Merge pull request 'feat(auth): implement Google OAuth2 authentication flow' (!211) from feat/google-oauth into main

Reviewed-on: #211
Reviewed-by: Jan K9f <jan@kjan.email>

backend/src/main/java/de/szut/casino/security/GoogleController.java

@@ -0,0 +1,49 @@
+package de.szut.casino.security;
+
+import de.szut.casino.security.dto.AuthResponseDto;
+import de.szut.casino.security.dto.GithubCallbackDto;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.servlet.view.RedirectView;
+
+@RestController
+@RequestMapping("/oauth2/google")
+public class GoogleController {
+    private static final Logger logger = LoggerFactory.getLogger(GoogleController.class);
+
+    @Value("${spring.security.oauth2.client.registration.google.client-id}")
+    private String clientId;
+
+    @Value("${spring.security.oauth2.client.provider.google.authorization-uri}")
+    private String authorizationUri;
+
+    @Value("${spring.security.oauth2.client.registration.google.redirect-uri}")
+    private String redirectUri;
+
+    @Autowired
+    private GoogleService googleService;
+
+    @GetMapping("/authorize")
+    public RedirectView authorizeGoogle() {
+        logger.info("Redirecting to Google for authorization");
+
+        String authUrl = authorizationUri +
+                "?client_id=" + clientId +
+                "&redirect_uri=" + redirectUri +
+                "&response_type=code" +
+                "&scope=email profile";
+
+        return new RedirectView(authUrl);
+    }
+
+    @PostMapping("/callback")
+    public ResponseEntity<AuthResponseDto> googleCallback(@RequestBody GithubCallbackDto callbackDto) {
+        String code = callbackDto.getCode();
+        AuthResponseDto response = googleService.processGoogleCode(code);
+        return ResponseEntity.ok(response);
+    }
+}

backend/src/main/java/de/szut/casino/security/GoogleService.java

@@ -0,0 +1,164 @@
+package de.szut.casino.security;
+
+import de.szut.casino.security.dto.AuthResponseDto;
+import de.szut.casino.security.jwt.JwtUtils;
+import de.szut.casino.user.AuthProvider;
+import de.szut.casino.user.UserEntity;
+import de.szut.casino.user.UserRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.RestTemplate;
+
+import java.math.BigDecimal;
+import java.util.*;
+
+@Service
+public class GoogleService {
+    private static final Logger logger = LoggerFactory.getLogger(GoogleService.class);
+
+    @Value("${spring.security.oauth2.client.registration.google.client-id}")
+    private String clientId;
+
+    @Value("${spring.security.oauth2.client.registration.google.client-secret}")
+    private String clientSecret;
+
+    @Value("${spring.security.oauth2.client.registration.google.redirect-uri}")
+    private String redirectUri;
+
+    @Value("${spring.security.oauth2.client.provider.google.token-uri}")
+    private String tokenUri;
+
+    @Value("${spring.security.oauth2.client.provider.google.user-info-uri}")
+    private String userInfoUri;
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Autowired
+    private UserRepository userRepository;
+
+    @Autowired
+    private JwtUtils jwtUtils;
+
+    @Autowired
+    private PasswordEncoder oauth2PasswordEncoder;
+
+    public AuthResponseDto processGoogleCode(String code) {
+        try {
+            RestTemplate restTemplate = new RestTemplate();
+
+            HttpHeaders tokenHeaders = new HttpHeaders();
+            tokenHeaders.set("Content-Type", "application/x-www-form-urlencoded");
+            
+            MultiValueMap<String, String> tokenRequestBody = new LinkedMultiValueMap<>();
+            tokenRequestBody.add("client_id", clientId);
+            tokenRequestBody.add("client_secret", clientSecret);
+            tokenRequestBody.add("code", code);
+            tokenRequestBody.add("redirect_uri", redirectUri);
+            tokenRequestBody.add("grant_type", "authorization_code");
+
+            HttpEntity<MultiValueMap<String, String>> tokenRequestEntity = new HttpEntity<>(tokenRequestBody, tokenHeaders);
+
+            ResponseEntity<Map> tokenResponse = restTemplate.exchange(
+                    tokenUri,
+                    HttpMethod.POST,
+                    tokenRequestEntity,
+                    Map.class
+            );
+
+            Map<String, Object> tokenResponseBody = tokenResponse.getBody();
+
+            if (tokenResponseBody == null || tokenResponseBody.containsKey("error")) {
+                String error = tokenResponseBody != null ? (String) tokenResponseBody.get("error") : "Unknown error";
+                throw new RuntimeException("Google OAuth error: " + error);
+            }
+
+            String accessToken = (String) tokenResponseBody.get("access_token");
+            if (accessToken == null || accessToken.isEmpty()) {
+                throw new RuntimeException("Failed to receive access token from Google");
+            }
+
+            HttpHeaders userInfoHeaders = new HttpHeaders();
+            userInfoHeaders.set("Authorization", "Bearer " + accessToken);
+
+            HttpEntity<String> userInfoRequestEntity = new HttpEntity<>(null, userInfoHeaders);
+
+            ResponseEntity<Map> userResponse = restTemplate.exchange(
+                    userInfoUri,
+                    HttpMethod.GET,
+                    userInfoRequestEntity,
+                    Map.class
+            );
+
+            Map<String, Object> userAttributes = userResponse.getBody();
+            if (userAttributes == null) {
+                throw new RuntimeException("Failed to fetch user data from Google");
+            }
+
+            String googleId = (String) userAttributes.get("sub");
+            String email = (String) userAttributes.get("email");
+            String name = (String) userAttributes.get("name");
+            Boolean emailVerified = (Boolean) userAttributes.getOrDefault("email_verified", false);
+
+            if (email == null) {
+                throw new RuntimeException("Google account does not have an email");
+            }
+
+            String username = name != null ? name.replaceAll("\\s+", "") : email.split("@")[0];
+
+            Optional<UserEntity> userOptional = userRepository.findByProviderId(googleId);
+            UserEntity user;
+
+            if (userOptional.isPresent()) {
+                user = userOptional.get();
+            } else {
+                userOptional = userRepository.findByEmail(email);
+
+                if (userOptional.isPresent()) {
+                    user = userOptional.get();
+                    user.setProvider(AuthProvider.GOOGLE);
+                    user.setProviderId(googleId);
+                } else {
+                    user = new UserEntity();
+                    user.setEmail(email);
+                    user.setUsername(username);
+                    user.setProvider(AuthProvider.GOOGLE);
+                    user.setProviderId(googleId);
+                    user.setEmailVerified(emailVerified);
+                    
+                    user.setBalance(new BigDecimal("100.00"));
+                }
+            }
+
+            String randomPassword = UUID.randomUUID().toString();
+            user.setPassword(oauth2PasswordEncoder.encode(randomPassword));
+
+            userRepository.save(user);
+
+            Authentication authentication = authenticationManager.authenticate(
+                    new UsernamePasswordAuthenticationToken(user.getEmail(), randomPassword)
+            );
+
+            String token = jwtUtils.generateToken(authentication);
+
+            return new AuthResponseDto(token);
+
+        } catch (Exception e) {
+            logger.error("Failed to process Google authentication", e);
+            throw new RuntimeException("Failed to process Google authentication", e);
+        }
+    }
+}

