92a54110ed
## Description As of now the CS API does not have signature verification which can lead to data tampering for CS API response. This PR adds the method to add signature verification for CS API responses. Corresponding PRs: CS: https://github.com/appsmithorg/cloud-services/pull/1023 #### PR fixes following issue(s) Fixes https://github.com/appsmithorg/cloud-services/issues/1037 #### Type of change - New feature (non-breaking change which adds functionality) ## Testing #### How Has This Been Tested? - [ ] Manual ## Checklist: #### Dev activity - [x] My code follows the style guidelines of this project - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [ ] I have made corresponding changes to the documentation - [x] My changes generate no new warnings - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] New and existing unit tests pass locally with my changes - [ ] PR is being merged under a feature flag #### QA activity: - [ ] [Speedbreak features](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#speedbreakers-) have been covered - [ ] Test plan covers all impacted features and [areas of interest](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#areas-of-interest-) - [ ] Test plan has been peer reviewed by project stakeholders and other QA members - [ ] Manually tested functionality on DP - [ ] We had an implementation alignment call with stakeholders post QA Round 2 - [ ] Cypress test cases have been added and approved by SDET/manual QA - [ ] Added `Test Plan Approved` label after Cypress tests were reviewed - [ ] Added `Test Plan Approved` label after JUnit tests were reviewed
470 lines
17 KiB
XML
470 lines
17 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
|
<modelVersion>4.0.0</modelVersion>
|
|
<parent>
|
|
<groupId>com.appsmith</groupId>
|
|
<artifactId>integrated</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
</parent>
|
|
|
|
<artifactId>server</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
<packaging>jar</packaging>
|
|
|
|
<name>server</name>
|
|
<description>This is the API server for the Appsmith project</description>
|
|
|
|
<properties>
|
|
<ff4j.version>2.0.0</ff4j.version>
|
|
<jmh.version>1.35</jmh.version>
|
|
<org.modelmapper.version>2.4.4</org.modelmapper.version>
|
|
</properties>
|
|
|
|
<dependencyManagement>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>io.mongock</groupId>
|
|
<artifactId>mongock-bom</artifactId>
|
|
<version>5.1.7</version>
|
|
<type>pom</type>
|
|
<scope>import</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
</dependencyManagement>
|
|
|
|
<dependencies>
|
|
|
|
<!--
|
|
Ideally this dependency should have been added in the pom.xml file of GraphQLPlugin module, but it is
|
|
causing 'java.lang.NoClassDefFoundError' error. Hence, adding it here after many attempts of fixing it the right
|
|
way. Somehow adding it here makes it work. GraphQLPlugin module's pom.xml file also has this dependency
|
|
defined with 'provided' scope
|
|
-->
|
|
<dependency>
|
|
<groupId>com.graphql-java</groupId>
|
|
<artifactId>graphql-java</artifactId>
|
|
<version>20.1</version>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>slf4j-api</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>io.projectreactor</groupId>
|
|
<artifactId>reactor-core</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>org.springframework</groupId>
|
|
<artifactId>spring-core</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>org.springframework</groupId>
|
|
<artifactId>spring-web</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>org.reactivestreams</groupId>
|
|
<artifactId>reactive-streams</artifactId>
|
|
</exclusion>
|
|
<exclusion>
|
|
<groupId>com.fasterxml.jackson.core</groupId>
|
|
<artifactId>*</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-cache</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-security</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-oauth2-client</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-oauth2-jose</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-config</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-webflux</artifactId>
|
|
<version>${spring-boot.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.projectreactor</groupId>
|
|
<artifactId>reactor-core-micrometer</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-mail</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-data-mongodb-reactive</artifactId>
|
|
</dependency>
|
|
<!-- need the non-reactive mongodb library also to support mongock: https://www.mongock.io/reactive -->
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-data-mongodb</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.mongock</groupId>
|
|
