Merge pull request #45 from Wei-HaiMing/oAuthSetup

O auth setup

Author: hoostinn

build.gradle

@@ -31,6 +31,11 @@ dependencies {
 	testRuntimeOnly 'com.h2database:h2'
 	implementation 'com.mysql:mysql-connector-j'
 	implementation 'io.github.cdimascio:dotenv-java:3.0.0'
+	implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'io.jsonwebtoken:jjwt-api:0.12.3'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.3'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.3'
 }
 
 tasks.named('test') {

src/main/java/com/grouptwelve/grouptwelveBE/config/CorsConfig.java

@@ -0,0 +1,49 @@
+package com.grouptwelve.grouptwelveBE.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        
+        // Allow requests from specific origins
+        // For development: allow all origins
+        configuration.setAllowedOriginPatterns(Arrays.asList("*"));
+        
+        // configuration.setAllowedOrigins(Arrays.asList(
+        //     "https://your-production-domain.com",
+        //     "http://localhost:3000",
+        //     "exp://localhost:8081"
+        // ));
+        
+        // Allow all HTTP methods
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"));
+        
+        // Allow all headers
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+        
+        // Expose headers to the client
+        configuration.setExposedHeaders(Arrays.asList("Authorization", "Content-Type"));
+        
+        // Allow credentials (cookies, authorization headers)
+        configuration.setAllowCredentials(true);
+        
+        // How long the browser should cache the preflight response (in seconds)
+        configuration.setMaxAge(3600L);
+        
+        // Apply this configuration to all endpoints
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        
+        return source;
+    }
+}

src/main/java/com/grouptwelve/grouptwelveBE/config/SecurityConfig.java

@@ -0,0 +1,43 @@
+package com.grouptwelve.grouptwelveBE.config;
+
+import com.grouptwelve.grouptwelveBE.security.OAuth2LoginSuccessHandler;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfigurationSource;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Autowired
+    private OAuth2LoginSuccessHandler oAuth2LoginSuccessHandler;
+
+    @Autowired
+    private CorsConfigurationSource corsConfigurationSource;
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+            .cors(cors -> cors.configurationSource(corsConfigurationSource))  // Enable CORS
+            .csrf(csrf -> csrf.disable())  // Disable CSRF for API testing
+            .authorizeHttpRequests(auth -> auth
+                .requestMatchers("/", "/login**", "/error", "/webjars/**").permitAll()
+                .requestMatchers("/api/**").permitAll()  // Allow all API endpoints without auth (for now)
+                .requestMatchers("/auth/**").permitAll()  // Allow auth endpoints
+                .anyRequest().authenticated()
+            )
+            .oauth2Login(oauth2 -> oauth2
+                .successHandler(oAuth2LoginSuccessHandler)
+            )
+            .logout(logout -> logout
+                .logoutSuccessUrl("/")
+                .permitAll()
+            );
+        
+        return http.build();
+    }
+}

src/main/java/com/grouptwelve/grouptwelveBE/controller/AuthController.java

@@ -0,0 +1,52 @@
+package com.grouptwelve.grouptwelveBE.controller;
+
+import java.util.List;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PatchMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.view.RedirectView;
+
+import com.grouptwelve.grouptwelveBE.model.User;
+import com.grouptwelve.grouptwelveBE.repository.UserRepository;
+import com.grouptwelve.grouptwelveBE.model.FavoriteTeam;
+import com.grouptwelve.grouptwelveBE.repository.FavoriteTeamRepository;
+
+@RestController
+@RequestMapping("/auth")
+public class AuthController {
+
+    /**
+     * OAuth start endpoint that accepts IP address parameter and redirects to GitHub OAuth
+     * Usage: /auth/start?redirect_ip=192.168.1.5
+     */
+    @GetMapping("/start")
+    public RedirectView authStart(
+            @RequestParam(value = "redirect_ip", required = false) String redirect_ip,
+            HttpServletRequest request) {
+        
+        // Store the redirect IP in session so it can be retrieved after OAuth callback
+        if (redirect_ip != null && !redirect_ip.isEmpty()) {
+            HttpSession session = request.getSession();
+            session.setAttribute("redirect_ip", redirect_ip);
+            System.out.println("Stored redirect_ip in session: " + redirect_ip);
+        }
+
+        // Redirect directly to GitHub OAuth
+        return new RedirectView("/oauth2/authorization/github");
+    }
+
+    // @GetMapping("/callback")
+    // public String authCallback() {
+    //     return "OAuth2 callback endpoint hit.";
+    // }
+}

