Oppgradere til ktor2 (#123)

- Kopierte API_KEY authentisering fra dp-biblioteker/ktor-utils til ApiKeyAuthentication.kt
- Oppgraderte expedia graphql bibliotek som har ktor 2.x versjoner ** NB 1 Vi burde fjerne denne til fordel for dp-biblioteker/pdl
- Fjerne dependency-lock fra prosjektet
- Oppgraderte til ktor-moshi bibliotek ** NB 2 - Ser ut til moshi er abandoware - Vi må fjerne til fordel for Jackson
- Oppgraderte gradle til 7.5.1

Author: geiralund

buildSrc/src/main/kotlin/Constants.kt

@@ -24,7 +24,7 @@ object Cucumber {
 object Dagpenger {
 
     object Biblioteker {
-        const val version = "2022.11.24-14.34.528555d5f3df"
+        const val version = "2022.12.07-09.10.209e073691b5"
         const val stsKlient = "com.github.navikt.dp-biblioteker:sts-klient:$version"
         const val ktorUtils = "com.github.navikt.dp-biblioteker:ktor-utils:$version"
 
@@ -200,7 +200,7 @@ object Moshi {
     const val moshiAdapters = "com.squareup.moshi:moshi-adapters:$version"
 
     // waiting for https://github.com/rharter/ktor-moshi/pull/8
-    const val moshiKtor = "com.github.cs125-illinois:ktor-moshi:7252ca49ed"
+    const val moshiKtor = "com.github.cs125-illinois:ktor-moshi:2b13e43520"
     fun library(name: String) = "com.squareup.moshi:moshi-$name:$version"
 }
 
@@ -270,7 +270,7 @@ object Wiremock {
 }
 
 object Graphql {
-    const val version = "5.2.0"
+    const val version = "6.3.3"
     const val graphql = "com.expediagroup.graphql"
     val client = library("client")
     fun library(name: String) = "com.expediagroup:graphql-kotlin-$name:$version"

buildSrc/src/main/kotlin/DependencyResolver.kt

@@ -31,27 +31,33 @@ dependencies {
 
     implementation(Dagpenger.Events)
 
-    implementation(Ktor.server)
-    implementation(Ktor.serverNetty)
-    implementation(Ktor.auth)
-    implementation(Ktor.authJwt)
-    implementation(Ktor.micrometerMetrics)
-    implementation(Dagpenger.Biblioteker.ktorUtils)
+    implementation(Ktor2.Server.library("netty"))
+    implementation(Ktor2.Server.library("auth"))
+    implementation(Ktor2.Server.library("auth-jwt"))
+    implementation(Ktor2.Server.library("status-pages"))
+    implementation(Ktor2.Server.library("call-id"))
+    implementation(Ktor2.Server.library("call-logging"))
+    implementation(Ktor2.Server.library("default-headers"))
+    implementation(Ktor2.Server.library("content-negotiation"))
+    implementation(Ktor2.Server.library("metrics-micrometer"))
+    implementation(Ktor2.Server.library("metrics-micrometer"))
+
+    // implementation(Dagpenger.Biblioteker.ktorUtils)
     implementation(Micrometer.prometheusRegistry)
 
     implementation(Graphql.client)
     implementation(Graphql.library("ktor-client"))
     implementation(Graphql.library("client-jackson"))
-    implementation(Ktor.library("client-logging-jvm"))
-    implementation(Ktor.library("client-apache"))
+    implementation(Ktor2.Client.library("logging-jvm"))
+    implementation(Ktor2.Client.library("apache"))
 
     // unleash
     implementation("no.finn.unleash:unleash-client-java:3.3.1")
 
     implementation(Moshi.moshi)
     implementation(Moshi.moshiAdapters)
     implementation(Moshi.moshiKotlin)
-    implementation(Moshi.moshiKtor)
+    implementation("com.github.cs125-illinois:ktor-moshi:2b13e43520")
 
     implementation(Dagpenger.Streams)
     implementation(Kafka.clients)
@@ -94,13 +100,13 @@ dependencies {
     runtimeOnly("io.grpc:grpc-netty-shaded:$grpcVersion")
 
     testImplementation(kotlin("test"))
-    testImplementation(Ktor.ktorTest) {
+    testImplementation(Ktor2.Server.library("test-host")) {
         // https://youtrack.jetbrains.com/issue/KT-46090
         exclude("org.jetbrains.kotlin", "kotlin-test-junit")
     }
 
