Hithomelabs/CFTunnels
6
0
Fork 3
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hithomelabs:main
Branches Tags
Hithomelabs:main
Hithomelabs:test
Hithomelabs:ingress
hitanshu:feature/approve-reject-request
hitanshu:feature/api_design_refactor
hitanshu:feature/swagger-oauth-env-config
hitanshu:ISSUE-33
hitanshu:ISSUE-44
hitanshu:ISSUE-43
hitanshu:prod_deploy
hitanshu:workflows
hitanshu:oidc
hitanshu:tags
hitanshu:test
hitanshu:profiles
hitanshu:open-api
hitanshu:docker_compose
hitanshu:ingress
hitanshu:ci
hitanshu:main
Hithomelabs:0.19.0
Hithomelabs:0.18.5
Hithomelabs:0.18.4
Hithomelabs:0.18.3
Hithomelabs:0.18.2
Hithomelabs:0.18.1
Hithomelabs:0.18.0
Hithomelabs:0.17.1
Hithomelabs:0.17.0
Hithomelabs:0.16.11
Hithomelabs:0.16.10
Hithomelabs:0.16.9
Hithomelabs:0.16.8
Hithomelabs:0.16.7
Hithomelabs:0.16.6
Hithomelabs:0.16.5
Hithomelabs:0.16.4
Hithomelabs:0.16.3
Hithomelabs:0.16.2
Hithomelabs:0.16.1
Hithomelabs:0.16.0
Hithomelabs:0.15.1
Hithomelabs:0.15.0
Hithomelabs:0.13.2
Hithomelabs:0.14.0
Hithomelabs:0.13.1
Hithomelabs:0.13.0
Hithomelabs:0.12.1
Hithomelabs:0.12.0
Hithomelabs:0.11.1
Hithomelabs:0.11.0
Hithomelabs:0.10.6
Hithomelabs:0.10.5
Hithomelabs:0.10.4
Hithomelabs:0.10.3
Hithomelabs:0.10.2
Hithomelabs:0.10.1
Hithomelabs:0.10.0
Hithomelabs:0.9.1
Hithomelabs:0.9.0
Hithomelabs:0.8.1
Hithomelabs:0.8.0
Hithomelabs:0.7.1
Hithomelabs:0.7.0
Hithomelabs:0.6.2
Hithomelabs:0.6.1
Hithomelabs:0.6.0
Hithomelabs:0.5.2
Hithomelabs:0.5.1
Hithomelabs:0.5.0
Hithomelabs:0.4.1
Hithomelabs:0.4.0
Hithomelabs:0.3.17
Hithomelabs:0.3.16
Hithomelabs:0.3.15
Hithomelabs:0.3.14
Hithomelabs:0.3.13
Hithomelabs:0.3.12
Hithomelabs:0.3.11
Hithomelabs:0.3.10
Hithomelabs:0.3.9
Hithomelabs:0.3.8
Hithomelabs:0.3.7
Hithomelabs:0.3.6
Hithomelabs:0.3.5
Hithomelabs:0.3.4
..
compare: hitanshu:tags
Branches Tags
hitanshu:feature/approve-reject-request
hitanshu:feature/api_design_refactor
hitanshu:feature/swagger-oauth-env-config
hitanshu:ISSUE-33
hitanshu:ISSUE-44
hitanshu:ISSUE-43
hitanshu:prod_deploy
hitanshu:workflows
hitanshu:oidc
hitanshu:tags
hitanshu:test
hitanshu:profiles
hitanshu:open-api
hitanshu:docker_compose
hitanshu:ingress
hitanshu:ci
hitanshu:main
Hithomelabs:main
Hithomelabs:test
Hithomelabs:ingress
Hithomelabs:0.19.0
Hithomelabs:0.18.5
Hithomelabs:0.18.4
Hithomelabs:0.18.3
Hithomelabs:0.18.2
Hithomelabs:0.18.1
Hithomelabs:0.18.0
Hithomelabs:0.17.1
Hithomelabs:0.17.0
Hithomelabs:0.16.11
Hithomelabs:0.16.10
Hithomelabs:0.16.9
Hithomelabs:0.16.8
Hithomelabs:0.16.7
Hithomelabs:0.16.6
Hithomelabs:0.16.5
Hithomelabs:0.16.4
Hithomelabs:0.16.3
Hithomelabs:0.16.2
Hithomelabs:0.16.1
Hithomelabs:0.16.0
Hithomelabs:0.15.1
Hithomelabs:0.15.0
Hithomelabs:0.13.2
Hithomelabs:0.14.0
Hithomelabs:0.13.1
Hithomelabs:0.13.0
Hithomelabs:0.12.1
Hithomelabs:0.12.0
Hithomelabs:0.11.1
Hithomelabs:0.11.0
Hithomelabs:0.10.6
Hithomelabs:0.10.5
Hithomelabs:0.10.4
Hithomelabs:0.10.3
Hithomelabs:0.10.2
Hithomelabs:0.10.1
Hithomelabs:0.10.0
Hithomelabs:0.9.1
Hithomelabs:0.9.0
Hithomelabs:0.8.1
Hithomelabs:0.8.0
Hithomelabs:0.7.1
Hithomelabs:0.7.0
Hithomelabs:0.6.2
Hithomelabs:0.6.1
Hithomelabs:0.6.0
Hithomelabs:0.5.2
Hithomelabs:0.5.1
Hithomelabs:0.5.0
Hithomelabs:0.4.1
Hithomelabs:0.4.0
Hithomelabs:0.3.17
Hithomelabs:0.3.16
Hithomelabs:0.3.15
Hithomelabs:0.3.14
Hithomelabs:0.3.13
Hithomelabs:0.3.12
Hithomelabs:0.3.11
Hithomelabs:0.3.10
Hithomelabs:0.3.9
Hithomelabs:0.3.8
Hithomelabs:0.3.7
Hithomelabs:0.3.6
Hithomelabs:0.3.5
Hithomelabs:0.3.4

No commits in common. "main" and "tags" have entirely different histories.
main ... tags

52 changed files with 204 additions and 2271 deletions
Show Stats Expand all files Collapse all files

26
.gitea/workflows/integration_test.yaml
View File

@ -1,26 +0,0 @@
name: Daily cloudflare API integration test
on:
push:
branches: [ main ]
schedule:
- cron: '0 */12 * * *' # Every hour
workflow_dispatch:
jobs:
cloudflare-api-test:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: JDK setup
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '17'
- name: Run integration tests with Cloudflare API
env:
SPRING_PROFILES_ACTIVE: integration
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
CLOUDFLARE_API_KEY: ${{ secrets.CLOUDFLARE_API_KEY }}
CLOUDFLARE_EMAIL: hitanshu98@gmail.com
run: ./gradlew integrationTestOnly

57
.gitea/workflows/prod_image_tag_promote.yaml
View File

@ -1,57 +0,0 @@
name: Promote image with tag test to prod
run-name: Build started by $ {{gitea.actor}}
on:
push:
branches: [main]
jobs:
tag:
runs-on: ubuntu-latest
outputs:
new_version: ${{ steps.new_version.outputs.new_version }}
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get new version
id: new_version
run: |
VERSION=$(git describe --tags --abbrev=0)
echo ${VERSION}
MAJOR=$(echo ${VERSION} | cut -d "." -f 1)
MINOR=$(echo ${VERSION} | cut -d "." -f 2)
PATCH=0
NEW_MINOR=$(( ${MINOR} + 1))
echo ${NEW_MINOR}
echo "new_version=$(echo "${MAJOR}.${NEW_MINOR}.${PATCH}")" >> $GITHUB_OUTPUT
build_tag_push:
runs-on: ubuntu-latest
needs: tag
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Create and push tag
run: |
echo "NEW_VERSION=${{ needs.tag.outputs.new_version }}"
git config --global user.name "${{gitea.actor}}"
git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
git tag -a ${{ needs.tag.outputs.new_version }} -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
git push origin ${{ needs.tag.outputs.new_version }}
- name: Log in to Gitea Docker Registry
uses: docker/login-action@v3
with:
registry: 'http://192.168.0.100:8928'
username: hitanshu
password: ${{ secrets.TOKEN }}
- name: Tag prod image
run: |
docker tag 192.168.0.100:8928/hithomelabs/cftunnels:test 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
docker tag 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }} 192.168.0.100:8928/hithomelabs/cftunnels:prod
- name: Push to Gitea Registry
run: |
docker push 192.168.0.100:8928/hithomelabs/cftunnels:prod
docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}

21
.gitea/workflows/test_image_build_push.yml
View File

@ -1,5 +1,5 @@
name: sample gradle build and test
run-name: Build started by ${{ gitea.actor }}
run-name: Build started by $ {{gitea.actor}}
on:
push:
branches: [test]
@ -13,19 +13,17 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get new version
id: new_version
run: |
VERSION=$(git describe --tags --abbrev=0)
echo "Current version: ${VERSION}"
echo ${VERSION}
MAJOR=$(echo ${VERSION} | cut -d "." -f 1)
MINOR=$(echo ${VERSION} | cut -d "." -f 2)
PATCH=$(echo ${VERSION} | cut -d "." -f 3)
NEW_PATCH=$((PATCH + 1))
NEW_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}"
echo "New version: ${NEW_VERSION}"
echo "new_version=${NEW_VERSION}" >> $GITHUB_OUTPUT
NEW_PATCH=$(( ${PATCH} + 1))
echo ${NEW_PATCH}
echo "new_version=$(echo "${MAJOR}.${MINOR}.${NEW_PATCH}")" >> $GITHUB_OUTPUT
build_tag_push:
runs-on: ubuntu-latest
needs: tag
@ -45,11 +43,11 @@ jobs:
uses: gradle/actions/wrapper-validation@v3
- name: Create and push tag
run: |
echo "New version: ${{ needs.tag.outputs.new_version }}"
git config --global user.name "${{ gitea.actor }}"
echo "NEW_VERSION=${{ needs.tag.outputs.new_version }}"
git config --global user.name "${{gitea.actor}}"
git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
git tag -a "${{ needs.tag.outputs.new_version }}" -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
git push origin "${{ needs.tag.outputs.new_version }}"
git tag -a ${{ needs.tag.outputs.new_version }} -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
git push origin ${{ needs.tag.outputs.new_version }}
- name: Log in to Gitea Docker Registry
uses: docker/login-action@v3
with:
@ -64,4 +62,3 @@ jobs:
run: |
docker push 192.168.0.100:8928/hithomelabs/cftunnels:test
docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}