src/main/java/com/grouptwelve/grouptwelveBE/model/User.java

@@ -7,10 +7,14 @@
 public class User {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(unique = true, nullable = false)
     private Long userId;
 
     private String name;
+    
+    @Column(unique = true)
     private String email;
+    
     private String password;
 
     public User(){

src/main/java/com/grouptwelve/grouptwelveBE/security/OAuth2LoginSuccessHandler.java

@@ -0,0 +1,83 @@
+package com.grouptwelve.grouptwelveBE.security;
+
+import com.grouptwelve.grouptwelveBE.util.JwtUtil;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+import com.grouptwelve.grouptwelveBE.model.User;
+import com.grouptwelve.grouptwelveBE.repository.UserRepository;
+import java.util.Optional;
+
+import java.io.IOException;
+
+@Component
+public class OAuth2LoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+
+    @Autowired
+    private JwtUtil jwtUtil;
+
+    @Autowired
+    private UserRepository userRepository;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                        Authentication authentication) throws IOException, ServletException {
+
+        OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal();
+        
+        // Extract GitHub user information
+        Integer githubIdInt = oAuth2User.getAttribute("id");
+        Long githubId = githubIdInt != null ? githubIdInt.longValue() : null;
+        String email = oAuth2User.getAttribute("email");
+        String name = oAuth2User.getAttribute("name");
+        String login = oAuth2User.getAttribute("login"); // GitHub username
+        
+        // Use login as name if name is null
+        final String finalName = (name == null || name.isEmpty()) ? login : name;
+        
+        // Save or update user in database
+        Optional<User> existingUser = userRepository.findById(githubId);
+        User user;
+        if (existingUser.isPresent()) {
+            // User exists, just use it (don't update to avoid version conflicts)
+            user = existingUser.get();
+        } else {
+            // New user, create and save
+            User newUser = new User();
+            newUser.setUserId(githubId);
+            newUser.setEmail(email);
+            newUser.setName(finalName);
+            user = userRepository.save(newUser);
+        }
+        
+        // Generate JWT token (convert githubId to String)
+        String jwtToken = jwtUtil.createToken(String.valueOf(githubId), email, finalName);
+        
+        // Get the redirect IP from session (set during OAuth initiation)
+        HttpSession session = request.getSession(false);
+        String redirectIp = null;
+        if (session != null) {
+            redirectIp = (String) session.getAttribute("redirect_ip");
+            // Clear the attribute after use
+            session.removeAttribute("redirect_ip");
+        }
+        
+        String frontendUrl;
+        if (redirectIp != null && !redirectIp.isEmpty()) {
+            // Development mode: use exp:// with provided IP
+            frontendUrl = "exp://" + redirectIp + ":8081/--/(tabs)/logout?token=" + jwtToken;
+        } else {
+            // Production mode: use custom scheme
+            frontendUrl = "myapp://auth/callback?token=" + jwtToken;
+        }
+        
+        System.out.println("Redirecting to: " + frontendUrl);
+        response.sendRedirect(frontendUrl);
+    }
+}

