DevOps-Video-Sharing
diff --git a/‎.github/workflows/main.yaml‎
Lines changed: 15 additions & 15 deletions b/‎.github/workflows/main.yaml‎
Lines changed: 15 additions & 15 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎pom.xml‎
Lines changed: 33 additions & 0 deletions b/‎pom.xml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎resources.yaml‎
Lines changed: 44 additions & 0 deletions b/‎resources.yaml‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎src/main/java/com/programming/userService/config/JwtRequestFilter.java‎
Lines changed: 57 additions & 0 deletions b/‎src/main/java/com/programming/userService/config/JwtRequestFilter.java‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎src/main/java/com/programming/userService/config/RedisConfig.java‎
Lines changed: 45 additions & 0 deletions b/‎src/main/java/com/programming/userService/config/RedisConfig.java‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎src/main/java/com/programming/userService/config/SecurityConfig.java‎
Lines changed: 18 additions & 16 deletions b/‎src/main/java/com/programming/userService/config/SecurityConfig.java‎
Lines changed: 18 additions & 16 deletions
@@ -1,9 +1,9 @@
-name: Continuous Integration for Comment Service
+name: Continuous Integration for User Service
 
 on:
   push:
     branches:
-      - ducbao
+      - QA
 
 jobs:
   testing:
@@ -26,24 +26,24 @@ jobs:
       - name: Unit Tests
         run: mvn -B test --file pom.xml
 
-  # sonar-cloud-scan:
-  #   needs: testing
-  #   uses: ./.github/workflows/SonarQube.yaml
-  #   secrets:
-  #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+#   sonar-cloud-scan:
+#     needs: testing
+#     uses: ./.github/workflows/SonarQube.yaml
+#     secrets:
+#       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
   build-image:
     needs: testing
     uses: ./.github/workflows/build-image.yaml
     secrets:
       DOCKER_HUB_ACCESS_TOKEN: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
-  # scan-image:
-  #   needs: build-image
-  #   uses: ./.github/workflows/scan-image.yaml
+#   scan-image:
+#     needs: build-image
+#     uses: ./.github/workflows/scan-image.yaml
 
-  # notify:
-  #   needs: scan-image
-  #   uses: ./.github/workflows/notifyCI.yaml
-  #   secrets:
-  #     SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+#   notify:
+#     needs: scan-image
+#     uses: ./.github/workflows/notifyCI.yaml
+#     secrets:
+#       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -31,3 +31,4 @@ build/
 
 ### VS Code ###
 .vscode/
+#logback-*.xml
@@ -82,6 +82,39 @@
 			<artifactId>gson</artifactId>
 			<version>2.10.1</version>
 		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>0.11.5</version> <!-- Hoặc phiên bản mới nhất -->
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<version>0.11.5</version>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId> <!-- Hoặc jjwt-gson nếu bạn dùng Gson -->
+			<version>0.11.5</version>
+			<scope>runtime</scope>
+		</dependency>
+
+
+
+		<!-- https://mvnrepository.com/artifact/redis.clients/jedis -->
+		<dependency>
+			<groupId>redis.clients</groupId>
+			<artifactId>jedis</artifactId>
+			<version>5.1.0</version>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-redis -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-redis</artifactId>
+			<version>3.2.4</version>
+		</dependency>
+
 
