feat: VIN-451 - adicionando filtro nas configs de segurança

bff/src/main/java/com/vinhonotas/bff/application/services/cadastro/UserService.java

@@ -1,6 +1,8 @@
 package com.vinhonotas.bff.application.services.cadastro;
 
+import com.vinhonotas.bff.interfaces.dtos.inputs.cadastro.AuthenticationDTO;
 import com.vinhonotas.bff.interfaces.dtos.inputs.cadastro.UserInputDTO;
+import com.vinhonotas.bff.interfaces.dtos.outputs.cadastro.LoginResponseDTO;
 import com.vinhonotas.bff.interfaces.dtos.outputs.cadastro.UserOutputDTO;
 
 import java.util.List;
@@ -13,5 +15,6 @@ public interface UserService {
     UserOutputDTO getUserByName(String name);
     UserOutputDTO updateUser(String id, UserInputDTO userInputDTO);
     void deleteUser(String id);
+    LoginResponseDTO login(AuthenticationDTO data);
 
 }

bff/src/main/java/com/vinhonotas/bff/application/services/cadastro/impl/UserServiceImpl.java

@@ -4,7 +4,9 @@
 import com.vinhonotas.bff.application.services.exceptions.BadRequestException;
 import com.vinhonotas.bff.application.services.exceptions.NotFoundException;
 import com.vinhonotas.bff.client.cadastro.UserClient;
+import com.vinhonotas.bff.interfaces.dtos.inputs.cadastro.AuthenticationDTO;
 import com.vinhonotas.bff.interfaces.dtos.inputs.cadastro.UserInputDTO;
+import com.vinhonotas.bff.interfaces.dtos.outputs.cadastro.LoginResponseDTO;
 import com.vinhonotas.bff.interfaces.dtos.outputs.cadastro.UserOutputDTO;
 import com.vinhonotas.bff.utils.MessagesConstants;
 import lombok.RequiredArgsConstructor;
@@ -87,4 +89,17 @@ public void deleteUser(String id) {
         }
     }
 
+    @Override
+    public LoginResponseDTO login(AuthenticationDTO data) {
+        log.info("login :: Realizando login");
+        try {
+            LoginResponseDTO login = userClient.login(data);
+            log.info("login :: Login realizado com sucesso");
+            return login;
+        } catch (Exception e) {
+            log.error("login :: Ocorreu um erro ao realizar o login: {} ", MessagesConstants.ERROR_WHEN_LOGIN, e);
+            throw new BadRequestException(MessagesConstants.ERROR_WHEN_LOGIN);
+        }
+    }
+
 }

bff/src/main/java/com/vinhonotas/bff/client/cadastro/UserClient.java

@@ -1,7 +1,9 @@
 package com.vinhonotas.bff.client.cadastro;
 
 import com.vinhonotas.bff.configuration.FeignConfig;
+import com.vinhonotas.bff.interfaces.dtos.inputs.cadastro.AuthenticationDTO;
 import com.vinhonotas.bff.interfaces.dtos.inputs.cadastro.UserInputDTO;
+import com.vinhonotas.bff.interfaces.dtos.outputs.cadastro.LoginResponseDTO;
 import com.vinhonotas.bff.interfaces.dtos.outputs.cadastro.UserOutputDTO;
 import jakarta.validation.Valid;
 import org.springframework.cloud.openfeign.FeignClient;
@@ -12,7 +14,7 @@
 @FeignClient(name = "user", url = "${cadastro-api.url}", configuration = FeignConfig.class)
 public interface UserClient {
 
-    @PostMapping("/users")
+    @PostMapping("/auth/register")
     UserOutputDTO createUser(@Valid @RequestBody UserInputDTO userInputDTO);
 
     @GetMapping("/users")
@@ -30,4 +32,7 @@ public interface UserClient {
     @DeleteMapping("/users/{id}")
     Void deleteUser(@PathVariable("id") String id);
 
+    @PostMapping("/auth/login")
+    LoginResponseDTO login(@RequestBody @Valid AuthenticationDTO data);
+
 }

bff/src/main/java/com/vinhonotas/bff/interfaces/controllers/cadastro/UserController.java

@@ -1,7 +1,9 @@
 package com.vinhonotas.bff.interfaces.controllers.cadastro;
 
 import com.vinhonotas.bff.application.services.cadastro.UserService;
+import com.vinhonotas.bff.interfaces.dtos.inputs.cadastro.AuthenticationDTO;
 import com.vinhonotas.bff.interfaces.dtos.inputs.cadastro.UserInputDTO;
+import com.vinhonotas.bff.interfaces.dtos.outputs.cadastro.LoginResponseDTO;
 import com.vinhonotas.bff.interfaces.dtos.outputs.cadastro.UserOutputDTO;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
@@ -49,4 +51,9 @@ public ResponseEntity<Void> deleteUser(@PathVariable("id") String id) {
         return ResponseEntity.noContent().build();
     }
 
+    @PostMapping("/login")
+    public ResponseEntity<LoginResponseDTO> login(@Valid @RequestBody AuthenticationDTO data) {
+        return ResponseEntity.ok(userService.login(data));
+    }
+
 }

bff/src/main/java/com/vinhonotas/bff/interfaces/dtos/inputs/cadastro/AuthenticationDTO.java