<artifactId>mongock-springboot-v3</artifactId>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>io.mongock</groupId>
|
|
<artifactId>mongodb-springdata-v4-driver</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-data-redis-reactive</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.session</groupId>
|
|
<artifactId>spring-session-data-redis</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-aop</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.hibernate.validator</groupId>
|
|
<artifactId>hibernate-validator</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.glassfish</groupId>
|
|
<artifactId>jakarta.el</artifactId>
|
|
<version>4.0.2</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.projectlombok</groupId>
|
|
<artifactId>lombok</artifactId>
|
|
<optional>true</optional>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.github.spullara.mustache.java</groupId>
|
|
<artifactId>compiler</artifactId>
|
|
<version>0.9.6</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>de.flapdoodle.embed</groupId>
|
|
<artifactId>de.flapdoodle.embed.mongo</artifactId>
|
|
<version>4.3.1</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>de.flapdoodle.embed</groupId>
|
|
<artifactId>de.flapdoodle.embed.mongo.spring30x</artifactId>
|
|
<version>4.3.2</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.google.guava</groupId>
|
|
<artifactId>guava</artifactId>
|
|
<version>30.0-jre</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>commons-io</groupId>
|
|
<artifactId>commons-io</artifactId>
|
|
<version>2.7</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>commons-validator</groupId>
|
|
<artifactId>commons-validator</artifactId>
|
|
<version>1.7</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-actuator</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.micrometer</groupId>
|
|
<artifactId>micrometer-registry-prometheus</artifactId>
|
|
</dependency>
|
|
<!-- https://mvnrepository.com/artifact/io.micrometer/micrometer-tracing-bridge-brave -->
|
|
<dependency>
|
|
<groupId>io.micrometer</groupId>
|
|
<artifactId>micrometer-tracing-bridge-brave</artifactId>
|
|
<version>1.0.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.zipkin.reporter2</groupId>
|
|
<artifactId>zipkin-reporter-brave</artifactId>
|
|
</dependency>
|
|
<!-- Commented oout Loki dependency for now, since we haven't fixed associating logs to traces-->
|
|
<!-- <dependency>-->
|
|
<!-- <groupId>com.github.loki4j</groupId>-->
|
|
<!-- <artifactId>loki-logback-appender</artifactId>-->
|
|
<!-- <version>1.3.2</version>-->
|
|
<!-- </dependency>-->
|
|
<!-- Actual Junit5 implementation. Will transitively include junit-jupiter-api -->
|
|
<dependency>
|
|
<groupId>org.junit.jupiter</groupId>
|
|
<artifactId>junit-jupiter-engine</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.awaitility</groupId>
|
|
<artifactId>awaitility</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<!-- Needed for establishing pooled connections to ElastiCache Redis with cluster mode enabled. -->
|
|
<dependency>
|
|
<groupId>org.apache.commons</groupId>
|
|
<artifactId>commons-pool2</artifactId>
|
|
<version>2.11.1</version>
|
|
<scope>runtime</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.junit.platform</groupId>
|
|
<artifactId>junit-platform-suite-engine</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<!-- For junit5 parameterised test support -->
|
|
<dependency>
|
|
<groupId>org.junit.jupiter</groupId>
|
|
<artifactId>junit-jupiter-params</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.bouncycastle</groupId>
|
|
<artifactId>bcprov-jdk18on</artifactId>
|
|
<version>1.72</version>
|
|
</dependency>
|
|
<!-- Only required to run junit5 test from IDE -->
|
|
<dependency>
|
|
<groupId>org.junit.platform</groupId>
|
|
<artifactId>junit-platform-launcher</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
|
|
<!-- Plugin dependencies -->
|
|
<!-- This has to be declared BEFORE the com.appsmith:interfaces dependency. -->
|
|
<dependency>
|
|
<groupId>org.pf4j</groupId>
|
|
<artifactId>pf4j-spring</artifactId>
|
|
<version>0.8.0</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.appsmith</groupId>
|
|
<artifactId>appsmith-git</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
</dependency>
|
|
|
|
<!-- Appsmith dependencies -->
|
|
<dependency>
|
|
<groupId>com.appsmith</groupId>
|
|
<artifactId>interfaces</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.querydsl</groupId>
|
|
<artifactId>querydsl-mongodb</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.querydsl</groupId>
|
|
<artifactId>querydsl-apt</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.querydsl</groupId>
|
|
