merge legacy www

author: Vitaly Takmazov 2018-09-06 13:58:40 +0300
committer: Vitaly Takmazov 2018-09-07 05:15:51 -0400
commit: 670913698776e09b7ff44f44ccdcf56303d79be3 (patch)
tree: 96f932645ab0faf9de6861f89072d1eb4b2622a3 /juick-server/src/main/java/com/juick/server/configuration
parent: 51489a954463567f8dd50854826c03ce51c45cb3 (diff)
5 files changed, 362 insertions, 136 deletions
diff --git a/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
deleted file mode 100644
index 2f263a78..00000000
--- a/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (C) 2008-2017, Juick
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.juick.server.configuration;
-
-import com.juick.service.UserService;
-import com.juick.service.security.JuickUserDetailsService;
-import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.authentication.HttpStatusEntryPoint;
-import org.springframework.security.web.authentication.RememberMeServices;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-
-import javax.inject.Inject;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.concurrent.TimeUnit;
-
-/**
- * Created by aalexeev on 11/21/16.
- */
-@Configuration
-@EnableWebSecurity
-public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
-    @Value("${auth_remember_me_key:secret}")
-    private String rememberMeKey;
-    @Inject
-    private UserService userService;
-
-    ApiSecurityConfig() {
-        super(true);
-    }
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
-                .antMatchers(HttpMethod.OPTIONS).permitAll()
-                .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
-                        "/skypebotendpoint", "/_fblogin", "/_vklogin", "_tglogin", "/u/**", "/.well-known/webfinger").permitAll()
-                .anyRequest().hasRole("USER")
-                .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
-                .and().anonymous()
-                .and().cors().configurationSource(corsConfigurationSource())
-                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
-                .and()
-                .rememberMe()
-                .alwaysRemember(true)
-                .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
-                .rememberMeServices(rememberMeServices())
-                .key(rememberMeKey)
-                .and().authenticationProvider(authenticationProvider())
-                .headers().defaultsDisabled().cacheControl();
-    }
-
-    @Bean
-    public AuthenticationProvider authenticationProvider() {
-        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
-
-        authenticationProvider.setUserDetailsService(userDetailsService());
-
-        return authenticationProvider;
-    }
-
-    @Bean
-    public UserDetailsService userDetailsService() {
-        return new JuickUserDetailsService(userService);
-    }
-
-    @Bean
-    public RememberMeServices rememberMeServices() {
-        return new RequestParamHashRememberMeServices(rememberMeKey, userService);
-    }
-
-    @Bean
-    public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
-        return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
-    }
-
-    @Bean
-    public CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-
-        configuration.setAllowedOrigins(Collections.singletonList("*"));
-        configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
-        configuration.setAllowedHeaders(Collections.singletonList("*"));
-
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
-
-        return source;
-    }
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**",
-                "/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**", "/h2-console/**");
-    }
-}
diff --git a/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java b/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java
deleted file mode 100644
index 598a7435..00000000
--- a/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package com.juick.server.configuration;
-
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.context.annotation.ComponentScan;
-
-@EnableAutoConfiguration
-@ComponentScan({"com.juick.server", "com.juick.service"})
-public class PostConfig {
-}
diff --git a/juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java b/juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java
new file mode 100644
index 00000000..53b29415
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.configuration;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import ru.sape.Sape;
+
+/**
+ * Created by vitalyster on 29.03.2017.
