Merge pull request #22 from ligangty/main

Auth support: enable oidc and add access token in client request filter

pom.xml

@@ -50,14 +50,12 @@
   </properties>
 
   <dependencies>
-    <!-- 
     <dependency>
       <groupId>org.commonjava.indy.service</groupId>
       <artifactId>indy-security</artifactId>
       <version>${indysecurity.verison}</version>
-    </dependency> 
-    -->
-
+    </dependency>
+
     <!-- quarkus deps start -->
     <dependency>
       <groupId>io.quarkus</groupId>
@@ -123,14 +121,6 @@
       <groupId>io.quarkus</groupId>
       <artifactId>quarkus-oidc</artifactId>
     </dependency>
-    <dependency>
-      <groupId>io.quarkus</groupId>
-      <artifactId>quarkus-oidc-client</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>io.quarkus</groupId>
-      <artifactId>quarkus-oidc-client-filter</artifactId>
-    </dependency>
     <!-- quarkus-security end -->
 
     <dependency>

src/main/java/org/commonjava/indy/service/ui/client/CustomClientRequestFilter.java → src/main/java/org/commonjava/indy/service/ui/client/AuthClientRequestFilter.java

@@ -15,8 +15,11 @@
  */
 package org.commonjava.indy.service.ui.client;
 
-
-import io.quarkus.oidc.client.OidcClient;
+import io.quarkus.oidc.IdToken;
+import io.quarkus.oidc.RefreshToken;
+import org.eclipse.microprofile.jwt.JsonWebToken;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.annotation.Priority;
 import javax.inject.Inject;
@@ -26,18 +29,36 @@
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.ext.Provider;
 
-//@Provider
-//@Priority(Priorities.AUTHENTICATION)
-public class CustomClientRequestFilter
+@Provider
+@Priority( Priorities.AUTHENTICATION )
+public class AuthClientRequestFilter
         implements ClientRequestFilter
 {
+    private final Logger logger = LoggerFactory.getLogger( this.getClass() );
+
+    @Inject
+    @IdToken
+    JsonWebToken idToken;
+
+    @Inject
+    JsonWebToken accessToken;
 
     @Inject
-    OidcClient client;
+    RefreshToken refreshToken;
 
     @Override
     public void filter( ClientRequestContext requestContext )
     {
-        requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, "Bearer " + client.getTokens().await().indefinitely().getAccessToken());
+        if ( idToken != null )
+        {
+            Object userName = this.idToken.getClaim( "preferred_username" );
+            logger.debug( "User: {}", userName );
+        }
+        if ( accessToken != null )
+        {
+            String token = accessToken.getRawToken();
+            logger.debug( "Access Token: {}", token );
+            requestContext.getHeaders().add( HttpHeaders.AUTHORIZATION, String.format( "Bearer %s", token ) );
+        }
     }
 }

src/main/java/org/commonjava/indy/service/ui/client/admin/MaintenanceServiceClient.java

@@ -34,7 +34,6 @@
 
 @Path( "/api/admin/maint" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface MaintenanceServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/content/ContentBrowseServiceClient.java

@@ -29,7 +29,6 @@
 import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
 @Path( "/api/browse/{packageType}/{type: (hosted|group|remote)}/{name}" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface ContentBrowseServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/content/GenericContentAccessServiceClient.java

@@ -33,7 +33,6 @@
 
 @Path( "/api/content/generic-http/{type: (hosted|group|remote)}/{name}" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface GenericContentAccessServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/content/MavenContentAccessServiceClient.java

@@ -33,7 +33,6 @@
 
 @Path( "/api/content/maven/{type: (hosted|group|remote)}/{name}" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider(CustomClientRequestFilter.class)
 public interface MavenContentAccessServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/content/NPMContentAccessServiceClient.java

@@ -32,7 +32,6 @@
 
 @Path( "/api/content/npm/{type: (hosted|group|remote)}/{name}" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface NPMContentAccessServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/koji/KojiRepairServiceClient.java

@@ -35,7 +35,6 @@
 @Path( "/api/repair/koji" )
 @Produces( APPLICATION_JSON )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface KojiRepairServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/nfc/NFCServiceClient.java

@@ -29,7 +29,6 @@
 
 @Path( "/api/nfc" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider(CustomClientRequestFilter.class)
 public interface NFCServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/pathmap/PathMappedServiceClient.java

@@ -34,7 +34,6 @@
 
 @Path( "/api/admin/pathmapped" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface PathMappedServiceClient
 {
     String BROWSE_BASE = "/browse/{packageType}/{type: (hosted|group|remote)}/{name}";

src/main/java/org/commonjava/indy/service/ui/client/promote/PromoteAdminServiceClient.java

