From c8e8817e257ccf3c977717a109df8b063cdad21f Mon Sep 17 00:00:00 2001 From: hitanshu310 Date: Sat, 18 Oct 2025 16:35:23 +0530 Subject: [PATCH 1/6] ISSUE-43: Attempting to fix Hithomelabs/HomeLabDocker#43 disbling server side csrf check --- .../com/hithomelabs/CFTunnels/Config/OpenApiConfig.java | 6 +++--- .../CFTunnels/Config/Security/SecuirtyConfig.java | 9 +++++---- .../CFTunnels/Controllers/TunnelController.java | 2 +- src/main/resources/application-local.properties | 2 +- src/main/resources/application-prod.properties | 2 +- src/main/resources/application-test.properties | 2 +- src/main/resources/application.properties | 6 ++++++ 7 files changed, 18 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java b/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java index ef3b098..e24e6f5 100644 --- a/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java +++ b/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java @@ -11,12 +11,12 @@ import java.util.ArrayList; @Configuration public class OpenApiConfig { - @Value("${api.corsResolveUrl}") - private String corsResolveUrl; + @Value("${api.baseUrl}") + private String baseUrl; @Bean public OpenAPI openAPI(){ - Server httpsServer = new Server().url(corsResolveUrl); + Server httpsServer = new Server().url(baseUrl); OpenAPI openApi = new OpenAPI(); ArrayList servers = new ArrayList<>(); servers.add(httpsServer); diff --git a/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java b/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java index 7bd9c1e..81def11 100644 --- a/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java +++ b/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java @@ -16,8 +16,8 @@ import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity @EnableMethodSecurity( prePostEnabled = true, - securedEnabled = true, - jsr250Enabled = true + securedEnabled = true, + jsr250Enabled = true ) public class SecuirtyConfig { @@ -29,8 +29,9 @@ public class SecuirtyConfig { http .authorizeHttpRequests(auth -> auth .anyRequest().authenticated() - ) - .with(new OAuth2LoginConfigurer<>(), oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration))); + ).csrf(csrf -> csrf.disable()) + .with(new OAuth2LoginConfigurer<>(), + oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration))); return http.build(); diff --git a/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java b/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java index 612fc78..902cb55 100644 --- a/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java +++ b/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java @@ -87,7 +87,7 @@ public class TunnelController implements ErrorController { return ResponseEntity.ok(jsonResponse); } -// 50df9101-f625-4618-b7c5-100338a57124 + // 50df9101-f625-4618-b7c5-100338a57124 @PreAuthorize("hasAnyRole('ADMIN')") @PutMapping("/tunnel/{tunnelId}/add") public ResponseEntity> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException { diff --git a/src/main/resources/application-local.properties b/src/main/resources/application-local.properties index 9001ed2..fdb25ce 100644 --- a/src/main/resources/application-local.properties +++ b/src/main/resources/application-local.properties @@ -1 +1 @@ -api.corsResolveUrl=http://localhost:8080 \ No newline at end of file +api.baseUrl=http://localhost:8080 \ No newline at end of file diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties index 5126249..dec0f4b 100644 --- a/src/main/resources/application-prod.properties +++ b/src/main/resources/application-prod.properties @@ -1 +1 @@ -api.corsResolveUrl=https://cftunnels.hithomelabs.com \ No newline at end of file +api.baseUrl=https://cftunnels.hithomelabs.com \ No newline at end of file diff --git a/src/main/resources/application-test.properties b/src/main/resources/application-test.properties index 1ea328b..e5c014b 100644 --- a/src/main/resources/application-test.properties +++ b/src/main/resources/application-test.properties @@ -1 +1 @@ -api.corsResolveUrl=https://testcf.hithomelabs.com \ No newline at end of file +api.baseUrl=https://testcf.hithomelabs.com \ No newline at end of file diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 4774989..5f1c452 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -4,6 +4,12 @@ cloudflare.apiKey=${CLOUDFLARE_API_KEY} cloudflare.email=${CLOUDFLARE_EMAIL} spring.profiles.active=${ENV} +# set root level +logging.level.root=INFO +# package-specific +logging.level.org.springframework=TRACE +logging.level.com.myapp=INFO + / * * Masking sure app works behind a reverse proxy server.forward-headers-strategy=framework From