backend/src/main/java/de/szut/casino/security/oauth2/GoogleOAuth2UserInfo.java

@@ -0,0 +1,25 @@
+package de.szut.casino.security.oauth2;
+
+import java.util.Map;
+
+public class GoogleOAuth2UserInfo extends OAuth2UserInfo {
+
+    public GoogleOAuth2UserInfo(Map<String, Object> attributes) {
+        super(attributes);
+    }
+
+    @Override
+    public String getId() {
+        return (String) attributes.get("sub");
+    }
+
+    @Override
+    public String getName() {
+        return (String) attributes.get("name");
+    }
+
+    @Override
+    public String getEmail() {
+        return (String) attributes.get("email");
+    }
+}

backend/src/main/java/de/szut/casino/security/oauth2/OAuth2UserInfoFactory.java

@@ -10,6 +10,8 @@ public class OAuth2UserInfoFactory {
     public static OAuth2UserInfo getOAuth2UserInfo(String registrationId, Map<String, Object> attributes) {
         if (registrationId.equalsIgnoreCase(AuthProvider.GITHUB.toString())) {
             return new GitHubOAuth2UserInfo(attributes);
+        } else if (registrationId.equalsIgnoreCase(AuthProvider.GOOGLE.toString())) {
+            return new GoogleOAuth2UserInfo(attributes);
         } else {
             throw new OAuth2AuthenticationProcessingException("Sorry! Login with " + registrationId + " is not supported yet.");
         }

backend/src/main/java/de/szut/casino/user/AuthProvider.java

@@ -2,5 +2,6 @@ package de.szut.casino.user;
 
 public enum AuthProvider {
     LOCAL,
-    GITHUB
+    GITHUB,
+    GOOGLE
 }

backend/src/main/resources/application.properties

@@ -41,3 +41,13 @@ spring.security.oauth2.client.provider.github.user-name-attribute=login
 # OAuth Success and Failure URLs
 app.oauth2.authorizedRedirectUris=${app.frontend-host}/auth/oauth2/callback
 
