34 changed files with 89 additions and 988 deletions
--- a/.env.example
+++ b/.env.example
@ -1,4 +0,0 @@
 CLOUDFLARE_ACCOUNT_ID="<cloudflare account id>"
 CLOUDFLARE_API_KEY="<cloudflare account key>"
 CLOUDFLARE_EMAIL="<cloudflare email>"
 ENV="<deployment env>"
--- a/.gitea/workflows/prod_image_tag_promote.yaml
+++ b/.gitea/workflows/prod_image_tag_promote.yaml
@ -1,57 +0,0 @@
 name: Promote image with tag test to prod
 run-name: Build started by $ {{gitea.actor}}
 on:
  push:
    branches: [main]
 jobs:
  tag:
    runs-on: ubuntu-latest
    outputs:
      new_version: ${{ steps.new_version.outputs.new_version }}
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Get new version
        id: new_version
        run: |
          VERSION=$(git describe --tags --abbrev=0)
          echo ${VERSION}
          MAJOR=$(echo ${VERSION} | cut -d "." -f 1)
          MINOR=$(echo ${VERSION} | cut -d "." -f 2)
          PATCH=0
          NEW_MINOR=$(( ${MINOR} + 1))
          echo ${NEW_MINOR}
          echo "new_version=$(echo "${MAJOR}.${NEW_MINOR}.${PATCH}")" >> $GITHUB_OUTPUT
  build_tag_push:
    runs-on: ubuntu-latest
    needs: tag
    container:
      image: catthehacker/ubuntu:act-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Create and push tag
        run: |
          echo "NEW_VERSION=${{ needs.tag.outputs.new_version }}"
          git config --global user.name "${{gitea.actor}}"
          git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
          git tag -a ${{ needs.tag.outputs.new_version }} -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
          git push origin ${{ needs.tag.outputs.new_version }}
      - name: Log in to Gitea Docker Registry
        uses: docker/login-action@v3
        with:
          registry: 'http://192.168.0.100:8928'
          username: hitanshu
          password: ${{ secrets.TOKEN }}
      - name: Tag prod image
        run: |
          docker tag 192.168.0.100:8928/hithomelabs/cftunnels:test 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
          docker tag 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }} 192.168.0.100:8928/hithomelabs/cftunnels:prod
      - name: Push to Gitea Registry
        run: |
          docker push 192.168.0.100:8928/hithomelabs/cftunnels:prod
          docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
--- a/.gitea/workflows/test_build.yml
+++ b/.gitea/workflows/test_build.yml
@ -1,20 +0,0 @@
 name: sample gradle build and test
 run-name: Build started by $ {{gitea.actor}}
 on:
  pull_request:
    branches: [test]
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
      - name: JDK setup
        uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: '17'
      - name: Validate Gradle Wrapper
        uses: gradle/actions/wrapper-validation@v3
      - name: Gradle build
        run: ./gradlew build --info
--- a/.gitea/workflows/test_image_build_push.yml
+++ b/.gitea/workflows/test_image_build_push.yml
@ -3,37 +3,16 @@ run-name: Build started by $ {{gitea.actor}}
 on:
  push:
    branches: [test]
  pull_request:
    branches: [test]
 jobs:
-  tag:
+  build:
    runs-on: ubuntu-latest
    outputs:
      new_version: ${{ steps.new_version.outputs.new_version }}
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Get new version
        id: new_version
        run: |
          VERSION=$(git describe --tags --abbrev=0)
          echo ${VERSION}
          MAJOR=$(echo ${VERSION} | cut -d "." -f 1)
          MINOR=$(echo ${VERSION} | cut -d "." -f 2)
          PATCH=$(echo ${VERSION} | cut -d "." -f 3)
          NEW_PATCH=$(( ${PATCH} + 1))
          echo ${NEW_PATCH}
          echo "new_version=$(echo "${MAJOR}.${MINOR}.${NEW_PATCH}")" >> $GITHUB_OUTPUT
  build_tag_push:
    runs-on: ubuntu-latest
    needs: tag
    container:
      image: catthehacker/ubuntu:act-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: JDK setup
        uses: actions/setup-java@v4
        with:
@ -41,13 +20,6 @@ jobs:
          java-version: '17'
      - name: Validate Gradle Wrapper
        uses: gradle/actions/wrapper-validation@v3
      - name: Create and push tag
        run: |
          echo "NEW_VERSION=${{ needs.tag.outputs.new_version }}"
          git config --global user.name "${{gitea.actor}}"
          git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
