Merge pull request #42 from TP-RENTPLACE/development

Merge MVP backend version

Author: Kattsyn

.github/workflows/backend-ci-cd.yml

@@ -19,11 +19,13 @@ on:
       - release/**
     paths:
       - 'rentplace/**'
+
 jobs:
   build-and-test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+      
       - uses: actions/setup-java@v4
         with:
           java-version: '17'
@@ -33,16 +35,72 @@ jobs:
       - name: Fix gradlew permissions
         working-directory: rentplace
         run: chmod +x gradlew
-          
+      
       - name: Setup Gradle
         uses: gradle/actions/setup-gradle@v4
         with:
           working-directory: rentplace
-        
+      
       - name: Build
         working-directory: rentplace
         run: ./gradlew build --no-daemon
-
+      
       - name: Test
         working-directory: rentplace
         run: ./gradlew test
+
+  build-and-push-docker-image:
+    runs-on: ubuntu-latest
+    needs: build-and-test  
+    if: github.ref == 'refs/heads/development' || github.ref == 'refs/heads/main'
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Setup Java 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'gradle'
+      
+      - name: Fix gradlew permissions
+        working-directory: rentplace
+        run: chmod +x gradlew
+      
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+        with:
+          working-directory: rentplace
+      
+      - name: Build
+        working-directory: rentplace
+        run: ./gradlew build --no-daemon
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          
+      - name: Build Docker image
+        working-directory: rentplace
+        run: docker build -t ${{ secrets.DOCKERHUB_BACKEND_IMAGE_NAME }} -f Dockerfile .
+        
+      - name: Push Docker Image
+        working-directory: rentplace
+        run: docker push ${{ secrets.DOCKERHUB_BACKEND_IMAGE_NAME }}
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build-and-push-docker-image
+    steps:
+      - name: SSH Execute Commands
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USERNAME }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          script: |
+            cd Deploy
+            docker compose down
+            docker rm $(docker ps -a -q)
+            docker pull ${{ secrets.DOCKERHUB_BACKEND_IMAGE_NAME }}
+            docker compose up -d --build

README.md

@@ -1 +1,9 @@
-# Backend
+# Backend
+
+## Запуск docker-compose
+
+Находясь в корневой папке проекта:  
+1. `./gradlew build` - Для сборки проекта
+2. `docker build -f Dockerfile .` - Для сборки Dockerfile
+3. `docker compose build` - Для сборки docker-compose
+4. `docker compose up` - Запуск docker-compose

rentplace/build.gradle

@@ -25,24 +25,33 @@ repositories {
 
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
-	//implementation 'org.springframework.boot:spring-boot-starter-security'
 	runtimeOnly 'org.flywaydb:flyway-database-postgresql:11.2.0'
 	implementation 'org.flywaydb:flyway-core:11.2.0'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.mapstruct:mapstruct:1.5.5.Final'
 	implementation 'org.flywaydb:flyway-core'
 
+	implementation("org.springframework.boot:spring-boot-starter-mail:3.4.3")
+
+	implementation("org.springframework.security:spring-security-core:6.4.4")
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	runtimeOnly("io.jsonwebtoken:jjwt-jackson:0.12.6")
+	runtimeOnly("io.jsonwebtoken:jjwt-impl:0.12.6")
+	implementation("io.jsonwebtoken:jjwt-api:0.12.6")
+
 	compileOnly 'org.projectlombok:lombok'
 	runtimeOnly 'org.postgresql:postgresql'
 	runtimeOnly 'com.h2database:h2'
 	annotationProcessor 'org.projectlombok:lombok'
 	annotationProcessor 'org.mapstruct:mapstruct-processor:1.5.5.Final'
 
-	implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0")
-	implementation 'io.swagger.core.v3:swagger-annotations:2.2.22'
+	implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.6")
+	implementation("io.swagger.core.v3:swagger-annotations:2.2.29")
+
+	implementation("org.hibernate.validator:hibernate-validator:8.0.0.Final")
 
