AET-DevOps25 · sfdamm · Jul 15, 2025 · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025
diff --git a/api/scripts/gen-all.sh b/api/scripts/gen-all.sh
@@ -28,15 +28,15 @@ generate_java() {
   echo "Generating Java code..."
   check_command openapi-generator-cli
 
-  # Generate code for API Gateway
-  openapi-generator-cli generate \
-    -i api/gateway.yaml \
-    -g spring \
-    -o gateway \
-    --skip-validate-spec \
-    --api-package de.tum.aet.devops25.api.generated.controller \
-    --model-package de.tum.aet.devops25.api.generated.model \
-    --additional-properties=useTags=true,useSpringBoot3=true,interfaceOnly=true
+openapi-generator-cli generate \
+  -i api/gateway.yaml \
+  -g spring \
+  -o gateway \
+  --skip-validate-spec \
+  --api-package de.tum.aet.devops25.api.generated.controller \
+  --model-package de.tum.aet.devops25.api.generated.model \
+  --additional-properties=useTags=true,useSpringBoot3=true,interfaceOnly=true,reactive=true \
+  --library spring-boot
 
   # Generate for user-svc
   openapi-generator-cli generate \

diff --git a/client/src/app/app.config.ts b/client/src/app/app.config.ts
@@ -1,6 +1,6 @@
 import { ApplicationConfig, provideZoneChangeDetection } from '@angular/core';
 import { provideRouter } from '@angular/router';
-import { provideHttpClient, HTTP_INTERCEPTORS } from '@angular/common/http';
+import { provideHttpClient, withInterceptorsFromDi, HTTP_INTERCEPTORS } from '@angular/common/http';
 import { provideAnimationsAsync } from '@angular/platform-browser/animations/async';
 
 import { routes } from './app.routes';
@@ -15,20 +15,17 @@ export const appConfig: ApplicationConfig = {
   providers: [
     provideZoneChangeDetection({ eventCoalescing: true }), 
     provideRouter(routes),
-    provideHttpClient(),
+    provideHttpClient(withInterceptorsFromDi()),
     provideAnimationsAsync(),
-
-    ...(!environment.useMockApi ? [
-      {
-        provide: HTTP_INTERCEPTORS,
-        useClass: AuthInterceptor,
-        multi: true
-      },
-      {
-        provide: HTTP_INTERCEPTORS,
-        useClass: ErrorInterceptor,
-        multi: true
-      }
-    ] : [])
+    {
+      provide: HTTP_INTERCEPTORS,
+      useClass: AuthInterceptor,
+      multi: true
+    },
+    {
+      provide: HTTP_INTERCEPTORS,
+      useClass: ErrorInterceptor,
+      multi: true
+    }
   ]
 };
diff --git a/client/src/app/core/interceptors/auth.interceptor.ts b/client/src/app/core/interceptors/auth.interceptor.ts
@@ -9,6 +9,8 @@ export class AuthInterceptor implements HttpInterceptor {
 
   intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
     const token = this.authService.getToken();
+
+    console.log('🔧 AuthInterceptor - Token:', token);
 
     if (token && !this.isAuthRequest(req.url)) {
       const authReq = req.clone({

diff --git a/concept-svc/.openapi-generator-ignore b/concept-svc/.openapi-generator-ignore
@@ -21,3 +21,5 @@
 #docs/*.md
 # Then explicitly reverse the ignore rule for a single file:
 #!docs/README.md
+
+README.md
diff --git a/concept-svc/.openapi-generator/FILES b/concept-svc/.openapi-generator/FILES
@@ -1,4 +1,3 @@
-README.md
 pom.xml
 src/main/java/de/tum/aet/devops25/api/generated/controller/ApiUtil.java
 src/main/java/de/tum/aet/devops25/api/generated/controller/ConceptsApi.java

diff --git a/concept-svc/src/main/java/de/tum/aet/devops25/conceptsvc/CorsConfig.java b/concept-svc/src/main/java/de/tum/aet/devops25/conceptsvc/CorsConfig.java
@@ -0,0 +1,25 @@
+package de.tum.aet.devops25.conceptsvc;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class CorsConfig implements WebMvcConfigurer {
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+                .allowedOrigins(
+                    "http://localhost:3000", 
+                    "http://localhost:4200", 
+                    "https://dev-aieventconcepter.student.k8s.aet.cit.tum.de", 
+                    "https://aieventconcepter.student.k8s.aet.cit.tum.de"
+                )
+                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                .allowedHeaders("*")
+                .exposedHeaders("Authorization", "Content-Type")
+                .maxAge(3600) // Cache preflight requests for 1 hour
+                .allowCredentials(true);
+    }
+} 
diff --git a/concept-svc/src/main/java/de/tum/aet/devops25/conceptsvc/SecurityConfig.java b/concept-svc/src/main/java/de/tum/aet/devops25/conceptsvc/SecurityConfig.java
@@ -27,6 +27,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .csrf(csrf -> csrf.disable())
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(authz -> authz
+                        .requestMatchers(org.springframework.http.HttpMethod.OPTIONS, "/**").permitAll() // Allow preflight requests
                         .requestMatchers("/", "/health").permitAll()
                         .requestMatchers("/api/concepts/**").authenticated()
                         .anyRequest().authenticated())