          git tag -a ${{ needs.tag.outputs.new_version }} -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
          git push origin ${{ needs.tag.outputs.new_version }}
      - name: Log in to Gitea Docker Registry
        uses: docker/login-action@v3
        with:
@ -55,10 +27,6 @@ jobs:
          username: hitanshu
          password: ${{ secrets.TOKEN }}
      - name: Gradle build
-        run: ./gradlew bootBuildImage --imageName=192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
+        run: ./gradlew bootBuildImage --imageName=192.168.0.100:8928/hithomelabs/cftunnels:test
      - name: Tag image as test
        run: docker tag 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }} 192.168.0.100:8928/hithomelabs/cftunnels:test
      - name: Push to Gitea Registry
-        run: |
+        run: docker push 192.168.0.100:8928/hithomelabs/cftunnels:test
          docker push 192.168.0.100:8928/hithomelabs/cftunnels:test
          docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
--- a/.gitignore
+++ b/.gitignore
@ -1,8 +1,6 @@
 HELP.md
 .gradle
 .run
 build/
 .env*
 !gradle/wrapper/gradle-wrapper.jar
 !**/src/main/**/build/
 !**/src/test/**/build/
--- a/CFTunnels/Get
+++ b/CFTunnels/Get
@ -5,7 +5,7 @@ meta {
 }
 get {
-  url: {{base_url}}/cloudflare/tunnels
+  url: {{base_url}}cloudflare/tunnels
  body: none
  auth: none
 }
--- a/CFTunnels/Tunnel.bru
+++ b/CFTunnels/Tunnel.bru
@ -5,7 +5,7 @@ meta {
 }
 get {
-  url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}
+  url: {{base_url}}cloudflare/tunnel/{{tunnel_id}}
  body: none
  auth: none
 }
--- a/CFTunnels/Write
+++ b/CFTunnels/Write
@ -5,7 +5,7 @@ meta {
 }
 put {
-  url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}/add
+  url: {{base_url}}cloudflare/tunnel/{{tunnel_id}}/add
  body: json
  auth: none
 }
--- a/CFTunnels/delete
+++ b/CFTunnels/delete
@ -5,7 +5,7 @@ meta {
 }
 put {
-  url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}/delete
+  url: {{base_url}}cloudflare/tunnel/{{tunnel_id}}/delete
  body: json
  auth: none
 }
--- a/CFTunnels/environments/CFTunnels
+++ b/CFTunnels/environments/CFTunnels
@ -1,4 +1,4 @@
 vars {
  tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
-  base_url: http://localhost:8080
+  base_url: http://localhost:8080/
 }
--- a/CFTunnels/environments/CFTunnels.bru
+++ b/CFTunnels/environments/CFTunnels.bru
@ -1,4 +1,4 @@
 vars {
  tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
-  base_url: https://testcf.hithomelabs.com
+  base_url: https://testcf.hithomelabs.com/
 }
--- a/build.gradle
+++ b/build.gradle
@ -13,26 +13,15 @@ java {
 	}
 }
 test {
 	systemProperty 'spring.profiles.active', 'test'
 }
 repositories {
 	mavenCentral()
 }
 dependencies {
-	implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.5'
+	implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.0.3'
 	implementation group: 'org.springframework.boot', name:'spring-boot-starter-oauth2-client', version: '3.5.5'
 	compileOnly 'org.projectlombok:lombok:1.18.30'
 	annotationProcessor 'org.projectlombok:lombok:1.18.30'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	runtimeOnly 'org.postgresql:postgresql'
 	implementation 'org.hibernate.validator:hibernate-validator'
 }
 tasks.named('test') {
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -1,31 +0,0 @@
 services:
  app:
    image: gitea.hithomelabs.com/hithomelabs/cftunnels:${ENV}
    container_name: cftunnels_${ENV}
    ports:
      - ${HOST_PORT}:8080
    environment:
      - CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}
      - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}
      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
      - ENV=${ENV}
      - OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID}
      - OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
      - HOST_PORT=${HOST_PORT}
      - POSTGRES_USER=${POSTGRES_USERNAME}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    env_file:
      - stack.env
    restart: unless-stopped
  postgres:
    image: postgres:15-alpine
    container_name: cftunnel-db-${ENV}
    environment:
      POSTGRES_DB: cftunnel
      POSTGRES_USER: ${POSTGRES_USERNAME}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    restart: unless-stopped
    ports:
      - "${DB_PORT}:5432"
    volumes:
      - ${DB_PATH}:/var/lib/postgresql/data