src/main/java/com/grouptwelve/grouptwelveBE/util/JwtUtil.java

@@ -0,0 +1,97 @@
+package com.grouptwelve.grouptwelveBE.util;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+@Component
+public class JwtUtil {
+
+    @Value("${jwt.secret}")
+    private String jwtSecret;
+
+    @Value("${jwt.expirationMs}")
+    private Long tokenValidityMillis;
+
+    // Create signing key from secret string
+    private SecretKey getSigningKey() {
+        byte[] keyBytes = jwtSecret.getBytes(StandardCharsets.UTF_8);
+        return Keys.hmacShaKeyFor(keyBytes);
+    }
+
+    // Build JWT with user information
+    public String createToken(String userId, String email, String name) {
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("userId", userId);
+        claims.put("email", email);
+        claims.put("name", name);
+        
+        Date now = new Date();
+        Date expiryDate = new Date(now.getTime() + tokenValidityMillis);
+        
+        return Jwts.builder()
+                .claims(claims)
+                .subject(userId)
+                .issuedAt(now)
+                .expiration(expiryDate)
+                .signWith(getSigningKey())
+                .compact();
+    }
+
+    // Extract all claims from token
+    private Claims extractAllClaims(String token) {
+        return Jwts.parser()
+                .verifyWith(getSigningKey())
+                .build()
+                .parseSignedClaims(token)
+                .getPayload();
+    }
+
+    // Get specific claim from token
+    private <T> T extractClaim(String token, java.util.function.Function<Claims, T> claimsResolver) {
+        final Claims claims = extractAllClaims(token);
+        return claimsResolver.apply(claims);
+    }
+
+    // Extract user ID
+    public String extractUserId(String token) {
+        return extractClaim(token, claims -> claims.get("userId", String.class));
+    }
+
+    // Extract email
+    public String extractEmail(String token) {
+        return extractClaim(token, claims -> claims.get("email", String.class));
+    }
+
+    // Extract name
+    public String extractName(String token) {
+        return extractClaim(token, claims -> claims.get("name", String.class));
+    }
+
+    // Extract expiration date
+    public Date extractExpiration(String token) {
+        return extractClaim(token, Claims::getExpiration);
+    }
+
+    // Check if token is expired
+    private Boolean isTokenExpired(String token) {
+        return extractExpiration(token).before(new Date());
+    }
+
+    // Validate token
+    public Boolean validateToken(String token) {
+        try {
+            return !isTokenExpired(token);
+        } catch (Exception e) {
+            return false;
+        }
+    }
+}

src/main/resources/application-prod.properties

@@ -6,4 +6,14 @@ spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 spring.jpa.database-platform=org.hibernate.dialect.MySQLDialect
 spring.jpa.hibernate.ddl-auto=update
 spring.datasource.hikari.connection-timeout=10000
-spring.datasource.hikari.maximum-pool-size=2
+spring.datasource.hikari.maximum-pool-size=2
+
+# GitHub OAuth2
+spring.security.oauth2.client.registration.github.client-id=${GITHUB_CLIENT_ID}
+spring.security.oauth2.client.registration.github.client-secret=${GITHUB_CLIENT_SECRET}
+spring.security.oauth2.client.registration.github.scope=read:user,user:email
+spring.security.oauth2.client.registration.github.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
+
+#JWT Configuration
+jwt.secret=${JWT_SECRET}
+jwt.expirationMs=3600000

src/main/resources/application-test.properties

@@ -9,4 +9,14 @@ spring.datasource.username=sa
 spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
 spring.jpa.hibernate.ddl-auto=create-drop
 spring.jpa.show-sql=true
-spring.h2.console.enabled=true
+spring.h2.console.enabled=true
+
+# JWT configuration for tests
+jwt.secret=test-secret-key-for-testing-only-should-be-at-least-256-bits-long
+jwt.expirationMs=3600000
+
+# GitHub OAuth2 (dummy values for tests)
+spring.security.oauth2.client.registration.github.client-id=test-client-id
+spring.security.oauth2.client.registration.github.client-secret=test-client-secret
+spring.security.oauth2.client.registration.github.scope=read:user,user:email
+spring.security.oauth2.client.registration.github.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}