SZUT/casino
5
1
Fork 0
Code Issues Pull requests 1 Releases 65 Wiki Activity Actions

feat(security): add CORS support and update security config
Some checks failed
CI / Get Changed Files (pull_request) Successful in 9s
Details
CI / eslint (pull_request) Failing after 29s
Details
CI / prettier (pull_request) Failing after 32s
Details
CI / test-build (pull_request) Failing after 58s
Details
CI / Checkstyle Main (pull_request) Successful in 1m24s
Details

Browse source
This commit is contained in:
Constantin Simonis 2025-03-26 13:27:42 +01:00
parent 242b72ca45
commit 3da534f3ae
No known key found for this signature in database
GPG key ID: 3878FF77C24AF4D2
11 changed files with 53 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

32
backend/src/main/java/de/szut/casino/security/SecurityConfig.java
View file

@ -5,6 +5,12 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.Arrays;
import java.util.List;
@Configuration
@EnableWebSecurity
@ -12,13 +18,29 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> {
auth.requestMatchers("/swagger/**", "/health").permitAll()
.requestMatchers("/").authenticated();
})
.oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(new CustomJwtAuthenticationConverter())));
http
.authorizeHttpRequests(auth -> {
auth.requestMatchers("/swagger/**", "/swagger-ui/**", "/health").permitAll()
.anyRequest().authenticated();
})
.oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt ->
jwt.jwtAuthenticationConverter(new CustomJwtAuthenticationConverter())
));
return http.build();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(List.of("http://localhost:4200"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
configuration.setExposedHeaders(List.of("x-auth-token"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}

23
backend/src/main/java/de/szut/casino/user/UserController.java
View file

@ -5,7 +5,6 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
@ -23,20 +22,13 @@ public class UserController {
@Autowired
private UserService userService;
@GetMapping("/user/{id}")
public ResponseEntity<?> getUser(@PathVariable String id) {
if (id == null || !userService.exists(id)) {
return ResponseEntity.notFound().build();
}
return ResponseEntity.ok(userService.getUser(id));
}
@PostMapping("/user")
public ResponseEntity<?> createUser(@RequestBody @Valid CreateUserDto userData) {
if (userService.exists(userData.getKeycloakId())) {
if (userService.exists(userData.getAuthentikId())) {
HttpHeaders headers = new HttpHeaders();
headers.add("Location", "/user");
return this.redirect("/user/" + userData.getKeycloakId());
return new ResponseEntity<>(headers, HttpStatus.FOUND);
}
return ResponseEntity.ok(userService.createUser(userData));
@ -52,11 +44,4 @@ public class UserController {
return ResponseEntity.ok(userData);
}
private ResponseEntity<Object> redirect(String route) {
HttpHeaders headers = new HttpHeaders();
headers.add("Location", route);
return new ResponseEntity<>(headers, HttpStatus.FOUND);
}
}

2
backend/src/main/java/de/szut/casino/user/UserMappingService.java
View file

@ -13,6 +13,6 @@ public class UserMappingService {
}
public UserEntity mapToUserEntity(CreateUserDto createUserDto) {
return new UserEntity(createUserDto.getKeycloakId(), createUserDto.getUsername(), BigDecimal.ZERO); }
return new UserEntity(createUserDto.getAuthentikId(), createUserDto.getUsername(), BigDecimal.ZERO); }
}

11
backend/src/main/java/de/szut/casino/user/UserService.java
View file

@ -1,7 +1,8 @@
package de.szut.casino.user;
import java.util.Optional;
import de.szut.casino.user.dto.CreateUserDto;
import de.szut.casino.user.dto.GetUserDto;
import de.szut.casino.user.dto.KeycloakUserDto;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
@ -10,9 +11,7 @@ import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;
import de.szut.casino.user.dto.CreateUserDto;
import de.szut.casino.user.dto.GetUserDto;
import de.szut.casino.user.dto.KeycloakUserDto;
import java.util.Optional;
@Service
public class UserService {
@ -53,7 +52,7 @@ public class UserService {
private KeycloakUserDto getKeycloakUserInfo(String token) {
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", token);
ResponseEntity<KeycloakUserDto> response = this.http.exchange("http://localhost:9090/realms/LF12/protocol/openid-connect/userinfo", HttpMethod.GET, new HttpEntity<>(headers), KeycloakUserDto.class);
ResponseEntity<KeycloakUserDto> response = this.http.exchange("https://oauth.simonis.lol/application/o/userinfo/", HttpMethod.GET, new HttpEntity<>(headers), KeycloakUserDto.class);
return response.getBody();
}

2
backend/src/main/java/de/szut/casino/user/dto/CreateUserDto.java
View file

@ -10,6 +10,6 @@ import lombok.Setter;
@AllArgsConstructor
@NoArgsConstructor
public class CreateUserDto {
private String keycloakId;
private String authentikId;
private String username;
}

2
backend/src/main/java/de/szut/casino/user/dto/GetUserDto.java
View file

@ -12,7 +12,7 @@ import java.math.BigDecimal;
@AllArgsConstructor
@NoArgsConstructor
public class GetUserDto {
private String keycloakId;
private String authentikId;
private String username;
private BigDecimal balance;
}