<artifactId>querydsl-jpa</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.modelmapper</groupId>
|
|
<artifactId>modelmapper</artifactId>
|
|
<version>${org.modelmapper.version}</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-test</artifactId>
|
|
<scope>test</scope>
|
|
<exclusions>
|
|
<!-- Exclude JUnit 4 -->
|
|
<exclusion>
|
|
<groupId>junit</groupId>
|
|
<artifactId>junit</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-test</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>io.projectreactor</groupId>
|
|
<artifactId>reactor-test</artifactId>
|
|
<version>${reactor-test.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.segment.analytics.java</groupId>
|
|
<artifactId>analytics</artifactId>
|
|
<version>3.3.1</version>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>com.squareup.okhttp3</groupId>
|
|
<artifactId>okhttp</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<!-- https://mvnrepository.com/artifact/com.squareup.okio/okio-jvm -->
|
|
<dependency>
|
|
<groupId>com.squareup.okhttp3</groupId>
|
|
<artifactId>okhttp</artifactId>
|
|
<scope>provided</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>io.sentry</groupId>
|
|
<artifactId>sentry-spring-boot-starter-jakarta</artifactId>
|
|
<version>6.23.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mockito</groupId>
|
|
<artifactId>mockito-inline</artifactId>
|
|
<version>${mockito.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.mockito</groupId>
|
|
<artifactId>mockito-core</artifactId>
|
|
<version>${mockito.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.jgrapht</groupId>
|
|
<artifactId>jgrapht-core</artifactId>
|
|
<version>1.5.0</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.httpcomponents</groupId>
|
|
<artifactId>httpclient</artifactId>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.apache.commons</groupId>
|
|
<artifactId>commons-text</artifactId>
|
|
<version>1.10.0</version>
|
|
</dependency>
|
|
|
|
<!-- Dependencies for feature flagging -->
|
|
<dependency>
|
|
<groupId>org.ff4j</groupId>
|
|
<artifactId>ff4j-core</artifactId>
|
|
<version>${ff4j.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.appsmith</groupId>
|
|
<artifactId>reactiveCaching</artifactId>
|
|
<version>1.0-SNAPSHOT</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.openjdk.jmh</groupId>
|
|
<artifactId>jmh-core</artifactId>
|
|
<version>${jmh.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.openjdk.jmh</groupId>
|
|
<artifactId>jmh-generator-annprocess</artifactId>
|
|
<version>${jmh.version}</version>
|
|
<scope>provided</scope>
|
|
</dependency>
|
|
<!-- https://mvnrepository.com/artifact/com.squareup.okhttp3/mockwebserver3 -->
|
|
<dependency>
|
|
<groupId>com.squareup.okhttp3</groupId>
|
|
<artifactId>mockwebserver3</artifactId>
|
|
<version>${mockwebserver.version}</version>
|
|
<scope>test</scope>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>com.squareup.okhttp3</groupId>
|
|
<artifactId>okhttp</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.testcontainers</groupId>
|
|
<artifactId>junit-jupiter</artifactId>
|
|
<version>${testcontainers.version}</version>
|
|
<scope>test</scope>
|
|
<exclusions>
|
|
<exclusion>
|
|
<groupId>junit</groupId>
|
|
<artifactId>junit</artifactId>
|
|
</exclusion>
|
|
</exclusions>
|
|
</dependency>
|
|
<!-- We need this dependency only to ensure TestContainers work with JUnit5 -->
|
|
<dependency>
|
|
<groupId>io.quarkus</groupId>
|
|
<artifactId>quarkus-junit4-mock</artifactId>
|
|
<version>2.14.2.Final</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
|
|
<repositories>
|
|
<repository>
|
|
<snapshots>
|
|
<enabled>false</enabled>
|
|
</snapshots>
|
|
<id>spring-milestones</id>
|
|
<name>Spring Milestones</name>
|
|
<url>https://repo.spring.io/milestone</url>
|
|
</repository>
|
|
<repository>
|
|
<snapshots>
|
|
<enabled>false</enabled>
|
|
</snapshots>
|
|
<id>jboss-maven2-release-repository</id>
|
|
<name>JBoss Spring Repository</name>
|
|
<url>https://repository.jboss.org/nexus/content/repositories/public/</url>
|
|
</repository>
|
|
</repositories>
|
|
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-maven-plugin</artifactId>
|
|
</plugin>
|
|
|
|
<plugin>
|
|
<groupId>com.mysema.maven</groupId>
|
|
<artifactId>apt-maven-plugin</artifactId>
|
|
<version>1.1.3</version>
|
|
<executions>
|
|
<execution>
|
|
<goals>
|
|
<goal>process</goal>
|
|
</goals>
|
|
<configuration>
|
|
<outputDirectory>target/generated-sources/java</outputDirectory>
|
|
<processor>org.springframework.data.mongodb.repository.support.MongoAnnotationProcessor</processor>
|
|
<options>
|
|
<querydsl.listAccessors>true</querydsl.listAccessors>
|
|
</options>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
|
|
</project>
|