Merge pull request #1394 from utmstack/backlog/api_key

Backlog/api key

Author: mjabascal10

backend/.gitignore

@@ -62,6 +62,7 @@ local.properties
 *.orig
 classes/
 out/
+.nvim/
 
 ######################
 # Visual Studio Code

backend/pom.xml

@@ -376,6 +376,12 @@
             <version>3.0.5</version>
         </dependency>
 
+        <dependency>
+            <groupId>commons-net</groupId>
+            <artifactId>commons-net</artifactId>
+            <version>3.9.0</version>
+        </dependency>
+
     </dependencies>
 
     <build>

backend/src/main/java/com/park/utmstack/advice/GlobalExceptionHandler.java

@@ -4,10 +4,7 @@
 import com.park.utmstack.security.TooMuchLoginAttemptsException;
 import com.park.utmstack.service.application_events.ApplicationEventService;
 import com.park.utmstack.util.ResponseUtil;
-import com.park.utmstack.util.exceptions.IncidentAlertConflictException;
-import com.park.utmstack.util.exceptions.NoAlertsProvidedException;
-import com.park.utmstack.util.exceptions.TfaVerificationException;
-import com.park.utmstack.util.exceptions.TooManyRequestsException;
+import com.park.utmstack.util.exceptions.*;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
@@ -41,8 +38,9 @@ public ResponseEntity<?> handleTooManyLoginAttempts(TooMuchLoginAttemptsExceptio
         return ResponseUtil.buildLockedResponse(e.getMessage());
     }
 
-    @ExceptionHandler(NoSuchElementException.class)
-    public ResponseEntity<?> handleNotFound(NoSuchElementException e, HttpServletRequest request) {
+    @ExceptionHandler({NoSuchElementException.class,
+                       ApiKeyNotFoundException.class})
+    public ResponseEntity<?> handleNotFound(Exception e, HttpServletRequest request) {
         return ResponseUtil.buildNotFoundResponse(e.getMessage());
     }
 
@@ -56,8 +54,9 @@ public ResponseEntity<?> handleNoAlertsProvided(Exception e, HttpServletRequest
         return ResponseUtil.buildErrorResponse(HttpStatus.BAD_REQUEST, e.getMessage());
     }
 
-    @ExceptionHandler(IncidentAlertConflictException.class)
-    public ResponseEntity<?> handleConflict(IncidentAlertConflictException e, HttpServletRequest request) {
+    @ExceptionHandler({IncidentAlertConflictException.class,
+                       ApiKeyExistException.class})
+    public ResponseEntity<?> handleConflict(Exception e, HttpServletRequest request) {
         return ResponseUtil.buildErrorResponse(HttpStatus.CONFLICT, e.getMessage());
     }
 

backend/src/main/java/com/park/utmstack/config/Constants.java

@@ -2,7 +2,9 @@
 
 import com.park.utmstack.domain.index_pattern.enums.SystemIndexPattern;
 
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 public final class Constants {
@@ -137,6 +139,7 @@ public final class Constants {
     // Defines the index pattern for querying Elasticsearch statistics indexes.
     // ----------------------------------------------------------------------------------
     public static final String STATISTICS_INDEX_PATTERN = "v11-statistics-*";
+    public static final String V11_API_ACCESS_LOGS = "v11-api-access-logs-*";
 
     // Logging
     public static final String TRACE_ID_KEY = "traceId";
@@ -156,6 +159,9 @@ public final class Constants {
     public static final String CONF_TYPE_PASSWORD = "password";
     public static final String CONF_TYPE_FILE = "file";
 