--- a/src/main/java/com/hithomelabs/CFTunnels/Config/AuthoritiesToGroupMapping.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Config/AuthoritiesToGroupMapping.java
@ -1,28 +0,0 @@
 package com.hithomelabs.CFTunnels.Config;
 import com.hithomelabs.CFTunnels.Models.Authorities;
 import com.hithomelabs.CFTunnels.Models.Groups;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
@Configuration
 public class AuthoritiesToGroupMapping {
    public Map<String, Set<GrantedAuthority>> getAuthorityForGroup(){
        HashMap<String, Set<GrantedAuthority>> mappings = new HashMap<>();
        mappings.put(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))));
        mappings.put(Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))));
        mappings.put(Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))));
        mappings.put(Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN))));
        return mappings;
    }
 }
--- a/src/main/java/com/hithomelabs/CFTunnels/Config/CustomOidcUserConfiguration.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Config/CustomOidcUserConfiguration.java
@ -1,45 +0,0 @@
 package com.hithomelabs.CFTunnels.Config;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@Configuration
 public class CustomOidcUserConfiguration extends OidcUserService {
        @Autowired
        AuthoritiesToGroupMapping authoritiesToGroupMapping;
        @Override
        public OidcUser loadUser(OidcUserRequest userRequest) {
            // * * Delegate to the default implementation for loading user and claims
            OidcUser oidcUser = super.loadUser(userRequest);
            // * * Copy existing authorities (e.g. scopes → authorities)
            Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
            // * * Extract your custom claim (change "roles" to your claim name)
            List<String> groups = oidcUser.getClaimAsStringList("groups");
            if (groups != null) {
                groups.forEach(group ->
                        mappedAuthorities.addAll(authoritiesToGroupMapping.getAuthorityForGroup().get(group))
                );
            }
            // * * Return a new DefaultOidcUser with merged authorities
            return new DefaultOidcUser(
                    mappedAuthorities,
                    oidcUser.getIdToken(),
                    oidcUser.getUserInfo()
            );
        }
    }
--- a/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java
@ -1,26 +0,0 @@
 package com.hithomelabs.CFTunnels.Config;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.servers.Server;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import java.util.ArrayList;
@Configuration
 public class OpenApiConfig {
    @Value("${api.baseUrl}")
    private String baseUrl;
    @Bean
    public OpenAPI openAPI(){
        Server httpsServer = new Server().url(baseUrl);
        OpenAPI openApi = new OpenAPI();
        ArrayList<Server> servers = new ArrayList<>();
        servers.add(httpsServer);
        openApi.setServers(servers);
        return openApi;
    }
 }
--- a/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java
@ -1,40 +0,0 @@
 package com.hithomelabs.CFTunnels.Config.Security;
 import com.hithomelabs.CFTunnels.Config.CustomOidcUserConfiguration;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(
        prePostEnabled = true,
        securedEnabled = true,
        jsr250Enabled = true
 )
 public class SecuirtyConfig {
    @Autowired
    private CustomOidcUserConfiguration customOidcUserConfiguration;
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests(auth -> auth
                        .anyRequest().authenticated()
                ).csrf(csrf -> csrf.disable())
                .with(new OAuth2LoginConfigurer<>(),
                        oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration)));
        return http.build();
    }
 }
--- a/src/main/java/com/hithomelabs/CFTunnels/Controllers/HomeController.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Controllers/HomeController.java
@ -1,32 +0,0 @@
 package com.hithomelabs.CFTunnels.Controllers;
 import org.springframework.boot.web.servlet.error.ErrorController;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@Controller
 public class HomeController implements ErrorController {
    private static final String ERROR_PATH = "/error";
    /**
     * Redirects the root (including any query params like ?continue=…)
     * straight into Swagger UI.