2
.gitignore vendored
View File

@ -1,8 +1,6 @@
HELP.md
.gradle
.run
build/
.env*
!gradle/wrapper/gradle-wrapper.jar
!**/src/main/**/build/
!**/src/test/**/build/

11
CFTunnels/Get tunnels.bru Normal file
View File

@ -0,0 +1,11 @@
meta {
name: Get tunnels
type: http
seq: 4
}
get {
url: {{base_url}}/cloudflare/tunnels
body: none
auth: none
}

11
CFTunnels/Tunnel.bru Normal file
View File

@ -0,0 +1,11 @@
meta {
name: Tunnel
type: http
seq: 5
}
get {
url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}
body: none
auth: none
}

19
CFTunnels/Write ingress.bru Normal file
View File

@ -0,0 +1,19 @@
meta {
name: Write ingress
type: http
seq: 2
}
put {
url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}/add
body: json
auth: none
}
body:json {
{
"service": "http://192.168.0.100:3457",
"hostname": "random.hithomelabs.com",
"originRequest": {}
}
}

9
CFTunnels/bruno.json Normal file
View File

@ -0,0 +1,9 @@
{
"version": "1",
"name": "CFTunnels",
"type": "collection",
"ignore": [
"node_modules",
".git"
]
}

19
CFTunnels/delete mapping.bru Normal file
View File

@ -0,0 +1,19 @@
meta {
name: delete mapping
type: http
seq: 3
}
put {
url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}/delete
body: json
auth: none
}
body:json {
{
"service": "http://192.168.0.100:6000",
"hostname": "random.hithomelabs.com",
"originRequest": {}
}
}

4
CFTunnels/environments/CFTunnels Local.bru Normal file
View File

@ -0,0 +1,4 @@
vars {
tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
base_url: http://localhost:8080
}

4
CFTunnels/environments/CFTunnels.bru Normal file
View File

@ -0,0 +1,4 @@
vars {
tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
base_url: https://testcf.hithomelabs.com
}

31
build.gradle
View File

@ -14,28 +14,7 @@ java {
}
test {
systemProperty 'spring.profiles.active', 'ci'
useJUnitPlatform {
excludeTags 'integration'
}
testLogging {
events "passed", "skipped", "failed", "standardOut", "standardError"
exceptionFormat "full" // shows full stack trace
showStandardStreams = true // shows println/log output
}
}
tasks.register('integrationTestOnly', Test) {
useJUnitPlatform {
includeTags 'integration'
}
description = 'Runs only integration tests tagged with @Tag("integration")'
group = 'verification'
testLogging {
events "passed", "skipped", "failed"
exceptionFormat "full"
showStandardStreams = true
}
systemProperty 'spring.profiles.active', 'test'
}
repositories {
@ -44,17 +23,9 @@ repositories {
dependencies {
implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.5'
implementation group: 'org.springframework.boot', name:'spring-boot-starter-oauth2-client', version: '3.5.5'
compileOnly 'org.projectlombok:lombok:1.18.30'
annotationProcessor 'org.projectlombok:lombok:1.18.30'
implementation 'org.springframework.boot:spring-boot-starter-web'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'
testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
runtimeOnly 'org.postgresql:postgresql'
implementation 'org.hibernate.validator:hibernate-validator'
runtimeOnly 'com.h2database:h2'
}
tasks.named('test') {

24
docker-compose.yaml
View File

@ -2,31 +2,11 @@ services:
app:
image: gitea.hithomelabs.com/hithomelabs/cftunnels:${ENV}
container_name: cftunnels_${ENV}
ports:
- ${HOST_PORT}:8080
environment:
- CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}
- CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- ENV=${ENV}
- OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID}
- OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
- HOST_PORT=${HOST_PORT}
- POSTGRES_USER=${POSTGRES_USERNAME}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- SWAGGER_OAUTH_CLIENT_ID=${SWAGGER_OAUTH_CLIENT_ID}
env_file:
- stack.env
restart: unless-stopped
postgres:
image: postgres:15-alpine
container_name: cftunnel-db-${ENV}
environment:
POSTGRES_DB: cftunnel
POSTGRES_USER: ${POSTGRES_USERNAME}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
restart: unless-stopped
ports:
- "${DB_PORT}:5432"
volumes:
- ${DB_PATH}:/var/lib/postgresql/data
- 5002:8080
restart: unless-stopped

1
settings.gradle Normal file
View File

@ -0,0 +1 @@
rootProject.name = 'CFTunnels'

28
src/main/java/com/hithomelabs/CFTunnels/Config/AuthoritiesToGroupMapping.java
View File

@ -1,28 +0,0 @@
package com.hithomelabs.CFTunnels.Config;
import com.hithomelabs.CFTunnels.Models.Authorities;
import com.hithomelabs.CFTunnels.Models.Groups;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@Configuration
public class AuthoritiesToGroupMapping {
public Map<String, Set<GrantedAuthority>> getAuthorityForGroup(){
HashMap<String, Set<GrantedAuthority>> mappings = new HashMap<>();
mappings.put(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))));
mappings.put(Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))));
mappings.put(Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))));
mappings.put(Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN))));
return mappings;
}
}

45
src/main/java/com/hithomelabs/CFTunnels/Config/CustomOidcUserConfiguration.java
View File

@ -1,45 +0,0 @@
package com.hithomelabs.CFTunnels.Config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@Configuration
public class CustomOidcUserConfiguration extends OidcUserService {
@Autowired
AuthoritiesToGroupMapping authoritiesToGroupMapping;
@Override
public OidcUser loadUser(OidcUserRequest userRequest) {
// * * Delegate to the default implementation for loading user and claims
OidcUser oidcUser = super.loadUser(userRequest);
// * * Copy existing authorities (e.g. scopes authorities)
Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
// * * Extract your custom claim (change "roles" to your claim name)
List<String> groups = oidcUser.getClaimAsStringList("groups");
if (groups != null) {
groups.forEach(group ->
mappedAuthorities.addAll(authoritiesToGroupMapping.getAuthorityForGroup().get(group))
);
}
// * * Return a new DefaultOidcUser with merged authorities
return new DefaultOidcUser(
mappedAuthorities,
oidcUser.getIdToken(),
oidcUser.getUserInfo()
);
}
}

30
src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java
View File

@ -1,54 +1,26 @@
package com.hithomelabs.CFTunnels.Config;
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.security.*;
import io.swagger.v3.oas.models.servers.Server;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import java.util.ArrayList;
@Configuration
@Profile("!integration")
public class OpenApiConfig {
@Value("${api.baseUrl}")
private String baseUrl;
@Value("${springdoc.swagger-ui.oauth.authorization-url}")
private String authorizationUri;
@Value("${springdoc.swagger-ui.oauth.token-url}")
private String tokenUri;
@Bean
public OpenAPI openAPI() {
public OpenAPI openAPI(){
Server httpsServer = new Server().url(baseUrl);
OpenAPI openApi = new OpenAPI();
ArrayList<Server> servers = new ArrayList<>();
servers.add(httpsServer);
openApi.setServers(servers);
openApi.addSecurityItem(new SecurityRequirement().addList("oidcAuth"))
.components(new Components()
.addSecuritySchemes("oidcAuth",
new SecurityScheme()
.type(SecurityScheme.Type.OAUTH2)
.flows(new OAuthFlows()
.authorizationCode(new OAuthFlow()
.authorizationUrl(authorizationUri)
.tokenUrl(tokenUri)
.scopes(new Scopes()
.addString("openid", "OpenID scope")
.addString("profile", "OpenID profile")
.addString("email", "OpenID email"))
)
)
)
)
.addSecurityItem(new SecurityRequirement().addList("oidcAuth"));
return openApi;
}
}

41
src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java
View File

@ -1,41 +0,0 @@
package com.hithomelabs.CFTunnels.Config.Security;
import com.hithomelabs.CFTunnels.Config.CustomOidcUserConfiguration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true
)
public class SecuirtyConfig {
@Autowired
private CustomOidcUserConfiguration customOidcUserConfiguration;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth
//.requestMatchers( "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html" ).permitAll()
.anyRequest().authenticated()
).csrf(csrf -> csrf.disable())
.with(new OAuth2LoginConfigurer<>(),
oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration)));
return http.build();
}
}

