From f8b382940de649ecf9c6dd7dd2c1377a8d7c44b9 Mon Sep 17 00:00:00 2001
From: Arpit Mohan <me@arpitmohan.com>
Date: Sat, 30 Mar 2019 12:01:24 +0530
Subject: [PATCH] Adding basic authentication to the server.

This will allow us to host it on a webserver for integration purposes.
---
 app/server/server/pom.xml                     | 21 ++++++---
 .../server/configurations/CommonConfig.java   |  2 -
 .../server/configurations/MongoConfig.java    | 10 ++++-
 .../server/configurations/SecurityConfig.java | 43 +++++++++++--------
 .../mobtools/server/constants/Security.java   |  5 +++
 .../server/controllers/IndexController.java   | 24 +++++++++++
 .../com/mobtools/server/domains/Role.java     | 22 ++++++++++
 .../com/mobtools/server/domains/User.java     |  6 +++
 .../server/repositories/UserRepository.java   |  3 ++
 .../mobtools/server/services/UserService.java |  3 ++
 .../server/services/UserServiceImpl.java      |  9 ++++
 11 files changed, 121 insertions(+), 27 deletions(-)
 create mode 100644 app/server/server/src/main/java/com/mobtools/server/constants/Security.java
 create mode 100644 app/server/server/src/main/java/com/mobtools/server/controllers/IndexController.java
 create mode 100644 app/server/server/src/main/java/com/mobtools/server/domains/Role.java

diff --git a/app/server/server/pom.xml b/app/server/server/pom.xml
index 3dcaa8d94c..686310f92e 100644
--- a/app/server/server/pom.xml
+++ b/app/server/server/pom.xml
@@ -23,19 +23,29 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-cache</artifactId>
 		</dependency>
-		<!--<dependency>-->
-			<!--<groupId>org.springframework.boot</groupId>-->
-			<!--<artifactId>spring-boot-starter-data-jpa</artifactId>-->
-		<!--</dependency>-->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-client</artifactId>
+			<version>5.1.4.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-jose</artifactId>
+			<version>5.1.4.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>5.1.4.RELEASE</version>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-webflux</artifactId>
 		</dependency>
-
 		<dependency>
 			<groupId>org.postgresql</groupId>
 			<artifactId>postgresql</artifactId>
@@ -50,6 +60,7 @@
 			<artifactId>lombok</artifactId>
 			<optional>true</optional>
 		</dependency>
+
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
diff --git a/app/server/server/src/main/java/com/mobtools/server/configurations/CommonConfig.java b/app/server/server/src/main/java/com/mobtools/server/configurations/CommonConfig.java
index da1d16ef71..68c318b812 100644
--- a/app/server/server/src/main/java/com/mobtools/server/configurations/CommonConfig.java
+++ b/app/server/server/src/main/java/com/mobtools/server/configurations/CommonConfig.java
@@ -2,12 +2,10 @@ package com.mobtools.server.configurations;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.data.mongodb.config.EnableMongoAuditing;
 import reactor.core.scheduler.Scheduler;
 import reactor.core.scheduler.Schedulers;
 
 @Configuration
-@EnableMongoAuditing
 public class CommonConfig {
 
     private String ELASTIC_THREAD_POOL_NAME = "mobtools-elastic-pool";
diff --git a/app/server/server/src/main/java/com/mobtools/server/configurations/MongoConfig.java b/app/server/server/src/main/java/com/mobtools/server/configurations/MongoConfig.java
index e634c09136..6520c03226 100644
--- a/app/server/server/src/main/java/com/mobtools/server/configurations/MongoConfig.java
+++ b/app/server/server/src/main/java/com/mobtools/server/configurations/MongoConfig.java
@@ -2,14 +2,20 @@ package com.mobtools.server.configurations;
 
 import com.mongodb.reactivestreams.client.MongoClient;
 import com.mongodb.reactivestreams.client.MongoClients;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.data.mongodb.config.AbstractReactiveMongoConfiguration;
+import org.springframework.data.mongodb.config.EnableMongoAuditing;
 import org.springframework.data.mongodb.core.ReactiveMongoTemplate;
 import org.springframework.data.mongodb.repository.config.EnableReactiveMongoRepositories;
 