@@ -0,0 +1,13 @@
+package com.vinhonotas.bff.interfaces.dtos.inputs.cadastro;
+
+import lombok.Builder;
+import lombok.Data;
+
+@Data
+@Builder
+public class AuthenticationDTO {
+
+    private String email;
+    private String password;
+
+}

bff/src/main/java/com/vinhonotas/bff/interfaces/dtos/outputs/cadastro/LoginResponseDTO.java

@@ -0,0 +1,16 @@
+package com.vinhonotas.bff.interfaces.dtos.outputs.cadastro;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class LoginResponseDTO {
+
+    private String token;
+
+}

bff/src/main/java/com/vinhonotas/bff/utils/MessagesConstants.java

@@ -8,6 +8,7 @@ public class MessagesConstants {
     public static final String ERROR_WHEN_UPDATING = "Erro ao atualizar registro";
     public static final String ERROR_WHEN_SAVING = "Erro ao salvar registro";
     public static final String BAD_REQUEST = "Requisição inválida, verifique os campos informados";
+    public static final String ERROR_WHEN_LOGIN = "Erro ao realizar login";
 
     private MessagesConstants() {
     }

cadastro/src/main/java/com/vinhonotas/cadastro/configuration/security/SecurityConfigurations.java

@@ -1,31 +1,39 @@
 package com.vinhonotas.cadastro.configuration.security;
 
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
 @EnableWebSecurity
+@RequiredArgsConstructor
 public class SecurityConfigurations {
 
+    private final SecurityFilter securityFilter;
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
         return httpSecurity
-                .csrf(csrf -> csrf.disable())
+                .csrf(AbstractHttpConfigurer::disable)
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(authorize -> authorize
                         .requestMatchers(HttpMethod.POST, "/api/v1/auth/login").permitAll()
                         .requestMatchers(HttpMethod.POST, "/api/v1/auth/register").permitAll()
                         .requestMatchers(HttpMethod.POST, "/api/v1/persons").permitAll()
+                        .anyRequest().authenticated()
                 )
+                .addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class)
                 .build();
     }
 

cadastro/src/main/java/com/vinhonotas/cadastro/configuration/security/SecurityFilter.java

@@ -0,0 +1,48 @@
+package com.vinhonotas.cadastro.configuration.security;
+
+import com.vinhonotas.cadastro.application.services.TokenService;
+import com.vinhonotas.cadastro.infrastructure.UserRepository;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.Objects;
+
+@Component
+@RequiredArgsConstructor
+public class SecurityFilter extends OncePerRequestFilter {
+
+    private final TokenService tokenService;
+    private final UserRepository userRepository;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+        String token = recoverToken(request);
+        if (Objects.nonNull(token)) {
+            String login = tokenService.validateToken(token);
+            UserDetails user = userRepository.findByEmail(login);
+
+            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    private String recoverToken(HttpServletRequest request) {
+        String authHeader = request.getHeader("Authorization");
+        if (Objects.isNull(authHeader)) {
+            return null;
+        }
+        return authHeader.replace("Bearer ", "");
+    }
+
+}

cadastro/src/main/java/com/vinhonotas/cadastro/interfaces/controllers/AuthenticationController.java

@@ -1,12 +1,14 @@
 package com.vinhonotas.cadastro.interfaces.controllers;
 
 import com.vinhonotas.cadastro.application.services.PersonService;
+import com.vinhonotas.cadastro.application.services.TokenService;
 import com.vinhonotas.cadastro.domain.entities.PersonEntity;
 import com.vinhonotas.cadastro.domain.entities.UserEntity;
 import com.vinhonotas.cadastro.domain.enums.EnumProfile;
 import com.vinhonotas.cadastro.infrastructure.UserRepository;
 import com.vinhonotas.cadastro.interfaces.dtos.inputs.AuthenticationDTO;
 import com.vinhonotas.cadastro.interfaces.dtos.inputs.UserInputDTO;
+import com.vinhonotas.cadastro.interfaces.dtos.outputs.LoginResponseDTO;
 import com.vinhonotas.cadastro.utils.EnumConverter;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
@@ -34,15 +36,18 @@ public class AuthenticationController{
     private final AuthenticationManager authenticationManager;
     private final UserRepository repository;
     private final PersonService personService;
+    private final TokenService tokenService;
 
     @PostMapping("/login")
-    public ResponseEntity login(@RequestBody @Valid AuthenticationDTO data){
+    public ResponseEntity<LoginResponseDTO> login(@RequestBody @Valid AuthenticationDTO data){
         log.info("login :: Login request received {}: ", data);
         var usernamePassword = new UsernamePasswordAuthenticationToken(data.getEmail(), data.getPassword());
         log.info("login :: usernamePassword {}: ",usernamePassword);
         var auth = authenticationManager.authenticate(usernamePassword);
 
-        return ResponseEntity.ok().build();
+        String token = tokenService.generateToken((UserEntity) auth.getPrincipal());
+        LoginResponseDTO login = LoginResponseDTO.builder().token(token).build();
+        return ResponseEntity.ok(login);
     }
 
     @PostMapping("/register")

cadastro/src/main/java/com/vinhonotas/cadastro/interfaces/dtos/outputs/LoginResponseDTO.java

@@ -0,0 +1,12 @@
+package com.vinhonotas.cadastro.interfaces.dtos.outputs;
+
+import lombok.Builder;
+import lombok.Data;
+
+@Data
+@Builder
+public class LoginResponseDTO {
+
+    private String token;
+
+}