194
src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java
View File

@ -1,50 +1,30 @@
package com.hithomelabs.CFTunnels.Controllers;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
import com.hithomelabs.CFTunnels.Entity.Request;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Entity.User;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Repositories.UserRepository;
import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
import com.hithomelabs.CFTunnels.Services.MappingRequestService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.dao.DataAccessException;
import org.springframework.http.*;
import org.springframework.http.*;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.RestTemplate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.UUID;
@RestController
@RequestMapping("/cloudflare")
public class TunnelController implements ErrorController {
public class TunnelController {
private final RestTemplate restTemplate = new RestTemplate();
private static final String ERROR_PATH = "/error";
@Autowired
private AuthoritiesToGroupMapping authoritiesToGroupMapping;
@Autowired
private CloudflareConfig cloudflareConfig;
@ -54,37 +34,15 @@ public class TunnelController implements ErrorController {
@Autowired
private RestTemplateConfig restTemplateConfig;
@Autowired
CloudflareAPIService cloudflareAPIService;
@Autowired
MappingRequestService mappingRequestService;
@Autowired
private UserRepository userRepository;
@Value("${spring.profiles.active}")
private String environment;
@PreAuthorize("hasAnyRole('USER')")
@GetMapping("/whoami")
public Map<String,Object> whoAmI(@AuthenticationPrincipal OidcUser oidcUser) {
List<String> authorities = oidcUser.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.toList();
return Map.of(
"username", oidcUser.getPreferredUsername(),
"roles", authorities
);
}
@PreAuthorize("hasAnyRole('USER')")
@GetMapping("/tunnels")
@Operation( security = { @SecurityRequirement(name = "oidcAuth") } )
public ResponseEntity<Map<String,Object>> getTunnels(){
ResponseEntity<TunnelsResponse> responseEntity = cloudflareAPIService.getCloudflareTunnels();
// * * Resource URL to hit get request at
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
Map<String, Object> jsonResponse = new HashMap<>();
jsonResponse.put("status", "success");
jsonResponse.put("data", responseEntity.getBody());
@ -92,39 +50,15 @@ public class TunnelController implements ErrorController {
return ResponseEntity.ok(jsonResponse);
}
@PreAuthorize("hasAnyRole('USER')")
@GetMapping("/configured/tunnels")
public ResponseEntity<Map<String,Object>> getConfiguredTunnels(){
try {
List<Tunnel> tunnels = cloudflareAPIService.getAllConfiguredTunnels();
Map<String, Object> jsonResponse = new HashMap<>();
jsonResponse.put("status", "success");
jsonResponse.put("data", tunnels);
return ResponseEntity.ok(jsonResponse);
} catch (DataAccessException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
@GetMapping("/tunnel/{tunnelId}")
public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) throws JsonProcessingException {
@PreAuthorize("hasAnyRole('USER')")
@GetMapping("/requests")
public ResponseEntity<Map<String,Object>> getAllRequests() {
try {
List<Request> requests = mappingRequestService.getAllRequests();
Map<String, Object> jsonResponse = new HashMap<>();
jsonResponse.put("status", "success");
jsonResponse.put("data", requests);
return ResponseEntity.ok(jsonResponse);
} catch (DataAccessException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
// * * Resource URL to hit get request at
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
@PreAuthorize("hasAnyRole('DEVELOPER')")
@GetMapping("/tunnels/{tunnelId}/mappings")
public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) {
HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplate, Map.class);
Map<String, Object> jsonResponse = new HashMap<>();
jsonResponse.put("status", "success");
jsonResponse.put("data", responseEntity.getBody());
@ -132,12 +66,16 @@ public class TunnelController implements ErrorController {
return ResponseEntity.ok(jsonResponse);
}
// 50df9101-f625-4618-b7c5-100338a57124
@PreAuthorize("hasAnyRole('ADMIN')")
@PostMapping("/tunnels/{tunnelId}/mappings")
// 50df9101-f625-4618-b7c5-100338a57124
@PutMapping("/tunnel/{tunnelId}/add")
public ResponseEntity<Map<String, Object>> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
// * * Getting existing public hostname mappings
HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
HttpEntity<String> httpEntity = new HttpEntity<>("",httpHeaders);
ResponseEntity<TunnelResponse> responseEntity = restTemplateConfig.restTemplate().exchange(url, HttpMethod.GET, httpEntity, TunnelResponse.class);
// * * Inserting new ingress value at second-to last position in list
Config config = responseEntity.getBody().getResult().getConfig();
@ -145,7 +83,9 @@ public class TunnelController implements ErrorController {
response_ingress.add(response_ingress.size()-1, ingress);
// * * Hitting put endpoint
ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config);
httpHeaders.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
ResponseEntity<Map> response = restTemplateConfig.restTemplate().exchange(url, HttpMethod.PUT, entity, Map.class);
// * * Displaying response
Map<String, Object> jsonResponse = new HashMap<>();
@ -155,11 +95,15 @@ public class TunnelController implements ErrorController {
return ResponseEntity.ok(jsonResponse);
}
@PreAuthorize("hasAnyRole('DEVELOPER')")
@DeleteMapping("/tunnels/{tunnelId}/mappings")
@PutMapping("/tunnel/{tunnelId}/delete")
public ResponseEntity<Map<String, Object>> deleteTunnelConfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
// * * Getting existing public hostname mappings
HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
HttpEntity<String> httpEntity = new HttpEntity<>("",httpHeaders);
ResponseEntity<TunnelResponse> responseEntity = restTemplateConfig.restTemplate().exchange(url, HttpMethod.GET, httpEntity, TunnelResponse.class);
// * * Deleting the selected ingress value
Config config = responseEntity.getBody().getResult().getConfig();
@ -167,7 +111,9 @@ public class TunnelController implements ErrorController {
Boolean result = Ingress.deleteByHostName(response_ingress, ingress.getHostname());
// * * Hitting put endpoint
ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config);
httpHeaders.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
ResponseEntity<Map> response = restTemplateConfig.restTemplate().exchange(url, HttpMethod.PUT, entity, Map.class);
// * * Displaying response
Map<String, Object> jsonResponse = new HashMap<>();
@ -183,70 +129,4 @@ public class TunnelController implements ErrorController {
return ResponseEntity.ok(jsonResponse);
}
@PreAuthorize("hasAnyRole('DEVELOPER')")
@PostMapping("/tunnels/configure/{tunnelId}/requests")
public ResponseEntity<Request> createTunnelMappingRequest(@PathVariable String tunnelId, @AuthenticationPrincipal OidcUser oidcUser, @RequestBody Ingress ingess){
Request request = mappingRequestService.createMappingRequest(tunnelId, ingess, oidcUser);
if(request.getId() != null)
return ResponseEntity.status(HttpStatus.CREATED).body(request);
return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
}
@PreAuthorize("hasAnyRole('APPROVER')")
@PutMapping("/requests/{requestId}/approve")
public ResponseEntity<Request> approveMappingRequest(@PathVariable UUID requestId, @AuthenticationPrincipal OidcUser oidcUser) {
try {
User approver = userRepository.findByEmail(oidcUser.getEmail())
.orElseThrow(() -> new RuntimeException("Approver not found"));
Request request = mappingRequestService.approveRequest(requestId, approver);
return ResponseEntity.ok(request);
} catch (NoSuchElementException e) {
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
} catch (IllegalStateException e) {
return ResponseEntity.status(HttpStatus.CONFLICT).build();
} catch (RuntimeException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
@PreAuthorize("hasAnyRole('APPROVER')")
@PutMapping("/requests/{requestId}/reject")
public ResponseEntity<Request> rejectMappingRequest(@PathVariable UUID requestId, @AuthenticationPrincipal OidcUser oidcUser) {
try {
User rejecter = userRepository.findByEmail(oidcUser.getEmail())
.orElseThrow(() -> new RuntimeException("Rejecter not found"));
Request request = mappingRequestService.rejectRequest(requestId, rejecter);
return ResponseEntity.ok(request);
} catch (NoSuchElementException e) {
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
} catch (IllegalStateException e) {
return ResponseEntity.status(HttpStatus.CONFLICT).build();
} catch (RuntimeException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
@PreAuthorize("hasAnyRole('ADMIN')")
@PutMapping("/tunnels/configure/{tunnelId}")
public ResponseEntity<Tunnel> configureTunnelForEnvironment(@PathVariable String tunnelId, @AuthenticationPrincipal OidcUser user) {
/*
* * Returns 200 if an object is created or updated with a new representation of the object
* * Returns 204 if the object state did not need any changing.
* * Returns 404 if the tunnelId is not valid
*/
try {
Tunnel tunnel = cloudflareAPIService.createOrUpdateTunnel(tunnelId, environment);
if (tunnel == null)
return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
else
return ResponseEntity.ok(tunnel);
} catch (NoSuchElementException e) {
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
} catch (RuntimeException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
}

38
src/main/java/com/hithomelabs/CFTunnels/Entity/Mapping.java
View File

@ -1,38 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
import jakarta.persistence.*;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.UUID;
@Entity
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Table(name = "mappings")
public class Mapping {
@Id
@GeneratedValue
@Column(columnDefinition = "uuid", nullable = false, unique = true)
private UUID id;
@Column(nullable = false)
private int port;
@Enumerated(EnumType.STRING)
@Column(length = 10, nullable = false)
private Protocol protocol;
@Column(length = 50, nullable = false)
private String subdomain;
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "tunnel_id", nullable = false)
private Tunnel tunnel;
}

8
src/main/java/com/hithomelabs/CFTunnels/Entity/Protocol.java
View File

@ -1,8 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
public enum Protocol {
HTTP,
HTTPS,
TCP,
SSH
}

45
src/main/java/com/hithomelabs/CFTunnels/Entity/Request.java
View File

@ -1,45 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
import jakarta.persistence.*;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.UUID;
@Entity
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Table(name = "requests")
public class Request {
@Id
@GeneratedValue
@Column(columnDefinition = "uuid", unique = true, nullable = false)
private UUID id;
@OneToOne
@JoinColumn(name = "mapping_id", unique = true, nullable = false)
private Mapping mapping;
@ManyToOne
@JoinColumn(name = "created_by", nullable = false)
private User createdBy;
@ManyToOne
@JoinColumn(name = "accepted_by")
private User acceptedBy;
public enum RequestStatus {
PENDING,
APPROVED,
REJECTED
}
@Enumerated(EnumType.STRING)
@Column(length = 10, nullable = false)
private RequestStatus status;
}

28
src/main/java/com/hithomelabs/CFTunnels/Entity/Tunnel.java
View File

@ -1,28 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
import jakarta.persistence.*;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.UUID;
@Entity
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Table(name="tunnels")
public class Tunnel {
@Id
@Column(columnDefinition = "uuid", insertable = false, updatable = false, nullable = false)
private UUID id;
@Column(length = 10, unique = true, nullable = false)
private String environment;
@Column(length = 50, unique = true, nullable = false)
private String name;
}

30
src/main/java/com/hithomelabs/CFTunnels/Entity/User.java
View File

@ -1,30 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
import jakarta.persistence.*;
import jakarta.validation.constraints.Size;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.UUID;
@Entity
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Table(name = "users")
public class User {
@Id
@GeneratedValue
@Column(columnDefinition = "uuid", insertable = false, updatable = false, nullable = false)
private UUID id;
@Column(length = 50, nullable = false)
@Size(max = 50)
private String name;
@Column(length = 50, nullable = false)
@Size(max = 50)
private String email;
}

5
src/main/java/com/hithomelabs/CFTunnels/Exceptions/ExternalServiceException.java
View File

@ -1,5 +0,0 @@
package com.hithomelabs.CFTunnels.Exceptions;
public class ExternalServiceException extends RuntimeException {
public ExternalServiceException(String message) { super(message); }
}

