Changing API design and making tests compatible

- Hardcode PostgreSQL connection URL to match docker service name 'postgres'
- Remove DB_URL environment variable dependency that was causing startup failures
- Keep username/password as environment variables for flexibility

.gitea/workflows/test_image_build_push.yml

@@ -64,23 +64,4 @@ jobs:
         run: |
           docker push 192.168.0.100:8928/hithomelabs/cftunnels:test
           docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
-  sync_forks:
+  
-    name: Sync All Forks
-    runs-on: ubuntu-latest
-    needs: build_tag_push
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - name: Sync all forks via Gitea API
-        run: |
-          echo "Fetching forks for Hithomelabs/CFTunnels..."
-          response=$(curl -s -X GET "https://gitea.hithomelabs.com/api/v1/repos/Hithomelabs/CFTunnels/forks" -H "Authorization: token ${{secrets.TOKEN}}")
-          filtered=$(echo "$response" | grep -o '"clone_url":"[^"]*"' | sed 's/"clone_url":"\([^"]*\)"/\1/' | grep -v "/Hithomelabs")
-          echo "Detected forks:"
-          echo "$filtered"
-          readarray -t forks <<< "$filtered"
-          for fork_url in "${forks[@]}"; do
-            echo "🔄 Syncing fork: $fork_url"
-            authed_url=$(echo "$fork_url" | sed "s#https://#https://${{secrets.TOKEN}}@#")
-            git push "$authed_url" test &
-          done

docker-compose.yaml

@@ -14,6 +14,7 @@ services:
       - HOST_PORT=${HOST_PORT}
       - POSTGRES_USER=${POSTGRES_USERNAME}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - SWAGGER_OAUTH_CLIENT_ID=${SWAGGER_OAUTH_CLIENT_ID}
     env_file:
       - stack.env
     restart: unless-stopped

src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java

@@ -1,6 +1,8 @@
 package com.hithomelabs.CFTunnels.Config;
 
+import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.security.*;
 import io.swagger.v3.oas.models.servers.Server;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -16,13 +18,37 @@ public class OpenApiConfig {
     @Value("${api.baseUrl}")
     private String baseUrl;
 
+    @Value("${springdoc.swagger-ui.oauth.authorization-url}")
+    private String authorizationUri;
+
+    @Value("${springdoc.swagger-ui.oauth.token-url}")
+    private String tokenUri;
+
     @Bean
-    public OpenAPI openAPI(){
+    public OpenAPI openAPI() {
         Server httpsServer = new Server().url(baseUrl);
         OpenAPI openApi = new OpenAPI();
         ArrayList<Server> servers = new ArrayList<>();
         servers.add(httpsServer);
         openApi.setServers(servers);
+        openApi.addSecurityItem(new SecurityRequirement().addList("oidcAuth"))
+                .components(new Components()
+                        .addSecuritySchemes("oidcAuth",
+                                new SecurityScheme()
+                                        .type(SecurityScheme.Type.OAUTH2)
+                                        .flows(new OAuthFlows()
+                                                .authorizationCode(new OAuthFlow()
+                                                        .authorizationUrl(authorizationUri)
+                                                        .tokenUrl(tokenUri)
+                                                        .scopes(new Scopes()
+                                                                .addString("openid", "OpenID scope")
+                                                                .addString("profile", "OpenID profile")
+                                                                .addString("email", "OpenID email"))
+                                                )
+                                        )
+                        )
+                )
+                .addSecurityItem(new SecurityRequirement().addList("oidcAuth"));
         return openApi;
     }
 }

src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java

@@ -28,6 +28,7 @@ public class SecuirtyConfig {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
                 .authorizeHttpRequests(auth -> auth
+                        //.requestMatchers( "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html" ).permitAll()
                         .anyRequest().authenticated()
                 ).csrf(csrf -> csrf.disable())
                 .with(new OAuth2LoginConfigurer<>(),

src/main/java/com/hithomelabs/CFTunnels/Controllers/HomeController.java

@@ -1,32 +0,0 @@
-package com.hithomelabs.CFTunnels.Controllers;
-
-
-import org.springframework.boot.web.servlet.error.ErrorController;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-
-@Controller
-public class HomeController implements ErrorController {
-
-    private static final String ERROR_PATH = "/error";
-
-    /**
-     * Redirects the root (including any query params like ?continue=…)
-     * straight into Swagger UI.
-     */
-    @GetMapping("/")
-    public String rootRedirect() {
-        return "redirect:/swagger-ui/index.html";
-    }
-
-    /**
-     * Catches any errors (404s, unhandled paths) and punts them
-     * into the same Swagger UI page.
-     */
-    @RequestMapping(ERROR_PATH)
-    public String onError() {
-        return "redirect:/swagger-ui/index.html";
-    }
-
-}

src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java

@@ -11,6 +11,8 @@ import com.hithomelabs.CFTunnels.Models.Ingress;
 import com.hithomelabs.CFTunnels.Models.TunnelResponse;
 import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
 import com.hithomelabs.CFTunnels.Services.MappingRequestService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.web.servlet.error.ErrorController;
 import org.springframework.http.*;
@@ -64,6 +66,7 @@ public class TunnelController implements ErrorController {
 
     @PreAuthorize("hasAnyRole('USER')")
     @GetMapping("/tunnels")
+    @Operation( security = { @SecurityRequirement(name = "oidcAuth") } )
     public ResponseEntity<Map<String,Object>> getTunnels(){
 
         ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnels();
@@ -75,7 +78,7 @@ public class TunnelController implements ErrorController {
     }
 
     @PreAuthorize("hasAnyRole('DEVELOPER')")
-    @GetMapping("/tunnel/{tunnelId}")
+    @GetMapping("/tunnel/{tunnelId}/mappings")
     public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) {
 
         ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplate, Map.class);
@@ -88,7 +91,7 @@ public class TunnelController implements ErrorController {
 
     // 50df9101-f625-4618-b7c5-100338a57124
     @PreAuthorize("hasAnyRole('ADMIN')")
-    @PutMapping("/tunnel/{tunnelId}/add")
+    @PostMapping("/tunnel/{tunnelId}/mappings")
     public ResponseEntity<Map<String, Object>> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
 
         ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
@@ -110,7 +113,7 @@ public class TunnelController implements ErrorController {
     }
 
     @PreAuthorize("hasAnyRole('DEVELOPER')")
-    @PutMapping("/tunnel/{tunnelId}/delete")
+    @DeleteMapping("/tunnel/{tunnelId}/mappings")
     public ResponseEntity<Map<String, Object>> deleteTunnelConfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
 
         ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
@@ -139,7 +142,7 @@ public class TunnelController implements ErrorController {
     }
 
     @PreAuthorize("hasAnyRole('DEVELOPER')")
-    @PutMapping("/tunnel/{tunnelId}/request")
+    @PostMapping("/tunnel/{tunnelId}/requests")
     public ResponseEntity<Request> createTunnelMappingRequest(@PathVariable String tunnelId, @AuthenticationPrincipal OidcUser oidcUser, @RequestBody Ingress ingess){
         Request request = mappingRequestService.createMappingRequest(tunnelId, ingess, oidcUser);
         if(request.getId() != null)

src/main/resources/application-prod.properties

@@ -1 +1,12 @@
 api.baseUrl=https://cftunnels.hithomelabs.com
+
+# Production Database Configuration
+spring.datasource.url=jdbc:postgresql://postgres:5432/cftunnel
+spring.datasource.username=${POSTGRES_USERNAME}
+spring.datasource.password=${POSTGRES_PASSWORD}
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# JPA Configuration
+spring.jpa.hibernate.ddl-auto=update
+spring.jpa.show-sql=false
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect

src/main/resources/application-test.properties

@@ -1,7 +1,12 @@
 api.baseUrl=https://testcf.hithomelabs.com
 
-spring.datasource.url: jdbc:h2:mem:testdb
+# Test Database Configuration - Same as Production
-spring.datasource.driver-class-name: org.h2.Driver
+spring.datasource.url=jdbc:postgresql://postgres:5432/cftunnel
-spring.datasource.username: sa
+spring.datasource.username=${POSTGRES_USERNAME}
-spring.datasource.password:
+spring.datasource.password=${POSTGRES_PASSWORD}
-spring.datasource.jpa.hibernate.ddl-auto: none
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# JPA Configuration
+spring.jpa.hibernate.ddl-auto=update
+spring.jpa.show-sql=true
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect

src/main/resources/application.properties

@@ -18,6 +18,13 @@ spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hith
 spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/
 spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/
 
+springdoc.swagger-ui.oauth.client-id=${SWAGGER_OAUTH_CLIENT_ID}
+springdoc.swagger-ui.oauth.client-secret= # leave empty for public client
+springdoc.swagger-ui.oauth.use-pkce=true
+springdoc.swagger-ui.oauth.scopes=openid,profile,email
+springdoc.swagger-ui.oauth.authorization-url=https://auth.hithomelabs.com/application/o/authorize/
+springdoc.swagger-ui.oauth.token-url=https://auth.hithomelabs.com/application/o/token/
+
 spring.datasource.url=jdbc:postgresql://192.168.0.100:5432/cftunnel
 spring.datasource.username=${POSTGRES_USERNAME}
 spring.datasource.password=${POSTGRES_PASSWORD}

src/test/java/com/hithomelabs/CFTunnels/Controllers/TunnelControllerTest.java

@@ -36,8 +36,7 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 import static org.hamcrest.Matchers.not;
@@ -162,7 +161,7 @@ class TunnelControllerTest {
 
         when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(Map.class))).thenReturn(mockResponse);
 
-        mockMvc.perform(get("/cloudflare/tunnel/{tunnelId}", "sampleTunnelId")
+        mockMvc.perform(get("/cloudflare/tunnel/{tunnelId}/mappings", "sampleTunnelId")
                         .with(oauth2Login().oauth2User(buildOidcUser("username", Groups.HOMELAB_DEVELOPER))))
                 .andExpect(status().isOk())
                 .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
@@ -184,7 +183,7 @@ class TunnelControllerTest {
         ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
         when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
 
-        mockMvc.perform(put("/cloudflare/tunnel/{tunnelId}/add", "sampleTunnelId")
+        mockMvc.perform(post("/cloudflare/tunnel/{tunnelId}/mappings", "sampleTunnelId")
                         .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
                         .with(csrf())
                         .contentType(MediaType.APPLICATION_JSON)
@@ -209,7 +208,7 @@ class TunnelControllerTest {
         ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
         when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
 
-        mockMvc.perform(put("/cloudflare/tunnel/{tunnelId}/delete", "sampleTunnelId")
+        mockMvc.perform(delete("/cloudflare/tunnel/{tunnelId}/mappings", "sampleTunnelId")
                         .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
                         .with(csrf())
                         .contentType(MediaType.APPLICATION_JSON)