e9e6bd69f9afa5a5eefe8b89341658aa28629ff6 Mon Sep 17 00:00:00 2001 From: Kruti Shah Date: Sun, 12 Oct 2025 21:59:55 +0530 Subject: [PATCH 2/6] Adding Postgres integration --- build.gradle | 4 ++ docker-compose.yaml | 21 ++++++++++- .../resources/application-local.properties | 9 ++++- src/main/resources/application.properties | 13 ++++++- src/main/resources/schema.sql | 37 +++++++++++++++++++ 5 files changed, 80 insertions(+), 4 deletions(-) create mode 100644 src/main/resources/schema.sql diff --git a/build.gradle b/build.gradle index bfc0540..2c09e0d 100644 --- a/build.gradle +++ b/build.gradle @@ -27,6 +27,10 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-web' testImplementation 'org.springframework.boot:spring-boot-starter-test' testRuntimeOnly 'org.junit.platform:junit-platform-launcher' + implementation 'org.springframework.boot:spring-boot-starter-actuator' + implementation 'org.springframework.boot:spring-boot-starter-data-jpa' + runtimeOnly 'org.postgresql:postgresql' + implementation 'org.hibernate.validator:hibernate-validator' } tasks.named('test') { diff --git a/docker-compose.yaml b/docker-compose.yaml index b014137..772008b 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -12,6 +12,23 @@ services: - OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID} - OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET} - HOST_PORT=${HOST_PORT} + - POSTGRES_USER=${POSTGRES_USERNAME} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} env_file: - - stack.env - restart: unless-stopped \ No newline at end of file + - .env + restart: unless-stopped + postgres: + image: postgres:15 + container_name: cftunnel-db + environment: + POSTGRES_DB: cftunnel + POSTGRES_USER: ${POSTGRES_USERNAME} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + restart: unless-stopped + ports: + - "5432:5432" + volumes: + - pgdata:/var/lib/postgresql/data + +volumes: + pgdata: {} \ No newline at end of file diff --git a/src/main/resources/application-local.properties b/src/main/resources/application-local.properties index fdb25ce..21709da 100644 --- a/src/main/resources/application-local.properties +++ b/src/main/resources/application-local.properties @@ -1 +1,8 @@ -api.baseUrl=http://localhost:8080 \ No newline at end of file +api.baseUrl=http://localhost:8080 + +management.health.db.enabled=true +management.endpoints.web.exposure.include=health +management.endpoint.health.show-details=always + +logging.level.org.hibernate.SQL=DEBUG +debug=true diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 5f1c452..16bd18b 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -22,4 +22,15 @@ spring.security.oauth2.client.provider.cftunnels.authorization-uri=https://auth. spring.security.oauth2.client.provider.cftunnels.token-uri=https://auth.hithomelabs.com/application/o/token/ spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hithomelabs.com/application/o/userinfo/ spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/ -spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/ \ No newline at end of file +spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/ + +spring.datasource.url=jdbc:postgresql://localhost:5432/cftunnel +spring.datasource.username=${POSTGRES_USERNAME} +spring.datasource.password=${POSTGRES_PASSWORD} +spring.datasource.driver-class-name=org.postgresql.Driver +spring.sql.init.mode=always + +spring.jpa.hibernate.ddl-auto=update +spring.jpa.show-sql=true +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect + diff --git a/src/main/resources/schema.sql b/src/main/resources/schema.sql new file mode 100644 index 0000000..1fa876d --- /dev/null +++ b/src/main/resources/schema.sql @@ -0,0 +1,37 @@ +-- schema.sql + +-- Roles table +CREATE TABLE IF NOT EXISTS roles ( + role_id SERIAL PRIMARY KEY, + role_name VARCHAR(50) UNIQUE NOT NULL +); + +-- Users table +CREATE TABLE IF NOT EXISTS users ( + user_id SERIAL PRIMARY KEY, + user_name VARCHAR(100) NOT NULL, + password VARCHAR(255) NOT NULL +); + +-- User-Role Mapping table (many-to-many relationship) +CREATE TABLE IF NOT EXISTS user_role_mapping ( + mapping_id SERIAL PRIMARY KEY, + user_id INTEGER NOT NULL REFERENCES users(user_id) ON DELETE CASCADE, + role_id INTEGER NOT NULL REFERENCES roles(role_id) ON DELETE CASCADE +); + +-- Tunnels table +CREATE TABLE IF NOT EXISTS tunnels ( + tunnel_id SERIAL PRIMARY KEY, + tunnel_name VARCHAR(100) NOT NULL, + tunnel_type VARCHAR(50) NOT NULL +); + +-- Mapping Requests table +CREATE TABLE IF NOT EXISTS mapping_requests ( + request_id SERIAL PRIMARY KEY, + request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + status VARCHAR(20) NOT NULL, + user_id INTEGER REFERENCES