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
-	//testImplementation 'org.springframework.security:spring-security-test'
+	testImplementation 'org.springframework.security:spring-security-test'
 
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 	testRuntimeOnly 'com.h2database:h2'

rentplace/docker-compose.yml

@@ -17,8 +17,10 @@ services:
     depends_on:
       - postgres
     environment:
+      UPLOAD_PATH: /uploads/
       SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/rentplace_db
       SPRING_DATASOURCE_USERNAME: kattsyn
       SPRING_DATASOURCE_PASSWORD: katt
       SPRING_DATASOURCE_DRIVER_CLASS_NAME: org.postgresql.Driver
-      SERVER_PORT: 8080
+      SERVER_PORT: 8080
+      APP_BASE-URL: http://localhost:8080

rentplace/src/main/java/kattsyn/dev/rentplace/RentPlaceApplication.java

@@ -2,8 +2,10 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.PropertySource;
 
 @SpringBootApplication
+@PropertySource("classpath:application.yml")
 public class RentPlaceApplication {
 
 	public static void main(String[] args) {

rentplace/src/main/java/kattsyn/dev/rentplace/auth/JwtAuthentication.java

@@ -0,0 +1,55 @@
+package kattsyn.dev.rentplace.auth;
+
+import kattsyn.dev.rentplace.enums.Role;
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+import java.util.List;
+
+@Getter
+@Setter
+public class JwtAuthentication implements Authentication {
+
+    private boolean authenticated;
+    private String email;
+    private String name;
+    private Role role;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return List.of(role);
+    }
+
+    @Override
+    public Object getCredentials() {
+        return null;
+    }
+
+    @Override
+    public Object getDetails() {
+        return null;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return email;
+    }
+
+    @Override
+    public boolean isAuthenticated() {
+        return authenticated;
+    }
+
+    @Override
+    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
+        this.authenticated = isAuthenticated;
+    }
+
+    @Override
+    public String getName() {
+        return email;
+    }
+}

rentplace/src/main/java/kattsyn/dev/rentplace/auth/JwtFilter.java

@@ -0,0 +1,51 @@
+package kattsyn.dev.rentplace.auth;
+
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import kattsyn.dev.rentplace.utils.JwtUtils;
+import lombok.NonNull;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@RequiredArgsConstructor
+@Slf4j
+@Component
+public class JwtFilter extends OncePerRequestFilter {
+
+    private static final String AUTHORIZATION = "Authorization";
+
+    private final JwtProvider jwtProvider;
+
+    @Override
+    public void doFilterInternal(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull FilterChain filterChain)
+            throws IOException, ServletException {
+        final String token = getTokenFromRequest(request);
+        log.info("JWT token: {}", token);
+        if (token != null && jwtProvider.validateAccessToken(token)) {
+            final Claims claims = jwtProvider.getAccessClaims(token);
+            final JwtAuthentication jwtInfoToken = JwtUtils.generate(claims);
+            log.info(jwtInfoToken.getRole().getAuthority());
+            jwtInfoToken.setAuthenticated(true);
+            SecurityContextHolder.getContext().setAuthentication(jwtInfoToken);
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    private String getTokenFromRequest(HttpServletRequest request) {
+        final String bearer = request.getHeader(AUTHORIZATION);
+        if (StringUtils.hasText(bearer) && bearer.startsWith("Bearer ")) {
+            return bearer.substring(7);
+        }
+        return null;
+    }
+
+}

