From 2c6ad6727ab00a4bbdc0ffebad2e32f23c70b0cf Mon Sep 17 00:00:00 2001
From: jultty <juno.t@tuta.io>
Date: Mon, 23 Sep 2024 13:38:35 -0300
Subject: [PATCH] Scaffold for JWT implementation

---
 build.gradle                                  |  3 ++
 src/main/java/mirante/api/security/ERole.java |  6 +++
 src/main/java/mirante/api/security/Role.java  | 37 +++++++++++++++++++
 .../mirante/api/security/RoleRepository.java  | 11 ++++++
 .../api/security/SecurityConfiguration.java   | 10 +++--
 src/test/hurl/v0.3.0/03-auth.hurl             |  1 +
 6 files changed, 65 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/mirante/api/security/ERole.java
 create mode 100644 src/main/java/mirante/api/security/Role.java
 create mode 100644 src/main/java/mirante/api/security/RoleRepository.java

diff --git a/build.gradle b/build.gradle
index 1ae7ecd..c4ac8fb 100644
--- a/build.gradle
+++ b/build.gradle
@@ -37,6 +37,8 @@ dependencies {
   implementation 'org.bouncycastle:bcprov-jdk15on:1.69'
   implementation 'commons-io:commons-io:2.15.1'
   implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0'
+  implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+  implementation 'io.jsonwebtoken:jjwt-jackson:0.11.5'
   testImplementation 'org.springframework.boot:spring-boot-starter-test'
   testImplementation 'org.springframework.boot:spring-boot-starter-web'
   testImplementation 'org.springframework.boot:spring-boot-starter-security'
@@ -45,6 +47,7 @@ dependencies {
   testImplementation 'de.elnarion.util:plantuml-generator-util:2.4.1'
   testImplementation group: 'com.credibledoc', name: 'plantuml-core', version: '1.0.51'
   runtimeOnly 'com.h2database:h2'
+  runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
   umlDoclet "nl.talsmasoftware:umldoclet:2.1.1"
   asciidoctorExt "org.springframework.restdocs:spring-restdocs-asciidoctor:${spring_docs_version}"
 }
diff --git a/src/main/java/mirante/api/security/ERole.java b/src/main/java/mirante/api/security/ERole.java
new file mode 100644
index 0000000..518e36b
--- /dev/null
+++ b/src/main/java/mirante/api/security/ERole.java
@@ -0,0 +1,6 @@
+package mirante.api.security;
+
+public enum ERole {
+  ROLE_USER,
+  ROLE_ADMIN,
+}
diff --git a/src/main/java/mirante/api/security/Role.java b/src/main/java/mirante/api/security/Role.java
new file mode 100644
index 0000000..c994318
--- /dev/null
+++ b/src/main/java/mirante/api/security/Role.java
@@ -0,0 +1,37 @@
+package mirante.api.security;
+
+import jakarta.persistence.*;
+
+@Entity
+@Table(name = "roles")
+public class Role {
+  @Id
+  @GeneratedValue(strategy = GenerationType.IDENTITY)
+  private Integer id;
+
+  @Enumerated(EnumType.STRING)
+  @Column(length = 20)
+  private ERole name;
+
+  public Role() {}
+
+  public Role(ERole name) {
+    this.name = name;
+  }
+
+  public Integer getId() {
+    return id;
+  }
+
+  public void setId(Integer id) {
+    this.id = id;
+  }
+
+  public ERole getName() {
+    return name;
+  }
+
+  public void setName(ERole name) {
+    this.name = name;
+  }
+}
\ No newline at end of file
diff --git a/src/main/java/mirante/api/security/RoleRepository.java b/src/main/java/mirante/api/security/RoleRepository.java
new file mode 100644
index 0000000..c094712
--- /dev/null
+++ b/src/main/java/mirante/api/security/RoleRepository.java
@@ -0,0 +1,11 @@
+package mirante.api.security;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+
+@Repository
+public interface RoleRepository extends JpaRepository<Role, Long> {
+  Optional<Role> findByName(ERole name);
+}
diff --git a/src/main/java/mirante/api/security/SecurityConfiguration.java b/src/main/java/mirante/api/security/SecurityConfiguration.java
index 08dbdc0..57dc327 100644
--- a/src/main/java/mirante/api/security/SecurityConfiguration.java
+++ b/src/main/java/mirante/api/security/SecurityConfiguration.java
@@ -24,9 +24,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
       .csrf(csrf -> csrf.ignoringRequestMatchers("/auth/**"))
       .securityContext(context -> context.securityContextRepository(
           new RequestAttributeSecurityContextRepository())
-      ).authorizeHttpRequests(authorize -> authorize
-      .requestMatchers("/version", "/auth/**", "/api-docs/**").permitAll()
-      .anyRequest().authenticated()
+      ).authorizeHttpRequests(request -> request
+                .requestMatchers("/version", "/auth/**", "/api-docs/**")
+                .permitAll()
+                .anyRequest().authenticated()
+
+      // .addFilter(new JwtAuthenticationFilter(authenticationManager(), jwtUtil))
+      // .addFilter(new JwtAuthorizationFilter(authenticationManager(), jwtUtil, userDetailsService));
     );
 
     return http.build();
diff --git a/src/test/hurl/v0.3.0/03-auth.hurl b/src/test/hurl/v0.3.0/03-auth.hurl
index 9d2633b..17f4bc9 100644
--- a/src/test/hurl/v0.3.0/03-auth.hurl
+++ b/src/test/hurl/v0.3.0/03-auth.hurl
@@ -15,4 +15,5 @@ HTTP 403
 
 # account endpoint returns 200 if authenticated
 GET http://localhost:8889/account
+Authorization: Basic {{token}}
 HTTP 200