users(user_id) ON DELETE SET NULL, + tunnel_id INTEGER REFERENCES tunnels(tunnel_id) ON DELETE SET NULL +); From 4d63eb2e2cbe81c2da4f1eef0d9646e12529b3a9 Mon Sep 17 00:00:00 2001 From: Kruti Shah Date: Sun, 12 Oct 2025 22:55:05 +0530 Subject: [PATCH 3/6] bug fixes --- build.gradle | 1 - docker-compose.yaml | 9 +++------ src/main/resources/application-local.properties | 2 ++ src/main/resources/application.properties | 5 +++-- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/build.gradle b/build.gradle index 2c09e0d..4340fce 100644 --- a/build.gradle +++ b/build.gradle @@ -27,7 +27,6 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-web' testImplementation 'org.springframework.boot:spring-boot-starter-test' testRuntimeOnly 'org.junit.platform:junit-platform-launcher' - implementation 'org.springframework.boot:spring-boot-starter-actuator' implementation 'org.springframework.boot:spring-boot-starter-data-jpa' runtimeOnly 'org.postgresql:postgresql' implementation 'org.hibernate.validator:hibernate-validator' diff --git a/docker-compose.yaml b/docker-compose.yaml index 772008b..f33b9fe 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -15,10 +15,10 @@ services: - POSTGRES_USER=${POSTGRES_USERNAME} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} env_file: - - .env + - stack.env restart: unless-stopped postgres: - image: postgres:15 + image: postgres:15-alpine container_name: cftunnel-db environment: POSTGRES_DB: cftunnel @@ -28,7 +28,4 @@ services: ports: - "5432:5432" volumes: - - pgdata:/var/lib/postgresql/data - -volumes: - pgdata: {} \ No newline at end of file + - ${DB_PATH}:/var/lib/postgresql/data \ No newline at end of file diff --git a/src/main/resources/application-local.properties b/src/main/resources/application-local.properties index 21709da..febde77 100644 --- a/src/main/resources/application-local.properties +++ b/src/main/resources/application-local.properties @@ -6,3 +6,5 @@ management.endpoint.health.show-details=always logging.level.org.hibernate.SQL=DEBUG debug=true + +spring.datasource.url=jdbc:postgresql://localhost:5432/cftunnel diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 16bd18b..28915d5 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -24,7 +24,7 @@ spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hith spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/ spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/ -spring.datasource.url=jdbc:postgresql://localhost:5432/cftunnel +spring.datasource.url=jdbc:postgresql://192.168.0.100:5432/cftunnel spring.datasource.username=${POSTGRES_USERNAME} spring.datasource.password=${POSTGRES_PASSWORD} spring.datasource.driver-class-name=org.postgresql.Driver @@ -32,5 +32,6 @@ spring.sql.init.mode=always spring.jpa.hibernate.ddl-auto=update spring.jpa.show-sql=true -spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect + +spring.jpa.open-in-view=false \ No newline at end of file From 18e3535a575da837e5d247f3d032ab46c6f86532 Mon Sep 17 00:00:00 2001 From: Kruti Shah Date: Sun, 12 Oct 2025 23:28:24 +0530 Subject: [PATCH 4/6] sql init set to never --- src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 28915d5..94b9238 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -28,7 +28,7 @@ spring.datasource.url=jdbc:postgresql://192.168.0.100:5432/cftunnel spring.datasource.username=${POSTGRES_USERNAME} spring.datasource.password=${POSTGRES_PASSWORD} spring.datasource.driver-class-name=org.postgresql.Driver -spring.sql.init.mode=always +spring.sql.init.mode=never spring.jpa.hibernate.ddl-auto=update spring.jpa.show-sql=true From f99ed01a54c24f39aaba3d958916a4dbf42fd0ed Mon Sep 17 00:00:00 2001 From: Kruti Shah Date: Sun, 12 Oct 2025 23:38:40 +0530 Subject: [PATCH 5/6] dialect readded --- src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 94b9238..89201b8 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -32,6 +32,6 @@ spring.sql.init.mode=never spring.jpa.hibernate.ddl-auto=update spring.jpa.show-sql=true - +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect spring.jpa.open-in-view=false \ No newline at end of file From 0d576eb9a7f6b557a88d72e8d3e728139d9bea25 Mon Sep 17 00:00:00 2001 From: Kruti Shah Date: Sun, 12 Oct 2025 23:58:14 +0530 Subject: [PATCH 6/6] db port variable added --- docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index f33b9fe..f8cb6ed 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -26,6 +26,6 @@ services: POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} restart: unless-stopped ports: - - "5432:5432" + - "${DB_PORT}:5432" volumes: - ${DB_PATH}:/var/lib/postgresql/data \ No newline at end of file