rentplace/src/main/java/kattsyn/dev/rentplace/auth/JwtProvider.java

@@ -0,0 +1,110 @@
+package kattsyn.dev.rentplace.auth;
+
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import io.micrometer.common.lang.NonNull;
+import kattsyn.dev.rentplace.entities.User;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.time.Instant;
+
+import org.springframework.beans.factory.annotation.Value;
+
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.util.Date;
+
+@Component
+@Slf4j
+public class JwtProvider {
+
+    private final int accessTokenExpTimeInMinutes;
+    private final int refreshTokenExpTimeInDays;
+
+    private final SecretKey jwtAccessSecret;
+    private final SecretKey jwtRefreshSecret;
+
+    public JwtProvider(
+            @Value("${jwt.secret.access}") String jwtAccessSecret,
+            @Value("${jwt.secret.refresh}") String jwtRefreshSecret,
+            @Value("${jwt.expiration_time_in_minutes.access}") int accessTokenExpTimeInMinutes,
+            @Value("${jwt.expiration_time_in_days.refresh}") int refreshTokenExpTimeInDays
+    ) {
+        this.jwtAccessSecret = Keys.hmacShaKeyFor(Decoders.BASE64.decode(jwtAccessSecret));
+        this.jwtRefreshSecret = Keys.hmacShaKeyFor(Decoders.BASE64.decode(jwtRefreshSecret));
+        this.accessTokenExpTimeInMinutes = accessTokenExpTimeInMinutes;
+        this.refreshTokenExpTimeInDays = refreshTokenExpTimeInDays;
+    }
+
+    public String generateAccessToken(User user) {
+        final LocalDateTime now = LocalDateTime.now();
+        final Instant accessExpirationInstant = now.plusMinutes(accessTokenExpTimeInMinutes).atZone(ZoneId.systemDefault()).toInstant();
+        final Date accessExpiration = Date.from(accessExpirationInstant);
+        return Jwts.builder()
+                .subject(user.getEmail())
+                .expiration(accessExpiration)
+                .signWith(jwtAccessSecret)
+                .claim("role", user.getRole().getAuthority())
+                .claim("name", user.getName())
+                .compact();
+    }
+
+    public String generateRefreshToken(@NonNull User user) {
+        final LocalDateTime now = LocalDateTime.now();
+        final Instant refreshExpirationInstant = now.plusDays(refreshTokenExpTimeInDays).atZone(ZoneId.systemDefault()).toInstant();
+        final Date refreshExpiration = Date.from(refreshExpirationInstant);
+        return Jwts.builder()
+                .subject(user.getEmail())
+                .issuedAt(Date.from(Instant.now()))
+                .expiration(refreshExpiration)
+                .signWith(jwtRefreshSecret)
+                .compact();
+    }
+
+    public boolean validateAccessToken(@NonNull String accessToken) {
+        return validateToken(accessToken, jwtAccessSecret);
+    }
+
+    public boolean validateRefreshToken(@NonNull String refreshToken) {
+        return validateToken(refreshToken, jwtRefreshSecret);
+    }
+
+    private boolean validateToken(@NonNull String token, @NonNull SecretKey secret) {
+        try {
+            Jwts.parser()
+                    .verifyWith(secret)
+                    .build()
+                    .parseSignedClaims(token);
+            return true;
+        } catch (ExpiredJwtException expEx) {
+            log.error("Token expired", expEx);
+        } catch (UnsupportedJwtException unsEx) {
+            log.error("Unsupported jwt", unsEx);
+        } catch (MalformedJwtException mjEx) {
+            log.error("Malformed jwt", mjEx);
+        } catch (Exception e) {
+            log.error("invalid token", e);
+        }
+        return false;
+    }
+
+    public Claims getAccessClaims(@NonNull String token) {
+        return getClaims(token, jwtAccessSecret);
+    }
+
+    public Claims getRefreshClaims(@NonNull String token) {
+        return getClaims(token, jwtRefreshSecret);
+    }
+
+    private Claims getClaims(@NonNull String token, @NonNull SecretKey secret) {
+        return Jwts.parser()
+                .verifyWith(secret)
+                .build()
+                .parseSignedClaims(token)
+                .getPayload();
+    }
+
+}