gowthaman/readymixerp_modules_api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make auth work

Browse Source
This commit is contained in:
gowthaman.b
2023-11-10 14:05:58 +05:30
parent b0042d2e6b
commit 1e3d9aa1f1
9 changed files with 352 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
src/main/kotlin/com/restapi/Main.kt
View File

@@ -1,7 +1,12 @@
package com.restapi
import AuthTokenResponse
import com.fasterxml.jackson.databind.JsonMappingException
import com.fasterxml.jackson.module.kotlin.readValue
import com.restapi.config.AppConfig.Companion.appConfig
import com.restapi.config.Auth
import com.restapi.config.Auth.getAuthEndpoint
import com.restapi.config.AuthEndpoint
import com.restapi.domain.DataModel
import com.restapi.domain.DataNotFoundException
import com.restapi.domain.Session
@@ -9,6 +14,9 @@ import com.restapi.domain.Session.creatSeq
import com.restapi.domain.Session.database
import com.restapi.domain.Session.findByEntityAndId
import com.restapi.domain.Session.nextUniqId
import com.restapi.domain.Session.objectMapper
import com.restapi.domain.Session.redis
import com.restapi.domain.Session.setAuthorizedUser
import io.ebean.CallableSql
import io.ebean.DuplicateKeyException
import io.ebean.RawSqlBuilder
@@ -17,10 +25,18 @@ import io.javalin.apibuilder.ApiBuilder.*
import io.javalin.http.*
import io.javalin.json.JavalinJackson
import org.slf4j.LoggerFactory
import java.net.URI
import java.net.URLEncoder
import java.net.http.HttpClient
import java.net.http.HttpRequest
import java.net.http.HttpRequest.BodyPublishers
import java.net.http.HttpResponse.BodyHandlers
import java.nio.charset.StandardCharsets
import java.time.LocalDateTime
fun main(args: Array<String>) {
val logger = LoggerFactory.getLogger("api")
Javalin
.create { cfg ->
cfg.http.generateEtags = true
@@ -39,7 +55,47 @@ fun main(args: Array<String>) {
cfg.jsonMapper(JavalinJackson(Session.objectMapper))
}
.routes {
before("/*") { ctx ->
path("/auth") {
get("/init") {
val endpoint = getAuthEndpoint().authorizationEndpoint
val redirectUrl =
"$endpoint?response_type=code&client_id=${appConfig.iamClient()}&redirect_uri=${appConfig.iamClientRedirectUri()}&scope=profile&state=1234zyx"
it.redirect(redirectUrl)
}
get("/code") {
val code = it.queryParam("code") ?: throw BadRequestResponse("not proper")
val ep = getAuthEndpoint().tokenEndpoint
val client = HttpClient.newHttpClient()
val req = HttpRequest.newBuilder()
.uri(URI.create(ep))
.POST(
BodyPublishers.ofString(
getFormDataAsString(
mapOf(
"code" to code,
"redirect_uri" to appConfig.iamClientRedirectUri(),
"client_id" to appConfig.iamClient(),
"grant_type" to "authorization_code",
)
)
)
)
.header("Content-Type", "application/x-www-form-urlencoded")
.build()
val message = client.send(req, BodyHandlers.ofString()).body()
val atResponse = objectMapper.readValue<AuthTokenResponse>(message)
//lets keep auth token refreshed
redis.sadd("AUTH_TOKEN", message)
it.result(atResponse.accessToken).contentType(ContentType.TEXT_PLAIN)
}
}
before("/api/*") { ctx ->
//validate, auth token
//allow only alpha, numeric, hypen, underscore, dot in paths
@@ -51,6 +107,12 @@ fun main(args: Array<String>) {
throw IllegalArgumentException()
}
}
val at = ctx.header("Authorization")?.replace("Bearer ", "")?.replace("Bearer: ", "")?.trim()
?: throw UnauthorizedResponse()
val pt = Auth.parseAuthToken(authToken = at)
setAuthorizedUser(pt)
}
path("/api") {
post("/execute/{name}") {
@@ -174,4 +236,17 @@ data class Query(
val params: Map<String, Any>
)
private fun getFormDataAsString(formData: Map<String, String>): String {
val formBodyBuilder = StringBuilder()
for ((key, value) in formData) {
if (formBodyBuilder.length > 0) {
formBodyBuilder.append("&")
}
formBodyBuilder.append(URLEncoder.encode(key, StandardCharsets.UTF_8))
formBodyBuilder.append("=")
formBodyBuilder.append(URLEncoder.encode(value, StandardCharsets.UTF_8))
}
return formBodyBuilder.toString()
}
data class PatchValue(val key: String, val value: Any)