add tamper protection

.gitignore

@@ -42,4 +42,5 @@ bin/
 .DS_Store
 application.yaml
 initial-data.sql
+app.yaml
 *.env.json

app-sample.properties

@@ -1,14 +0,0 @@
-app.port=9001
-app.cors.enabled=true
-app.cors.hosts=www.readymixerp.com,app.readymixerp.com
-app.db.user=postgres
-app.db.pass=postgres
-app.db.url=jdbc:postgresql://192.168.64.6/modules_app
-app.db.run_migration=true
-app.db.seed_sql=initial-data.sql
-app.iam.url=https://auth.compegence.com
-app.iam.realm=forewarn-dev
-app.iam.client=forewarn
-app.iam.client_redirect_uri=http://localhost:9001/auth/code
-app.cache.redis_uri=redis://127.0.0.1:6379/0
-app.scripts.path=/Users/gowthaman.b/IdeaProjects/rmc_modules_api/src/main/resources/scripts

app-sample.yaml

@@ -0,0 +1,60 @@
+#DO Not edit this file, copy to your HOME Directory and then rename it to app.yaml and then edit it
+app:
+  db:
+    pass: postgres
+    url: jdbc:postgresql://192.168.64.6/modules_app
+    user: postgres
+    run_migration: 'true'
+  cors:
+    enabled: 'true'
+    hosts: www.readymixerp.com,app.readymixerp.com
+  port: '9001'
+  cache:
+    redis_uri: redis://127.0.0.1:6379/0
+  iam:
+    url: https://auth.compegence.com
+    realm: forewarn-dev
+    client_redirect_uri: http://localhost:9001/auth/code
+    client: forewarn
+  scripts:
+    path: /Users/gowthaman.b/IdeaProjects/rmc_modules_api/src/main/resources/scripts
+  security:
+    private_key: |-
+      -----BEGIN PRIVATE KEY-----
+      MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD4ba8OhlyB9MUx
+      MFmT8c9sOKqXOG6ZM6qLxr5SnY1au47rYsHXt8Hb+tTUxpkf+5bndaZYGVgQ1mtw
+      eEVj3qZq9A+FnxxwZ9uIIdbOUPvsZLzNYnK3bFFRsmWMf30gDs6ZdS63b2tnXXE0
+      aoItwVguElUKVXKUymS0VlBB0ZLCYTlD6Q4sDm7HGXJZj5kVNVbBCBe42yLx8Y1F
+      TyNL8nPSS+SAdLUaPJ/6j+741+exAIOc0rSBJOMF0XNOwBZ85EuOiPa0e1sUz0qj
+      VfmZyeRFxkSWJBnqum1jrVFp55bMb37DYtZa0aFIcPdDfY42frDlPLcI4zzRwCn3
+      ggHL/nL9AgMBAAECggEAJ85sxu8zl8/l4EsG3M8EdVWidrGgUyRgDElFCiLcWVta
+      prqVJIt5YNYRJU5J5Jc2fRGxHPEOrJVW84IUsvskVQM/ZiHyd3ZvdaGKdFZYpO5t
+      VvGSlR53l0IhGxal24L+isCn7X+ec5pu6b8JQJX4RbBConHCTDdz/yDMzQcXiiqj
+      ezzSovZ1Xy/2dn7sOTFtEZi47d3AhBnjh8Xqk3Dc9UChooxuIU6WEbqWFxEkbzJS
+      sXIv9xADVDqFqjHGv6Tk1W+y7y8M2EHosJfhO0LmWFL7nUdw0WSJV+UqQxHrUSJs
+      SnYHkKRTYl2ljpjkuECp/YqUqdlNq/5T5jBE6cyopwKBgQD6+XGZfssdAqfnaEK2
+      nHdUAdklUFAFQpSmwIUwTZEHDC/CD+ErVjfbEfZ2mFOvWAIMwLmiLFuDT7E5sHaT
+      K4A2DQ8KyU3iJkH4nhxdYepLc7MSYElkn6fHNrXcJ9vPACmrtoa9rVW/LpAjsRq6
+      fDxLo12/+EmFvpZ0oEAIQXk6ZwKBgQD9ZzBgPapI8m7cjcdojqq0dJ2M5Sw7Bx5n
+      VFOC3H4Cx0xWTdwwZ9CZQ4v/XiiHiUGzwhfkNJ2x3DdpUCkPDD8o3cFXPRW4GsjD
+      kv/D0kL/JJAesG9XB9yMTMBoe2yGMudDVc7SYgUI2YXhmHYkpcjSzM0DftLL2Z47
+      GY1h385Q+wKBgGTRxe/Kfp+lzHtqZ7ph+pG1uFyD+dFTINIn7pkr38G8BIdpx6OY
+      HBIWEjMsGBoNOa2T0j6yoQSMA/7Pw6J1TCjqcAt+OJpLkh7krTJaPjuXO+163qDc
+      fhLKCJ5rKKLsRtEjHtedhR+q/d5IrBsUA0jDVMrkW+ytVlV9dpuaaa+rAoGASON8
+      m8JBD/iEAPbbK+0VlxCQHO3ymgwDJ8+usc6AhIYVJCIDOv0xmFRAmbTYzZuihXVH
+      8AFedsGUQrunA8gPBs86hMByVeGGbBMFdKsvUDqRJfK0JAGD4+tT0PnnjnZn5Qty
+      kTtWnWQMSYbUPNhe+pukQOQi+DXheLhx3XxF2S8CgYEAopLjGIR/xeuV7QkGJfCO
+      d2wEJROBPd3pbDlR4fLDO8RCw3irFYQgQd9WgGJY5KgyfjKLHkK7DMQKn+/yfUp5
+      UKeesBDXATpyQQrpfoKIhhZKtYphOwvIzugtLsd5sza++sjC9RwkRmYr0rzlHdUl
+      vtr3fru0Bzven2MeiQnqmCM=
+      -----END PRIVATE KEY-----
+    public_key: |-
+      -----BEGIN PUBLIC KEY-----
+      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+G2vDoZcgfTFMTBZk/HP
+      bDiqlzhumTOqi8a+Up2NWruO62LB17fB2/rU1MaZH/uW53WmWBlYENZrcHhFY96m
+      avQPhZ8ccGfbiCHWzlD77GS8zWJyt2xRUbJljH99IA7OmXUut29rZ11xNGqCLcFY
+      LhJVClVylMpktFZQQdGSwmE5Q+kOLA5uxxlyWY+ZFTVWwQgXuNsi8fGNRU8jS/Jz
+      0kvkgHS1Gjyf+o/u+NfnsQCDnNK0gSTjBdFzTsAWfORLjoj2tHtbFM9Ko1X5mcnk
+      RcZEliQZ6rptY61RaeeWzG9+w2LWWtGhSHD3Q32ONn6w5Ty3COM80cAp94IBy/5y
+      /QIDAQAB
+      -----END PUBLIC KEY-----