10
src/main/java/com/hithomelabs/CFTunnels/Models/Authorities.java
View File

@ -1,10 +0,0 @@
package com.hithomelabs.CFTunnels.Models;
public class Authorities {
public static final String ROLE_ADMIN = "ROLE_ADMIN";
public static final String ROLE_DEVELOPER = "ROLE_DEVELOPER";
public static final String ROLE_USER = "ROLE_USER";
public static final String ROLE_APPROVER = "ROLE_APPROVER";
}

10
src/main/java/com/hithomelabs/CFTunnels/Models/Groups.java
View File

@ -1,10 +0,0 @@
package com.hithomelabs.CFTunnels.Models;
public class Groups {
public static final String HOMELAB_DEVELOPER = "homelab developer";
public static final String SYSTEM_ADMIN = "authentik Admins";
public static final String POWER_USER = "arr premium";
public static final String GITEA_USER = "gitrestricted";
}

41
src/main/java/com/hithomelabs/CFTunnels/Models/Ingress.java
View File

@ -1,17 +1,8 @@
package com.hithomelabs.CFTunnels.Models;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.List;
import java.util.Map;
@NoArgsConstructor
@AllArgsConstructor
@Getter
@Setter
public class Ingress {
private String service;
@ -19,8 +10,40 @@ public class Ingress {
private Map<String, Object> originRequest;
private String path;
public String getPath() {
return path;
}
public void setPath(String path) {
this.path = path;
}
public static boolean deleteByHostName(List<Ingress> ingressList, String toBeDeleted){
return ingressList.removeIf(ingress -> ingress.getHostname() != null && ingress.getHostname().equals(toBeDeleted));
}
public String getService() {
return service;
}
public void setService(String service) {
this.service = service;
}
public String getHostname() {
return hostname;
}
public void setHostname(String hostname) {
this.hostname = hostname;
}
public Map<String, Object> getOriginRequest() {
return originRequest;
}
public void setOriginRequest(Map<String, Object> originRequest) {
this.originRequest = originRequest;
}
}

50
src/main/java/com/hithomelabs/CFTunnels/Models/TunnelResponse.java
View File

@ -1,17 +1,8 @@
package com.hithomelabs.CFTunnels.Models;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.List;
import java.util.Map;
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class TunnelResponse {
private List<Map<String, Object>> errors;
@ -21,4 +12,45 @@ public class TunnelResponse {
private Boolean success;
private Result result;
public Result getResult() {
return result;
}
public void setResult(Result result) {
this.result = result;
}
public List<Map<String, Object>> getErrors() {
return errors;
}
public void setErrors(List<Map<String, Object>> errors) {
this.errors = errors;
}
public List<Map<String, Object>> getMessages() {
return messages;
}
public void setMessages(List<Map<String, Object>> messages) {
this.messages = messages;
}
public boolean isSuccess() {
return success;
}
public void setSuccess(boolean success) {
this.success = success;
}
public Boolean getSuccess() {
return success;
}
public void setSuccess(Boolean success) {
this.success = success;
}
}

19
src/main/java/com/hithomelabs/CFTunnels/Models/TunnelResult.java
View File

@ -1,19 +0,0 @@
package com.hithomelabs.CFTunnels.Models;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
@JsonIgnoreProperties(ignoreUnknown = true)
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class TunnelResult {
private String id;
private String name;
}

28
src/main/java/com/hithomelabs/CFTunnels/Models/TunnelsResponse.java
View File

@ -1,28 +0,0 @@
package com.hithomelabs.CFTunnels.Models;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.List;
import java.util.Map;
@JsonIgnoreProperties(ignoreUnknown = true)
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class TunnelsResponse {
private List<TunnelResult> result;
private List<Map<String, Object>> errors;
private List<Map<String, Object>> messages;
private Boolean success;
}

11
src/main/java/com/hithomelabs/CFTunnels/Repositories/MappingRepository.java
View File

@ -1,11 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.Mapping;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.UUID;
@Repository
public interface MappingRepository extends JpaRepository<Mapping, UUID> {
}

24
src/main/java/com/hithomelabs/CFTunnels/Repositories/RequestRepository.java
View File

@ -1,24 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.Request;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
@Repository
public interface RequestRepository extends JpaRepository<Request, UUID> {
Page<Request> findByStatus(Request.RequestStatus status, Pageable pageable);
@Query("SELECT r FROM Request r JOIN FETCH r.mapping m JOIN FETCH m.tunnel JOIN FETCH r.createdBy LEFT JOIN FETCH r.acceptedBy")
List<Request> findAllWithDetails();
@Query("SELECT r FROM Request r JOIN FETCH r.mapping m JOIN FETCH m.tunnel JOIN FETCH r.createdBy LEFT JOIN FETCH r.acceptedBy WHERE r.id = :id")
Optional<Request> findByIdWithDetails(@Param("id") UUID id);
}

12
src/main/java/com/hithomelabs/CFTunnels/Repositories/TunnelRepository.java
View File

@ -1,12 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.Optional;
import java.util.UUID;
@Repository
public interface TunnelRepository extends JpaRepository<Tunnel, UUID> {
}

14
src/main/java/com/hithomelabs/CFTunnels/Repositories/UserRepository.java
View File

@ -1,14 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.User;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.Optional;
import java.util.UUID;
@Repository
public interface UserRepository extends JpaRepository<User, UUID> {
Optional<User> findByEmail(String email);
}

108
src/main/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIService.java
View File

@ -1,108 +0,0 @@
package com.hithomelabs.CFTunnels.Services;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Exceptions.ExternalServiceException;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelResult;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Repositories.TunnelRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.http.*;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.UUID;
@Service
public class CloudflareAPIService {
@Autowired
CloudflareConfig cloudflareConfig;
@Autowired
AuthKeyEmailHeader authKeyEmailHeader;
@Autowired
RestTemplate restTemplate;
@Autowired
TunnelRepository tunnelRepository;
public ResponseEntity<TunnelsResponse> getCloudflareTunnels() {
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
HttpEntity<String> httpEntity = new HttpEntity<>("", authKeyEmailHeader.getHttpHeaders());
ResponseEntity<TunnelsResponse> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, TunnelsResponse.class);
return responseEntity;
}
public <T> ResponseEntity<T> getCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType) {
// * * Resource URL to hit get request at
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
ResponseEntity<T> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, responseType);
return responseEntity;
}
public <T> ResponseEntity<T> putCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType, Config config) {
// * * Resource URL to hit get request at
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
httpHeaders.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
ResponseEntity<T> responseEntity = restTemplate.exchange(url, HttpMethod.PUT, entity, responseType);
return responseEntity;
}
private Tunnel getTunnelFromTunnelResponse(TunnelResult tunnelResult, String env){
return new Tunnel(UUID.fromString(tunnelResult.getId()), env, tunnelResult.getName());
}
public Tunnel createOrUpdateTunnel(String tunnelId, String environment) throws ExternalServiceException, NoSuchElementException {
ResponseEntity<TunnelsResponse> responseEntity = getCloudflareTunnels();
if (responseEntity.getStatusCode().isError())
throw new ExternalServiceException("Cloudflare API error: " + responseEntity.getStatusCode());
TunnelResult tunnelResult = responseEntity.getBody().getResult().stream().filter(t -> t.getId().equals(tunnelId)).findFirst().orElse(null);
if (tunnelResult == null)
throw new NoSuchElementException();
Tunnel toBeConfigured = getTunnelFromTunnelResponse(tunnelResult, environment);
Tunnel fromDatabase = tunnelRepository.findById(UUID.fromString(tunnelId)).orElse(null);
if (fromDatabase != null)
tunnelRepository.deleteById(UUID.fromString(tunnelId));
tunnelRepository.save(toBeConfigured);
return toBeConfigured;
}
public List<Tunnel> getAllConfiguredTunnels() {
return tunnelRepository.findAll();
}
public ResponseEntity<TunnelResponse> addTunnelIngress(String tunnelId, Ingress ingress) {
ResponseEntity<TunnelResponse> currentConfig = getCloudflareTunnelConfigurations(tunnelId, restTemplate, TunnelResponse.class);
Config config = currentConfig.getBody().getResult().getConfig();
List<Ingress> ingressList = config.getIngress();
ingressList.add(ingressList.size() - 1, ingress);
return putCloudflareTunnelConfigurations(tunnelId, restTemplate, TunnelResponse.class, config);
}
}

152
src/main/java/com/hithomelabs/CFTunnels/Services/MappingRequestService.java
View File