+    public static final String API_KEY_HEADER = "Utm-Api-Key";
+    public static final List<String> API_ENDPOINT_IGNORE = Collections.emptyList();
+
     private Constants() {
     }
 }

backend/src/main/java/com/park/utmstack/config/OpenApiConfiguration.java

@@ -23,21 +23,30 @@ public OpenApiConfiguration(InfoEndpoint infoEndpoint) {
     @Bean
     public OpenAPI customOpenAPI() {
         final String securitySchemeBearer = "bearerAuth";
+        final String securitySchemeApiInternalKey = "ApiInternalKeyAuth";
         final String securitySchemeApiKey = "ApiKeyAuth";
+
         final String apiTitle = "UTMStack API";
         String version = MapUtil.flattenToStringMap(infoEndpoint.info(), true).get("build.version");
         return new OpenAPI()
-            .addSecurityItem(new SecurityRequirement().addList(securitySchemeBearer).addList(securitySchemeApiKey))
+            .addSecurityItem(new SecurityRequirement()
+                    .addList(securitySchemeBearer)
+                    .addList(securitySchemeApiInternalKey)
+                    .addList(securitySchemeApiKey))
             .components(new Components()
                 .addSecuritySchemes(securitySchemeBearer,
                     new SecurityScheme()
                         .name(securitySchemeBearer)
                         .type(SecurityScheme.Type.HTTP)
                         .scheme("bearer")
                         .bearerFormat("JWT"))
-                .addSecuritySchemes(securitySchemeApiKey, new SecurityScheme()
+                .addSecuritySchemes(securitySchemeApiInternalKey, new SecurityScheme()
                     .name("Utm-Internal-Key")
                     .type(SecurityScheme.Type.APIKEY)
+                    .in(SecurityScheme.In.HEADER))
+                .addSecuritySchemes(securitySchemeApiKey, new SecurityScheme()
+                    .name(Constants.API_KEY_HEADER)
+                    .type(SecurityScheme.Type.APIKEY)
                     .in(SecurityScheme.In.HEADER)))
             .info(new Info().title(apiTitle).version(version))
             .addServersItem(new Server().url("/").description("Default Server URL"));

backend/src/main/java/com/park/utmstack/config/SecurityConfiguration.java

@@ -1,11 +1,19 @@
 package com.park.utmstack.config;
 
+import com.park.utmstack.loggin.api_key.ApiKeyUsageLoggingService;
 import com.park.utmstack.loggin.filter.MdcCleanupFilter;
+import com.park.utmstack.repository.UserRepository;
 import com.park.utmstack.security.AuthoritiesConstants;
+import com.park.utmstack.security.api_key.ApiKeyConfigurer;
+import com.park.utmstack.security.api_key.ApiKeyFilter;
 import com.park.utmstack.security.internalApiKey.InternalApiKeyConfigurer;
 import com.park.utmstack.security.internalApiKey.InternalApiKeyProvider;
 import com.park.utmstack.security.jwt.JWTConfigurer;
+import com.park.utmstack.security.jwt.JWTFilter;
 import com.park.utmstack.security.jwt.TokenProvider;
+import com.park.utmstack.service.api_key.ApiKeyService;
+import lombok.RequiredArgsConstructor;
+import org.apache.commons.net.util.SubnetUtils;
 import org.springframework.beans.factory.BeanInitializationException;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
@@ -29,8 +37,11 @@
 
 import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletResponse;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
 
 @Configuration
+@RequiredArgsConstructor
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 @Import(SecurityProblemSupport.class)
@@ -41,17 +52,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     private final TokenProvider tokenProvider;
     private final CorsFilter corsFilter;
     private final InternalApiKeyProvider internalApiKeyProvider;
-
-    public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder,
-                                 UserDetailsService userDetailsService,
-                                 TokenProvider tokenProvider,
-                                 CorsFilter corsFilter, InternalApiKeyProvider internalApiKeyProvider) {
-        this.authenticationManagerBuilder = authenticationManagerBuilder;
-        this.userDetailsService = userDetailsService;
-        this.tokenProvider = tokenProvider;
-        this.corsFilter = corsFilter;
-        this.internalApiKeyProvider = internalApiKeyProvider;
-    }
+    private final ApiKeyFilter apiKeyFilter;
 
     @PostConstruct
     public void init() {
@@ -127,7 +128,10 @@ public void configure(HttpSecurity http) throws Exception {
                 .and()
                 .apply(securityConfigurerAdapterForJwt())
                 .and()
-                .apply(securityConfigurerAdapterForInternalApiKey());
+                .apply(securityConfigurerAdapterForInternalApiKey())
+                .and()
+                .apply(securityConfigurerAdapterForApiKey())    ;
+
 
