feat: admin api and roles (#230)

Author: steve192

src/main/java/com/sterul/opencookbookapiserver/configurations/security/WebSecurityConfiguration.java

@@ -31,93 +31,93 @@
 @EnableMethodSecurity(prePostEnabled = true)
 public class WebSecurityConfiguration {
 
-    private static final List<String> AUTH_WHITELIST = Arrays.asList(
-            "/api/v1/users/signup",
-            "/api/v1/users/activate",
-            "/api/v1/users/resendActivationLink",
-            "/api/v1/users/requestPasswordReset",
-            "/api/v1/users/resetPassword",
-            "/api/v1/users/login",
-            "/api/v1/users/refreshToken",
-            "/swagger-ui/*",
-            "/v3/api-docs/*",
-            "/api-docs*",
-            "/api-docs",
-            "/api-docs/*",
-            "/api-docs/*/*",
-            "/api/v1/instance*",
-            "/api/v1/bringexport*",
-            "/h2-console/*",
-            "/error",
-            "/actuator/health");
-    @Autowired
-    private UserDetailsService userDetailsService;
-    @Autowired
-    private UnauthorizedEntryPoint unauthorizedEntryPoint;
-    @Autowired
-    private JwtRequestFilter jwtRequestFilter;
-    @Autowired
-    private PasswordEncoder passwordEncoder;
-
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        // Configure service to check if credentials are valid
-        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
-    }
-
-    private RequestMatcher allowedPathRequestMatcher() {
-        return (HttpServletRequest request) -> AUTH_WHITELIST.stream()
-                .anyMatch(whitelistedUrl -> new AntPathRequestMatcher(whitelistedUrl).matches(request));
-
-    };
-
-    @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-
-        // Cors and csrf not needed in an api server
-        http.cors(configurer -> configurer.configurationSource(c -> allowAllCorsConfig()));
-        http.csrf(conf -> conf.disable());
-
-        // Allow frames needed for h2 console
-        http.headers(config -> config.frameOptions(options -> options.sameOrigin()));
-
-        // Permit whitelist and authenticated request
-        http.authorizeHttpRequests(
-                authorize -> authorize.requestMatchers(allowedPathRequestMatcher()).permitAll()
-                        .anyRequest().authenticated());
-
-        http.exceptionHandling(configurer -> configurer
-                .authenticationEntryPoint(unauthorizedEntryPoint));
-
-        // Disable sessions since auth/session token is passed in every request
-        http.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
-
-        // Add a filter to check the sent token and authenticate
-        http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
-
-        return http.build();
-    }
-
-    private CorsConfiguration allowAllCorsConfig() {
-        List<String> permittedCorsMethods = Collections.unmodifiableList(Arrays.asList(
-                HttpMethod.GET.name(),
-                HttpMethod.HEAD.name(),
-                HttpMethod.POST.name(),
-                HttpMethod.PUT.name(),
-                HttpMethod.DELETE.name()));
-
-        var corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();
-        corsConfiguration.setAllowedMethods(permittedCorsMethods);
-        return corsConfiguration;
-        
-}
-
-@Bean
-    public AuthenticationManager authenticationManager(HttpSecurity http)
-            throws Exception {
-        return http.getSharedObject(AuthenticationManagerBuilder.class)
-                .userDetailsService(userDetailsService)
-                .passwordEncoder(passwordEncoder).and().build();
-    }
+        private static final List<String> AUTH_WHITELIST = Arrays.asList(
+                        "/api/v1/users/signup",
+                        "/api/v1/users/activate",
+                        "/api/v1/users/resendActivationLink",
+                        "/api/v1/users/requestPasswordReset",
+                        "/api/v1/users/resetPassword",
+                        "/api/v1/users/login",
+                        "/api/v1/users/refreshToken",
+                        "/swagger-ui/*",
+                        "/v3/api-docs/*",
+                        "/api-docs*",
+                        "/api-docs",
+                        "/api-docs/*",
+                        "/api-docs/*/*",
+                        "/api/v1/instance*",
+                        "/api/v1/bringexport*",
+                        "/h2-console/*",
+                        "/error",
+                        "/actuator/health");
+        @Autowired
+        private UserDetailsService userDetailsService;
+        @Autowired
+        private UnauthorizedEntryPoint unauthorizedEntryPoint;
+        @Autowired
+        private JwtRequestFilter jwtRequestFilter;
+        @Autowired
+        private PasswordEncoder passwordEncoder;
+
+        @Autowired
+        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+                // Configure service to check if credentials are valid
+                auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
+        }
+
+        private RequestMatcher allowedPathRequestMatcher() {
+                return (HttpServletRequest request) -> AUTH_WHITELIST.stream()
+                                .anyMatch(whitelistedUrl -> new AntPathRequestMatcher(whitelistedUrl).matches(request));
+
+        };
+
+        @Bean
+        public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+
+                // Cors and csrf not needed in an api server
+                http.cors(configurer -> configurer.configurationSource(c -> allowAllCorsConfig()));
+                http.csrf(conf -> conf.disable());
+
+                // Allow frames needed for h2 console
+                http.headers(config -> config.frameOptions(options -> options.sameOrigin()));
+
+                // Permit whitelist and authenticated request
+                http.authorizeHttpRequests(
+                                authorize -> authorize.requestMatchers(allowedPathRequestMatcher()).permitAll()
+                                                .anyRequest().authenticated());
+
+                http.exceptionHandling(configurer -> configurer
+                                .authenticationEntryPoint(unauthorizedEntryPoint));
+
+                // Disable sessions since auth/session token is passed in every request
+                http.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+
+                // Add a filter to check the sent token and authenticate
+                http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
+
+                return http.build();
+        }
+
+        private CorsConfiguration allowAllCorsConfig() {
+                List<String> permittedCorsMethods = Collections.unmodifiableList(Arrays.asList(
+                                HttpMethod.GET.name(),
+                                HttpMethod.HEAD.name(),
+                                HttpMethod.POST.name(),
+                                HttpMethod.PUT.name(),
+                                HttpMethod.DELETE.name()));
+
+                var corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();
+                corsConfiguration.setAllowedMethods(permittedCorsMethods);
+                return corsConfiguration;
+
+        }
+
+        @Bean
+        public AuthenticationManager authenticationManager(HttpSecurity http)
+                        throws Exception {
+                return http.getSharedObject(AuthenticationManagerBuilder.class)
+                                .userDetailsService(userDetailsService)
+                                .passwordEncoder(passwordEncoder).and().build();
+        }
 