@ -1,152 +0,0 @@
package com.hithomelabs.CFTunnels.Services;
import com.hithomelabs.CFTunnels.Entity.Mapping;
import com.hithomelabs.CFTunnels.Entity.Protocol;
import com.hithomelabs.CFTunnels.Entity.Request;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Entity.User;
import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Repositories.MappingRepository;
import com.hithomelabs.CFTunnels.Repositories.RequestRepository;
import com.hithomelabs.CFTunnels.Repositories.TunnelRepository;
import com.hithomelabs.CFTunnels.Repositories.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.UUID;
@Service
public class MappingRequestService {
@Autowired
UserRepository userRepository;
@Autowired
MappingRepository mappingRepository;
@Autowired
RequestRepository requestRepository;
@Autowired
TunnelRepository tunnelRepository;
@Autowired
CloudflareAPIService cloudflareAPIService;
public Mapping createMapping(UUID tunnelId, Ingress ingress){
Tunnel tunnel = tunnelRepository.findById(tunnelId).orElseThrow(() -> new RuntimeException("Tunnel not found"));
Mapping mapping = createMappingFromTunnelIngress(tunnel, ingress);
return mappingRepository.save(mapping);
}
public Request createRequest(Mapping mapping, User user){
Request request = new Request();
request.setMapping(mapping);
request.setCreatedBy(user);
request.setStatus(Request.RequestStatus.PENDING);
return requestRepository.save(request);
}
public Request createMappingRequest(String tunnelId, Ingress ingress, OidcUser oidcUser){
User user = userRepository.findByEmail(oidcUser.getEmail()).orElseGet(()-> mapUser(oidcUser));
Mapping mapping = createMapping(UUID.fromString(tunnelId), ingress);
return createRequest(mapping, user);
}
@Transactional(readOnly = true)
public List<Request> getAllRequests() {
return requestRepository.findAllWithDetails();
}
public User mapUser(OidcUser oidcUser){
String email = oidcUser.getEmail();
String name = oidcUser.getNickName();
User user = new User();
user.setEmail(email);
user.setName(name);
userRepository.save(user);
return user;
}
public Mapping createMappingFromTunnelIngress(Tunnel tunnel, Ingress ingress){
Mapping mapping = new Mapping();
mapping.setTunnel(tunnel);
String serviceString = ingress.getService().toLowerCase();
Protocol protocol = parseProtocol(serviceString);
mapping.setProtocol(protocol);
mapping.setPort(Integer.parseInt(ingress.getService().split(":")[2]));
mapping.setSubdomain(ingress.getHostname().split("\\.")[0]);
return mapping;
}
private Protocol parseProtocol(String serviceString) {
if (serviceString.startsWith("https://")) {
return Protocol.HTTPS;
} else if (serviceString.startsWith("tcp://")) {
return Protocol.TCP;
} else if (serviceString.startsWith("ssh://")) {
return Protocol.SSH;
}
return Protocol.HTTP;
}
@Transactional
public Request approveRequest(UUID requestId, User approver) {
Request request = requestRepository.findByIdWithDetails(requestId)
.orElseThrow(() -> new NoSuchElementException("Request not found"));
if (request.getStatus() != Request.RequestStatus.PENDING) {
throw new IllegalStateException("Request is not in PENDING status");
}
Mapping mapping = request.getMapping();
Tunnel tunnel = mapping.getTunnel();
Ingress ingress = createIngressFromMapping(mapping);
ResponseEntity<?> response = cloudflareAPIService.addTunnelIngress(
tunnel.getId().toString(),
ingress
);
if (!response.getStatusCode().is2xxSuccessful()) {
throw new RuntimeException("Failed to add mapping to Cloudflare");
}
request.setStatus(Request.RequestStatus.APPROVED);
request.setAcceptedBy(approver);
return requestRepository.save(request);
}
@Transactional
public Request rejectRequest(UUID requestId, User rejecter) {
Request request = requestRepository.findByIdWithDetails(requestId)
.orElseThrow(() -> new NoSuchElementException("Request not found"));
if (request.getStatus() != Request.RequestStatus.PENDING) {
throw new IllegalStateException("Request is not in PENDING status");
}
request.setStatus(Request.RequestStatus.REJECTED);
request.setAcceptedBy(rejecter);
return requestRepository.save(request);
}
private static final String SERVER_IP = "192.168.0.100";
private Ingress createIngressFromMapping(Mapping mapping) {
Tunnel tunnel = mapping.getTunnel();
String protocol = mapping.getProtocol().name().toLowerCase();
String service = protocol + "://" + SERVER_IP + ":" + mapping.getPort();
String hostname = mapping.getSubdomain() + ".hithomelabs.com";
return new Ingress(service, hostname, null, null);
}
}

7
src/main/resources/application-ci.properties
View File

@ -1,7 +0,0 @@
api.baseUrl=https://testcf.hithomelabs.com
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driver-class-name=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
spring.jpa.hibernate.ddl-auto=none

9
src/main/resources/application-integration.properties
View File

@ -1,9 +0,0 @@
cloudflare.accountId=${CLOUDFLARE_ACCOUNT_ID}
cloudflare.apiKey=${CLOUDFLARE_API_KEY}
cloudflare.email=${CLOUDFLARE_EMAIL}
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driver-class-name=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
spring.jpa.hibernate.ddl-auto=none

13
src/main/resources/application-local.properties
View File

@ -1,12 +1 @@
api.baseUrl=http://localhost:8080
management.health.db.enabled=true
management.endpoints.web.exposure.include=health
management.endpoint.health.show-details=always
logging.level.org.hibernate.SQL=DEBUG
debug=true
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.datasource.url=jdbc:postgresql://localhost:5432/cftunnel
api.baseUrl=http://localhost:8080

13
src/main/resources/application-prod.properties
View File

@ -1,12 +1 @@
api.baseUrl=https://cftunnels.hithomelabs.com
# Production Database Configuration
spring.datasource.url=jdbc:postgresql://postgres:5432/cftunnel
spring.datasource.username=${POSTGRES_USERNAME}
spring.datasource.password=${POSTGRES_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver
# JPA Configuration
spring.jpa.hibernate.ddl-auto=create-drop
spring.jpa.show-sql=false
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
api.baseUrl=https://cftunnels.hithomelabs.com

13
src/main/resources/application-test.properties
View File

@ -1,12 +1 @@
api.baseUrl=https://testcf.hithomelabs.com
# Test Database Configuration - Same as Production
spring.datasource.url=jdbc:postgresql://postgres:5432/cftunnel
spring.datasource.username=${POSTGRES_USERNAME}
spring.datasource.password=${POSTGRES_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver
# JPA Configuration
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
api.baseUrl=https://testcf.hithomelabs.com

33
src/main/resources/application.properties
View File

@ -3,36 +3,3 @@ cloudflare.accountId=${CLOUDFLARE_ACCOUNT_ID}
cloudflare.apiKey=${CLOUDFLARE_API_KEY}
cloudflare.email=${CLOUDFLARE_EMAIL}
spring.profiles.active=${ENV}
/ * * Masking sure app works behind a reverse proxy
server.forward-headers-strategy=framework
spring.security.oauth2.client.registration.cftunnels.client-id=${OAUTH_CLIENT_ID}
spring.security.oauth2.client.registration.cftunnels.client-secret=${OAUTH_CLIENT_SECRET}
spring.security.oauth2.client.registration.cftunnels.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.cftunnels.redirect-uri={baseUrl}/login/oauth2/code/cftunnels
spring.security.oauth2.client.registration.cftunnels.scope=openid,profile,email,offline_access,cftunnels
spring.security.oauth2.client.provider.cftunnels.authorization-uri=https://auth.hithomelabs.com/application/o/authorize/
spring.security.oauth2.client.provider.cftunnels.token-uri=https://auth.hithomelabs.com/application/o/token/
spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hithomelabs.com/application/o/userinfo/
spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/
spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/
springdoc.swagger-ui.oauth.client-id=${SWAGGER_OAUTH_CLIENT_ID}
springdoc.swagger-ui.oauth.client-secret= # leave empty for public client
springdoc.swagger-ui.oauth.use-pkce=true
springdoc.swagger-ui.oauth.scopes=openid,profile,email
springdoc.swagger-ui.oauth.authorization-url=https://auth.hithomelabs.com/application/o/authorize/
springdoc.swagger-ui.oauth.token-url=https://auth.hithomelabs.com/application/o/token/
spring.datasource.url=jdbc:postgresql://192.168.0.100:5432/cftunnel
spring.datasource.username=${POSTGRES_USERNAME}
spring.datasource.password=${POSTGRES_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver
spring.sql.init.mode=never
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
spring.jpa.open-in-view=false

29
src/main/resources/schema.sql
View File

@ -1,29 +0,0 @@
CREATE EXTENSION IF NOT EXISTS "pgcrypto";
CREATE TABLE IF NOT EXISTS tunnels (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
environment VARCHAR(10) NOT NULL,
cf_tunnel_id UUID UNIQUE NOT NULL
);
CREATE TABLE IF NOT EXISTS users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(50) NOT NULL
);
CREATE TABLE IF NOT EXISTS mappings (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
tunnel_id UUID NOT NULL REFERENCES tunnels(id) ON DELETE CASCADE,
port INT NOT NULL,
subdomain VARCHAR(50) NOT NULL
-- UNIQUE (tunnel_id, port),
-- UNIQUE (tunnel_id, subdomain)
);
CREATE TABLE IF NOT EXISTS requests (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
mapping_id UUID NOT NULL REFERENCES mappings(id) ON DELETE CASCADE,
created_by UUID NOT NULL REFERENCES users(id) ON DELETE RESTRICT,
accepted_by UUID REFERENCES users(id) ON DELETE SET NULL,
status VARCHAR(20) NOT NULL CHECK (status IN ('PENDING', 'APPROVED', 'REJECTED'))
);

495
src/test/java/com/hithomelabs/CFTunnels/Controllers/TunnelControllerTest.java
View File

