feat(security): setup security for swagger

frischHWC · Sep 20, 2024 · 26354df · 26354df
1 parent 8c5f6c4
commit 26354df
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 10 deletions.
diff --git a/src/main/bundles/prod.bundle b/src/main/bundles/prod.bundle
diff --git a/src/main/java/com/datagen/config/SecurityConfig.java b/src/main/java/com/datagen/config/SecurityConfig.java
@@ -24,6 +24,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -52,13 +53,16 @@ public SecurityConfig(PropertiesLoader propertiesLoader) {
 
   @Override
   protected void configure(HttpSecurity http) throws Exception {
+    // Disable JWT auth and use basic auth instead + CSRF disabled for api endpoints
+    // Disable auth for metrics & status endpoints
     http
         .authorizeHttpRequests(auth ->
-        auth.requestMatchers("/public/**", "/api/v1/metrics/**", "/api/v1/health/status").permitAll())
+        auth.requestMatchers("/api/v1/metrics/**", "/api/v1/health/status").permitAll())
         .authorizeHttpRequests(authorize -> authorize.requestMatchers("/api/v1/**").authenticated())
+        .httpBasic(Customizer.withDefaults())
+        .csrf((csrf) -> csrf.ignoringRequestMatchers("/api/v1/**"));
     ;
-    // TODO: Make swagger works with authentication
-
+    // Let Vaadin secure rest of application
     super.configure(http);
 
     setLoginView(http, LoginView.class);
@@ -102,4 +106,19 @@ public PasswordEncoder passwordEncoder() {
     return new BCryptPasswordEncoder();
   }
 
+  // TODO: Add LDAP connection and users from it
+  /*@Autowired
+  public void configure(AuthenticationManagerBuilder auth) throws Exception {
+    auth
+        .ldapAuthentication()
+        .userDnPatterns("uid={0},ou=people")
+        .groupSearchBase("ou=groups")
+        .contextSource()
+        .url("ldap://localhost:8389/dc=springframework,dc=org")
+        .and()
+        .configure(new LdapBindAuthenticationManagerFactory(
+            new DefaultSpringSecurityContextSource("ldap://localhost:53389/dc=springframework,dc=org"))
+            .createAuthenticationManager());
+  } */
+
 }
diff --git a/src/main/java/com/datagen/controller/model/ModelStoreController.java b/src/main/java/com/datagen/controller/model/ModelStoreController.java
@@ -26,23 +26,22 @@ public String addModel(
     return modelStoreService.addModel(modelFile, false).getName();
   }
 
-  @PostMapping(value = "/get")
+  @GetMapping(value = "/get")
   public String getModel(
       @RequestParam(required = false, name = "model") String modelName
   ) {
     log.debug("Received request to get model: {} ,", modelName);
     return modelStoreService.getModelAsJson(modelName);
   }
 
-  @PostMapping(value = "/list")
-  public List<String> lsitModel(
-      @RequestParam(required = false, name = "model") String modelName
+  @GetMapping(value = "/list")
+  public List<String> listModel(
   ) {
-    log.debug("Received request to list model: {} ,", modelName);
+    log.debug("Received request to list model");
     return modelStoreService.listModels();
   }
 
-  @PostMapping(value = "/delete")
+  @DeleteMapping(value = "/delete")
   public Boolean deleteModel(
       @RequestParam(required = false, name = "model") String modelName
   ) {

diff --git a/src/main/java/com/datagen/views/MainLayout.java b/src/main/java/com/datagen/views/MainLayout.java
@@ -6,6 +6,7 @@
 import com.datagen.views.models.CredentialsView;
 import com.datagen.views.models.ModelsCreationView;
 import com.datagen.views.models.ModelsManagementView;
+import com.vaadin.flow.component.UI;
 import com.vaadin.flow.component.applayout.AppLayout;
 import com.vaadin.flow.component.applayout.DrawerToggle;
 import com.vaadin.flow.component.button.Button;
@@ -90,6 +91,11 @@ private Footer createFooter() {
         anchorGit.getElement().setAttribute("target", "_blank");
         Anchor anchorDoc = new Anchor("https://datagener.github.io/", LineAwesomeIcon.BOOK_OPEN_SOLID.create());
         anchorDoc.getElement().setAttribute("target", "_blank");
+        //var localUri = Page.fetchCurrentURL();
+        // TODO: Add anchor to the swagger-ui.html#/
+        var localUri = UI.getCurrent().getActiveViewLocation().getPath();
+        Anchor anchorSwagger = new Anchor(localUri + "/swagger-ui.html#/", LineAwesomeIcon.CODE_SOLID.create());
+        anchorSwagger.getElement().setAttribute("target", "_blank");
         String version = "1.0.0";
 
         // User Info
@@ -105,7 +111,7 @@ private Footer createFooter() {
         var vl = new VerticalLayout();
         vl.add(new HorizontalLayout(LineAwesomeIcon.USER_CIRCLE.create(), userInfo));
         vl.add(logout);
-        vl.add(new HorizontalLayout(anchorDoc, anchorGit, new Span("V." + version)));
+        vl.add(new HorizontalLayout(anchorSwagger, anchorDoc, anchorGit, new Span("V." + version)));
 
         footer.add(vl);
         return footer;