Merge pull request #58 from SLNE-Development/54-add-bearer-token-authentication-for-web-api

feat: add bearer token authentication and update Ktor server configuration

Author: twisti-dev

gradle/libs.versions.toml

@@ -54,6 +54,7 @@ ktor-server-resources = { module = "io.ktor:ktor-server-resources" }
 kotlin-css = { module = "org.jetbrains.kotlin-wrappers:kotlin-css" }
 ktor-server-websockets = { module = "io.ktor:ktor-server-websockets" }
 ktor-serialization-kotlinx-json = { module = "io.ktor:ktor-serialization-kotlinx-json" }
+ktor-server-auth = { module = "io.ktor:ktor-server-auth" }
 bson-kotlinx = { module = "org.mongodb:bson-kotlinx", version.ref = "bson-kotlinx" }
 aspectjweaver = { module = "org.aspectj:aspectjweaver" }
 aspectjrt = { module = "org.aspectj:aspectjrt" }
@@ -87,5 +88,5 @@ jackson-api-common = ["jackson-core", "jackson-databind", "jackson-module-kotlin
 exposed-api-server = ["exposed-spring-boot-starter", "exposed-java-time", "exposed-migration"]
 maven-libraries = ["maven-impl", "maven-resolver"]
 console-api = ["jline", "brigadier", "terminalconsoleappender"]
-ktor-api-server = ["ktor-server-core-jvm", "ktor-server-netty", "ktor-server-core", "ktor-server-html-builder", "kotlin-css", "ktor-server-websockets", "ktor-serialization-kotlinx-json", "ktor-server-resources"]
+ktor-api-server = ["ktor-server-core-jvm", "ktor-server-netty", "ktor-server-core", "ktor-server-html-builder", "kotlin-css", "ktor-server-websockets", "ktor-serialization-kotlinx-json", "ktor-server-resources", "ktor-server-auth"]
 flyway = ["flyway-core", "flyway-mysql"]

surf-cloud-standalone/src/main/kotlin/dev/slne/surf/cloud/standalone/config/StandaloneConfig.kt

@@ -3,9 +3,11 @@ package dev.slne.surf.cloud.standalone.config
 import dev.slne.surf.cloud.core.common.coreCloudInstance
 import dev.slne.surf.surfapi.core.api.config.createSpongeYmlConfig
 import dev.slne.surf.surfapi.core.api.config.surfConfigApi
+import dev.slne.surf.surfapi.core.api.util.random
 import org.spongepowered.configurate.objectmapping.ConfigSerializable
 import org.spongepowered.configurate.objectmapping.meta.Comment
 import org.spongepowered.configurate.objectmapping.meta.Setting
+import java.util.Base64
 
 
 val standaloneConfig: StandaloneConfig by lazy {
@@ -35,8 +37,24 @@ data class StandaloneConfig(
 @ConfigSerializable
 data class KtorConfig(
     val port: Int = 8080,
-    val host: String = "0.0.0.0"
-)
+    val host: String = "0.0.0.0",
+    val bearerToken: String = generateBearerToken()
+) {
+    companion object {
+        private fun generateBearerToken(length: Int = 32): String {
+            // The default token length of 32 provides a good balance between security and usability.
+            // A minimum length of 16 is enforced to ensure sufficient entropy for security purposes.
+            require(length >= 16) { "Token should be at least 16 characters long" }
+
+            val randomBytes = ByteArray(length)
+            random.nextBytes(randomBytes)
+
+            // Base64 encoding is used to make the token URL-safe and compact while preserving randomness.
+            val token = Base64.getUrlEncoder().withoutPadding().encodeToString(randomBytes)
+            return token
+        }
+    }
+}
 
 @ConfigSerializable
 data class LoggingConfig(

surf-cloud-standalone/src/main/kotlin/dev/slne/surf/cloud/standalone/ktor/KtorServer.kt

@@ -9,19 +9,19 @@ import dev.slne.surf.cloud.standalone.config.standaloneConfig
 import dev.slne.surf.cloud.standalone.ktor.routes.punish.punishRoutes
 import io.ktor.http.*
 import io.ktor.server.application.*
+import io.ktor.server.auth.*
 import io.ktor.server.engine.*
 import io.ktor.server.html.*
 import io.ktor.server.netty.*
 import io.ktor.server.plugins.*
 import io.ktor.server.plugins.statuspages.*
-import io.ktor.server.resources.Resources
+import io.ktor.server.resources.*
 import io.ktor.server.routing.*
-import io.ktor.server.websocket.*
 import kotlinx.coroutines.launch
 import kotlinx.html.*
 import org.springframework.core.annotation.Order
 import org.springframework.stereotype.Component
-import kotlin.time.Duration.Companion.seconds
+import java.security.MessageDigest
 
 @Component
 @Order(CloudLifecycleAware.KTOR_SERVER_PRIORITY)
@@ -46,21 +46,34 @@ class KtorServer : CloudLifecycleAware {
 
         server = embeddedServer(Netty, port = port, host = host) {
             install(StatusPages) { configure() }
-            install(WebSockets) {
-                pingPeriod = 15.seconds
-            }
+//            install(WebSockets) {
+//                pingPeriod = 15.seconds
+//            }
             install(Resources)
+            authentication {
+                bearer {
+                    realm = "Access to the '/' path"
+                    authenticate {tokenCredential ->
+                        if (MessageDigest.isEqual(tokenCredential.token.toByteArray(), standaloneConfig.ktor.bearerToken.toByteArray())) {
+                            UserIdPrincipal("Bearer")
+                        } else {
+                            null
+                        }
+                    }
+                }
+            }
 
             for (plugin in plugins) {
                 plugin.apply { configure() }
             }
 
             routing {
-                for (plugin in plugins) {
-                    plugin.apply { installRoutes() }
+                authenticate {
+                    for (plugin in plugins) {
+                        plugin.apply { installRoutes() }
+                    }
+                    punishRoutes()
                 }
-
-                punishRoutes()
             }
         }
         server.start(wait = true)