add spring security

Author: h908714124

Makefile

@@ -21,3 +21,6 @@ show: pack
 
 build: pack
 	./gradlew bootJar
+
+check: lint
+	cd src/main/client && npm run test

build.gradle

@@ -13,6 +13,7 @@ repositories {
 dependencies {
   implementation 'org.springframework.boot:spring-boot-starter-websocket'
   implementation 'com.auth0:java-jwt:4.4.0'
+  implementation 'org.springframework.boot:spring-boot-starter-security'
   testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
   testImplementation 'org.junit.jupiter:junit-jupiter:5.10.2'
 }
@@ -26,4 +27,4 @@ test {
   testLogging {
     events('failed')
   }
-}
+}

src/main/client/src/Lobby.jsx

@@ -8,12 +8,20 @@ import {
 import {
   useNavigate,
 } from "react-router-dom"
+import toast from "react-hot-toast"
+import {
+  Form,
+} from "./component/Form.jsx"
+import {
+  Input,
+} from "./component/Input.jsx"
 import {
   Button,
 } from "./component/Button.jsx"
 import {
   base,
   StompContext,
+  tfetch,
 } from "./util.js"
 import {
   LobbyPanel,
@@ -25,6 +33,8 @@ import {
 
 export function Lobby() {
   let [matchRequested, setMatchRequested] = useState(false)
+  let [isNewGameOpen, setNewGameOpen] = useState(false)
+  let [openGames, setOpenGames] = useState([])
   let stompClient = useContext(StompContext)
   let navigate = useNavigate()
   let auth = useAuthStore(state => state.auth)
@@ -45,6 +55,10 @@ export function Lobby() {
         setMatchRequested(true)
       }
     })
+    let sub3 = stompClient.subscribe("/topic/lobby/open", (message) => {
+      let r = JSON.parse(message.body)
+      setOpenGames(r.games)
+    })
     stompClient.publish({
       destination: "/app/lobby/hello",
       body: JSON.stringify({
@@ -53,8 +67,23 @@ export function Lobby() {
     return () => {
       sub1.unsubscribe()
       sub2.unsubscribe()
+      sub3.unsubscribe()
     }
   }, [setInit, setMatchRequested, auth, initialized, stompClient, navigate])
+  let onNewGame = useCallback(async (d) => {
+    try {
+      await tfetch("/api/create", {
+        method: "POST",
+        headers: {
+          "Authorization": "Bearer " + auth.token,
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify(d),
+      })
+    } catch (e) {
+      toast.error(e.message)
+    }
+  }, [auth.token])
   let matchRequest = useCallback((editMode) => {
     stompClient.publish({
       destination: "/app/lobby/match",
@@ -85,6 +114,27 @@ export function Lobby() {
           Find match
         </Button>
       </div>
+      <div className="mt-2">
+        <Button
+          onClick={() => setNewGameOpen(!isNewGameOpen)}>
+          New Game
+        </Button>
+      </div>
+      {isNewGameOpen && (
+        <Form className="mt-2" onSubmit={onNewGame}>
+          <Input name="dim" defaultValue="9"/>
+          <Input name="handicap" defaultValue="0"/>
+          <Button
+            type="submit">
+            OK
+          </Button>
+        </Form>
+      )}
+      <div className="mt-2">
+        {openGames.map((game) => (
+          <div key={game.id}>{game.user.name}, {game.dim}x{game.dim}</div>
+        ))}
+      </div>
       <LobbyPanel />
     </div>
   )

src/main/client/src/Login.jsx

@@ -12,7 +12,7 @@ import {
 } from "react-router-dom"
 import toast, {
   Toaster,
-} from "react-hot-toast";
+} from "react-hot-toast"
 import {
   base,
   tfetch,
@@ -54,7 +54,7 @@ export function Login() {
           Join
       </Button>
     </Form>
-    <Toaster position="top-right"/>
+    <Toaster position="top-right" />
   </>
   )
 }

src/main/client/src/Router.jsx

@@ -11,6 +11,9 @@ import {
   Outlet,
   Navigate,
 } from "react-router-dom"
+import {
+  Toaster,
+} from "react-hot-toast"
 import {
   useAuthStore,
 } from "./store.js"
@@ -34,11 +37,18 @@ export const Router = createBrowserRouter(
     <Route
       element={<WithConnection />}>
       <Route
-        path={base + "/lobby"}
-        element={<Lobby />} />
-      <Route
-        path={base + "/game/:gameId"}
-        element={<Game />} />
+        element={
+          <div>
+            <Outlet />
+            <Toaster position="top-right" />
+          </div>}>
+        <Route
+          path={base + "/lobby"}
+          element={<Lobby />} />
+        <Route
+          path={base + "/game/:gameId"}
+          element={<Game />} />
+      </Route>
     </Route>
     <Route
       path={base + "/login"}