     */
    @GetMapping("/")
    public String rootRedirect() {
        return "redirect:/swagger-ui/index.html";
    }
    /**
     * Catches any errors (404s, unhandled paths) and punts them
     * into the same Swagger UI page.
     */
    @RequestMapping(ERROR_PATH)
    public String onError() {
        return "redirect:/swagger-ui/index.html";
    }
 }
--- a/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java
@ -1,21 +1,17 @@
 package com.hithomelabs.CFTunnels.Controllers;
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
 import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
 import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
 import com.hithomelabs.CFTunnels.Models.Config;
 import com.hithomelabs.CFTunnels.Models.Ingress;
 import com.hithomelabs.CFTunnels.Models.TunnelResponse;
 import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.web.servlet.error.ErrorController;
 import org.springframework.http.*;
-import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.client.RestTemplate;
@ -25,13 +21,10 @@ import java.util.Map;
@RestController
@RequestMapping("/cloudflare")
-public class TunnelController implements ErrorController {
+public class TunnelController {
    private final RestTemplate restTemplate = new RestTemplate();
    private static final String ERROR_PATH = "/error";
    @Autowired
    private AuthoritiesToGroupMapping authoritiesToGroupMapping;
    @Autowired
    private CloudflareConfig cloudflareConfig;
@ -41,27 +34,15 @@ public class TunnelController implements ErrorController {
    @Autowired
    private RestTemplateConfig restTemplateConfig;
    @Autowired
    CloudflareAPIService cloudflareAPIService;
    @PreAuthorize("hasAnyRole('USER')")
    @GetMapping("/whoami")
    public Map<String,Object> whoAmI(@AuthenticationPrincipal OidcUser oidcUser) {
        List<String> authorities = oidcUser.getAuthorities().stream()
                .map(GrantedAuthority::getAuthority)
                .toList();
        return Map.of(
                "username", oidcUser.getPreferredUsername(),
                "roles", authorities
        );
    }
    @PreAuthorize("hasAnyRole('USER')")
    @GetMapping("/tunnels")
    public ResponseEntity<Map<String,Object>> getTunnels(){
-        ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnels();
+        // * * Resource URL to hit get request at
        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
        HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
        ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
        Map<String, Object> jsonResponse = new HashMap<>();
        jsonResponse.put("status", "success");
        jsonResponse.put("data", responseEntity.getBody());
@ -69,11 +50,15 @@ public class TunnelController implements ErrorController {
        return ResponseEntity.ok(jsonResponse);
    }
    @PreAuthorize("hasAnyRole('DEVELOPER')")
    @GetMapping("/tunnel/{tunnelId}")
-    public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) {
+    public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) throws JsonProcessingException {
        // * * Resource URL to hit get request at
        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
        HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
        ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
        ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplate, Map.class);
        Map<String, Object> jsonResponse = new HashMap<>();
        jsonResponse.put("status", "success");
        jsonResponse.put("data", responseEntity.getBody());
@ -81,12 +66,16 @@ public class TunnelController implements ErrorController {
        return ResponseEntity.ok(jsonResponse);
    }
-    // 50df9101-f625-4618-b7c5-100338a57124
+// 50df9101-f625-4618-b7c5-100338a57124
    @PreAuthorize("hasAnyRole('ADMIN')")
    @PutMapping("/tunnel/{tunnelId}/add")
    public ResponseEntity<Map<String, Object>> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
-        ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
+        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
        // * * Getting existing public hostname mappings
        HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
        HttpEntity<String> httpEntity = new HttpEntity<>("",httpHeaders);
        ResponseEntity<TunnelResponse> responseEntity = restTemplateConfig.restTemplate().exchange(url, HttpMethod.GET, httpEntity, TunnelResponse.class);
        // * * Inserting new ingress value at second-to last position in list
        Config config = responseEntity.getBody().getResult().getConfig();
@ -94,7 +83,9 @@ public class TunnelController implements ErrorController {
        response_ingress.add(response_ingress.size()-1, ingress);
        // * * Hitting put endpoint
-        ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config);
+        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
        ResponseEntity<Map> response = restTemplateConfig.restTemplate().exchange(url, HttpMethod.PUT, entity, Map.class);
        // * * Displaying response
        Map<String, Object> jsonResponse = new HashMap<>();
@ -104,11 +95,15 @@ public class TunnelController implements ErrorController {
        return ResponseEntity.ok(jsonResponse);
    }
    @PreAuthorize("hasAnyRole('DEVELOPER')")
    @PutMapping("/tunnel/{tunnelId}/delete")
    public ResponseEntity<Map<String, Object>> deleteTunnelConfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
-        ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
+        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
        // * * Getting existing public hostname mappings
        HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
        HttpEntity<String> httpEntity = new HttpEntity<>("",httpHeaders);
        ResponseEntity<TunnelResponse> responseEntity = restTemplateConfig.restTemplate().exchange(url, HttpMethod.GET, httpEntity, TunnelResponse.class);
        // * * Deleting the selected ingress value
        Config config = responseEntity.getBody().getResult().getConfig();
@ -116,7 +111,9 @@ public class TunnelController implements ErrorController {
        Boolean result = Ingress.deleteByHostName(response_ingress, ingress.getHostname());
        // * * Hitting put endpoint
-        ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config);
+        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
        ResponseEntity<Map> response = restTemplateConfig.restTemplate().exchange(url, HttpMethod.PUT, entity, Map.class);
        // * * Displaying response
        Map<String, Object> jsonResponse = new HashMap<>();
--- a/src/main/java/com/hithomelabs/CFTunnels/Models/Authorities.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Models/Authorities.java
@ -1,10 +0,0 @@
 package com.hithomelabs.CFTunnels.Models;
 public class Authorities {
    public static final String ROLE_ADMIN = "ROLE_ADMIN";
    public static final String ROLE_DEVELOPER = "ROLE_DEVELOPER";
    public static final String ROLE_USER = "ROLE_USER";
    public static final String ROLE_APPROVER = "ROLE_APPROVER";
 }
--- a/src/main/java/com/hithomelabs/CFTunnels/Models/Groups.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Models/Groups.java
@ -1,10 +0,0 @@
 package com.hithomelabs.CFTunnels.Models;
 public class Groups {
    public static final String HOMELAB_DEVELOPER = "homelab developer";
    public static final String SYSTEM_ADMIN = "authentik Admins";
    public static final String POWER_USER = "arr premium";
    public static final String GITEA_USER = "gitrestricted";
 }
--- a/src/main/java/com/hithomelabs/CFTunnels/Models/TunnelResponse.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Models/TunnelResponse.java
@ -1,17 +1,8 @@
 package com.hithomelabs.CFTunnels.Models;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
 import java.util.List;
 import java.util.Map;
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
 public class TunnelResponse {
    private List<Map<String, Object>> errors;
@ -21,4 +12,45 @@ public class TunnelResponse {
    private Boolean success;
    private Result result;
    public Result getResult() {
        return result;
    }
    public void setResult(Result result) {
        this.result = result;
    }
    public List<Map<String, Object>> getErrors() {
        return errors;
    }