@ -1,495 +0,0 @@
package com.hithomelabs.CFTunnels.Controllers;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Entity.Request;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Models.Authorities;
import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Groups;
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelResult;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Repositories.UserRepository;
import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
import com.hithomelabs.CFTunnels.Services.MappingRequestService;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.http.*;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.test.context.bean.override.mockito.MockitoBean;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
import org.springframework.web.client.RestTemplate;
import java.io.IOException;
import java.time.Instant;
import java.util.*;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageImpl;
import org.springframework.data.domain.PageRequest;
import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
import static org.hamcrest.core.IsIterableContaining.hasItem;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.when;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import static org.hamcrest.Matchers.not;
@WebMvcTest(TunnelController.class)
class TunnelControllerTest {
@Autowired
MockMvc mockMvc;
@MockitoBean
AuthoritiesToGroupMapping authoritiesToGroupMapping;
@MockitoBean
CloudflareConfig cloudflareConfig;
@MockitoBean
AuthKeyEmailHeader authKeyEmailHeader;
@MockitoBean
RestTemplate restTemplate;
@MockitoBean
CloudflareAPIService cloudflareAPIService;
@MockitoBean
RestTemplateConfig restTemplateConfig;
@MockitoBean
MappingRequestService mappingRequestService;
@MockitoBean
UserRepository userRepository;
private static final String tunnelResponseSmallIngressFile = "tunnelResponseSmallIngress.json";
private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
private static final String withAdditionalIngress;
static {
try {
withAdditionalIngress = getClassPathDataResource(tunnelResponseLargeIngressFile);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
public static final String withoutAdditionalIngress;
static {
try {
withoutAdditionalIngress = getClassPathDataResource(tunnelResponseSmallIngressFile);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
private static final String ingressJson = """
{
"service": "http://192.168.0.100:3457",
"hostname": "random.hithomelabs.com",
"originRequest": {}
}
""";
private DefaultOidcUser buildOidcUser(String username, String role) {
when(authoritiesToGroupMapping.getAuthorityForGroup()).thenReturn(Map.of(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))),
Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN)))));
Map<String, Set<GrantedAuthority>> roleAuthorityMapping = authoritiesToGroupMapping.getAuthorityForGroup();
List<GrantedAuthority> authorities = roleAuthorityMapping.get(role).stream().toList();
OidcIdToken idToken = new OidcIdToken(
"mock-token",
Instant.now(),
Instant.now().plusSeconds(3600),
Map.of("preferred_username", username, "sub", username)
);
return new DefaultOidcUser(authorities, idToken, "preferred_username");
}
private DefaultOidcUser buildOidcUserWithEmail(String username, String role, String email) {
when(authoritiesToGroupMapping.getAuthorityForGroup()).thenReturn(Map.of(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))),
Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN)))));
Map<String, Set<GrantedAuthority>> roleAuthorityMapping = authoritiesToGroupMapping.getAuthorityForGroup();
List<GrantedAuthority> authorities = roleAuthorityMapping.get(role).stream().toList();
OidcIdToken idToken = new OidcIdToken(
"mock-token",
Instant.now(),
Instant.now().plusSeconds(3600),
Map.of("preferred_username", username, "sub", username, "email", email)
);
return new DefaultOidcUser(authorities, idToken, "preferred_username");
}
@Test
@DisplayName("should return appropriate user roles when use belongs to group GITEA_USER")
public void testWhoAmI_user() throws Exception {
mockMvc.perform(get("/cloudflare/whoami")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.username").value("username"))
.andExpect(jsonPath("$.roles", hasItem("ROLE_USER")));
}
@Test
@DisplayName("should hit tunnels endpoint successfully with ROLE_USER")
public void testGetTunnelsForRoleUser() throws Exception {
when(cloudflareConfig.getAccountId()).thenReturn("abc123");
HttpHeaders headers = new HttpHeaders();
headers.set("X-Auth-Email", "me@example.com");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(headers);
List<TunnelResult> tunnelResults = List.of(new TunnelResult("50df9101-f625-4618-b7c5-100338a57124", "test-tunnel"));
TunnelsResponse tunnelsResponse = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(tunnelsResponse, HttpStatus.OK);
when(cloudflareAPIService.getCloudflareTunnels()).thenReturn(mockResponse);
mockMvc.perform(get("/cloudflare/tunnels")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.data.result[0].id").value("50df9101-f625-4618-b7c5-100338a57124"));
}
@Test
@DisplayName("should return list of configured tunnels from database")
void getConfiguredTunnels() throws Exception {
List<Tunnel> tunnels = List.of(
new Tunnel(UUID.fromString("50df9101-f625-4618-b7c5-100338a57124"), "dev", "devtunnel"),
new Tunnel(UUID.fromString("60df9101-f625-4618-b7c5-100338a57125"), "prod", "prodtunnel")
);
when(cloudflareAPIService.getAllConfiguredTunnels()).thenReturn(tunnels);
mockMvc.perform(get("/cloudflare/configured/tunnels")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("success"))
.andExpect(jsonPath("$.data[*].name", hasItem("devtunnel")))
.andExpect(jsonPath("$.data[*].name", hasItem("prodtunnel")));
}
@Test
@DisplayName("should return list of requests")
void getAllRequests_Success() throws Exception {
List<com.hithomelabs.CFTunnels.Entity.Request> requests = Arrays.asList(
createTestRequest(UUID.randomUUID(), com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.PENDING),
createTestRequest(UUID.randomUUID(), com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.APPROVED)
);
when(mappingRequestService.getAllRequests()).thenReturn(requests);
mockMvc.perform(get("/cloudflare/requests")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("success"))
.andExpect(jsonPath("$.data").isArray())
.andExpect(jsonPath("$.data.length()").value(2));
}
@Test
@DisplayName("should create mapping request successfully")
void createTunnelMappingRequest_Success() throws Exception {
UUID tunnelId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.Request createdRequest = new com.hithomelabs.CFTunnels.Entity.Request();
createdRequest.setId(UUID.randomUUID());
createdRequest.setStatus(com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.PENDING);
when(mappingRequestService.createMappingRequest(any(String.class), any(com.hithomelabs.CFTunnels.Models.Ingress.class), any())).thenReturn(createdRequest);
mockMvc.perform(post("/cloudflare/tunnels/configure/{tunnelId}/requests", tunnelId.toString())
.with(oauth2Login().oauth2User(buildOidcUser("developer", Groups.HOMELAB_DEVELOPER)))
.with(csrf())
.contentType(MediaType.APPLICATION_JSON)
.content(ingressJson))
.andExpect(status().isCreated())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("PENDING"));
}
@Test
@DisplayName("should approve mapping request successfully")
void approveMappingRequest_Success() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User approverUser = new com.hithomelabs.CFTunnels.Entity.User();
approverUser.setEmail("approver@example.com");
approverUser.setName("Approver");
com.hithomelabs.CFTunnels.Entity.Request approvedRequest = new com.hithomelabs.CFTunnels.Entity.Request();
approvedRequest.setId(requestId);
approvedRequest.setStatus(com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.APPROVED);
when(mappingRequestService.approveRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenReturn(approvedRequest);
when(userRepository.findByEmail("approver@example.com"))
.thenReturn(java.util.Optional.of(approverUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/approve", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("approver", Groups.SYSTEM_ADMIN, "approver@example.com")))
.with(csrf()))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("APPROVED"));
}
@Test
@DisplayName("should return 404 when request not found")
void approveMappingRequest_NotFound() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User approverUser = new com.hithomelabs.CFTunnels.Entity.User();
approverUser.setEmail("approver@example.com");
approverUser.setName("Approver");
when(mappingRequestService.approveRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenThrow(new NoSuchElementException("Request not found"));
when(userRepository.findByEmail("approver@example.com"))
.thenReturn(java.util.Optional.of(approverUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/approve", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("approver", Groups.SYSTEM_ADMIN, "approver@example.com")))
.with(csrf()))
.andExpect(status().isNotFound());
}
@Test
@DisplayName("should return 500 when mapping creation fails")
void approveMappingRequest_InternalServerError() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User approverUser = new com.hithomelabs.CFTunnels.Entity.User();
approverUser.setEmail("approver@example.com");
approverUser.setName("Approver");
when(mappingRequestService.approveRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenThrow(new RuntimeException("Failed to add mapping to Cloudflare"));
when(userRepository.findByEmail("approver@example.com"))
.thenReturn(java.util.Optional.of(approverUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/approve", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("approver", Groups.SYSTEM_ADMIN, "approver@example.com")))
.with(csrf()))
.andExpect(status().isInternalServerError());
}
@Test
@DisplayName("should reject mapping request successfully")
void rejectMappingRequest_Success() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User rejecterUser = new com.hithomelabs.CFTunnels.Entity.User();
rejecterUser.setEmail("rejecter@example.com");
rejecterUser.setName("Rejecter");
com.hithomelabs.CFTunnels.Entity.Request rejectedRequest = new com.hithomelabs.CFTunnels.Entity.Request();
rejectedRequest.setId(requestId);
rejectedRequest.setStatus(com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.REJECTED);
when(mappingRequestService.rejectRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenReturn(rejectedRequest);
when(userRepository.findByEmail("rejecter@example.com"))
.thenReturn(java.util.Optional.of(rejecterUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/reject", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("rejecter", Groups.SYSTEM_ADMIN, "rejecter@example.com")))
.with(csrf()))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("REJECTED"));
}
@Test
@DisplayName("should return 404 when rejecting non-existent request")
void rejectMappingRequest_NotFound() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User rejecterUser = new com.hithomelabs.CFTunnels.Entity.User();
rejecterUser.setEmail("rejecter@example.com");
rejecterUser.setName("Rejecter");
when(mappingRequestService.rejectRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenThrow(new NoSuchElementException("Request not found"));
when(userRepository.findByEmail("rejecter@example.com"))
.thenReturn(java.util.Optional.of(rejecterUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/reject", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("rejecter", Groups.SYSTEM_ADMIN, "rejecter@example.com")))
.with(csrf()))
.andExpect(status().isNotFound());
}
@Test
@DisplayName("should return 409 when rejecting already processed request")
void rejectMappingRequest_Conflict() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User rejecterUser = new com.hithomelabs.CFTunnels.Entity.User();
rejecterUser.setEmail("rejecter@example.com");
rejecterUser.setName("Rejecter");
when(mappingRequestService.rejectRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenThrow(new IllegalStateException("Request is not in PENDING status"));
when(userRepository.findByEmail("rejecter@example.com"))
.thenReturn(java.util.Optional.of(rejecterUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/reject", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("rejecter", Groups.SYSTEM_ADMIN, "rejecter@example.com")))
.with(csrf()))
.andExpect(status().isConflict());
}
@Test
void getTunnelConfigurations() throws Exception {
Map<String, Object> tunnelData = Map.of("config", Map.of("result", "success", "ingress", "sample ingress object"));
ResponseEntity<Map> mockResponse = new ResponseEntity<>(tunnelData, HttpStatus.OK);
when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(Map.class))).thenReturn(mockResponse);
mockMvc.perform(get("/cloudflare/tunnels/{tunnelId}/mappings", "sampleTunnelId")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.HOMELAB_DEVELOPER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.data.config.ingress").value("sample ingress object"));
}
@Test
void addTunnelconfiguration() throws Exception {
when(restTemplateConfig.restTemplate()).thenReturn(new RestTemplate());
ObjectMapper mapper = new ObjectMapper();
TunnelResponse tunnelStateBefore = mapper.readValue(withoutAdditionalIngress, TunnelResponse.class);
ResponseEntity<TunnelResponse> tunnelResponseBefore = new ResponseEntity<>(tunnelStateBefore, HttpStatus.OK);
when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class))).thenReturn(tunnelResponseBefore);
TunnelResponse expectedTunnelConfig = mapper.readValue(withAdditionalIngress, TunnelResponse.class);
ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
mockMvc.perform(post("/cloudflare/tunnels/{tunnelId}/mappings", "sampleTunnelId")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf())
.contentType(MediaType.APPLICATION_JSON)
.content(ingressJson))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.data.result.config.ingress[*].hostname", hasItem("random.hithomelabs.com")));
}
private Request createTestRequest(UUID id, Request.RequestStatus status) {
Request request = new Request();
request.setId(id);
request.setStatus(status);
return request;
}
@Test
void deleteTunnelConfiguration() throws Exception {
when(restTemplateConfig.restTemplate()).thenReturn(new RestTemplate());
ObjectMapper mapper = new ObjectMapper();
TunnelResponse tunnelStateBefore = mapper.readValue(withAdditionalIngress, TunnelResponse.class);
ResponseEntity<TunnelResponse> tunnelResponseBefore = new ResponseEntity<>(tunnelStateBefore, HttpStatus.OK);
when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class))).thenReturn(tunnelResponseBefore);
TunnelResponse expectedTunnelConfig = mapper.readValue(withoutAdditionalIngress, TunnelResponse.class);
ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
mockMvc.perform(delete("/cloudflare/tunnels/{tunnelId}/mappings", "sampleTunnelId")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf())
.contentType(MediaType.APPLICATION_JSON)
.content(ingressJson))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.data.result.config.ingress[*].hostname", not(hasItem("random.hithomelabs.com"))));
}
@Test
@DisplayName("should return 200 OK with tunnel when tunnel is successfully updated")
void configureTunnelForEnvironment_Success() throws Exception {
Tunnel tunnel = new Tunnel(UUID.randomUUID(), "dev", "test-tunnel");
when(cloudflareAPIService.createOrUpdateTunnel(eq("test-tunnel-id"), any(String.class))).thenReturn(tunnel);
mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "test-tunnel-id")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf()))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.name").value("test-tunnel"))
.andExpect(jsonPath("$.environment").value("dev"));
}
@Test
@DisplayName("should return 204 NO_CONTENT when tunnel does not need changes")
void configureTunnelForEnvironment_NoContent() throws Exception {
when(cloudflareAPIService.createOrUpdateTunnel(eq("test-tunnel-id"), any(String.class))).thenReturn(null);
mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "test-tunnel-id")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf()))
.andExpect(status().isNoContent());
}
@Test
@DisplayName("should return 404 NOT_FOUND when tunnelId is not valid")
void configureTunnelForEnvironment_NotFound() throws Exception {
when(cloudflareAPIService.createOrUpdateTunnel(eq("invalid-tunnel-id"), any(String.class)))
.thenThrow(new NoSuchElementException("Tunnel not found"));
mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "invalid-tunnel-id")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf()))
.andExpect(status().isNotFound());
}
@Test
@DisplayName("should return 500 INTERNAL_SERVER_ERROR when runtime exception occurs")
void configureTunnelForEnvironment_InternalServerError() throws Exception {
when(cloudflareAPIService.createOrUpdateTunnel(eq("test-tunnel-id"), any(String.class)))
.thenThrow(new RuntimeException("Internal error"));
mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "test-tunnel-id")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf()))
.andExpect(status().isInternalServerError());
}
}