+@EnableMongoAuditing
 @EnableReactiveMongoRepositories
 public class MongoConfig extends AbstractReactiveMongoConfiguration {
 
+    @Value("${spring.data.mongodb.database}")
+    private String dbName;
+
     @Override
     public MongoClient reactiveMongoClient() {
         return MongoClients.create();
@@ -17,11 +23,11 @@ public class MongoConfig extends AbstractReactiveMongoConfiguration {
 
     @Bean
     public ReactiveMongoTemplate reactiveMongoTemplate() throws Exception {
-        return new ReactiveMongoTemplate(reactiveMongoClient(), "mobtools");
+        return new ReactiveMongoTemplate(reactiveMongoClient(), dbName);
     }
 
     @Override
     protected String getDatabaseName() {
-        return "mobtools";
+        return dbName;
     }
 }
diff --git a/app/server/server/src/main/java/com/mobtools/server/configurations/SecurityConfig.java b/app/server/server/src/main/java/com/mobtools/server/configurations/SecurityConfig.java
index 202553527a..cf04ffa52a 100644
--- a/app/server/server/src/main/java/com/mobtools/server/configurations/SecurityConfig.java
+++ b/app/server/server/src/main/java/com/mobtools/server/configurations/SecurityConfig.java
@@ -1,41 +1,48 @@
 package com.mobtools.server.configurations;
 
 
+import com.mobtools.server.constants.Security;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.web.reactive.config.EnableWebFlux;
 
 @Configuration
+@EnableWebFlux
 @EnableWebFluxSecurity
 @EnableReactiveMethodSecurity
 public class SecurityConfig {
 
-//    private final DaoAuthenticationManager reactiveAuthenticationManager;
+    @Bean
+    public MapReactiveUserDetailsService userDetailsService() {
+        UserDetails user = User
+                .withUsername("api_user")
+                .password(passwordEncoder().encode("8uA@;&mB:cnvN~{#"))
+                .roles(Security.USER_ROLE)
+                .build();
+        return new MapReactiveUserDetailsService(user);
+    }
 
-//    private final SecurityContextRepository securityContextRepository;
-
-//    @Autowired
-//    public SecurityConfig(DaoAuthenticationManager reactiveAuthenticationManager,
-//                          SecurityContextRepository securityContextRepository) {
-//        this.reactiveAuthenticationManager = reactiveAuthenticationManager;
-//        this.securityContextRepository = securityContextRepository;
-//    }
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 
     @Bean
     public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
         return http
-                .csrf().disable()
-                .formLogin().disable()
-                .httpBasic().disable()
-//            .authenticationManager(reactiveAuthenticationManager)
-//            .securityContextRepository(securityContextRepository)
                 .authorizeExchange()
-                .anyExchange().permitAll()
-                .and()
-                .logout().disable()
-                .build();
+                .anyExchange()
+                .authenticated()
+                .and().httpBasic()
+                .and().build();
     }
 }
diff --git a/app/server/server/src/main/java/com/mobtools/server/constants/Security.java b/app/server/server/src/main/java/com/mobtools/server/constants/Security.java
new file mode 100644
index 0000000000..5b818ce2c4
--- /dev/null
+++ b/app/server/server/src/main/java/com/mobtools/server/constants/Security.java
@@ -0,0 +1,5 @@
+package com.mobtools.server.constants;
+
+public interface Security {
+    String USER_ROLE = "USER_ROLE";
+}
diff --git a/app/server/server/src/main/java/com/mobtools/server/controllers/IndexController.java b/app/server/server/src/main/java/com/mobtools/server/controllers/IndexController.java
new file mode 100644
index 0000000000..161245cadd
--- /dev/null
+++ b/app/server/server/src/main/java/com/mobtools/server/controllers/IndexController.java
@@ -0,0 +1,24 @@
+package com.mobtools.server.controllers;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import reactor.core.publisher.Mono;
+
+import java.security.Principal;
+
+@Slf4j
+@RestController
+@RequestMapping("")
+public class IndexController {
+
+    @GetMapping
+    public Mono<String> index(Mono<Principal> principal) {
+        return principal
+                .map(Principal::getName)
+                .map(name -> String.format("Hello %s", name));
+    }
+}
diff --git a/app/server/server/src/main/java/com/mobtools/server/domains/Role.java b/app/server/server/src/main/java/com/mobtools/server/domains/Role.java
new file mode 100644
index 0000000000..609626ad76
--- /dev/null
+++ b/app/server/server/src/main/java/com/mobtools/server/domains/Role.java
@@ -0,0 +1,22 @@
+package com.mobtools.server.domains;
+
+
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.springframework.data.mongodb.core.mapping.Document;
+
+import javax.validation.constraints.NotEmpty;
+
+
+@Document
+@Getter
+@Setter
+@ToString
+public class Role extends BaseDomain {
+
+    private static final long serialVersionUID = -9218373922209100577L;
+
+    @NotEmpty
+    private String name;
+}
diff --git a/app/server/server/src/main/java/com/mobtools/server/domains/User.java b/app/server/server/src/main/java/com/mobtools/server/domains/User.java
index 548c8f1c40..567e57fdea 100644
--- a/app/server/server/src/main/java/com/mobtools/server/domains/User.java
+++ b/app/server/server/src/main/java/com/mobtools/server/domains/User.java
@@ -6,6 +6,8 @@ import lombok.Setter;
 import lombok.ToString;
 import org.springframework.data.mongodb.core.mapping.Document;
 
