From d7cb4a22d5017dd0db71094506e162dc88c12755 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=E1=BB=91ng?= Date: Sat, 8 Feb 2025 21:57:46 +0700 Subject: [PATCH] release: testcontainers configs --- sep490-enterprise/Dockerfile | 6 ++ .../configs/AuthorizationServerConfig.java | 37 ++++++- sep490-idp/src/main/resources/application.yml | 22 ---- .../db/migration/V0.0.1.8__testcontainers.sql | 100 ++++++++++++++++++ sep490-infrastructure/docker-compose.prod.yml | 89 ++++++++++++++++ 5 files changed, 229 insertions(+), 25 deletions(-) create mode 100644 sep490-enterprise/Dockerfile create mode 100644 sep490-idp/src/main/resources/db/migration/V0.0.1.8__testcontainers.sql create mode 100644 sep490-infrastructure/docker-compose.prod.yml diff --git a/sep490-enterprise/Dockerfile b/sep490-enterprise/Dockerfile new file mode 100644 index 00000000..cfb6fc23 --- /dev/null +++ b/sep490-enterprise/Dockerfile @@ -0,0 +1,6 @@ +FROM eclipse-temurin:21.0.2_13-jdk-alpine +COPY build/libs/*.jar app.jar +ENTRYPOINT ["java", \ + "-jar", \ + "app.jar" \ +] diff --git a/sep490-idp/src/main/java/sep490/idp/configs/AuthorizationServerConfig.java b/sep490-idp/src/main/java/sep490/idp/configs/AuthorizationServerConfig.java index 80a6bcf3..82b4cc2a 100644 --- a/sep490-idp/src/main/java/sep490/idp/configs/AuthorizationServerConfig.java +++ b/sep490-idp/src/main/java/sep490/idp/configs/AuthorizationServerConfig.java @@ -5,6 +5,8 @@ import com.nimbusds.jose.jwk.source.ImmutableJWKSet; import com.nimbusds.jose.jwk.source.JWKSource; import com.nimbusds.jose.proc.SecurityContext; +import commons.springfw.impl.filters.MonitoringFilter; +import commons.springfw.impl.securities.JwtAuthenticationConverter; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -16,12 +18,19 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.crypto.encrypt.KeyStoreKeyFactory; -import org.springframework.security.oauth2.core.oidc.OidcUserInfo; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.oauth2.core.AuthorizationGrantType; +import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.core.oidc.OidcScopes; import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames; import org.springframework.security.oauth2.server.authorization.OAuth2TokenType; +import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository; +import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; +import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer; import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; +import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer; import org.springframework.security.web.SecurityFilterChain; @@ -31,19 +40,41 @@ import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; -import commons.springfw.impl.filters.MonitoringFilter; -import commons.springfw.impl.securities.JwtAuthenticationConverter; import sep490.idp.service.impl.UserInfoService; import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.util.Collections; +import java.util.UUID; import java.util.stream.Collectors; @Configuration +@RequiredArgsConstructor public class AuthorizationServerConfig { + private final PasswordEncoder passwordEncoder; + + @Bean + public RegisteredClientRepository registeredClientRepository() { + var testcontainers = RegisteredClient + .withId(UUID.randomUUID().toString()) + .clientId("testcontainers") + .clientSecret(passwordEncoder.encode("testcontainers")) + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) + .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) + .scope(OidcScopes.OPENID) + .scope(OidcScopes.PROFILE) + .scope(OidcScopes.PHONE) + .scope(OidcScopes.EMAIL) + .clientSettings(ClientSettings.builder() + .requireProofKey(false) + .requireAuthorizationConsent(false) + .build()) + .build(); + return new InMemoryRegisteredClientRepository(testcontainers); + } + @Bean public CorsConfigurationSource corsConfigurationSource() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); diff --git a/sep490-idp/src/main/resources/application.yml b/sep490-idp/src/main/resources/application.yml index 7980a65f..f8aa8849 100644 --- a/sep490-idp/src/main/resources/application.yml +++ b/sep490-idp/src/main/resources/application.yml @@ -1,25 +1,4 @@ spring: - security: - oauth2: - authorizationserver: - client: - oidc-client: - registration: - client-id: ${OIDC_CLIENT_ID} - client-authentication-methods: - - "none" - authorization-grant-types: - - "authorization_code" - redirect-uris: ${OIDC_REDIRECT_URI} - post-logout-redirect-uris: ${OIDC_POST_LOGOUT_REDIRECT_URI} - scopes: - - openid - - email - - phone - require-authorization-consent: false - require-proof-key: true - token: - access-token-time-to-live: PT1H mail: host: ${SMTP_HOST:127.0.0.1} port: ${SMTP_PORT:1025} @@ -36,7 +15,6 @@ spring: username: ${POSTGRES_USER} password: ${POSTGRES_PASSWORD} flyway: - default-schema: ${DB_SCHEMA} output-query-results: ${FLYWAY_OUTPUT_QUERIES:false} create-schemas: false jpa: diff --git a/sep490-idp/src/main/resources/db/migration/V0.0.1.8__testcontainers.sql b/sep490-idp/src/main/resources/db/migration/V0.0.1.8__testcontainers.sql new file mode 100644 index 00000000..2b9b76f4 --- /dev/null +++ b/sep490-idp/src/main/resources/db/migration/V0.0.1.8__testcontainers.sql @@ -0,0 +1,100 @@ +INSERT INTO public.users (created_date, + created_by, + last_modified_date, + last_modified_by, + id, + version, + password, + email, + email_verified, + phone, + phone_verified, + first_name, + last_name, + deleted) +VALUES ('2025-02-09 01:20:47.195421', + 'testcontainers', + '2025-02-09 01:20:47.195421', + 'testcontainers', + '673c2bc1-3506-43ac-84f9-64262cb98ea7', + 0, + '$2a$10$LS6VeVU1zy.S7Vfwlik1DeuC1KyTs28NyMG0mQtgOsgEASXAJFgg6', + 'enterprise.user@greenbuildings.com', + true, + '0123456789', + true, + 'User', + 'Testcontainers', + false); + +INSERT INTO public.enterprise_users (created_date, + created_by, + last_modified_date, + last_modified_by, + id, + version, + user_id, + enterprise_id, + user_role, + user_scope) +VALUES ('2025-02-09 01:20:47.195421', + 'testcontainers', + '2025-02-09 01:20:47.195421', + 'testcontainers', + 'f74e9eb8-c1ba-436f-8c02-8379aad030bf', + 0, + '673c2bc1-3506-43ac-84f9-64262cb98ea7', + '00000000-0000-0000-0000-000000000000', + 'ENTERPRISE_OWNER', + 'ENTERPRISE'); + +INSERT INTO public.users (created_date, + created_by, + last_modified_date, + last_modified_by, + id, + version, + password, + email, + email_verified, + phone, + phone_verified, + first_name, + last_name, + deleted) +VALUES ('2025-02-09 01:20:47.195421', + 'testcontainers', + '2025-02-09 01:20:47.195421', + 'testcontainers', + '0ab228a8-12c2-408b-a111-64083fb1ed4c', + 0, + '$2a$10$LS6VeVU1zy.S7Vfwlik1DeuC1KyTs28NyMG0mQtgOsgEASXAJFgg6', + 'anybody.user@greenbuildings.com', + true, + '0192831726', + true, + 'User', + 'Unknown', + false); + +INSERT INTO public.enterprise_users (created_date, + created_by, + last_modified_date, + last_modified_by, + id, + version, + user_id, + enterprise_id, + user_role, + user_scope) +VALUES ('2025-02-09 01:20:47.195421', + 'testcontainers', + '2025-02-09 01:20:47.195421', + 'testcontainers', + 'a26ec5ac-9648-4ba9-8ded-edc21f2cd7e2', + 0, + '0ab228a8-12c2-408b-a111-64083fb1ed4c', + null, + 'ENTERPRISE_OWNER', + 'ENTERPRISE'); + diff --git a/sep490-infrastructure/docker-compose.prod.yml b/sep490-infrastructure/docker-compose.prod.yml new file mode 100644 index 00000000..bbadcf72 --- /dev/null +++ b/sep490-infrastructure/docker-compose.prod.yml @@ -0,0 +1,89 @@ +services: + sep490_identity_provider: + image: thongdh3401/sep490-idp:testcontainers + container_name: sep490_identity_provider + environment: + DB_HOST: sep490_databases + DB_PORT: 5432 + DB_NAME: "sep490_idp" + POSTGRES_USER: "postgres" + POSTGRES_PASSWORD: "postgres" + healthcheck: + test: [ "CMD", "curl", "-f", "http://127.0.0.1:8180/actuator/health" ] + interval: 10s + timeout: 5s + retries: 5 + ports: + - "8180:8180" + depends_on: + - sep490_databases + sep490_enterprise: + image: thongdh3401/sep490-enterprise:testcontainers + container_name: sep490_enterprise + environment: + DB_HOST: sep490_databases + DB_PORT: 5432 + DB_NAME: sep490_enterprise + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + ISSUER_URI: http://127.0.0.1:8180 + healthcheck: + test: [ "CMD", "curl", "-f", "http://127.0.0.1:8080/actuator/health" ] + interval: 10s + timeout: 5s + retries: 5 + ports: + - "8080:8080" + depends_on: + - sep490_databases + sep490_databases: + image: postgres:16.4 + container_name: sep490_databases + restart: always + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + healthcheck: + test: [ "CMD-SHELL", "pg_isready", "-U", "postgres", "-d", "postgres" ] + interval: 10s + timeout: 5s + retries: 5 + ports: + - "127.0.0.1:5432:5432" + volumes: + - ./postgres/init-db.sql:/docker-entrypoint-initdb.d/init-db.sql + + sep490_redis: + image: redis:7.4.1-alpine + container_name: sep490_redis + command: redis-server --appendonly yes + healthcheck: + test: [ "CMD", "redis-cli", "ping" ] + interval: 10s + timeout: 5s + retries: 3 + ports: + - "127.0.0.1:6379:6379" + + sep490_mailhog: + image: mailhog/mailhog + container_name: sep490_mailhog + ports: + - "127.0.0.1:1025:1025" + - "127.0.0.1:8025:8025" + + sep490_minio: + image: quay.io/minio/minio + container_name: sep490_minio + command: server /data --console-address ":9001" + ports: + - "127.0.0.1:9000:9000" + - "127.0.0.1:9001:9001" + healthcheck: + test: [ "CMD", "mc", "ready", "local" ] + interval: 30s + timeout: 5s + retries: 5 + environment: + MINIO_ROOT_USER: minioadmin + MINIO_ROOT_PASSWORD: minioadmin