Add logic to get unit_id from token sub claim

Disable security debug
Add authorization for endpoints
2025-01-08 09:58:59 +03:00 · 2025-01-08 09:17:20 +03:00 · 2025-01-08 09:17:04 +03:00
8 changed files with 42 additions and 10 deletions
--- a/build.gradle.kts
+++ b/build.gradle.kts
@ -34,6 +34,7 @@ dependencies {
 	testImplementation("org.springframework.security:spring-security-test")
 	testImplementation("org.testcontainers:postgresql")
 	testRuntimeOnly("org.junit.platform:junit-platform-launcher")
+	implementation("org.yaml:snakeyaml")
 }

 kotlin {
--- a/src/main/kotlin/ru/vyatsu/qr_access_api/config/SecurityConfig.kt
+++ b/src/main/kotlin/ru/vyatsu/qr_access_api/config/SecurityConfig.kt
@ -0,0 +1,20 @@
+package ru.vyatsu.qr_access_api.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.Customizer
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.web.SecurityFilterChain
+
+@Configuration
+@EnableWebSecurity
+class SecurityConfig {
+
+    @Bean
+    fun defaultSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        return http.authorizeHttpRequests { it.anyRequest().authenticated() }
+            .oauth2ResourceServer { it.jwt(Customizer.withDefaults()) }
+            .build()
+    }
+}
--- a/src/main/kotlin/ru/vyatsu/qr_access_api/controller/QrSyncController.kt
+++ b/src/main/kotlin/ru/vyatsu/qr_access_api/controller/QrSyncController.kt
@ -1,10 +1,12 @@
 package ru.vyatsu.qr_access_api.controller

 import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.RestController
 import ru.vyatsu.apis.QrApi
 import ru.vyatsu.models.QrCodesResponse
 import ru.vyatsu.qr_access_api.service.QrSyncService

+@RestController
 class QrSyncController(val syncService: QrSyncService) : QrApi {

    override fun getQrCodes(): ResponseEntity<QrCodesResponse> =
--- a/src/main/kotlin/ru/vyatsu/qr_access_api/repository/QrRepository.kt
+++ b/src/main/kotlin/ru/vyatsu/qr_access_api/repository/QrRepository.kt
@ -9,8 +9,8 @@ import java.util.*
 private const val GET_ACTUAL_QRS_BY_UNIT_ID = """
            SELECT q.start_date_time, q.end_date_time, q.door_id, q.key_code FROM qrs q
            JOIN doors d ON (d.id = q.door_id)
-            JOIN oauth2_registered_client c ON (c.id = d.unit_id)
-            WHERE c.id = ? AND q.start_date_time <= CURRENT_TIMESTAMP AND q.end_date_time >= CURRENT_TIMESTAMP
+            JOIN oauth2_registered_client c ON (c.client_id = d.unit_id)
+            WHERE c.client_id = ? AND q.start_date_time <= CURRENT_TIMESTAMP AND q.end_date_time >= CURRENT_TIMESTAMP
            """

@Repository
--- a/src/main/kotlin/ru/vyatsu/qr_access_api/service/QrSyncService.kt
+++ b/src/main/kotlin/ru/vyatsu/qr_access_api/service/QrSyncService.kt
@ -1,5 +1,6 @@
 package ru.vyatsu.qr_access_api.service

+import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.stereotype.Service
 import ru.vyatsu.models.QrCode
 import ru.vyatsu.qr_access_api.repository.QrRepository
@ -7,8 +8,7 @@ import ru.vyatsu.qr_access_api.repository.QrRepository
@Service
 class QrSyncService(val qrRepository: QrRepository) {
    fun getQrCodes(): List<QrCode> {
-        // TODO: Тут логика с извлечением клайма из jwt в котором идентификатор клиента лежит
-        val extractedUnitId = "945c8621-9adc-4a49-bc56-10253d27c581"
-        return qrRepository.getActualQrCodesByUnitId(extractedUnitId)
+        val sc = SecurityContextHolder.getContext()
+        return qrRepository.getActualQrCodesByUnitId(sc.authentication.name)
    }
 }
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -1,4 +0,0 @@
-spring.application.name=qr-access-api
-spring.datasource.url=jdbc:postgresql://localhost:5432/qr_access
-spring.datasource.username=qr_access_user
-spring.datasource.password=123
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@ -0,0 +1,12 @@
+spring:
+  application:
+    name: qr-access-api
+  datasource:
+    url: jdbc:postgresql://localhost:5432/qr_access
+    username: qr_access_user
+    password: 123
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: http://localhost:8081/oauth2/jwks
--- a/src/main/resources/db/changelog/1.0.0/changelog.yml
+++ b/src/main/resources/db/changelog/1.0.0/changelog.yml
@ -16,6 +16,7 @@ databaseChangeLog:
              - column:
                  constraints:
                    nullable: false
+                    unique: true
                  name: client_id
                  type: VARCHAR(100)
              - column:
@ -119,5 +120,5 @@ databaseChangeLog:
            baseColumnNames: unit_id
            baseTableName: doors
            constraintName: FK_unit_door
-            referencedColumnNames: id
+            referencedColumnNames: client_id
            referencedTableName: oauth2_registered_client
Author	SHA1	Message	Date
kashiuno	a5c570ec42	Add logic to get unit_id from token sub claim	2025-01-08 09:58:59 +03:00
kashiuno	9d658cea12	Disable security debug	2025-01-08 09:17:20 +03:00
kashiuno	e3566ec66b	Add authorization for endpoints	2025-01-08 09:17:04 +03:00