Added Signup and JWT Login

2025-04-14 22:27:39 +05:30
parent 72bfd2eb0c
commit 3bc5cf3e62
14 changed files with 662 additions and 18 deletions
@@ -0,0 +1,47 @@
+package com.skycrate.backend.skycrateBackend.config;
+
+import java.security.AuthProvider;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCrypt;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+import com.skycrate.backend.skycrateBackend.repository.UserRepository;
+
+@Configuration
+public class ApplicationConfiguration {
+    private final UserRepository userRepository;
+    public ApplicationConfiguration(UserRepository userRepository){
+        this.userRepository=userRepository;
+
+    }  
+    @Bean
+     UserDetailsService userDetailsService() {
+        return username -> userRepository.findByEmail(username)
+                .orElseThrow(() -> new UsernameNotFoundException("User not found"));
+    }
+    @Bean
+    BCryptPasswordEncoder passwordEncoder(){
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception{
+        return config.getAuthenticationManager();
+    }
+
+    @Bean
+    AuthenticationProvider authenticationProvider(){
+        DaoAuthenticationProvider authprovider=new DaoAuthenticationProvider();
+        authprovider.setUserDetailsService(userDetailsService());
+        authprovider.setPasswordEncoder(passwordEncoder());
+        return authprovider;
+    }
+}
@@ -0,0 +1,77 @@
+package com.skycrate.backend.skycrateBackend.config;
+
+import java.io.IOException;
+
+import org.springframework.lang.NonNull;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+import org.springframework.web.servlet.HandlerExceptionResolver;
+
+import com.skycrate.backend.skycrateBackend.services.JwtService;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+    
+
+        private final HandlerExceptionResolver handlerExceptionResolver;
+        private JwtService jwtService;
+        private UserDetailsService userDetailsService;
+
+        public JwtAuthenticationFilter(JwtService jwtService,UserDetailsService userDetailsService,HandlerExceptionResolver handlerExceptionResolver){
+
+            this.handlerExceptionResolver=handlerExceptionResolver;
+            this.jwtService=jwtService;
+            this.userDetailsService=userDetailsService;
+        }
+
+        @Override
+
+    protected void doFilterInternal(
+        @NonNull HttpServletRequest request,
+        @NonNull HttpServletResponse response,
+        @NonNull FilterChain filterChain) throws ServletException, IOException {
+        final String authHeader=request.getHeader("Authorization");
+        if (authHeader==null || !authHeader.startsWith("Bearer")){
+            filterChain.doFilter(request, response);
+            return;
+        }
+        try {
+            final String userjwt=authHeader.substring(7);
+            final String userEmail=jwtService.extractUsername(userjwt);
+            Authentication authentication=SecurityContextHolder.getContext().getAuthentication();
+            if(userEmail!=null && authentication==null){
+
+                UserDetails userDetails=this.userDetailsService.loadUserByUsername(userEmail);
+                if (jwtService.isTokenValid(userjwt, userDetails)) {
+                    
+                    UsernamePasswordAuthenticationToken authenticationToken=new UsernamePasswordAuthenticationToken(
+                        userDetails, null, userDetails.getAuthorities()
+                        );
+                    authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                    SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+
+
+                }
+
+            }
+            filterChain.doFilter(request, response);
+            } 
+        catch (Exception err) {
+            handlerExceptionResolver.resolveException(request, response, null, err);
+        }
+
+        }
+
+
+}
@@ -1,23 +1,23 @@
-package com.skycrate.backend.skycrateBackend.config;
+// package com.skycrate.backend.skycrateBackend.config;


-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.web.SecurityFilterChain;
+// import org.springframework.context.annotation.Bean;
+// import org.springframework.context.annotation.Configuration;
+// import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+// import org.springframework.security.web.SecurityFilterChain;

-@Configuration
-public class SecurityConfig {
+// @Configuration
+// public class SecurityConfig {

-    @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
-                .csrf(csrf -> csrf.disable()) // Disable CSRF for testing APIs
-                .authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/api/hdfs/**").permitAll() // Allow HDFS endpoints
-                        .anyRequest().authenticated() // Everything else needs auth
-                );
+//     @Bean
+//     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+//         http
+//                 .csrf(csrf -> csrf.disable()) // Disable CSRF for testing APIs
+//                 .authorizeHttpRequests(auth -> auth
+//                         .requestMatchers("/api/hdfs/**").permitAll() // Allow HDFS endpoints
+//                         .anyRequest().authenticated() // Everything else needs auth
+//                 );

-        return http.build();
-    }
-}
+//         return http.build();
+//     }
+// }
@@ -0,0 +1,66 @@
+package com.skycrate.backend.skycrateBackend.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.List;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfiguration {
+    private final AuthenticationProvider authenticationProvider;
+    private final JwtAuthenticationFilter jwtAuthenticationFilter;
+
+    public SecurityConfiguration(
+        JwtAuthenticationFilter jwtAuthenticationFilter,
+        AuthenticationProvider authenticationProvider
+    ) {
+        this.authenticationProvider = authenticationProvider;
+        this.jwtAuthenticationFilter = jwtAuthenticationFilter;
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.csrf()
+                .disable()
+                .authorizeHttpRequests()
+                .requestMatchers("/api/hdfs/**") // Specific API endpoints that don't require authentication
+                .permitAll()
+                .requestMatchers("/api/**") // Other endpoints that should be open
+                .permitAll()
+                .anyRequest()
+                .authenticated() // All other requests require authentication
+                .and()
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .authenticationProvider(authenticationProvider)
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(List.of("*"));
+        configuration.setAllowedMethods(List.of("GET", "PUT", "DELETE", "POST"));
+        configuration.setAllowedHeaders(List.of("Authorization", "Content-Type"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
+}