     }
 
@@ -138,4 +142,9 @@ private JWTConfigurer securityConfigurerAdapterForJwt() {
     private InternalApiKeyConfigurer securityConfigurerAdapterForInternalApiKey() {
         return new InternalApiKeyConfigurer(internalApiKeyProvider);
     }
+
+    private ApiKeyConfigurer securityConfigurerAdapterForApiKey() {
+        return new ApiKeyConfigurer(apiKeyFilter);
+    }
+
 }

backend/src/main/java/com/park/utmstack/domain/User.java

@@ -97,7 +97,7 @@ public class User extends AbstractAuditingEntity implements Serializable {
     private Boolean defaultPassword;
 
     @JsonIgnore
-    @ManyToMany
+    @ManyToMany(fetch = FetchType.EAGER)
     @JoinTable(name = "jhi_user_authority", joinColumns = {@JoinColumn(name = "user_id", referencedColumnName = "id")}, inverseJoinColumns = {@JoinColumn(name = "authority_name", referencedColumnName = "name")})
 
     @BatchSize(size = 20)

backend/src/main/java/com/park/utmstack/domain/api_keys/ApiKey.java

@@ -0,0 +1,44 @@
+package com.park.utmstack.domain.api_keys;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.persistence.*;
+import java.io.Serializable;
+import java.time.Instant;
+import java.util.UUID;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Entity
+@Table(name = "api_keys")
+public class ApiKey implements Serializable {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @Column(nullable = false)
+    private Long userId;
+
+    @Column(nullable = false)
+    private String name;
+
+    @Column(nullable = false)
+    private String apiKey;
+
+    @Column
+    private String allowedIp;
+
+    @Column(nullable = false)
+    private Instant createdAt;
+
+    private Instant generatedAt;
+
+    @Column
+    private Instant expiresAt;
+}

backend/src/main/java/com/park/utmstack/domain/api_keys/ApiKeyUsageLog.java

@@ -0,0 +1,49 @@
+package com.park.utmstack.domain.api_keys;
+
+import com.park.utmstack.service.dto.auditable.AuditableDTO;
+import lombok.*;
+
+import java.util.HashMap;
+import java.util.Map;
+
+@Builder
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+public class ApiKeyUsageLog implements AuditableDTO {
+
+    private String id;
+    private String apiKeyId;
+    private String apiKeyName;
+    private String userId;
+    private String timestamp;
+    private String endpoint;
+    private String address;
+    private String errorMessage;
+    private String queryParams;
+    private String payload;
+    private String userAgent;
+    private String httpMethod;
+    private String statusCode;
+
+    @Override
+    public Map<String, Object> toAuditMap() {
+        Map<String, Object> map = new HashMap<>();
+
+        map.put("id", id);
+        map.put("api_key_id", apiKeyId);
+        map.put("api_key_name", apiKeyName);
+        map.put("user_id", userId);
+        map.put("timestamp", timestamp != null ? timestamp : null);
+        map.put("endpoint", endpoint);
+        map.put("address", address);
+        map.put("error_message", errorMessage);
+        map.put("query_params", queryParams);
+        map.put("user_agent", userAgent);
+        map.put("http_method", httpMethod);
+        map.put("status_code", statusCode);
+
+        return map;
+    }
+}

backend/src/main/java/com/park/utmstack/domain/application_events/enums/ApplicationEventType.java

@@ -42,5 +42,9 @@ public enum ApplicationEventType {
     ERROR,
     WARNING,
     INFO,
-    MODULE_ACTIVATION_ATTEMPT, MODULE_ACTIVATION_SUCCESS, UNDEFINED
+    MODULE_ACTIVATION_ATTEMPT,
+    MODULE_ACTIVATION_SUCCESS,
+    API_KEY_ACCESS_SUCCESS,
+    API_KEY_ACCESS_FAILURE,
+    UNDEFINED
 }