-    testImplementation("no.nav.security:mock-oauth2-server:0.4.3")
-    testImplementation(Ktor.library("client-mock"))
+    testImplementation("no.nav.security:mock-oauth2-server:0.5.7")
+    testImplementation(Ktor2.Client.library("mock"))
     testImplementation(Junit5.api)
     testImplementation(Junit5.params)
     testRuntimeOnly(Junit5.engine)
@@ -160,17 +166,6 @@ java {
     mainJavaSourceSet.srcDirs(graphqlDir)
 }
 
-dependencyLocking {
-    lockAllConfigurations()
-}
-
-configurations.all {
-    resolutionStrategy.failOnVersionConflict()
-    resolutionStrategy.activateDependencyLocking()
-    resolutionStrategy.preferProjectModules()
-    resolutionStrategy.eachDependency { DependencyResolver.execute(this) }
-}
-
 tasks.withType<ShadowJar> {
     transform(Log4j2PluginsCacheFileTransformer::class.java)
 }

dp-inntekt-api/build.gradle.kts

@@ -0,0 +1,121 @@
+package no.nav.dagpenger.inntekt
+
+import io.ktor.http.auth.HeaderValueEncoding
+import io.ktor.http.auth.HttpAuthHeader
+import io.ktor.server.application.ApplicationCall
+import io.ktor.server.auth.AuthenticationConfig
+import io.ktor.server.auth.AuthenticationContext
+import io.ktor.server.auth.AuthenticationFailedCause
+import io.ktor.server.auth.AuthenticationProvider
+import io.ktor.server.auth.Credential
+import io.ktor.server.auth.Principal
+import io.ktor.server.auth.UnauthorizedResponse
+import io.ktor.server.request.ApplicationRequest
+import io.ktor.server.response.respond
+import org.apache.commons.codec.binary.Hex
+import java.nio.charset.StandardCharsets
+import javax.crypto.Mac
+import javax.crypto.spec.SecretKeySpec
+
+enum class ApiKeyLocation(val location: String) {
+    QUERY("query"),
+    HEADER("header")
+}
+
+fun ApplicationRequest.apiKeyAuthenticationCredentials(
+    apiKeyName: String,
+    apiKeyLocation: ApiKeyLocation
+): ApiKeyCredential? {
+    return when (
+        val value: String? = when (apiKeyLocation) {
+            ApiKeyLocation.QUERY -> this.queryParameters[apiKeyName]
+            ApiKeyLocation.HEADER -> this.headers[apiKeyName]
+        }
+    ) {
+        null -> null
+        else -> ApiKeyCredential(value)
+    }
+}
+
+data class ApiKeyCredential(val value: String) : Credential
+data class ApiPrincipal(val apiKeyCredential: ApiKeyCredential?) : Principal
+
+class ApiKeyAuthenticationProvider internal constructor(config: Configuration) : AuthenticationProvider(config) {
+
+    private var apiKeyName: String = config.apiKeyName
+    private var apiKeyLocation: ApiKeyLocation = config.apiKeyLocation
+    private val authenticationFunction = config.authenticationFunction
+
+    class Configuration(name: String?) : Config(name) {
+        internal var authenticationFunction: suspend ApplicationCall.(ApiKeyCredential) -> Principal? = { null }
+
+        var apiKeyName: String = ""
+
+        var apiKeyLocation: ApiKeyLocation = ApiKeyLocation.HEADER
+
+        fun validate(body: suspend ApplicationCall.(ApiKeyCredential) -> Principal?) {
+            authenticationFunction = body
+        }
+
+        internal fun build() = ApiKeyAuthenticationProvider(this)
+    }
+
+    override suspend fun onAuthenticate(context: AuthenticationContext) {
+        val call = context.call
+        val credential = call.request.apiKeyAuthenticationCredentials(apiKeyName, apiKeyLocation)
+        val principal = credential?.let { authenticationFunction(call, it) }
+
+        val cause = when {
+            credential == null -> AuthenticationFailedCause.NoCredentials
+            principal == null -> AuthenticationFailedCause.InvalidCredentials
+            else -> null
+        }
+
+        if (cause != null) {
+            context.challenge(apiKeyName, cause) { challenge, call ->
+                call.respond(
+                    UnauthorizedResponse(
+                        HttpAuthHeader.Parameterized(
+                            "API_KEY",
+                            mapOf("key" to apiKeyName),
+                            HeaderValueEncoding.QUOTED_ALWAYS
+                        )
+                    )
+                )
+                challenge.complete()
+            }
+        }
+
+        if (principal != null) {
+            context.principal(principal)
+        }
+    }
+}
+
+fun AuthenticationConfig.apiKeyAuth(
+    name: String? = null,
+    configure: ApiKeyAuthenticationProvider.Configuration.() -> Unit
+) {
+    val provider = ApiKeyAuthenticationProvider.Configuration(name).apply(configure).build()
+    register(provider)
+}
+
+internal class ApiKeyVerifier(private val secret: String) {
+
+    private val algorithm = "HmacSHA256"
+
+    fun verify(apiKey: String, expectedApiKey: String): Boolean {
+        return apiKey == generate(expectedApiKey)
+    }
+
+    fun generate(apiKey: String): String {
+        return String(Hex.encodeHex(generateDigest(apiKey.toByteArray(StandardCharsets.UTF_8))))
+    }
+
+    private fun generateDigest(apiKey: ByteArray): ByteArray {
+        val secret = SecretKeySpec(secret.toByteArray(StandardCharsets.UTF_8), algorithm)
+        val mac = Mac.getInstance(algorithm)
+        mac.init(secret)
+        return mac.doFinal(apiKey)
+    }
+}