build.gradle.kts

@@ -33,7 +33,9 @@ dependencies {
     implementation("org.jetbrains.kotlin:kotlin-script-runtime:1.9.20")
     implementation("org.bouncycastle:bcprov-jdk18on:1.76")
     implementation("org.bouncycastle:bcpkix-jdk18on:1.76")
+    implementation("org.yaml:snakeyaml:2.2")
     api ("net.cactusthorn.config:config-core:0.81")
+    api ("net.cactusthorn.config:config-yaml:0.81")
     kapt("net.cactusthorn.config:config-compiler:0.81")
     kapt("io.ebean:kotlin-querybean-generator:13.23.2")
 }

src/main/kotlin/com/restapi/config/AppConfig.kt

@@ -7,14 +7,8 @@ import net.cactusthorn.config.core.factory.ConfigFactory
 import net.cactusthorn.config.core.loader.LoadStrategy
 import java.util.Optional
 
-const val INITIAL_ROLES_JSON = """{
-  "roles": []
-}"""
-
 @Config(
-    sources = [
-        "file:~/app.properties", "system:env"
-    ],
+    sources = ["file:~/app.yaml", "system:env"],
     loadStrategy = LoadStrategy.FIRST_KEYCASEINSENSITIVE
 )
 interface AppConfig {
@@ -46,9 +40,6 @@ interface AppConfig {
     @Key("app.db.run_migration")
     fun dbRunMigration(): Boolean
 
-    @Key("app.db.seed_sql")
-    fun seedSqlFile(): Optional<String>
-
     @Key("app.iam.url")
     fun iamUrl(): String
 

src/main/kotlin/com/restapi/domain/db.kt

@@ -45,7 +45,7 @@ object Session {
 
     //if not passed in ENV, then we shall generate and print
     private fun makeRsaJsonWebKey(publicKey: String, privateKey: String): RsaJsonWebKey {
-
+        logger.warn("making KeyPair from Config \n$publicKey\n\n$privateKey")
         val newPublicKey = readPublicKey(publicKey)
         val newPrivateKey = readPrivateKey(privateKey)
         val rsa = PublicJsonWebKey.Factory.newPublicJwk(newPublicKey) as RsaJsonWebKey
@@ -143,9 +143,6 @@ object Session {
             setProperty("datasource.db.password", appConfig.dbPass())
             setProperty("datasource.db.url", appConfig.dbUrl())
             setProperty("ebean.migration.run", appConfig.dbRunMigration().toString())
-            if (appConfig.seedSqlFile().isPresent) {
-                setProperty("ebean.ddl.seedSql", appConfig.seedSqlFile().get())
-            }
         })
         tenantMode = TenantMode.PARTITION
         currentTenantProvider = CurrentTenantProvider { currentUser.get().tenant }

src/main/resources/logback.xml

@@ -6,14 +6,11 @@
     </appender>
 
     <!-- SQL and bind values -->
-    <logger name="io.ebean.SQL" level="TRACE"/>
+    <logger name="io.ebean.SQL" level="INFO"/>
 
     <!-- Transaction Commit and Rollback events -->
     <logger name="io.ebean.TXN" level="WARN"/>
     <logger name="io.ebean.SUM" level="WARN"/>
-    <logger name="io.ebean.migration" level="TRACE"/>
-    <logger name="io.ebean.dbmigration" level="TRACE"/>
-    <logger name="io.ebean" level="TRACE"/>
 
     <root level="info">
         <appender-ref ref="STDOUT" />