+# Google OAuth2 Configuration
+spring.security.oauth2.client.registration.google.client-id=${GOOGLE_CLIENT_ID:350791038883-c1r7v4o793itq8a0rh7dut7itm7uneam.apps.googleusercontent.com}
+spring.security.oauth2.client.registration.google.client-secret=${GOOGLE_CLIENT_SECRET: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}
+spring.security.oauth2.client.registration.google.redirect-uri=${app.frontend-host}/oauth2/callback/google
+spring.security.oauth2.client.registration.google.scope=email,profile
+spring.security.oauth2.client.provider.google.authorization-uri=https://accounts.google.com/o/oauth2/v2/auth
+spring.security.oauth2.client.provider.google.token-uri=https://oauth2.googleapis.com/token
+spring.security.oauth2.client.provider.google.user-info-uri=https://www.googleapis.com/oauth2/v3/userinfo
+spring.security.oauth2.client.provider.google.user-name-attribute=sub
+

frontend/src/app/app.routes.ts

@@ -34,11 +34,25 @@ export const routes: Routes = [
       ),
   },
   {
-    path: 'oauth2/callback/github',
+    path: 'oauth2/callback',
-    loadComponent: () =>
+    children: [
-      import('./feature/auth/oauth2/oauth2-callback.component').then(
+      {
-        (m) => m.OAuth2CallbackComponent
+        path: 'github',
-      ),
+        loadComponent: () =>
+          import('./feature/auth/oauth2/oauth2-callback.component').then(
+            (m) => m.OAuth2CallbackComponent
+          ),
+        data: { provider: 'github' },
+      },
+      {
+        path: 'google',
+        loadComponent: () =>
+          import('./feature/auth/oauth2/oauth2-callback.component').then(
+            (m) => m.OAuth2CallbackComponent
+          ),
+        data: { provider: 'google' },
+      },
+    ],
   },
   {
     path: 'game/blackjack',

frontend/src/app/feature/auth/login/login.component.html

@@ -89,7 +89,7 @@
       <div class="flex-grow h-px bg-deep-blue-light/30"></div>
     </div>
 
-    <div class="mb-4">
+    <div class="space-y-3 mb-4">
       <button
         (click)="loginWithGithub()"
         class="w-full py-2.5 px-4 rounded flex items-center justify-center bg-gray-800 hover:bg-gray-700 text-white transition-colors"
@@ -106,6 +106,31 @@
         </svg>
         Mit GitHub anmelden
       </button>
+
+      <button
+        (click)="loginWithGoogle()"
+        class="w-full py-2.5 px-4 rounded flex items-center justify-center bg-white hover:bg-gray-100 transition-colors !text-black"
+      >
+        <svg class="h-5 w-5 mr-2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
+          <path
+            fill="#EA4335"
+            d="M5.266 9.765A7.077 7.077 0 0 1 12 4.909c1.69 0 3.218.6 4.418 1.582L19.91 3C17.782 1.145 15.055 0 12 0 7.27 0 3.198 2.698 1.24 6.65l4.026 3.115Z"
+          />
+          <path
+            fill="#34A853"
+            d="M16.04 18.013c-1.09.703-2.474 1.078-4.04 1.078a7.077 7.077 0 0 1-6.723-4.823l-4.04 3.067A11.965 11.965 0 0 0 12 24c2.933 0 5.735-1.043 7.834-3l-3.793-2.987Z"
+          />
+          <path
+            fill="#4A90E2"
+            d="M19.834 21c2.195-2.048 3.62-5.096 3.62-9 0-.71-.109-1.473-.272-2.182H12v4.637h6.436c-.317 1.559-1.17 2.766-2.395 3.558L19.834 21Z"
+          />
+          <path
+            fill="#FBBC05"
+            d="M5.277 14.268A7.12 7.12 0 0 1 4.909 12c0-.782.125-1.533.357-2.235L1.24 6.65A11.934 11.934 0 0 0 0 12c0 1.92.445 3.73 1.237 5.335l4.04-3.067Z"
+          />
+        </svg>
+        Mit Google anmelden
+      </button>
     </div>
 
     <div class="text-center">

frontend/src/app/feature/auth/login/login.component.ts

@@ -71,6 +71,11 @@ export class LoginComponent {
     window.location.href = `${environment.apiUrl}/oauth2/github/authorize`;
   }
 