src/main/java/com/bernd/GameController.java

@@ -6,9 +6,11 @@
 import com.bernd.model.OpenGame;
 import com.bernd.model.OpenGameList;
 import com.bernd.util.RandomString;
+import java.util.Objects;
 import org.springframework.http.ResponseEntity;
 import org.springframework.messaging.core.MessageSendingOperations;
 import org.springframework.messaging.handler.annotation.MessageMapping;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -47,7 +49,8 @@ public void action(Move move) {
   @PostMapping(value = "/api/create", consumes = "application/json")
   @ResponseBody
   public ResponseEntity<?> newGame(@RequestBody OpenGame openGame) {
-    openGames.put(RandomString.get(), openGame);
+    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+    openGames.put(RandomString.get(), openGame.withUser(Objects.toString(principal, "")));
     operations.convertAndSend("/topic/lobby/open",
         new OpenGameList(openGames.games()));
     return ResponseEntity.ok().build();

src/main/java/com/bernd/LobbyController.java

@@ -2,6 +2,7 @@
 
 import com.bernd.model.Game;
 import com.bernd.model.MatchRequest;
+import com.bernd.model.OpenGameList;
 import com.bernd.model.Status;
 import com.bernd.model.User;
 import com.bernd.model.UserList;
@@ -19,22 +20,27 @@ public class LobbyController {
   private final MessageSendingOperations<String> operations;
   private final LobbyUsers lobbyUsers;
   private final Games games;
+  private final OpenGames openGames;
   private User lookingForMatch;
 
   LobbyController(
       MessageSendingOperations<String> operations,
       LobbyUsers lobbyUsers,
+      OpenGames openGames,
       Games games) {
     this.operations = operations;
     this.lobbyUsers = lobbyUsers;
     this.games = games;
+    this.openGames = openGames;
   }
 
   @MessageMapping("/lobby/hello")
   public void lobbyJoinedAction(Principal principal) {
     lobbyUsers.add(principal);
     operations.convertAndSend("/topic/lobby/users",
         new UserList(lobbyUsers.users()));
+    operations.convertAndSend("/topic/lobby/open",
+        new OpenGameList(openGames.games()));
   }
 
   @MessageMapping("/lobby/match")

src/main/java/com/bernd/OpenGames.java

@@ -15,7 +15,7 @@ OpenGame get(String id) {
   }
 
   OpenGame put(String id, OpenGame game) {
-    map.put(game.id(), game);
+    map.put(game.id(), game.withId(id));
     return game;
   }
 

src/main/java/com/bernd/UserInterceptor.java

@@ -38,11 +38,11 @@ public Message<?> preSend(Message<?> message, MessageChannel channel) {
       }
       DecodedJWT jwt = verifier.verify(tokens.get(0));
       Claim name = jwt.getClaim("name");
-      if (name == null) {
+      if (name.asString() == null) {
         return null;
       }
       accessor.setUser(new StompUser(name.asString()));
     }
     return message;
   }
-}
+}

src/main/java/com/bernd/model/OpenGame.java

@@ -9,4 +9,8 @@ public record OpenGame(
   public OpenGame withId(String id) {
     return new OpenGame(id, user, dim, handicap);
   }
+
+  public OpenGame withUser(String name) {
+    return new OpenGame(id, new User(name), dim, handicap);
+  }
 }

src/main/java/com/bernd/util/AuthFilter.java

@@ -0,0 +1,56 @@
+package com.bernd.util;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.List;
+import org.springframework.core.env.Environment;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Component
+public class AuthFilter extends OncePerRequestFilter {
+
+  private final JWTVerifier verifier;
+
+  public AuthFilter(Environment environment) {
+    Algorithm algorithm = Algorithm.HMAC512(environment.getProperty("jwt.secret.key"));
+    this.verifier = JWT.require(algorithm).build();
+  }
+
+  @Override
+  protected void doFilterInternal(
+      HttpServletRequest request,
+      HttpServletResponse response,
+      FilterChain filterChain) throws ServletException, IOException {
+    String username = getUsername(request);
+    if (username == null) {
+      filterChain.doFilter(request, response);
+      return;
+    }
+    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, null, List.of());
+    authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+    SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+    filterChain.doFilter(request, response);
+    SecurityContextHolder.getContext().setAuthentication(null);
+  }
+
+  private String getUsername(HttpServletRequest request) {
+    String authHeader = request.getHeader("Authorization");
+    if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+      return null;
+    }
+    String token = authHeader.substring(7);
+    DecodedJWT jwt = verifier.verify(token);
+    return jwt.getClaim("name").asString();
+  }
+}

src/main/java/com/bernd/util/SecurityConfig.java

@@ -0,0 +1,36 @@
+package com.bernd.util;
+
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+@Order(SecurityProperties.BASIC_AUTH_ORDER - 10)
+public class SecurityConfig {
+
+  private final AuthFilter authFilter;
+
+  public SecurityConfig(AuthFilter authFilter) {
+    this.authFilter = authFilter;
+  }
+
+  // https://www.springboottutorial.com/securing-rest-services-with-spring-boot-starter-security
+  @Bean
+  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+    http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
+    http.csrf(AbstractHttpConfigurer::disable);
+    http.addFilterBefore(authFilter, UsernamePasswordAuthenticationFilter.class);
+    http.sessionManagement(sessionConfigurer -> {
+      sessionConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+    });
+    return http.build();
+  }
+}