dp-inntekt-api/src/main/kotlin/no/nav/dagpenger/inntekt/ApiKeyAuthentication.kt

@@ -21,7 +21,6 @@ import no.nav.dagpenger.inntekt.oppslag.pdl.PdlGraphQLRepository
 import no.nav.dagpenger.inntekt.rpc.InntektGrpcServer
 import no.nav.dagpenger.inntekt.subsumsjonbrukt.KafkaSubsumsjonBruktDataConsumer
 import no.nav.dagpenger.inntekt.subsumsjonbrukt.Vaktmester
-import no.nav.dagpenger.ktor.auth.ApiKeyVerifier
 import no.nav.dagpenger.oidc.StsOidcClient
 import java.net.URL
 import java.util.concurrent.TimeUnit

dp-inntekt-api/src/main/kotlin/no/nav/dagpenger/inntekt/Application.kt

@@ -5,16 +5,16 @@ import com.auth0.jwk.JwkProviderBuilder
 import com.natpryce.konfig.Configuration
 import com.natpryce.konfig.Key
 import com.natpryce.konfig.stringType
-import io.ktor.auth.jwt.JWTAuthenticationProvider
-import io.ktor.auth.jwt.JWTCredential
-import io.ktor.auth.jwt.JWTPrincipal
+import io.ktor.server.auth.jwt.JWTAuthenticationProvider
+import io.ktor.server.auth.jwt.JWTCredential
+import io.ktor.server.auth.jwt.JWTPrincipal
 import mu.KotlinLogging
 import java.net.URL
 import java.util.concurrent.TimeUnit
 
 private val LOGGER = KotlinLogging.logger {}
 
-internal fun JWTAuthenticationProvider.Configuration.azureAdJWT(config: Configuration) {
+internal fun JWTAuthenticationProvider.Config.azureAdJWT(config: Configuration) {
     val jwksUri = config[Key("AZURE_OPENID_CONFIG_JWKS_URI", stringType)]
     val issuer = config[Key("AZURE_OPENID_CONFIG_ISSUER", stringType)]
     val clientId = config[Key("AZURE_APP_CLIENT_ID", stringType)]