diff --git a/api.http b/api.http index d572542..88d020c 100644 --- a/api.http +++ b/api.http @@ -24,7 +24,11 @@ Authorization: {{auth-token}} } ### get row -GET http://localhost:9001/api/vehicle/TN38BA5009 +GET http://localhost:9001/api/log/log-0000000001 +Authorization: Bearer {{auth-token}} + +### get row +GET http://localhost:9001/api/vehicle/KA01HD6667 Authorization: Bearer {{auth-token}} ### query row @@ -40,7 +44,7 @@ Authorization: set-auth-token } ### update field -PATCH http://localhost:9001/api/vehicle/KA01MU0556 +PATCH http://localhost:9001/api/vehicle/KA01HD6667 Content-Type: application/json Authorization: {{auth-token}} @@ -51,9 +55,9 @@ Authorization: {{auth-token}} ### upate a row -PUT http://localhost:9001/api/vehicle/KA03HD6064 +PUT http://localhost:9001/api/vehicle/KA01HD6667 Content-Type: application/json -Authorization: set-auth-token +Authorization: {{auth-token}} { "number": "KA03HD6064", @@ -62,5 +66,5 @@ Authorization: set-auth-token } ### delete a row -DELETE http://localhost:9001/api/vehicle/KA01MU0556 +DELETE http://localhost:9001/api/vehicle/KA01HD6667 Authorization: {{auth-token}} \ No newline at end of file diff --git a/app-sample.yaml b/app-sample.yaml index 9bda989..9ab34ea 100644 --- a/app-sample.yaml +++ b/app-sample.yaml @@ -12,10 +12,10 @@ app: cache: redis_uri: redis://127.0.0.1:6379/0 iam: - url: https://auth.compegence.com - realm: forewarn-dev + url: https://auth.readymixerp.com + realm: rmc-dev client_redirect_uri: http://localhost:9001/auth/code - client: forewarn + client: rmc scripts: path: /Users/gowthaman.b/IdeaProjects/rmc_modules_api/src/main/resources/scripts security: diff --git a/src/main/kotlin/com/restapi/Main.kt b/src/main/kotlin/com/restapi/Main.kt index 35bd882..d2fc0d1 100644 --- a/src/main/kotlin/com/restapi/Main.kt +++ b/src/main/kotlin/com/restapi/Main.kt @@ -5,7 +5,6 @@ import com.restapi.config.* import com.restapi.config.AppConfig.Companion.appConfig import com.restapi.config.Auth.validateAuthToken import com.restapi.controllers.Entities -import com.restapi.domain.AnonSession import com.restapi.domain.DataNotFoundException import com.restapi.domain.Session import com.restapi.domain.Session.currentTenant @@ -13,12 +12,13 @@ import com.restapi.domain.Session.currentUser import com.restapi.domain.Session.objectMapper import com.restapi.domain.Session.setAuthorizedUser import com.restapi.domain.Session.signPayload -import com.restapi.domain.TenantModel import io.ebean.DataIntegrityException import io.ebean.DuplicateKeyException import io.javalin.Javalin import io.javalin.apibuilder.ApiBuilder.* -import io.javalin.http.* +import io.javalin.http.ContentType +import io.javalin.http.Context +import io.javalin.http.UnauthorizedResponse import io.javalin.http.util.NaiveRateLimit import io.javalin.http.util.RateLimitUtil import io.javalin.json.JavalinJackson @@ -63,43 +63,7 @@ fun main(args: Array) { } .routes { path("/auth") { - get("/session") { - //a simple session to keep track of anon users - val at = it.getAuthHeader() - val tenant = Session.database.find(TenantModel::class.java) - .where() - .eq("domain",it.host()) - .findOne() ?: throw UnauthorizedResponse() - if(at == null){ - //new session - val s = AnonSession().apply { - sessionId = UUID.randomUUID().toString() - firstSeenAt = LocalDateTime.now() - lastSeenAt = LocalDateTime.now() - tenantId = tenant.name - headerMap = it.headerMap() - } - Session.database.save(s) - it.json(s) - } else { - val s = Session.database.find(AnonSession::class.java) - .where() - .eq("sessionId", at) - .findOne() ?: throw UnauthorizedResponse() - - - Session.database.save( - s.apply { - lastSeenAt = LocalDateTime.now() - headerMap = it.headerMap() - } - ) - - it.json(s) - } - - } get("/endpoint", Auth::endPoint) get("/init", Auth::init) get("/code", Auth::code) @@ -167,7 +131,7 @@ fun main(args: Array) { .exception(DuplicateKeyException::class.java, Exceptions.dupKeyExceptionHandler) .exception(DataIntegrityException::class.java, Exceptions.dataIntegrityException) .exception(DataNotFoundException::class.java, Exceptions.dataNotFoundException) - .exception(IllegalArgumentException::class.java,Exceptions.illegalArgumentException) + .exception(IllegalArgumentException::class.java, Exceptions.illegalArgumentException) .exception(JsonMappingException::class.java, Exceptions.jsonMappingException) .exception(InvalidJwtException::class.java, Exceptions.invalidJwtException) .start(appConfig.portNumber()) diff --git a/src/main/kotlin/com/restapi/config/Auth.kt b/src/main/kotlin/com/restapi/config/Auth.kt index 07acb5c..da1994a 100644 --- a/src/main/kotlin/com/restapi/config/Auth.kt +++ b/src/main/kotlin/com/restapi/config/Auth.kt @@ -2,7 +2,6 @@ package com.restapi.config import com.fasterxml.jackson.module.kotlin.readValue import com.restapi.config.AppConfig.Companion.appConfig -import com.restapi.domain.AnonSession import com.restapi.domain.Session import com.restapi.domain.Session.objectMapper import io.javalin.http.BadRequestResponse @@ -64,7 +63,6 @@ object Auth { .setAllowedClockSkewInSeconds(30) .setRequireSubject() .setExpectedIssuer(getAuthEndpoint().issuer) - .setExpectedAudience("account") .setVerificationKeyResolver(HttpsJwksVerificationKeyResolver(HttpsJwks(getAuthEndpoint().jwksUri))) .build() @@ -75,23 +73,6 @@ object Auth { fun validateAuthToken(authToken: String, skipValidate: Boolean = false): AuthUser { - - //check if this is anon session - val anonSession = Session.database.find(AnonSession::class.java) - .where() - .eq("sessionId", authToken) - .findOne() - - if (anonSession != null) { - return AuthUser( - userName = authToken, - tenant = anonSession.tenantId, - roles = emptyList(), - token = authToken, - expiry = LocalDateTime.now().plusDays(1) - ) - } - // Validate the JWT and process it to the Claims val jwtClaims = if (skipValidate) jwtConsumerSkipValidate.process(authToken) else jwtConsumer.process(authToken) val userId = jwtClaims.jwtClaims.claimsMap["preferred_username"] as String diff --git a/src/main/kotlin/com/restapi/domain/db.kt b/src/main/kotlin/com/restapi/domain/db.kt index b140e97..e5a1b09 100644 --- a/src/main/kotlin/com/restapi/domain/db.kt +++ b/src/main/kotlin/com/restapi/domain/db.kt @@ -30,6 +30,7 @@ import java.security.spec.PKCS8EncodedKeySpec import java.security.spec.X509EncodedKeySpec import java.time.LocalDateTime import java.util.* +import kotlin.collections.HashMap import kotlin.jvm.optionals.getOrDefault @@ -137,7 +138,27 @@ object Session { } + fun a(){ + val a = HashMap() + a.put("a", "b"); + a.put("a", "b"); + a.put("a", "b"); + a.put("a", "b"); + val b = HashMap().apply { + put("a", "b"); + put("a", "b"); + put("a", "b"); + put("a", "b"); + } + + val c: String? = "" + val x = c?.get(1) + + c?.apply { + //will work only when c is not null + } + } private val sc = DatabaseConfig().apply { loadFromProperties(Properties().apply { setProperty("datasource.db.username", appConfig.dbUser())