustomOauth2ClientRepositoryManager oauth2ClientManager) {
        this(
                clientRegistrationRepository,
                new PathPatternParserServerWebExchangeMatcher(DEFAULT_AUTHORIZATION_REQUEST_PATTERN),
                commonConfig,
-                redirectHelper);
+                redirectHelper,
+                oauth2ClientManager);
    }

    /**
@ -102,13 +109,16 @@ public class CustomServerOAuth2AuthorizationRequestResolverCE implements ServerO
     * @param authorizationRequestMatcher  the matcher that determines if the request is a match and extracts the
     *                                     {@link #DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME} from the path variables.
     * @param redirectHelper
+     * @param ouath2ClientManager          Client repository manager to get client repository based on registration id
     */
    public CustomServerOAuth2AuthorizationRequestResolverCE(
            ReactiveClientRegistrationRepository clientRegistrationRepository,
            ServerWebExchangeMatcher authorizationRequestMatcher,
            CommonConfig commonConfig,
-            RedirectHelper redirectHelper) {
+            RedirectHelper redirectHelper,
+            CustomOauth2ClientRepositoryManager ouath2ClientManager) {
        this.redirectHelper = redirectHelper;
+        this.ouath2ClientManager = ouath2ClientManager;
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(authorizationRequestMatcher, "authorizationRequestMatcher cannot be null");
        this.clientRegistrationRepository = clientRegistrationRepository;
@ -138,11 +148,21 @@ public class CustomServerOAuth2AuthorizationRequestResolverCE implements ServerO
        });
    }

+    /**
+     * Method to find the client registration repository based on the registration id
+     *
+     * @param clientRegistration    Registration id of the client
+     * @return                      Client registration repository
+     */
    private Mono<ClientRegistration> findByRegistrationId(String clientRegistration) {
-        return this.clientRegistrationRepository
-                .findByRegistrationId(clientRegistration)
-                .switchIfEmpty(Mono.error(
-                        () -> new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid client registration id")));
+        BaseClientRegistrationRepository customClientRegistrationRepository =
+                this.ouath2ClientManager.findClientRegistrationRepositoryByRegistrationId(clientRegistration);
+
+        Mono<ClientRegistration> clientRegistrationMono = customClientRegistrationRepository == null
+                ? this.clientRegistrationRepository.findByRegistrationId(clientRegistration)
+                : customClientRegistrationRepository.findByRegistrationId(clientRegistration);
+        return clientRegistrationMono.switchIfEmpty(Mono.error(
+                () -> new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid client registration id")));
    }

    private Mono<OAuth2AuthorizationRequest> authorizationRequest(
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/BaseClientRegistrationRepository.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/BaseClientRegistrationRepository.java
@ -0,0 +1,5 @@
+package com.appsmith.server.authentication.oauth2clientrepositories;
+
+import com.appsmith.server.authentication.oauth2clientrepositories.ce.BaseClientRegistrationRepositoryCE;
+
+public interface BaseClientRegistrationRepository extends BaseClientRegistrationRepositoryCE {}
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManager.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManager.java
@ -0,0 +1,5 @@
+package com.appsmith.server.authentication.oauth2clientrepositories;
+
+import com.appsmith.server.authentication.oauth2clientrepositories.ce.CustomOauth2ClientRepositoryManagerCE;
+
+public interface CustomOauth2ClientRepositoryManager extends CustomOauth2ClientRepositoryManagerCE {}
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManagerImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/CustomOauth2ClientRepositoryManagerImpl.java
@ -0,0 +1,8 @@
+package com.appsmith.server.authentication.oauth2clientrepositories;
+
+import com.appsmith.server.authentication.oauth2clientrepositories.ce.CustomOauth2ClientRepositoryManagerCEImpl;
+import org.springframework.stereotype.Component;
+
+@Component
+public class CustomOauth2ClientRepositoryManagerImpl extends CustomOauth2ClientRepositoryManagerCEImpl
+        implements CustomOauth2ClientRepositoryManager {}
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/BaseClientRegistrationRepositoryCE.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/BaseClientRegistrationRepositoryCE.java
@ -0,0 +1,8 @@
+package com.appsmith.server.authentication.oauth2clientrepositories.ce;
+
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import reactor.core.publisher.Mono;
+
+public interface BaseClientRegistrationRepositoryCE {
+    Mono<ClientRegistration> findByRegistrationId(String registrationId);
+}
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCE.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCE.java
@ -0,0 +1,8 @@
+package com.appsmith.server.authentication.oauth2clientrepositories.ce;
+
+import com.appsmith.server.authentication.oauth2clientrepositories.BaseClientRegistrationRepository;
+
+public interface CustomOauth2ClientRepositoryManagerCE {
+
+    BaseClientRegistrationRepository findClientRegistrationRepositoryByRegistrationId(String registrationId);
+}
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCEImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/oauth2clientrepositories/ce/CustomOauth2ClientRepositoryManagerCEImpl.java
@ -0,0 +1,11 @@
+package com.appsmith.server.authentication.oauth2clientrepositories.ce;
+
+import com.appsmith.server.authentication.oauth2clientrepositories.BaseClientRegistrationRepository;
+
+public class CustomOauth2ClientRepositoryManagerCEImpl implements CustomOauth2ClientRepositoryManagerCE {
+
+    @Override
+    public BaseClientRegistrationRepository findClientRegistrationRepositoryByRegistrationId(String registrationId) {
+        return null;
+    }
+}
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
@ -3,6 +3,7 @@ package com.appsmith.server.configurations;
 import com.appsmith.server.authentication.handlers.AccessDeniedHandler;
 import com.appsmith.server.authentication.handlers.CustomServerOAuth2AuthorizationRequestResolver;
 import com.appsmith.server.authentication.handlers.LogoutSuccessHandler;
+import com.appsmith.server.authentication.oauth2clientrepositories.CustomOauth2ClientRepositoryManager;
 import com.appsmith.server.constants.FieldName;
 import com.appsmith.server.constants.Url;
 import com.appsmith.server.domains.User;
@ -99,6 +100,9 @@ public class SecurityConfig {
    @Autowired
    private RateLimitService rateLimitService;

+    @Autowired
+    private CustomOauth2ClientRepositoryManager oauth2ClientManager;
+
    @Value("${appsmith.internal.password}")
    private String INTERNAL_PASSWORD;

@ -232,7 +236,10 @@ public class SecurityConfig {
                .oauth2Login(oAuth2LoginSpec -> oAuth2LoginSpec
                        .authenticationFailureHandler(failureHandler)
                        .authorizationRequestResolver(new CustomServerOAuth2AuthorizationRequestResolver(
-                                reactiveClientRegistrationRepository, commonConfig, redirectHelper))
+                                reactiveClientRegistrationRepository,
+                                commonConfig,
+                                redirectHelper,
+                                oauth2ClientManager))
                        .authenticationSuccessHandler(authenticationSuccessHandler)
                        .authenticationFailureHandler(authenticationFailureHandler)
                        .authorizedClientRepository(new ClientUserRepository(userService, commonConfig)))