Merge pull request #20 from Halbes-Byte/chore/centralize-used-metadata

chore: centralize used metadata

Author: Daenges

.gitignore

@@ -6,3 +6,5 @@ start_vpn.sh
 server/generated-sources/
 data/
 .env
+.javaversion.sh
+./server/data/

docker-compose.yml

@@ -37,17 +37,6 @@ services:
       POSTGRES_USER: ${KC_DB_USERNAME}
       POSTGRES_PASSWORD: ${KC_DB_PASSWORD}
     ports:
-      - '5432:5432'
- #spring:
- #  build:
- #    context: .
- #    dockerfile: Dockerfile
- #  # image: panderu/study-buddies-backend:latest
- #  container_name: spring-backend
- #  ports:
- #    - "1516:8080"
- #  depends_on:
- #    - keycloak_web
 ######################################################
 volumes:
   postgres_data:

javaversion.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+sdk use java 17.0.12-zulu

server/src/main/java/com/studybuddies/server/configuration/CORS.java

@@ -0,0 +1,26 @@
+package com.studybuddies.server.configuration;
+
+import java.util.Arrays;
+import java.util.List;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+@Configuration
+public class CORS {
+  @Bean
+  public CorsConfigurationSource cors() {
+    CorsConfiguration conf = new CorsConfiguration();
+    conf.setAllowedOrigins(Arrays.asList("http://localhost:3000", "http://localhost:7070"));
+    conf.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
+    conf.setAllowedHeaders(List.of("*"));
+    conf.setAllowCredentials(true);
+    conf.setMaxAge(3600L);
+
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", conf);
+    return source;
+  }
+}

server/src/main/java/com/studybuddies/server/configuration/DevConfig.java

@@ -1,21 +1,34 @@
 package com.studybuddies.server.configuration;
 
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.CorsConfigurer;
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfigurationSource;
 
 @Profile("dev")
 @Configuration
+@Slf4j
 @EnableWebSecurity
+@EnableMethodSecurity(securedEnabled = true)
 public class DevConfig {
-  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-    http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
+
+  @Qualifier("cors")
+  private CorsConfigurationSource corsConfigurationSource;
+
+  @Bean
+  public SecurityFilterChain devChain(HttpSecurity http) throws Exception {
+    log.info("Dev configuring SecurityFilterChain");
+    http.cors(c -> c.configurationSource(corsConfigurationSource));
+    http.securityMatcher("/**");
     http.csrf(CsrfConfigurer::disable);
-    http.cors(CorsConfigurer::disable);
+    http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
     return http.build();
   }
 }

server/src/main/java/com/studybuddies/server/configuration/SecurityConfig.java

@@ -5,17 +5,23 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfigurationSource;
 
 @Configuration
-@EnableMethodSecurity
+@EnableWebSecurity
 @RequiredArgsConstructor
+@EnableMethodSecurity(securedEnabled = true)
 public class SecurityConfig {
 
-  JwtAuthConverter jwtAuthConverter;
+  private JwtAuthConverter jwtAuthConverter;
+  private CorsConfigurationSource corsConfigurationSource;
 
   @Bean
   public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    http.securityMatcher("/**");
+    http.cors(c -> c.configurationSource(corsConfigurationSource));
     http.
         authorizeHttpRequests(auth ->
             auth.requestMatchers("/swagger-ui/**", "/h2-console/**", "/api-docs/**", "/v3/**").permitAll()

server/src/main/java/com/studybuddies/server/domain/MeetingEntity.java

@@ -5,9 +5,7 @@
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
-import jakarta.persistence.ManyToOne;
 import jakarta.persistence.Table;
-import java.time.LocalDate;
 import java.time.LocalDateTime;
 import lombok.AllArgsConstructor;
 import lombok.Builder;

server/src/main/java/com/studybuddies/server/web/MeetingController.java

@@ -9,7 +9,6 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @AllArgsConstructor
@@ -33,7 +32,7 @@ public ResponseEntity<?> changeMeeting(@RequestParam Long id, @Valid @RequestBod
   }
 
   @GetMapping
-  @PreAuthorize("hasRole('ADMIN')")
+  //@PreAuthorize("hasRole('ADMIN')")
   public ResponseEntity<?> getMeeting(@RequestParam(required = false) Long id) {
     String response = meetingService.retrieveMeetingFromDatabase(id);
     return ResponseEntity.status(HttpStatus.OK).body(response);

server/src/main/resources/application-dev.yml

@@ -4,16 +4,20 @@ spring:
     application:
         name: server
     datasource:
-        url: jdbc:h2:file:./data/demo
-        username: sa
-        password: password
+        url: jdbc:h2:mem:testdb;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
+        username: ${H2_USERNAME:user}
+        password: ${H2_PASSWORD:password}
         driverClassName: org.h2.Driver
     jpa:
         database-platform: org.hibernate.dialect.H2Dialect
         show-sql: true
         hibernate:
-            ddl-auto: update
+            ddl-auto: create-drop
     h2:
         console.enabled: true
 springdoc:
-    swagger-ui.path: /api-docs
+    swagger-ui.path: /api-docs
+logging:
+    level:
+        org.springframework.jdbc.core: DEBUG
+        com.zaxxer.hikari: DEBUG

server/src/main/resources/application.yml

@@ -4,15 +4,15 @@ spring:
     application:
         name: server
     datasource:
-        url: jdbc:h2:file:./data/demo
-        username: sa #TODO: Extract this into a dev config application-dev.yml
-        password: password
+        url: jdbc:h2:mem:testdb;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
+        username: ${H2_USERNAME:user}
+        password: ${H2_PASSWORD:password}
         driverClassName: org.h2.Driver
     jpa:
         database-platform: org.hibernate.dialect.H2Dialect
         show-sql: true
         hibernate:
-            ddl-auto: update
+            ddl-auto: create
     h2:
         console.enabled: true
     security: