diff options
Diffstat (limited to 'juick-server/src/main/java/com/juick/server/configuration')
5 files changed, 362 insertions, 136 deletions
diff --git a/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java deleted file mode 100644 index 2f263a78..00000000 --- a/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (C) 2008-2017, Juick - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -package com.juick.server.configuration; - -import com.juick.service.UserService; -import com.juick.service.security.JuickUserDetailsService; -import com.juick.service.security.deprecated.RequestParamHashRememberMeServices; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.http.HttpMethod; -import org.springframework.http.HttpStatus; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.authentication.dao.DaoAuthenticationProvider; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.web.AuthenticationEntryPoint; -import org.springframework.security.web.authentication.HttpStatusEntryPoint; -import org.springframework.security.web.authentication.RememberMeServices; -import org.springframework.web.cors.CorsConfiguration; -import org.springframework.web.cors.CorsConfigurationSource; -import org.springframework.web.cors.UrlBasedCorsConfigurationSource; - -import javax.inject.Inject; -import java.util.Arrays; -import java.util.Collections; -import java.util.concurrent.TimeUnit; - -/** - * Created by aalexeev on 11/21/16. - */ -@Configuration -@EnableWebSecurity -public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { - @Value("${auth_remember_me_key:secret}") - private String rememberMeKey; - @Inject - private UserService userService; - - ApiSecurityConfig() { - super(true); - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests() - .antMatchers(HttpMethod.OPTIONS).permitAll() - .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk", - "/skypebotendpoint", "/_fblogin", "/_vklogin", "_tglogin", "/u/**", "/.well-known/webfinger").permitAll() - .anyRequest().hasRole("USER") - .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint()) - .and().anonymous() - .and().cors().configurationSource(corsConfigurationSource()) - .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint()) - .and() - .rememberMe() - .alwaysRemember(true) - .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30)) - .rememberMeServices(rememberMeServices()) - .key(rememberMeKey) - .and().authenticationProvider(authenticationProvider()) - .headers().defaultsDisabled().cacheControl(); - } - - @Bean - public AuthenticationProvider authenticationProvider() { - DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); - - authenticationProvider.setUserDetailsService(userDetailsService()); - - return authenticationProvider; - } - - @Bean - public UserDetailsService userDetailsService() { - return new JuickUserDetailsService(userService); - } - - @Bean - public RememberMeServices rememberMeServices() { - return new RequestParamHashRememberMeServices(rememberMeKey, userService); - } - - @Bean - public AuthenticationEntryPoint juickAuthenticationEntryPoint() { - return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED); - } - - @Bean - public CorsConfigurationSource corsConfigurationSource() { - CorsConfiguration configuration = new CorsConfiguration(); - - configuration.setAllowedOrigins(Collections.singletonList("*")); - configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE")); - configuration.setAllowedHeaders(Collections.singletonList("*")); - - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", configuration); - - return source; - } - @Override - public void configure(WebSecurity web) throws Exception { - web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", - "/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**", "/h2-console/**"); - } -} diff --git a/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java b/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java deleted file mode 100644 index 598a7435..00000000 --- a/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java +++ /dev/null @@ -1,9 +0,0 @@ -package com.juick.server.configuration; - -import org.springframework.boot.autoconfigure.EnableAutoConfiguration; -import org.springframework.context.annotation.ComponentScan; - -@EnableAutoConfiguration -@ComponentScan({"com.juick.server", "com.juick.service"}) -public class PostConfig { -} diff --git a/juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java b/juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java new file mode 100644 index 00000000..53b29415 --- /dev/null +++ b/juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2008-2017, Juick + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package com.juick.server.configuration; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import ru.sape.Sape; + +/** + * Created by vitalyster on 29.03.2017. + */ +@Configuration +public class SapeConfiguration { + @Value("${sape_user:secret}") + private String token; + + @Bean + public Sape sape() { + return new Sape(token, "juick.com", 2000, 3600); + } +} diff --git a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java new file mode 100644 index 00000000..cd2ab13a --- /dev/null +++ b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java @@ -0,0 +1,209 @@ +/* + * Copyright (C) 2008-2017, Juick + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package com.juick.server.configuration; + +import com.juick.service.UserService; +import com.juick.service.security.HashParamAuthenticationFilter; +import com.juick.service.security.JuickUserDetailsService; +import com.juick.service.security.deprecated.RequestParamHashRememberMeServices; +import com.juick.service.security.entities.JuickUser; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.security.web.authentication.HttpStatusEntryPoint; +import org.springframework.security.web.authentication.RememberMeServices; +import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import javax.annotation.Resource; +import javax.inject.Inject; +import java.util.Arrays; +import java.util.Collections; +import java.util.concurrent.TimeUnit; + +/** + * Created by aalexeev on 11/21/16. + */ +@EnableWebSecurity +public class SecurityConfig { + @Resource + private UserService userService; + @Value("${auth_remember_me_key:secret}") + private String rememberMeKey; + @Value("${web_domain:localhost}") + private String webDomain; + + private static final String COOKIE_NAME = "juick-remember-me"; + + @Bean + public UserDetailsService userDetailsService() { + return new JuickUserDetailsService(userService); + } + @Bean + public RememberMeServices rememberMeServices() throws Exception { + TokenBasedRememberMeServices services = new TokenBasedRememberMeServices( + rememberMeKey, userDetailsService()); + + services.setCookieName(COOKIE_NAME); + services.setCookieDomain(webDomain); + services.setAlwaysRemember(true); + services.setTokenValiditySeconds(6 * 30 * 24 * 3600); + services.setUseSecureCookie(false); // TODO set true if https is supports + + return services; + } + @Bean + public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception { + return new HashParamAuthenticationFilter(userService, rememberMeServices()); + } + + + @Configuration + @Order(1) + public static class ApiConfig extends WebSecurityConfigurerAdapter { + @Value("${auth_remember_me_key:secret}") + private String rememberMeKey; + @Value("${web_domain:localhost}") + private String webDomain; + @Resource + private UserService userService; + @Inject + private HashParamAuthenticationFilter hashParamAuthenticationFilter; + ApiConfig() { + super(true); + } + @Bean + RememberMeServices rememberMeServices(){ + return new RequestParamHashRememberMeServices(rememberMeKey, userService); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.addFilterAfter(hashParamAuthenticationFilter, BasicAuthenticationFilter.class); + http.antMatcher("/api/**").authorizeRequests() + .antMatchers(HttpMethod.OPTIONS).permitAll() + .antMatchers("/api/", "/api/messages", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk", + "/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin", "/api/u/**", "/.well-known/webfinger").permitAll() + .anyRequest().hasRole("USER") + .and() + .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY) + .and() + .httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint()) + .and().cors().configurationSource(corsConfigurationSource()) + .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint()) + .and() + .rememberMe() + .alwaysRemember(true) + .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30)) + .rememberMeServices(rememberMeServices()) + .key(rememberMeKey) + .and() + .headers().defaultsDisabled().cacheControl(); + } + + @Bean + public AuthenticationEntryPoint juickAuthenticationEntryPoint() { + return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED); + } + + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + + configuration.setAllowedOrigins(Collections.singletonList("*")); + configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE")); + configuration.setAllowedHeaders(Collections.singletonList("*")); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/api/**", configuration); + + return source; + } + @Override + public void configure(WebSecurity web) { + web.debug(false); + web.ignoring().antMatchers("/api/v2/api-docs", "/api/configuration/ui", "/api/swagger-resources/**", + "/api/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**", "/h2-console/**"); + } + } + + @Configuration + public static class WebConfig extends WebSecurityConfigurerAdapter { + @Inject + private RememberMeServices rememberMeServices; + @Value("${auth_remember_me_key:secret}") + private String rememberMeKey; + @Value("${web_domain:localhost}") + private String webDomain; + @Resource + private UserService userService; + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2", "/comment") + .authenticated() + .anyRequest().permitAll() + .and() + .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY) + .and() + .sessionManagement().invalidSessionUrl("/") + .and() + .logout() + .invalidateHttpSession(true) + .logoutUrl("/logout") + .logoutSuccessUrl("/login?logout") + .deleteCookies("hash", COOKIE_NAME) + .and() + .formLogin() + .loginPage("/login") + .permitAll() + .defaultSuccessUrl("/") + .loginProcessingUrl("/login") + .usernameParameter("username") + .passwordParameter("password") + .failureUrl("/login?error=1") + .and() + .rememberMe() + .rememberMeCookieDomain(webDomain).key(rememberMeKey) + .rememberMeServices(rememberMeServices) + .and() + .csrf().disable() + .headers().defaultsDisabled().cacheControl(); + } + @Override + public void configure(WebSecurity web) throws Exception { + web.debug(false); + web.ignoring().antMatchers("/style.css*", "/scripts.js*", "/h2-console/**", "/.well-known/**"); + } + } +} diff --git a/juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java b/juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java new file mode 100644 index 00000000..16d32ee4 --- /dev/null +++ b/juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java @@ -0,0 +1,116 @@ +/* + * Copyright (C) 2008-2017, Juick + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package com.juick.server.configuration; + +import com.juick.service.TagService; +import com.juick.service.UserService; +import com.juick.server.www.HelpService; +import com.mitchellbosecke.pebble.PebbleEngine; +import com.mitchellbosecke.pebble.extension.FormatterExtension; +import com.mitchellbosecke.pebble.loader.ClasspathLoader; +import com.mitchellbosecke.pebble.loader.Loader; +import com.mitchellbosecke.pebble.spring.PebbleViewResolver; +import com.mitchellbosecke.pebble.spring.extension.SpringExtension; +import org.apache.commons.codec.CharEncoding; +import org.commonmark.ext.autolink.AutolinkExtension; +import org.commonmark.node.Link; +import org.commonmark.parser.Parser; +import org.commonmark.renderer.html.HtmlRenderer; +import org.springframework.cache.annotation.EnableCaching; +import org.springframework.cache.caffeine.CaffeineCacheManager; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; +import org.springframework.web.servlet.ViewResolver; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +import javax.inject.Inject; +import java.util.Collections; + +/** + * Created by aalexeev on 11/22/16. + */ +@Configuration +@EnableCaching +@Import({ BaseWebConfiguration.class, SecurityConfig.class, SapeConfiguration.class, + StorageConfiguration.class}) +public class WwwAppConfiguration implements WebMvcConfigurer { + @Inject + private UserService userService; + @Inject + private TagService tagService; + @Bean + public CaffeineCacheManager cacheManager() { + return new CaffeineCacheManager("help"); + } + + @Bean + public HelpService helpService() { + return new HelpService("help"); + } + + @Bean + public Parser cmParser() { + return Parser.builder().extensions(Collections.singletonList(AutolinkExtension.create())).build(); + } + @Bean + public HtmlRenderer helpRenderer() { + return HtmlRenderer.builder() + .attributeProviderFactory(context -> (node, tagName, attributes) -> { + if (node instanceof Link) { + Link link = (Link) node; + if (link.getDestination().startsWith("/")) { + String destination = "/" + helpService().getHelpPath() + link.getDestination(); + link.setDestination(destination); + attributes.put("href", destination); + } + } + }) + .build(); + } + @Bean + public Loader templateLoader() { + return new ClasspathLoader(); + } + + @Bean + public SpringExtension springExtension() { + return new SpringExtension(); + } + + @Bean + public PebbleEngine pebbleEngine() { + return new PebbleEngine.Builder() + .loader(this.templateLoader()) + .extension(springExtension()) + .extension(new FormatterExtension()) + .strictVariables(true) + .build(); + } + + @Bean + public ViewResolver viewResolver() { + PebbleViewResolver viewResolver = new PebbleViewResolver(); + viewResolver.setPrefix("templates"); + viewResolver.setSuffix(".html"); + viewResolver.setPebbleEngine(pebbleEngine()); + viewResolver.setCharacterEncoding(CharEncoding.UTF_8); + return viewResolver; + } + +} |