@@ -30,7 +30,6 @@
 
 @Path( PromoteAdminServiceClient.PROMOTION_ADMIN_API )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider(CustomClientRequestFilter.class)
 public interface PromoteAdminServiceClient
 {
     String PROMOTION_ADMIN_API = "/api/promotion/admin";

src/main/java/org/commonjava/indy/service/ui/client/promote/PromoteServiceClient.java

@@ -31,7 +31,6 @@
 @Path( "/api/promotion" )
 @Produces( APPLICATION_JSON )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider(CustomClientRequestFilter.class)
 public interface PromoteServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/repository/RepositoryAdminServiceClient.java

@@ -38,7 +38,6 @@
 
 @Path( "/api/admin/stores/{packageType}/{type: (hosted|group|remote)}" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider(CustomClientRequestFilter.class)
 public interface RepositoryAdminServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/repository/RepositoryMaintServiceClient.java

@@ -30,7 +30,6 @@
 
 @Path( "/api/admin/stores/maint" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider(CustomClientRequestFilter.class)
 public interface RepositoryMaintServiceClient
 {
     String MEDIATYPE_APPLICATION_ZIP = "application/zip";

src/main/java/org/commonjava/indy/service/ui/client/repository/RepositoryQueryServiceClient.java

@@ -15,32 +15,21 @@
  */
 package org.commonjava.indy.service.ui.client.repository;
 
-import org.eclipse.microprofile.openapi.annotations.Operation;
-import org.eclipse.microprofile.openapi.annotations.media.Content;
-import org.eclipse.microprofile.openapi.annotations.media.Schema;
 import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
-import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
-import org.jboss.resteasy.spi.HttpRequest;
 
-import javax.ws.rs.Consumes;
 import javax.ws.rs.Encoded;
 import javax.ws.rs.GET;
-import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 
 import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
-import static javax.ws.rs.core.Response.Status.BAD_REQUEST;
-import static javax.ws.rs.core.Response.ok;
 
 @Path( "/api/admin/stores/query" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider(CustomClientRequestFilter.class)
 public interface RepositoryQueryServiceClient
 {
     Response getAll( @QueryParam( "packageType" ) final String packageType,

src/main/java/org/commonjava/indy/service/ui/client/schedule/SchedulerServiceClient.java

@@ -34,7 +34,6 @@
 @Path( "/api/admin/schedule" )
 @Produces( APPLICATION_JSON )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface SchedulerServiceClient
 {
     @Path( "store/{type}/{name}/disable-timeout" )

src/main/java/org/commonjava/indy/service/ui/client/stats/StatsClient.java

@@ -15,7 +15,6 @@
  */
 package org.commonjava.indy.service.ui.client.stats;
 
-import org.eclipse.microprofile.openapi.annotations.Operation;
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
 
 import javax.ws.rs.GET;
@@ -29,7 +28,6 @@
 
 @Path( "/api/stats" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface StatsClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/tracking/FoloGenericContentAccessServiceClient.java

@@ -31,7 +31,6 @@
 
 @Path( "/api/folo/track/{id}/generic-http/{type: (hosted|group|remote)}/{name}" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface FoloGenericContentAccessServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/tracking/FoloMavenContentAccessServiceClient.java

@@ -31,7 +31,6 @@
 
 @Path( "/api/folo/track/{id}/maven/{type: (hosted|group|remote)}/{name}" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface FoloMavenContentAccessServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/client/tracking/FoloNPMContentAccessServiceClient.java

@@ -31,7 +31,6 @@
 
 @Path( "/api/folo/track/{id}/npm/{type: (hosted|group|remote)}/{name}" )
 @RegisterRestClient( configKey = "service-api" )
-//@RegisterProvider( CustomClientRequestFilter.class)
 public interface FoloNPMContentAccessServiceClient
 {
 

src/main/java/org/commonjava/indy/service/ui/keycloak/KeycloakConfig.java

@@ -27,6 +27,7 @@
 @Startup
 @ConfigMapping( prefix = "keycloak" )
 @ApplicationScoped
+@Deprecated
 interface KeycloakConfig
 {
     boolean DEFAULT_ENABLED = false;

src/main/resources/application.yaml

@@ -80,6 +80,7 @@ quarkus:
         strict-ssl: false
       install: "npm config set strict-ssl false && npm ci"
 
+# These REST APIs are not needed to show in rest docs
 mp:
   openapi:
     scan:
@@ -121,7 +122,7 @@ service-api/mp-rest/uri: http://localhost:8080/
 service-api/mp-rest/scope: javax.inject.Singleton
 #service-api/mp-rest/connectTimeout: 60000
 #service-api/mp-rest/readTimeout: 60000
-#service-api/mp-rest/providers: org.commonjava.indy.service.ui.client.CustomClientRequestFilter
+#service-api/mp-rest/providers: org.commonjava.indy.service.ui.client.AuthClientRequestFilter
 
 "%dev":
   quarkus: