Humoud AlGhanim

pom.xml

@@ -1,18 +1,18 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
 		<version>3.4.4</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
-	<groupId>com.coded.spring</groupId>
-	<artifactId>Ordering</artifactId>
+	<groupId>com.example</groupId>
+	<artifactId>ordering</artifactId>
 	<version>0.0.1-SNAPSHOT</version>
-	<name>Kotlin.SpringbootV2</name>
-	<description>Kotlin.SpringbootV2</description>
+	<name>ordering</name>
+	<description>Demo project for Spring Boot</description>
 	<url/>
 	<licenses>
 		<license/>
@@ -31,6 +31,37 @@
 		<kotlin.version>1.9.25</kotlin.version>
 	</properties>
 	<dependencies>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>0.11.5</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<scope>runtime</scope>
+			<version>0.11.5</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId>
+			<scope>runtime</scope>
+			<version>0.11.5</version>
+		</dependency>
+		<dependency>
+			<groupId>jakarta.validation</groupId>
+			<artifactId>jakarta.validation-api</artifactId>
+			<version>3.0.2</version>
+		</dependency>
+		<dependency>
+			<groupId>org.hibernate.validator</groupId>
+			<artifactId>hibernate-validator</artifactId>
+			<version>8.0.1.Final</version>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
@@ -47,7 +78,19 @@
 			<groupId>org.jetbrains.kotlin</groupId>
 			<artifactId>kotlin-stdlib</artifactId>
 		</dependency>
-
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-jpa</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>jakarta.inject</groupId>
+			<artifactId>jakarta.inject-api</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.postgresql</groupId>
+			<artifactId>postgresql</artifactId>
+			<scope>runtime</scope>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
@@ -58,6 +101,49 @@
 			<artifactId>kotlin-test-junit5</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>com.h2database</groupId>
+			<artifactId>h2</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.cucumber</groupId>
+			<artifactId>cucumber-java</artifactId>
+			<version>7.20.1</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.cucumber</groupId>
+			<artifactId>cucumber-junit-platform-engine</artifactId>
+			<version>7.20.1</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springdoc</groupId>
+			<artifactId>springdoc-openapi-starter-webmvc-api</artifactId>
+			<version>2.6.0</version>
+		</dependency>
+		<dependency>
+			<groupId>io.cucumber</groupId>
+			<artifactId>cucumber-spring</artifactId>
+			<version>7.14.0</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-lang3</artifactId>
+			<version>3.14.0</version>
+		</dependency>
+		<dependency>
+			<groupId>com.hazelcast</groupId>
+			<artifactId>hazelcast</artifactId>
+			<version>5.5.0</version>
+		</dependency>
 	</dependencies>
 
 	<build>

src/main/kotlin/com/coded/spring/ordering/Application.kt

@@ -1,11 +1,20 @@
 package com.coded.spring.ordering
 
+import com.hazelcast.config.Config;
+import com.hazelcast.core.Hazelcast
+import com.hazelcast.core.HazelcastInstance
 import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.boot.runApplication
+import org.springframework.scheduling.annotation.EnableScheduling
 
+@EnableScheduling
 @SpringBootApplication
 class Application
 
 fun main(args: Array<String>) {
 	runApplication<Application>(*args)
+    usersConfig.getMapConfig("users-cache").timeToLiveSeconds = 5
 }
+
+val usersConfig = Config("users-cache")
+val serverCache: HazelcastInstance = Hazelcast.newHazelcastInstance(usersConfig)

src/main/kotlin/com/coded/spring/ordering/LoggingFilter.kt

@@ -0,0 +1,56 @@
+package com.coded.spring.ordering
+
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.core.annotation.Order
+import org.springframework.stereotype.Component
+import org.springframework.web.filter.OncePerRequestFilter
+import org.springframework.web.util.ContentCachingRequestWrapper
+import org.springframework.web.util.ContentCachingResponseWrapper
+import org.slf4j.LoggerFactory
+
+@Component
+@Order(1)
+class LoggingFilter(
+    @Value("\${logging-level}")
+    private val logLevel: String
+) : OncePerRequestFilter() {
+
+    override fun doFilterInternal(
+        request: HttpServletRequest,
+        response: HttpServletResponse,
+        filterChain: FilterChain
+    ) {
+        val cachedRequest = ContentCachingRequestWrapper(request)
+        val cachedResponse = ContentCachingResponseWrapper(response)
+
+        filterChain.doFilter(cachedRequest, cachedResponse)
+
+        logRequest(cachedRequest)
+        logResponse(cachedResponse)
+
+        cachedResponse.copyBodyToResponse()
+    }
+
+    private fun logRequest(request: ContentCachingRequestWrapper) {
+        val requestBody = String(request.contentAsByteArray)
+
+        if (logLevel == "DEBUG") {
+            logger.info("Request: method=${request.method}, uri=${request.requestURI}, body=$requestBody")
+        } else {
+            logger.info("Request: method=${request.method}, uri=${request.requestURI}")
+        }
+    }
+
+    private fun logResponse(response: ContentCachingResponseWrapper) {
+        val responseBody = String(response.contentAsByteArray)
+
+        if (logLevel == "DEBUG") {
+            logger.info("Response: status=${response.status}, body=$responseBody")
+        } else {
+            logger.info("Response: status=${response.status}")
+        }
+    }
+}

src/main/kotlin/com/coded/spring/ordering/authentication/CustomUserDetailsService.kt

@@ -0,0 +1,21 @@
+package com.coded.spring.ordering.authentication
+
+import com.coded.spring.ordering.repositories.UsersRepository
+import org.springframework.security.core.userdetails.*
+import org.springframework.stereotype.Service
+
+@Service
+class CustomUserDetailsService(
+    private val usersRepository: UsersRepository
+) : UserDetailsService {
+    override fun loadUserByUsername(username: String): UserDetails {
+        val user = usersRepository.findByUsername(username)
+            ?: throw UsernameNotFoundException("User not found")
+
+        return User.builder()
+            .username(user.username)
+            .password(user.password)
+            .roles(user.role.toString())
+            .build()
+    }
+}

src/main/kotlin/com/coded/spring/ordering/authentication/SecurityConfig.kt

@@ -0,0 +1,58 @@
+package com.coded.spring.ordering.authentication
+
+
+import com.coded.spring.ordering.authentication.jwt.JwtAuthenticationFilter
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.authentication.AuthenticationManager
+import org.springframework.security.authentication.AuthenticationProvider
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+
+
+@Configuration
+@EnableWebSecurity
+class SecurityConfig(
+    private val jwtAuthFilter: JwtAuthenticationFilter,
+    private val userDetailsService: UserDetailsService
+) {
+
+    @Bean
+    fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        http.csrf { it.disable() }
+            .authorizeHttpRequests {
+                it.requestMatchers("/auth/**", "/api-docs", "/hello").permitAll()
+                    .anyRequest().authenticated()
+            }
+            .sessionManagement {
+                it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            }
+            .authenticationProvider(authenticationProvider())
+            .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter::class.java)
+
+        return http.build()
+    }
+
+    @Bean
+    fun passwordEncoder(): PasswordEncoder = BCryptPasswordEncoder()
+
+    @Bean
+    fun authenticationManager(config: AuthenticationConfiguration): AuthenticationManager =
+        config.authenticationManager
+
+    @Bean
+    fun authenticationProvider(): AuthenticationProvider {
+        val provider = DaoAuthenticationProvider()
+        provider.setUserDetailsService(userDetailsService)
+        provider.setPasswordEncoder(passwordEncoder())
+        return provider
+    }
+}

src/main/kotlin/com/coded/spring/ordering/authentication/jwt/AuthenticationController.kt

@@ -0,0 +1,57 @@
+package com.coded.spring.ordering.authentication.jwt
+
+import io.swagger.v3.oas.annotations.Operation
+import io.swagger.v3.oas.annotations.responses.ApiResponse
+import io.swagger.v3.oas.annotations.responses.ApiResponses
+import io.swagger.v3.oas.annotations.tags.Tag
+import io.swagger.v3.oas.annotations.media.Content
+import org.springframework.security.authentication.*
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.core.userdetails.UsernameNotFoundException
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/auth")
+@Tag(name = "Authentication API", description = "User Authentication and JWT generation")
+class AuthenticationController(
+    private val authenticationManager: AuthenticationManager,
+    private val userDetailsService: UserDetailsService,
+    private val jwtService: JwtService
+) {
+
+    @Operation(
+        summary = "User Login",
+        description = "Authenticate user and return a JWT token",
+        tags = ["Authentication API"]
+    )
+    @ApiResponses(
+        value = [
+            ApiResponse(
+                responseCode = "200",
+                description = "Login successful, JWT token returned",
+                content = [Content(mediaType = "application/json")]
+            ),
+            ApiResponse(
+                responseCode = "401",
+                description = "Invalid username or password")
+        ]
+    )
+    @PostMapping("/login")
+    fun login(@RequestBody authRequest: AuthenticationRequest): String {
+        val authToken = UsernamePasswordAuthenticationToken(authRequest.username, authRequest.password)
+        val authentication = authenticationManager.authenticate(authToken)
+
+        if (authentication.isAuthenticated) {
+            val userDetails = userDetailsService.loadUserByUsername(authRequest.username)
+            val token = jwtService.generateToken(userDetails.username)
+            return token
+        } else {
+            throw UsernameNotFoundException("Invalid user request!")
+        }
+    }
+}
+
+data class AuthenticationRequest(
+    val username: String,
+    val password: String
+)

src/main/kotlin/com/coded/spring/ordering/authentication/jwt/JwtAuthenticationFilter.kt

@@ -0,0 +1,45 @@
+package com.coded.spring.ordering.authentication.jwt
+
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.*
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
+import org.springframework.security.core.context.SecurityContextHolder
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
+import org.springframework.stereotype.Component
+import org.springframework.web.filter.OncePerRequestFilter
+
+@Component
+class JwtAuthenticationFilter(
+    private val jwtService: JwtService,
+    private val userDetailsService: UserDetailsService
+) : OncePerRequestFilter() {
+
+    override fun doFilterInternal(
+        request: HttpServletRequest,
+        response: HttpServletResponse,
+        filterChain: FilterChain
+    ) {
+        val authHeader = request.getHeader("Authorization")
+        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+            filterChain.doFilter(request, response)
+            return
+        }
+
+        val token = authHeader.substring(7)
+        val username = jwtService.extractUsername(token)
+
+        if (SecurityContextHolder.getContext().authentication == null) {
+            if (jwtService.isTokenValid(token, username)) {
+                val userDetails = userDetailsService.loadUserByUsername(username)
+                val authToken = UsernamePasswordAuthenticationToken(
+                    userDetails, null, userDetails.authorities
+                )
+                authToken.details = WebAuthenticationDetailsSource().buildDetails(request)
+                SecurityContextHolder.getContext().authentication = authToken
+            }
+        }
+
+        filterChain.doFilter(request, response)
+    }
+}