108
src/test/java/com/hithomelabs/CFTunnels/Integration/CoudflareApiIntegrationTest.java
View File

@ -1,108 +0,0 @@
package com.hithomelabs.CFTunnels.Integration;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelResult;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.web.client.RestTemplate;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@ActiveProfiles("integration")
@Tag("integration")
public class CoudflareApiIntegrationTest {
@Autowired
RestTemplate restTemplate;
@Autowired
AuthKeyEmailHeader authKeyEmailHeader;
@Autowired
CloudflareConfig cloudflareConfig;
@Autowired
CloudflareAPIService cloudflareAPIService;
private static final String DEV_TUNNEL_ID = "50df9101-f625-4618-b7c5-100338a57124";
@Test
@DisplayName("Calls cloudflare cfd tunnels API and checks that dev tunnel should be a part of the response")
public void testGetTunnelsTest() {
ResponseEntity<TunnelsResponse> response = cloudflareAPIService.getCloudflareTunnels();
assertEquals(HttpStatus.OK, response.getStatusCode());
List<TunnelResult> tunnelList = response.getBody().getResult();
boolean hasName = tunnelList.stream()
.anyMatch(tunnel -> "devtunnel".equals(tunnel.getName()));
assertTrue(hasName);
}
@Test
@DisplayName("Calls cloudflare API to get mappings for devtunnel tunnel")
public void testTunnelConfigurations() {
ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(DEV_TUNNEL_ID, restTemplate, TunnelResponse.class);
// * * Check if status code is 200
assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
// * * Checking if mapping for devdocker exists
TunnelResponse tunnelResponse = responseEntity.getBody();
boolean hasMatch = tunnelResponse.getResult().getConfig().getIngress().stream()
.anyMatch(ingress -> "devdocker.hithomelabs.com".equals(ingress.getHostname()));
assertTrue(hasMatch);
}
@Test
@DisplayName("Inserts and deletes a mapping using Cloudflare API")
public void testAddAndDeleteMapping() {
ResponseEntity<TunnelResponse> beforeMapping = cloudflareAPIService.getCloudflareTunnelConfigurations(DEV_TUNNEL_ID, restTemplate, TunnelResponse.class);
assertEquals(HttpStatus.OK, beforeMapping.getStatusCode());
Ingress ingress = new Ingress();
ingress.setHostname("random.hithomelabs.com");
ingress.setService("http://192.168.0.100:3457");
Config beforeInsertConfig = beforeMapping.getBody().getResult().getConfig();
List<Ingress> beforeInsert = beforeInsertConfig.getIngress();
beforeInsert.add(beforeInsert.size() - 1, ingress);
ResponseEntity<TunnelResponse> afterInsert = cloudflareAPIService.putCloudflareTunnelConfigurations(DEV_TUNNEL_ID, restTemplate, TunnelResponse.class, beforeInsertConfig);
assertEquals(HttpStatus.OK, afterInsert.getStatusCode());
Config afterInsertConfig = afterInsert.getBody().getResult().getConfig();
List<Ingress> ingressList = afterInsertConfig.getIngress();
boolean hasIngress = ingressList.get(ingressList.size() - 2 ).getHostname().equals("random.hithomelabs.com");
assertTrue(hasIngress);
Boolean deleteSuccess = Ingress.deleteByHostName(ingressList, ingress.getHostname());
assertTrue(deleteSuccess);
ResponseEntity<TunnelResponse> afterDelete = cloudflareAPIService.putCloudflareTunnelConfigurations(DEV_TUNNEL_ID, restTemplate, TunnelResponse.class, afterInsertConfig);
assertEquals(HttpStatus.OK, afterDelete.getStatusCode());
assertFalse(afterDelete.getBody().getResult().getConfig().getIngress().stream().anyMatch(anyIngress -> "random.hithomelabs.com".equals(anyIngress.getHostname())));
}
}

179
src/test/java/com/hithomelabs/CFTunnels/Repositories/RequestRepositoryTest.java
View File

@ -1,179 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.Mapping;
import com.hithomelabs.CFTunnels.Entity.Protocol;
import com.hithomelabs.CFTunnels.Entity.Request;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Entity.User;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.TestPropertySource;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import static org.assertj.core.api.Assertions.assertThat;
@DataJpaTest
@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.ANY)
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_EACH_TEST_METHOD)
@TestPropertySource(properties = {
"spring.jpa.hibernate.ddl-auto=create-drop",
"spring.jpa.show-sql=false",
"spring.sql.init.mode=never"
})
class RequestRepositoryTest {
@Autowired
private RequestRepository requestRepository;
@Autowired
private TunnelRepository tunnelRepository;
@Autowired
private MappingRepository mappingRepository;
@Autowired
private UserRepository userRepository;
private Tunnel tunnel;
private User createdByUser;
private User acceptedByUser;
private Mapping mapping;
@BeforeEach
void setUp() {
tunnel = new Tunnel();
tunnel.setId(UUID.randomUUID());
tunnel.setEnvironment("test");
tunnel.setName("test-tunnel");
tunnel = tunnelRepository.save(tunnel);
createdByUser = new User();
createdByUser.setEmail("creator@example.com");
createdByUser.setName("Creator User");
createdByUser = userRepository.save(createdByUser);
acceptedByUser = new User();
acceptedByUser.setEmail("approver@example.com");
acceptedByUser.setName("Approver User");
acceptedByUser = userRepository.save(acceptedByUser);
mapping = new Mapping();
mapping.setTunnel(tunnel);
mapping.setPort(8080);
mapping.setProtocol(Protocol.HTTP);
mapping.setSubdomain("test-subdomain");
mapping = mappingRepository.save(mapping);
}
@Test
@DisplayName("findAllWithDetails should return requests with all relationships loaded")
void findAllWithDetails_ShouldReturnRequestsWithAllRelationships() {
Request request = new Request();
request.setMapping(mapping);
request.setCreatedBy(createdByUser);
request.setAcceptedBy(acceptedByUser);
request.setStatus(Request.RequestStatus.PENDING);
requestRepository.save(request);
List<Request> results = requestRepository.findAllWithDetails();
assertThat(results).hasSize(1);
Request result = results.get(0);
assertThat(result.getMapping()).isNotNull();
assertThat(result.getMapping().getTunnel()).isNotNull();
assertThat(result.getCreatedBy()).isNotNull();
assertThat(result.getAcceptedBy()).isNotNull();
}
@Test
@DisplayName("findByIdWithDetails should return request with all relationships loaded")
void findByIdWithDetails_ShouldReturnRequestWithAllRelationships() {
Request request = new Request();
request.setMapping(mapping);
request.setCreatedBy(createdByUser);
request.setAcceptedBy(acceptedByUser);
request.setStatus(Request.RequestStatus.PENDING);
UUID requestId = requestRepository.save(request).getId();
Optional<Request> result = requestRepository.findByIdWithDetails(requestId);
assertThat(result).isPresent();
assertThat(result.get().getMapping()).isNotNull();
assertThat(result.get().getMapping().getTunnel()).isNotNull();
assertThat(result.get().getCreatedBy()).isNotNull();
assertThat(result.get().getAcceptedBy()).isNotNull();
}
@Test
@DisplayName("findByIdWithDetails should return empty for non-existent id")
void findByIdWithDetails_ShouldReturnEmptyForNonExistentId() {
Optional<Request> result = requestRepository.findByIdWithDetails(UUID.randomUUID());
assertThat(result).isEmpty();
}
@Test
@DisplayName("findAllWithDetails should return empty list when no requests exist")
void findAllWithDetails_ShouldReturnEmptyListWhenNoRequests() {
List<Request> results = requestRepository.findAllWithDetails();
assertThat(results).isEmpty();
}
@Test
@DisplayName("findAllWithDetails should handle multiple requests with different statuses")
void findAllWithDetails_ShouldHandleMultipleRequests() {
Mapping mapping1 = new Mapping();
mapping1.setTunnel(tunnel);
mapping1.setPort(8080);
mapping1.setProtocol(Protocol.HTTP);
mapping1.setSubdomain("pending-subdomain");
mapping1 = mappingRepository.save(mapping1);
Mapping mapping2 = new Mapping();
mapping2.setTunnel(tunnel);
mapping2.setPort(8081);
mapping2.setProtocol(Protocol.HTTP);
mapping2.setSubdomain("approved-subdomain");
mapping2 = mappingRepository.save(mapping2);
Mapping mapping3 = new Mapping();
mapping3.setTunnel(tunnel);
mapping3.setPort(8082);
mapping3.setProtocol(Protocol.HTTP);
mapping3.setSubdomain("rejected-subdomain");
mapping3 = mappingRepository.save(mapping3);
Request pendingRequest = new Request();
pendingRequest.setMapping(mapping1);
pendingRequest.setCreatedBy(createdByUser);
pendingRequest.setStatus(Request.RequestStatus.PENDING);
requestRepository.save(pendingRequest);
Request approvedRequest = new Request();
approvedRequest.setMapping(mapping2);
approvedRequest.setCreatedBy(createdByUser);
approvedRequest.setAcceptedBy(acceptedByUser);
approvedRequest.setStatus(Request.RequestStatus.APPROVED);
requestRepository.save(approvedRequest);
Request rejectedRequest = new Request();
rejectedRequest.setMapping(mapping3);
rejectedRequest.setCreatedBy(createdByUser);
rejectedRequest.setAcceptedBy(acceptedByUser);
rejectedRequest.setStatus(Request.RequestStatus.REJECTED);
requestRepository.save(rejectedRequest);
List<Request> results = requestRepository.findAllWithDetails();
assertThat(results).hasSize(3);
}
}