 		<dependency>
     		<groupId>net.logstash.logback</groupId>
 
@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-service
+  labels:
+    app: user-service
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: user-service
+  template:
+    metadata:
+      labels:
+        app: user-service
+    spec:
+      containers:
+        - name: user-service
+          image: datuits/devops-user-service:latest
+          ports:
+            - containerPort: 8081
+          env:
+          - name: SPRING_DATA_MONGODB_URI
+            value: mongodb://user-mongo-service:27017/user-service
+          resources:
+            requests:
+              memory: "32Mi"
+              cpu: "0.2"
+            limits:
+              memory: "64Mi"
+              cpu: "0.4"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: user-service
+spec:
+  selector:
+    app: user-service
+  ports:
+    - protocol: TCP
+      port: 8081
+      targetPort: 8081
+  type: NodePort
@@ -0,0 +1,57 @@
+package com.programming.userService.config;
+
+import com.programming.userService.util.JwtUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import java.io.IOException;
+
+@Component
+public class JwtRequestFilter extends OncePerRequestFilter {
+
+    @Autowired
+    private UserDetailsService userDetailsService;
+
+    @Autowired
+    private JwtUtil jwtUtil;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+            throws ServletException, IOException {
+
+        final String authorizationHeader = request.getHeader("Authorization");
+
+        String username = null;
+        String jwt = null;
+
+        if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
+            jwt = authorizationHeader.substring(7);
+            username = jwtUtil.extractUsername(jwt);
+        }
+
+        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+
+            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
+
+            if (jwtUtil.validateToken(jwt, userDetails)) {
+
+                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
+                        userDetails, null, userDetails.getAuthorities());
+                usernamePasswordAuthenticationToken
+                        .setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
+            }
+        }
+        chain.doFilter(request, response);
+    }
+}
@@ -0,0 +1,45 @@
+package com.programming.userService.config;
+
+import org.springframework.data.redis.repository.configuration.EnableRedisRepositories;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+import org.springframework.beans.factory.annotation.Value;
+@Configuration
+@EnableRedisRepositories
+public class RedisConfig {
+
+    @Value("${spring.redis.host}")
+    private String redisHost;
+
+    @Value("${spring.redis.port}")
+    private int redisPort;
+
+    @Value("${spring.redis.password}")
+    private String redisPassword;
+
+    @Bean
+    public RedisConnectionFactory redisConnectionFactory() {
+        RedisStandaloneConfiguration redisConfig = new RedisStandaloneConfiguration();
+        redisConfig.setHostName(redisHost);
+        redisConfig.setPort(redisPort);
+        redisConfig.setPassword(redisPassword);
+
+        return new LettuceConnectionFactory(redisConfig);
+    }
+
+
+    @Bean
+    public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory connectionFactory) {
+        RedisTemplate<String, Object> template = new RedisTemplate<>();
+        template.setConnectionFactory(connectionFactory);
+        template.setKeySerializer(new StringRedisSerializer());
+        template.setValueSerializer(new GenericJackson2JsonRedisSerializer());
+        return template;
+    }
+}
@@ -12,6 +12,7 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -21,25 +22,26 @@ public class SecurityConfig {
 
     @Bean
     public SecurityFilterChain defaultFilterChain(HttpSecurity httpSecurity) throws Exception {
+        JwtRequestFilter jwtRequestFilter = new JwtRequestFilter();
         return httpSecurity
                 .csrf(csrf -> csrf.disable())
-                .authorizeHttpRequests(auth -> auth.requestMatchers("/register", "/error").permitAll()
-                        .requestMatchers("/listUser").permitAll()
-                        .requestMatchers("/video/upload").permitAll()
-                        .requestMatchers("/video/list").permitAll()
-                        .requestMatchers("/file/upload").permitAll()
-                        .requestMatchers("/file/list").permitAll()
-                        .requestMatchers("/file/downloadZipFile").permitAll()
-                        .requestMatchers("/comments/upload").permitAll()
-                        .requestMatchers("/comments/**").permitAll()
-                        .requestMatchers("/video/**").permitAll()
-                        .requestMatchers("/login2").permitAll()
-                        .requestMatchers("/listUserbyId/**").permitAll()
-                        .requestMatchers("/updateProfile/**").permitAll()
-                        .requestMatchers("/send-verification-email").permitAll()
-                        .requestMatchers("/hello-world").permitAll()
-                        .requestMatchers("/**").permitAll()
+                .authorizeHttpRequests(auth -> auth.requestMatchers("/user/register", "/user/error").permitAll()
+                        // .requestMatchers("/listUser").permitAll()
+                        .requestMatchers("/user/login2").permitAll()
+                        .requestMatchers("/user/login3").permitAll()
+                        .requestMatchers("/user/listUserbyId/**").permitAll()
+                        .requestMatchers("/user/hello-world").permitAll()
+                        .requestMatchers("/user/send-verification-email").permitAll()
+                        .requestMatchers("/user/logout").permitAll()
+                        .requestMatchers("/user/listUserbyUsername").permitAll()
+                        .requestMatchers("/user/listUserbyId/**").permitAll()
+                        .requestMatchers("/user/updateProfile/**").permitAll()
+                        .requestMatchers("/user/changePassword/**").permitAll()
+                        .requestMatchers("/user/listUser").permitAll()
+
+                        .requestMatchers("/user/").authenticated()
                         .anyRequest().authenticated())
+                .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class)
                 .httpBasic(Customizer.withDefaults())
                 .formLogin(Customizer.withDefaults())
                 .build();
Original file line number	Diff line number	Diff line change
`@@ -31,3 +31,4 @@ build/`
`31`	`31`
`32`	`32`	`### VS Code ###`
`33`	`33`	`.vscode/`
	`34`	`+#logback-*.xml`