diff --git a/concept-svc/.gitignore → gateway/.gitignore b/concept-svc/.gitignore → gateway/.gitignore
diff --git a/gateway/.openapi-generator-ignore b/gateway/.openapi-generator-ignore
@@ -21,3 +21,5 @@
 #docs/*.md
 # Then explicitly reverse the ignore rule for a single file:
 #!docs/README.md
+
+README.md
diff --git a/gateway/.openapi-generator/FILES b/gateway/.openapi-generator/FILES
@@ -1,4 +1,3 @@
-README.md
 pom.xml
 src/main/java/de/tum/aet/devops25/api/generated/controller/ApiUtil.java
 src/main/java/de/tum/aet/devops25/api/generated/controller/AuthenticationApi.java

diff --git a/gateway/README.md b/gateway/README.md
@@ -1,13 +1,54 @@
 
-# OpenAPI generated API stub
-
-Spring Framework stub
+# Gateway Service
 
+This service acts as an API Gateway for the application, routing requests to the appropriate microservices.
 
 ## Overview
-This code was generated by the [OpenAPI Generator](https://openapi-generator.tech) project.
-By using the [OpenAPI-Spec](https://openapis.org), you can easily generate an API stub.
-This is an example of building API stub interfaces in Java using the Spring framework.
+This code was generated by the [OpenAPI Generator](https://openapi-generator.tech) project and has been extended to provide gateway functionality.
+
+## Local Development
+
+When running the gateway service locally (outside of Docker), you need to activate the `local` profile to ensure the service can connect to other services running on your local machine.
+
+### Running Locally
+
+To run the gateway service locally:
+
+1. Make sure the user-svc, concept-svc, and genai-svc services are running locally on their respective ports:
+   - user-svc: http://localhost:8081
+   - concept-svc: http://localhost:8082
+   - genai-svc: http://localhost:8083
+
+2. Start the gateway service with the `local` profile activated:
+
+   ```bash
+   # If using Gradle
+   ./gradlew bootRun --args='--spring.profiles.active=local'
+
+   # If using Maven
+   mvn spring-boot:run -Dspring-boot.run.profiles=local
+   ```
+
+### Configuration
+
+The application is configured to use the following service URLs:
+
+- In Docker environment:
+  - user-svc: http://user-svc:8080
+  - concept-svc: http://concept-svc:8080
+  - genai-svc: http://genai-svc:8083
+
+- In local environment (with `local` profile):
+  - user-svc: http://localhost:8081
+  - concept-svc: http://localhost:8082
+  - genai-svc: http://localhost:8083
+
+You can also override these URLs using environment variables:
+- USER_SERVICE_URL
+- CONCEPT_SERVICE_URL
+- GENAI_SERVICE_URL
+
+## API Implementation
 
 The stubs generated can be used in your existing Spring-MVC or Spring-Boot application to create controller endpoints
 by adding ```@Controller``` classes that implement the interface. Eg:

diff --git a/gateway/build.gradle b/gateway/build.gradle
@@ -25,9 +25,18 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.boot:spring-boot-starter-webflux'
 	implementation 'org.springframework.cloud:spring-cloud-starter-gateway'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'org.springframework.security:spring-security-web'
+	implementation 'org.springframework.security:spring-security-config'
 	implementation 'org.openapitools:jackson-databind-nullable:0.2.6'
 	implementation 'io.swagger.core.v3:swagger-annotations:2.2.20'
 	implementation 'jakarta.validation:jakarta.validation-api:3.0.2'
+
+	// JWT dependencies
+	implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+	runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+	runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'io.projectreactor:reactor-test'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'

diff --git a/gateway/pom.xml b/gateway/pom.xml
@@ -54,7 +54,7 @@
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
+            <artifactId>spring-boot-starter-webflux</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.data</groupId>
@@ -63,7 +63,7 @@
           <!--SpringDoc dependencies -->
         <dependency>
             <groupId>org.springdoc</groupId>
-            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+            <artifactId>springdoc-openapi-starter-webflux-ui</artifactId>
             <version>${springdoc.version}</version>
         </dependency>
         <!-- @Nullable annotation -->