 }

src/main/java/com/sterul/opencookbookapiserver/controllers/UserController.java

@@ -7,6 +7,7 @@
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -75,8 +76,10 @@ public class UserController extends BaseController {
     @Operation(summary = "Creates a new user")
     @PostMapping("/signup")
     @Transactional
-    public CookpalUser signup(@Valid @RequestBody UserCreationRequest userCreationRequest) throws UserAlreadyExistsException {
-        var createdUser = userService.createUser(userCreationRequest.getEmailAddress(), userCreationRequest.getPassword());
+    public CookpalUser signup(@Valid @RequestBody UserCreationRequest userCreationRequest)
+            throws UserAlreadyExistsException {
+        var createdUser = userService.createUser(userCreationRequest.getEmailAddress(),
+                userCreationRequest.getPassword());
         var activationLink = userService.createActivationLink(createdUser);
         try {
             emailService.sendActivationMail(activationLink);
@@ -173,8 +176,11 @@ public ResponseEntity<String> resendActivationLink(@Valid @RequestBody ResendAct
     @Operation(summary = "Get information about authenticated user account")
     @GetMapping("/self")
     public UserInfoResponse getOwnUserInfo() {
+        var user = getLoggedInUser();
         var response = new UserInfoResponse();
-        response.setEmail(getLoggedInUser().getEmailAddress());
+        response.setEmail(user.getEmailAddress());
+        response.setRoles(SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream()
+                .map(authority -> authority.getAuthority()).toList());
         return response;
     }
 

src/main/java/com/sterul/opencookbookapiserver/controllers/admin/AdminIngredientsController.java

@@ -0,0 +1,33 @@
+package com.sterul.opencookbookapiserver.controllers.admin;
+
+import java.util.List;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.sterul.opencookbookapiserver.entities.Ingredient;
+import com.sterul.opencookbookapiserver.services.IngredientService;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.extern.slf4j.Slf4j;
+
+@RestController
+@RequestMapping("/api/v1/admin/ingredients")
+@Tag(name = "Users", description = "Admin ingredient api")
+@Slf4j
+public class AdminIngredientsController {
+
+    private IngredientService ingredientService;
+
+    public AdminIngredientsController(IngredientService ingredientService) {
+        this.ingredientService = ingredientService;
+    }
+    @GetMapping
+    @PreAuthorize("hasAuthority('ADMIN')")
+    public List<Ingredient> getAll() {
+        log.info("Admin: Accessing all ingredients");
+        return ingredientService.getAllIngredients();
+    }
+}

src/main/java/com/sterul/opencookbookapiserver/controllers/admin/AdminRecipeController.java

