set up authorization

2025-01-01 20:32:39 +01:00
parent 22222fb0e3
commit 7f87c00dd9
9 changed files with 44 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -39,5 +39,5 @@ out/
 ### Kotlin ###
 .kotlin

-### cert ###
-cert/
+#### Hlæja ###
+/cert/
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ Classes and endpoints, to shape and to steer, Devices and sensors, their purpose
 | server.ssl.key-store                         | &check;  | HTTP Keystore                                |
 | server.ssl.key-store-type                    | &check;  | HTTP Cert Type                               |
 | server.ssl.key-store-password                | &cross;  | HTTP Cert Pass                               |
+| jwt.public-key                               | &check;  | JWT public key file                          |
 | account-registry.url                         | &check;  | Account Register URL                         |
 | device-registry.url                          | &check;  | Device Register URL                          |
 | management.influx.metrics.export.api-version |          | InfluxDB API version                         |
@@ -34,6 +35,12 @@ Run `release.sh` script from `master` branch.

 We use a keystore to enable HTTPS for our API. To set up your developer environment for local development, please refer to [generate keystore](https://github.com/swordsteel/hlaeja-development/blob/master/doc/keystore.md) documentation. When generating and exporting the certificate for local development, please store it in the `./cert/keystore.p12` folder at the project root.

+### Public RSA Key
+
+This service uses the public key from **[Hlæja Account Register](https://github.com/swordsteel/hlaeja-account-registry)** to identify users. To set up user identification for local development, copy the `public_key.pem` file from the `./cert` directory in **Hlæja Account Register** into the `./cert` directory of this project.
+
+*Note: For more information on generating RSA keys, please refer to our [generate RSA key](https://github.com/swordsteel/hlaeja-development/blob/master/doc/rsa_key.md) documentation.*
+
 ### Global Settings

 This services rely on a set of global settings to configure development environments. These settings, managed through Gradle properties or environment variables.
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -11,12 +11,15 @@ plugins {

 dependencies {
    implementation(hlaeja.fasterxml.jackson.module.kotlin)
+    implementation(hlaeja.jjwt.api)
    implementation(hlaeja.kotlin.logging)
    implementation(hlaeja.kotlin.reflect)
    implementation(hlaeja.kotlinx.coroutines)
    implementation(hlaeja.library.hlaeja.common.messages)
+    implementation(hlaeja.library.hlaeja.jwt)
    implementation(hlaeja.micrometer.registry.influx)
    implementation(hlaeja.springboot.starter.actuator)
+    implementation(hlaeja.springboot.starter.security)
    implementation(hlaeja.springboot.starter.webflux)

    testImplementation(hlaeja.mockk)
--- a/http/http-client.env.json
+++ b/http/http-client.env.json
@@ -1,8 +1,10 @@
 {
-    "development": {
-        "hostname": "https://localhost:8443"
-    },
-    "docker": {
-        "hostname": "https://localhost:9040"
-    }
+  "development": {
+    "hostname": "https://localhost:8443",
+    "token": ""
+  },
+  "docker": {
+    "hostname": "https://localhost:9040",
+    "token": ""
+  }
 }
--- a/http/registry.http
+++ b/http/registry.http
@@ -1,5 +1,6 @@
 ### register device for a type
 POST {{hostname}}/register
+Authorization: Bearer {{token}}
 Content-Type: application/json

 {
--- a/src/main/resources/META-INF/additional-spring-configuration-metadata.json
+++ b/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -24,6 +24,11 @@
      "name": "device-registry.url",
      "type": "java.lang.String",
      "description": "Url for device registry service."
+    },
+    {
+      "name": "account-registry.url",
+      "type": "java.lang.String",
+      "description": "Url for account registry service."
    }
  ]
 }
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -29,6 +29,9 @@ management:
        bucket: hlaeja
        org: hlaeja_ltd

+jwt:
+  public-key: cert/public_key.pem
+
 ---
 ###############################
 ### Development environment ###
--- a/src/test/resources/application.yml
+++ b/src/test/resources/application.yml
@@ -0,0 +1,6 @@
+jwt:
+  public-key: cert/valid-public-key.pem
+device-registry:
+  url: http://localhost
+account-registry:
+  url: http://localhost
--- a/src/test/resources/cert/valid-public-key.pem
+++ b/src/test/resources/cert/valid-public-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZdlbISX729m5Ur1pVhg
+XIvazcgUt0T0G32ML0tfwQ4aWTfwPII0SQRThaN6eiiBMRa0V8JMih1LT8JmGgst
+dEx2nhMbVs/Osu8MhmP86c+HB/jPa1+0IR1TZKXoZoF52D2ZtoVf+mOWggAcm1R+
+V0Fj2cR/pgLkVt3GKUE2OokFC1iFUQFjThd1EzKcOv53TUek8FY8t66npQ4t3unD
+bXZKoGXMuXCqZVykMbGTUQFRuT3NAOXRrJP+UDeY2uM2Yk98J+8FtLDYD6jpmyi0
+ghv6k8pK1w1n5NI3atVv5ZMUeQZ36AXL8SZi1105mamhLVQ0e0JixoMOPh7ziFyv
+uwIDAQAB
+-----END PUBLIC KEY-----