+  loginWithGoogle(): void {
+    this.isLoading.set(true);
+    window.location.href = `${environment.apiUrl}/oauth2/google/authorize`;
+  }
+
   switchToForgotPassword() {
     this.forgotPassword.emit();
   }

frontend/src/app/feature/auth/oauth2/oauth2-callback.component.ts

@@ -1,7 +1,7 @@
-import { Component, OnInit } from '@angular/core';
+import { Component, computed, inject, OnInit, Signal } from '@angular/core';
 import { CommonModule } from '@angular/common';
 import { ActivatedRoute, Router } from '@angular/router';
-import { AuthService } from '@service/auth.service';
+import { Oauth2Service } from './oauth2.service';
 
 @Component({
   selector: 'app-oauth2-callback',
@@ -10,51 +10,34 @@ import { AuthService } from '@service/auth.service';
   template: `
     <div class="min-h-screen bg-deep-blue flex items-center justify-center">
       <div class="text-center">
-        <h2 class="text-2xl font-bold text-white mb-4">Finishing authentication...</h2>
+        <h2 class="text-2xl font-bold text-white mb-4">Authentifizierung...</h2>
         <div
           class="animate-spin rounded-full h-12 w-12 border-t-2 border-b-2 border-emerald mx-auto"
         ></div>
-        <p *ngIf="error" class="mt-4 text-accent-red">{{ error }}</p>
+        <p *ngIf="error()" class="mt-4 text-accent-red">{{ error() }}</p>
       </div>
     </div>
   `,
 })
 export class OAuth2CallbackComponent implements OnInit {
-  error: string | null = null;
+  error: Signal<string> = computed(() => this.oauthService.error());
 
-  constructor(
+  private route: ActivatedRoute = inject(ActivatedRoute);
-    private route: ActivatedRoute,
+  private router: Router = inject(Router);
-    private router: Router,
+  private oauthService: Oauth2Service = inject(Oauth2Service);
-    private authService: AuthService
-  ) {}
 
   ngOnInit(): void {
-    // Check for code in URL params
     this.route.queryParams.subscribe((params) => {
       const code = params['code'];
+      const provider = this.route.snapshot.data['provider'] || 'github';
 
       if (code) {
-        // Exchange GitHub code for a JWT token
+        this.oauthService.oauth(provider, code);
-        this.authService.githubAuth(code).subscribe({
-          next: () => {
-            // Redirect to home after successful authentication
-            this.router.navigate(['/home']);
-          },
-          error: (err) => {
-            console.error('GitHub authentication error:', err);
-            this.error = err.error?.message || 'Authentication failed. Please try again.';
-            console.log('Error details:', err);
-
-            // Redirect back to landing page after showing error
-            setTimeout(() => {
-              this.router.navigate(['/']);
-            }, 3000);
-          },
-        });
       } else {
-        this.error = 'Authentication failed. No authorization code received.';
+        this.oauthService.error.set(
+          'Authentifizierung fehlgeschlagen. Bitte versuchen Sie es erneut.'
+        );
 
-        // Redirect back to landing page after showing error
         setTimeout(() => {
           this.router.navigate(['/']);
         }, 3000);

frontend/src/app/feature/auth/oauth2/oauth2.service.ts

@@ -0,0 +1,36 @@
+import { inject, Injectable, signal } from '@angular/core';
+import { Router } from '@angular/router';
+import { AuthService } from '@service/auth.service';
+
+@Injectable({
+  providedIn: 'root',
+})
+export class Oauth2Service {
+  private router: Router = inject(Router);
+  private authService: AuthService = inject(AuthService);
+  private _error = signal<string>('');
+
+  oauth(provider: string, code: string) {
+    const oauth$ =
+      provider === 'github' ? this.authService.githubAuth(code) : this.authService.googleAuth(code);
+
+    oauth$.subscribe({
+      next: () => {
+        this.router.navigate(['/home']);
+      },
+      error: (err) => {
+        this._error.set(
+          err.error?.message || 'Authentifizierung fehlgeschlagen. Bitte versuchen Sie es erneut.'
+        );
+
+        setTimeout(() => {
+          this.router.navigate(['/']);
+        }, 3000);
+      },
+    });
+  }
+
+  public get error() {
+    return this._error;
+  }
+}

frontend/src/app/service/auth.service.ts

@@ -79,6 +79,15 @@ export class AuthService {
     );
   }
 
+  googleAuth(code: string): Observable<AuthResponse> {
+    return this.http.post<AuthResponse>(`${this.oauthUrl}/google/callback`, { code }).pipe(
+      tap((response) => {
+        this.setToken(response.token);
+        this.loadCurrentUser();
+      })
+    );
+  }
+
   logout(): void {
     localStorage.removeItem(TOKEN_KEY);
     localStorage.removeItem(USER_KEY);