@@ -0,0 +1,42 @@
+package com.sterul.opencookbookapiserver.controllers.admin;
+
+import java.util.List;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.sterul.opencookbookapiserver.entities.recipe.Recipe;
+import com.sterul.opencookbookapiserver.services.RecipeService;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.extern.slf4j.Slf4j;
+
+@RestController
+@RequestMapping("/api/v1/admin/recipes")
+@Tag(name = "Users", description = "Admin recipe api")
+@Slf4j
+public class AdminRecipeController {
+
+    private RecipeService recipeService;
+
+    public AdminRecipeController(RecipeService recipeService) {
+        this.recipeService = recipeService;
+    }
+
+    @GetMapping
+    @PreAuthorize("hasAuthority('ADMIN')")
+    public List<Recipe> getAll() {
+        log.info("Admin: Accessing all recipes");
+        return recipeService.getAllRecipes();
+    }
+    @GetMapping("/count")
+    @PreAuthorize("hasAuthority('ADMIN')")
+    public List<Recipe> getCount() {
+        log.info("Admin: Accessing recipe count");
+        return recipeService.getAllRecipes();
+    }
+
+
+}

src/main/java/com/sterul/opencookbookapiserver/controllers/admin/AdminUserController.java

@@ -0,0 +1,35 @@
+package com.sterul.opencookbookapiserver.controllers.admin;
+
+import java.util.List;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.sterul.opencookbookapiserver.entities.account.CookpalUser;
+import com.sterul.opencookbookapiserver.services.UserService;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.extern.slf4j.Slf4j;
+
+@RestController
+@RequestMapping("/api/v1/admin/users")
+@Tag(name = "Users", description = "Admin user api")
+@Slf4j
+public class AdminUserController {
+
+    private UserService userService;
+
+    public AdminUserController(UserService userService) {
+        this.userService = userService;
+    }
+
+    @GetMapping
+    @PreAuthorize("hasAuthority('ADMIN')")
+    public List<CookpalUser> getAll() {
+        log.info("Admin: Accessing all users");
+        return userService.getAllUsers();
+    }
+
+}

src/main/java/com/sterul/opencookbookapiserver/controllers/responses/UserInfoResponse.java

@@ -1,8 +1,11 @@
 package com.sterul.opencookbookapiserver.controllers.responses;
 
+import java.util.List;
+
 import lombok.Data;
 
 @Data
 public class UserInfoResponse {
     String email;
+    List<String> roles;
 }

src/main/java/com/sterul/opencookbookapiserver/entities/account/CookpalUser.java

@@ -4,6 +4,8 @@
 import com.sterul.opencookbookapiserver.entities.AuditableEntity;
 
 import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.Id;
 import jakarta.persistence.SequenceGenerator;
@@ -28,6 +30,9 @@ public class CookpalUser extends AuditableEntity {
 
     private boolean activated;
 
+    @Enumerated(EnumType.STRING)
+    private Role roles;
+
     @Override
     public String toString() {
         return getUserId() + " " + getEmailAddress();

src/main/java/com/sterul/opencookbookapiserver/entities/account/Role.java

@@ -0,0 +1,5 @@
+package com.sterul.opencookbookapiserver.entities.account;
+
+public enum Role {
+    ADMIN,
+}

src/main/java/com/sterul/opencookbookapiserver/services/RecipeService.java

@@ -6,8 +6,6 @@
 import java.util.Arrays;
 import java.util.List;
 
-import jakarta.transaction.Transactional;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
@@ -21,6 +19,7 @@
 import com.sterul.opencookbookapiserver.repositories.RecipeRepository;
 import com.sterul.opencookbookapiserver.services.exceptions.ElementNotFound;
 
+import jakarta.transaction.Transactional;
 import lombok.extern.slf4j.Slf4j;
 
 @Service
@@ -186,4 +185,12 @@ private List<Recipe> searchByStringAndType(CookpalUser user, String searchString
                 .get())
                 .toList();
     }
+
+    public List<Recipe> getAllRecipes() {
+        return recipeRepository.findAll();
+    }
+
+    public long getRecipeCount() {
+        return recipeRepository.count();
+    }
 }