From 7f87c00dd92ed090c568fa133a5d712f466e183b Mon Sep 17 00:00:00 2001 From: Swordsteel Date: Wed, 1 Jan 2025 20:32:39 +0100 Subject: [PATCH] set up authorization --- .gitignore | 4 ++-- README.md | 7 +++++++ build.gradle.kts | 3 +++ http/http-client.env.json | 14 ++++++++------ http/registry.http | 1 + .../additional-spring-configuration-metadata.json | 5 +++++ src/main/resources/application.yml | 3 +++ src/test/resources/application.yml | 6 ++++++ src/test/resources/cert/valid-public-key.pem | 9 +++++++++ 9 files changed, 44 insertions(+), 8 deletions(-) create mode 100644 src/test/resources/application.yml create mode 100644 src/test/resources/cert/valid-public-key.pem diff --git a/.gitignore b/.gitignore index 5e9b219..004b1eb 100644 --- a/.gitignore +++ b/.gitignore @@ -39,5 +39,5 @@ out/ ### Kotlin ### .kotlin -### cert ### -cert/ +#### Hlæja ### +/cert/ diff --git a/README.md b/README.md index 4df3712..93f74f0 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Classes and endpoints, to shape and to steer, Devices and sensors, their purpose | server.ssl.key-store | ✓ | HTTP Keystore | | server.ssl.key-store-type | ✓ | HTTP Cert Type | | server.ssl.key-store-password | ✗ | HTTP Cert Pass | +| jwt.public-key | ✓ | JWT public key file | | account-registry.url | ✓ | Account Register URL | | device-registry.url | ✓ | Device Register URL | | management.influx.metrics.export.api-version | | InfluxDB API version | @@ -34,6 +35,12 @@ Run `release.sh` script from `master` branch. We use a keystore to enable HTTPS for our API. To set up your developer environment for local development, please refer to [generate keystore](https://github.com/swordsteel/hlaeja-development/blob/master/doc/keystore.md) documentation. When generating and exporting the certificate for local development, please store it in the `./cert/keystore.p12` folder at the project root. +### Public RSA Key + +This service uses the public key from **[Hlæja Account Register](https://github.com/swordsteel/hlaeja-account-registry)** to identify users. To set up user identification for local development, copy the `public_key.pem` file from the `./cert` directory in **Hlæja Account Register** into the `./cert` directory of this project. + +*Note: For more information on generating RSA keys, please refer to our [generate RSA key](https://github.com/swordsteel/hlaeja-development/blob/master/doc/rsa_key.md) documentation.* + ### Global Settings This services rely on a set of global settings to configure development environments. These settings, managed through Gradle properties or environment variables. diff --git a/build.gradle.kts b/build.gradle.kts index a0f3ec0..81255f1 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -11,12 +11,15 @@ plugins { dependencies { implementation(hlaeja.fasterxml.jackson.module.kotlin) + implementation(hlaeja.jjwt.api) implementation(hlaeja.kotlin.logging) implementation(hlaeja.kotlin.reflect) implementation(hlaeja.kotlinx.coroutines) implementation(hlaeja.library.hlaeja.common.messages) + implementation(hlaeja.library.hlaeja.jwt) implementation(hlaeja.micrometer.registry.influx) implementation(hlaeja.springboot.starter.actuator) + implementation(hlaeja.springboot.starter.security) implementation(hlaeja.springboot.starter.webflux) testImplementation(hlaeja.mockk) diff --git a/http/http-client.env.json b/http/http-client.env.json index c856ff0..da90693 100644 --- a/http/http-client.env.json +++ b/http/http-client.env.json @@ -1,8 +1,10 @@ { - "development": { - "hostname": "https://localhost:8443" - }, - "docker": { - "hostname": "https://localhost:9040" - } + "development": { + "hostname": "https://localhost:8443", + "token": "" + }, + "docker": { + "hostname": "https://localhost:9040", + "token": "" + } } diff --git a/http/registry.http b/http/registry.http index 38ec46e..114d9d1 100644 --- a/http/registry.http +++ b/http/registry.http @@ -1,5 +1,6 @@ ### register device for a type POST {{hostname}}/register +Authorization: Bearer {{token}} Content-Type: application/json { diff --git a/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/src/main/resources/META-INF/additional-spring-configuration-metadata.json index 0834e13..15abfa6 100644 --- a/src/main/resources/META-INF/additional-spring-configuration-metadata.json +++ b/src/main/resources/META-INF/additional-spring-configuration-metadata.json @@ -24,6 +24,11 @@ "name": "device-registry.url", "type": "java.lang.String", "description": "Url for device registry service." + }, + { + "name": "account-registry.url", + "type": "java.lang.String", + "description": "Url for account registry service." } ] } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 073f428..70592ed 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -29,6 +29,9 @@ management: bucket: hlaeja org: hlaeja_ltd +jwt: + public-key: cert/public_key.pem + --- ############################### ### Development environment ### diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml new file mode 100644 index 0000000..61bb249 --- /dev/null +++ b/src/test/resources/application.yml @@ -0,0 +1,6 @@ +jwt: + public-key: cert/valid-public-key.pem +device-registry: + url: http://localhost +account-registry: + url: http://localhost diff --git a/src/test/resources/cert/valid-public-key.pem b/src/test/resources/cert/valid-public-key.pem new file mode 100644 index 0000000..cdb4982 --- /dev/null +++ b/src/test/resources/cert/valid-public-key.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZdlbISX729m5Ur1pVhg +XIvazcgUt0T0G32ML0tfwQ4aWTfwPII0SQRThaN6eiiBMRa0V8JMih1LT8JmGgst +dEx2nhMbVs/Osu8MhmP86c+HB/jPa1+0IR1TZKXoZoF52D2ZtoVf+mOWggAcm1R+ +V0Fj2cR/pgLkVt3GKUE2OokFC1iFUQFjThd1EzKcOv53TUek8FY8t66npQ4t3unD +bXZKoGXMuXCqZVykMbGTUQFRuT3NAOXRrJP+UDeY2uM2Yk98J+8FtLDYD6jpmyi0 +ghv6k8pK1w1n5NI3atVv5ZMUeQZ36AXL8SZi1105mamhLVQ0e0JixoMOPh7ziFyv +uwIDAQAB +-----END PUBLIC KEY-----