+ */
+@Configuration
+public class SapeConfiguration {
+    @Value("${sape_user:secret}")
+    private String token;
+
+    @Bean
+    public Sape sape() {
+        return new Sape(token, "juick.com", 2000, 3600);
+    }
+}
diff --git a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
new file mode 100644
index 00000000..cd2ab13a
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
@@ -0,0 +1,209 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.configuration;
+
+import com.juick.service.UserService;
+import com.juick.service.security.HashParamAuthenticationFilter;
+import com.juick.service.security.JuickUserDetailsService;
+import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
+import com.juick.service.security.entities.JuickUser;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import javax.annotation.Resource;
+import javax.inject.Inject;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+@EnableWebSecurity
+public class SecurityConfig {
+    @Resource
+    private UserService userService;
+    @Value("${auth_remember_me_key:secret}")
+    private String rememberMeKey;
+    @Value("${web_domain:localhost}")
+    private String webDomain;
+
+    private static final String COOKIE_NAME = "juick-remember-me";
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        return new JuickUserDetailsService(userService);
+    }
+    @Bean
+    public RememberMeServices rememberMeServices() throws Exception {
+        TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(
+                rememberMeKey, userDetailsService());
+
+        services.setCookieName(COOKIE_NAME);
+        services.setCookieDomain(webDomain);
+        services.setAlwaysRemember(true);
+        services.setTokenValiditySeconds(6 * 30 * 24 * 3600);
+        services.setUseSecureCookie(false); // TODO set true if https is supports
+
+        return services;
+    }
+    @Bean
+    public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception {
+        return new HashParamAuthenticationFilter(userService, rememberMeServices());
+    }
+
+
+    @Configuration
+    @Order(1)
+    public static class ApiConfig extends WebSecurityConfigurerAdapter {
+        @Value("${auth_remember_me_key:secret}")
+        private String rememberMeKey;
+        @Value("${web_domain:localhost}")
+        private String webDomain;
+        @Resource
+        private UserService userService;
+        @Inject
+        private HashParamAuthenticationFilter hashParamAuthenticationFilter;
+        ApiConfig() {
+            super(true);
+        }
+        @Bean
+        RememberMeServices rememberMeServices(){
+            return new RequestParamHashRememberMeServices(rememberMeKey, userService);
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            http.addFilterAfter(hashParamAuthenticationFilter, BasicAuthenticationFilter.class);
+            http.antMatcher("/api/**").authorizeRequests()
+                    .antMatchers(HttpMethod.OPTIONS).permitAll()
+                    .antMatchers("/api/", "/api/messages", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk",
+                            "/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin", "/api/u/**", "/.well-known/webfinger").permitAll()
+                    .anyRequest().hasRole("USER")
+                    .and()
+                    .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
+                    .and()
+                    .httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
+                    .and().cors().configurationSource(corsConfigurationSource())
+                    .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                    .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
+                    .and()
+                    .rememberMe()
+                    .alwaysRemember(true)
+                    .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
+                    .rememberMeServices(rememberMeServices())
+                    .key(rememberMeKey)
+                    .and()
+                    .headers().defaultsDisabled().cacheControl();
+        }
+
+        @Bean
+        public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
+            return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
+        }
+
+        @Bean
+        public CorsConfigurationSource corsConfigurationSource() {
+            CorsConfiguration configuration = new CorsConfiguration();
+
+            configuration.setAllowedOrigins(Collections.singletonList("*"));
+            configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+            configuration.setAllowedHeaders(Collections.singletonList("*"));
+
+            UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+            source.registerCorsConfiguration("/api/**", configuration);
+
+            return source;
+        }
+        @Override
+        public void configure(WebSecurity web) {
+            web.debug(false);
+            web.ignoring().antMatchers("/api/v2/api-docs", "/api/configuration/ui", "/api/swagger-resources/**",
+                    "/api/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**", "/h2-console/**");
+        }
+    }
+
+    @Configuration
+    public static class WebConfig extends WebSecurityConfigurerAdapter {
+        @Inject
+        private RememberMeServices rememberMeServices;
+        @Value("${auth_remember_me_key:secret}")
+        private String rememberMeKey;
+        @Value("${web_domain:localhost}")
+        private String webDomain;
+        @Resource
+        private UserService userService;