+import java.util.Set;
+
 
 @Getter
 @Setter
@@ -17,4 +19,8 @@ public class User extends BaseDomain {
     private String name;
 
     private String email;
+
+    private Set<Role> roles;
+
+    private String password;
 }
diff --git a/app/server/server/src/main/java/com/mobtools/server/repositories/UserRepository.java b/app/server/server/src/main/java/com/mobtools/server/repositories/UserRepository.java
index dd8524b074..eb2f09b27f 100644
--- a/app/server/server/src/main/java/com/mobtools/server/repositories/UserRepository.java
+++ b/app/server/server/src/main/java/com/mobtools/server/repositories/UserRepository.java
@@ -2,7 +2,10 @@ package com.mobtools.server.repositories;
 
 import com.mobtools.server.domains.User;
 import org.springframework.stereotype.Repository;
+import reactor.core.publisher.Mono;
 
 @Repository
 public interface UserRepository extends BaseRepository<User, String> {
+
+    Mono<User> findByName(String name);
 }
diff --git a/app/server/server/src/main/java/com/mobtools/server/services/UserService.java b/app/server/server/src/main/java/com/mobtools/server/services/UserService.java
index 2b28760661..a820e03e42 100644
--- a/app/server/server/src/main/java/com/mobtools/server/services/UserService.java
+++ b/app/server/server/src/main/java/com/mobtools/server/services/UserService.java
@@ -1,6 +1,9 @@
 package com.mobtools.server.services;
 
 import com.mobtools.server.domains.User;
+import reactor.core.publisher.Mono;
 
 public interface UserService extends CrudService<User, String> {
+
+    Mono<User> findByUsername(String name);
 }
diff --git a/app/server/server/src/main/java/com/mobtools/server/services/UserServiceImpl.java b/app/server/server/src/main/java/com/mobtools/server/services/UserServiceImpl.java
index d28cd3f51d..8a87de67a5 100644
--- a/app/server/server/src/main/java/com/mobtools/server/services/UserServiceImpl.java
+++ b/app/server/server/src/main/java/com/mobtools/server/services/UserServiceImpl.java
@@ -5,15 +5,24 @@ import com.mobtools.server.repositories.UserRepository;
 import org.springframework.data.mongodb.core.ReactiveMongoTemplate;
 import org.springframework.data.mongodb.core.convert.MongoConverter;
 import org.springframework.stereotype.Service;
+import reactor.core.publisher.Mono;
 import reactor.core.scheduler.Scheduler;
 
 @Service
 public class UserServiceImpl extends BaseService<UserRepository, User, String> implements UserService {
 
+    private UserRepository repository;
+
     public UserServiceImpl(Scheduler scheduler,
                            MongoConverter mongoConverter,
                            ReactiveMongoTemplate reactiveMongoTemplate,
                            UserRepository repository) {
         super(scheduler, mongoConverter, reactiveMongoTemplate, repository);
+        this.repository = repository;
+    }
+
+    @Override
+    public Mono<User> findByUsername(String name) {
+        return repository.findByName(name);
     }
 }