265
src/test/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIServiceTest.java
View File

@ -1,265 +0,0 @@
package com.hithomelabs.CFTunnels.Services;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Exceptions.ExternalServiceException;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelResult;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Repositories.TunnelRepository;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.http.*;
import org.springframework.web.client.RestTemplate;
import java.io.IOException;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.UUID;
import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
class CloudflareAPIServiceTest {
@InjectMocks
private CloudflareAPIService cloudflareAPIService;
@Mock
AuthKeyEmailHeader authKeyEmailHeader;
@Mock
private RestTemplate restTemplate;
@Mock
CloudflareConfig cloudflareConfig;
@Mock
TunnelRepository tunnelRepository;
private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
private static final String bigTunnelResponse;
static {
try {
bigTunnelResponse = getClassPathDataResource(tunnelResponseLargeIngressFile);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
@Test
void testGetCloudflareTunnels() {
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
List<TunnelResult> tunnelResults = List.of(new TunnelResult("t1", "test-tunnel"));
TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
ResponseEntity<TunnelsResponse> response = cloudflareAPIService.getCloudflareTunnels();
assertEquals(HttpStatus.OK, response.getStatusCode());
}
@Test
void getCloudflareTunnelConfigurations() throws JsonProcessingException {
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
ResponseEntity<TunnelResponse> tunnelResponseResponseEntity = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelResponse.class)
)).thenReturn(tunnelResponseResponseEntity);
ResponseEntity<TunnelResponse> response = cloudflareAPIService.getCloudflareTunnelConfigurations("sampleTunnelID", restTemplate, TunnelResponse.class);
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(response.getBody().getResult().getConfig().getIngress().get(0).getHostname(), "giteabkp.hithomelabs.com");
}
@Test
void putCloudflareTunnelConfigurations() throws JsonProcessingException {
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
ResponseEntity<TunnelResponse> tunnelResponseResponseEntity = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
Config config = tunnelResponse.getResult().getConfig();
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.PUT),
any(HttpEntity.class),
eq(TunnelResponse.class)
)).thenReturn(tunnelResponseResponseEntity);
ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations("sampleTunnelID", restTemplate, TunnelResponse.class, config);
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(response.getBody().getResult().getConfig().getIngress().get(2).getHostname(), "random.hithomelabs.com");
}
@Test
void createOrUpdateTunnel_Success() {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
String environment = "dev";
List<TunnelResult> tunnelResults = List.of(new TunnelResult(tunnelId, "devtunnel"));
TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
when(tunnelRepository.findById(UUID.fromString(tunnelId))).thenReturn(Optional.empty());
Tunnel result = cloudflareAPIService.createOrUpdateTunnel(tunnelId, environment);
assertEquals(UUID.fromString(tunnelId), result.getId());
assertEquals("devtunnel", result.getName());
assertEquals(environment, result.getEnvironment());
verify(tunnelRepository).save(any(Tunnel.class));
}
@Test
void createOrUpdateTunnel_UpdatesExistingTunnel() {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
String environment = "prod";
List<TunnelResult> tunnelResults = List.of(new TunnelResult(tunnelId, "devtunnel"));
TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
Tunnel existingTunnel = new Tunnel(UUID.fromString(tunnelId), "dev", "oldname");
when(tunnelRepository.findById(UUID.fromString(tunnelId))).thenReturn(Optional.of(existingTunnel));
cloudflareAPIService.createOrUpdateTunnel(tunnelId, environment);
verify(tunnelRepository).deleteById(UUID.fromString(tunnelId));
verify(tunnelRepository).save(any(Tunnel.class));
}
@Test
void createOrUpdateTunnel_ThrowsExternalServiceExceptionOnApiError() {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
assertThrows(ExternalServiceException.class, () ->
cloudflareAPIService.createOrUpdateTunnel(tunnelId, "dev")
);
}
@Test
void createOrUpdateTunnel_ThrowsNoSuchElementExceptionWhenTunnelNotFound() {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
List<TunnelResult> tunnelResults = List.of(new TunnelResult("other-tunnel-id", "othertunnel"));
TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
assertThrows(NoSuchElementException.class, () ->
cloudflareAPIService.createOrUpdateTunnel(tunnelId, "dev")
);
}
@Test
void getAllConfiguredTunnels_ReturnsAllTunnels() {
List<Tunnel> tunnels = List.of(
new Tunnel(UUID.fromString("50df9101-f625-4618-b7c5-100338a57124"), "dev", "devtunnel"),
new Tunnel(UUID.fromString("60df9101-f625-4618-b7c5-100338a57125"), "prod", "prodtunnel")
);
when(tunnelRepository.findAll()).thenReturn(tunnels);
List<Tunnel> result = cloudflareAPIService.getAllConfiguredTunnels();
assertEquals(2, result.size());
assertEquals("devtunnel", result.get(0).getName());
assertEquals("prodtunnel", result.get(1).getName());
}
@Test
void addTunnelIngress_Success() throws JsonProcessingException {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
Ingress ingress = new Ingress("http://192.168.0.100:8080", "test.hithomelabs.com", null, null);
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
ResponseEntity<TunnelResponse> getResponse = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelResponse.class)
)).thenReturn(getResponse);
ResponseEntity<TunnelResponse> putResponse = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.PUT),
any(HttpEntity.class),
eq(TunnelResponse.class)
)).thenReturn(putResponse);
ResponseEntity<TunnelResponse> result = cloudflareAPIService.addTunnelIngress(tunnelId, ingress);
assertEquals(HttpStatus.OK, result.getStatusCode());
}
}

17
src/test/java/com/hithomelabs/CFTunnels/TestUtils/Util.java
View File

@ -1,17 +0,0 @@
package com.hithomelabs.CFTunnels.TestUtils;
import org.springframework.core.io.ClassPathResource;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
public class Util {
public static String getClassPathDataResource(String filename) throws IOException {
return Files.readString(
new ClassPathResource(String.format("data/%s", filename)).getFile().toPath(),
StandardCharsets.UTF_8);
}
}

38
src/test/resources/data/tunnelResponseLargeIngress.json
View File

@ -1,38 +0,0 @@
{
"success": true,
"errors": [],
"messages": [],
"result": {
"tunnel_id": "50df9101-f625-4618-b7c5-100338a57124",
"version": 63,
"config": {
"ingress": [
{
"service": "http://192.168.0.100:8928",
"hostname": "giteabkp.hithomelabs.com",
"originRequest": {}
},
{
"service": "https://192.168.0.100:9442",
"hostname": "devdocker.hithomelabs.com",
"originRequest": {
"noTLSVerify": true
}
},
{
"service": "http://192.168.0.100:3457",
"hostname": "random.hithomelabs.com",
"originRequest": {}
},
{
"service": "http_status:404"
}
],
"warp-routing": {
"enabled": false
}
},
"source": "cloudflare",
"created_at": "2025-10-24T18:17:26.914217Z"
}
}

33
src/test/resources/data/tunnelResponseSmallIngress.json
View File

@ -1,33 +0,0 @@
{
"success": true,
"errors": [],
"messages": [],
"result": {
"tunnel_id": "50df9101-f625-4618-b7c5-100338a57124",
"version": 63,
"config": {
"ingress": [
{
"service": "http://192.168.0.100:8928",
"hostname": "giteabkp.hithomelabs.com",
"originRequest": {}
},
{
"service": "https://192.168.0.100:9442",
"hostname": "devdocker.hithomelabs.com",
"originRequest": {
"noTLSVerify": true
}
},
{
"service": "http_status:404"
}
],
"warp-routing": {
"enabled": false
}
},
"source": "cloudflare",
"created_at": "2025-10-24T18:17:26.914217Z"
}
}

13
src/test/resources/docker-compose.yaml
View File

@ -1,13 +0,0 @@
services:
postgres:
image: postgres:15-alpine
container_name: cftunnel-db-${ENV}
environment:
POSTGRES_DB: cftunnel
POSTGRES_USER: ${POSTGRES_USERNAME}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
restart: unless-stopped
ports:
- "${DB_PORT}:5432"
volumes:
- ${DB_PATH}:/var/lib/postgresql/data