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            http
+                    .authorizeRequests()
+                    .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2", "/comment")
+                    .authenticated()
+                    .anyRequest().permitAll()
+                    .and()
+                    .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
+                    .and()
+                    .sessionManagement().invalidSessionUrl("/")
+                    .and()
+                    .logout()
+                    .invalidateHttpSession(true)
+                    .logoutUrl("/logout")
+                    .logoutSuccessUrl("/login?logout")
+                    .deleteCookies("hash", COOKIE_NAME)
+                    .and()
+                    .formLogin()
+                    .loginPage("/login")
+                    .permitAll()
+                    .defaultSuccessUrl("/")
+                    .loginProcessingUrl("/login")
+                    .usernameParameter("username")
+                    .passwordParameter("password")
+                    .failureUrl("/login?error=1")
+                    .and()
+                    .rememberMe()
+                    .rememberMeCookieDomain(webDomain).key(rememberMeKey)
+                    .rememberMeServices(rememberMeServices)
+                    .and()
+                    .csrf().disable()
+                    .headers().defaultsDisabled().cacheControl();
+        }
+        @Override
+        public void configure(WebSecurity web) throws Exception {
+            web.debug(false);
+            web.ignoring().antMatchers("/style.css*", "/scripts.js*", "/h2-console/**", "/.well-known/**");
+        }
+    }
+}
diff --git a/juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java b/juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java
new file mode 100644
index 00000000..16d32ee4
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.configuration;
+
+import com.juick.service.TagService;
+import com.juick.service.UserService;
+import com.juick.server.www.HelpService;
+import com.mitchellbosecke.pebble.PebbleEngine;
+import com.mitchellbosecke.pebble.extension.FormatterExtension;
+import com.mitchellbosecke.pebble.loader.ClasspathLoader;
+import com.mitchellbosecke.pebble.loader.Loader;
+import com.mitchellbosecke.pebble.spring.PebbleViewResolver;
+import com.mitchellbosecke.pebble.spring.extension.SpringExtension;
+import org.apache.commons.codec.CharEncoding;
+import org.commonmark.ext.autolink.AutolinkExtension;
+import org.commonmark.node.Link;
+import org.commonmark.parser.Parser;
+import org.commonmark.renderer.html.HtmlRenderer;
+import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.cache.caffeine.CaffeineCacheManager;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.web.servlet.ViewResolver;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import javax.inject.Inject;
+import java.util.Collections;
+
+/**
+ * Created by aalexeev on 11/22/16.
+ */
+@Configuration
+@EnableCaching
+@Import({ BaseWebConfiguration.class, SecurityConfig.class, SapeConfiguration.class,
+        StorageConfiguration.class})
+public class WwwAppConfiguration implements WebMvcConfigurer {
+    @Inject
+    private UserService userService;
+    @Inject
+    private TagService tagService;
+    @Bean
+    public CaffeineCacheManager cacheManager() {
+        return new CaffeineCacheManager("help");
+    }
+
+    @Bean
+    public HelpService helpService() {
+        return new HelpService("help");
+    }
+
+    @Bean
+    public Parser cmParser() {
+        return Parser.builder().extensions(Collections.singletonList(AutolinkExtension.create())).build();
+    }
+    @Bean
+    public HtmlRenderer helpRenderer() {
+        return HtmlRenderer.builder()
+                .attributeProviderFactory(context -> (node, tagName, attributes) -> {
+                    if (node instanceof Link) {
+                        Link link = (Link) node;
+                        if (link.getDestination().startsWith("/")) {
+                            String destination = "/" + helpService().getHelpPath() + link.getDestination();
+                            link.setDestination(destination);
+                            attributes.put("href", destination);
+                        }
+                    }
+                })
+                .build();
+    }
+    @Bean
+    public Loader templateLoader() {
+        return new ClasspathLoader();
+    }
+
+    @Bean
+    public SpringExtension springExtension() {
+        return new SpringExtension();
+    }
+
+    @Bean
+    public PebbleEngine pebbleEngine() {
+        return new PebbleEngine.Builder()
+                .loader(this.templateLoader())
+                .extension(springExtension())
+                .extension(new FormatterExtension())
+                .strictVariables(true)
+                .build();
+    }
+
+    @Bean
+    public ViewResolver viewResolver() {
+        PebbleViewResolver viewResolver = new PebbleViewResolver();
+        viewResolver.setPrefix("templates");
+        viewResolver.setSuffix(".html");
+        viewResolver.setPebbleEngine(pebbleEngine());
+        viewResolver.setCharacterEncoding(CharEncoding.UTF_8);
+        return viewResolver;
+    }
+
+}
author	Vitaly Takmazov	2018-09-06 13:58:40 +0300
committer	Vitaly Takmazov	2018-09-07 05:15:51 -0400
commit	670913698776e09b7ff44f44ccdcf56303d79be3 (patch)
tree	96f932645ab0faf9de6861f89072d1eb4b2622a3 /juick-server/src/main/java/com/juick/server/configuration
parent	51489a954463567f8dd50854826c03ce51c45cb3 (diff)