    public void setErrors(List<Map<String, Object>> errors) {
        this.errors = errors;
    }
    public List<Map<String, Object>> getMessages() {
        return messages;
    }
    public void setMessages(List<Map<String, Object>> messages) {
        this.messages = messages;
    }
    public boolean isSuccess() {
        return success;
    }
    public void setSuccess(boolean success) {
        this.success = success;
    }
    public Boolean getSuccess() {
        return success;
    }
    public void setSuccess(Boolean success) {
        this.success = success;
    }
 }
--- a/src/main/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIService.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIService.java
@ -1,61 +0,0 @@
 package com.hithomelabs.CFTunnels.Services;
 import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
 import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
 import com.hithomelabs.CFTunnels.Models.Config;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.*;
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.RestTemplate;
 import java.util.Map;
@Service
 public class CloudflareAPIService {
    @Autowired
    CloudflareConfig cloudflareConfig;
    @Autowired
    AuthKeyEmailHeader authKeyEmailHeader;
    @Autowired
    RestTemplate restTemplate;
    public ResponseEntity<Map> getCloudflareTunnels() {
        // * * Resource URL to hit get request at
        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
        HttpEntity<String> httpEntity = new HttpEntity<>("", authKeyEmailHeader.getHttpHeaders());
        ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
        return responseEntity;
    }
    public <T> ResponseEntity<T> getCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType) {
        // * * Resource URL to hit get request at
        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
        HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
        ResponseEntity<T> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, responseType);
        return responseEntity;
    }
    public <T> ResponseEntity<T> putCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType, Config config) {
        // * * Resource URL to hit get request at
        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
        HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
        ResponseEntity<T> responseEntity = restTemplate.exchange(url, HttpMethod.PUT, entity, responseType);
        return responseEntity;
    }
 }
--- a/src/main/resources/application-local.properties
+++ b/src/main/resources/application-local.properties
@ -1,10 +0,0 @@
 api.baseUrl=http://localhost:8080
 management.health.db.enabled=true
 management.endpoints.web.exposure.include=health
 management.endpoint.health.show-details=always
 logging.level.org.hibernate.SQL=DEBUG
 debug=true
 spring.datasource.url=jdbc:postgresql://localhost:5432/cftunnel
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@ -1 +0,0 @@
 api.baseUrl=https://cftunnels.hithomelabs.com
--- a/src/main/resources/application-test.properties
+++ b/src/main/resources/application-test.properties
@ -1 +0,0 @@
 api.baseUrl=https://testcf.hithomelabs.com
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -2,36 +2,3 @@ spring.application.name=CFTunnels
 cloudflare.accountId=${CLOUDFLARE_ACCOUNT_ID}
 cloudflare.apiKey=${CLOUDFLARE_API_KEY}
 cloudflare.email=${CLOUDFLARE_EMAIL}
 spring.profiles.active=${ENV}
 # set root level
 logging.level.root=INFO
 # package-specific
 logging.level.org.springframework=TRACE
 logging.level.com.myapp=INFO
 / * * Masking sure app works behind a reverse proxy
 server.forward-headers-strategy=framework
 spring.security.oauth2.client.registration.cftunnels.client-id=${OAUTH_CLIENT_ID}
 spring.security.oauth2.client.registration.cftunnels.client-secret=${OAUTH_CLIENT_SECRET}
 spring.security.oauth2.client.registration.cftunnels.authorization-grant-type=authorization_code
 spring.security.oauth2.client.registration.cftunnels.redirect-uri={baseUrl}/login/oauth2/code/cftunnels
 spring.security.oauth2.client.registration.cftunnels.scope=openid,profile,email,offline_access,cftunnels
 spring.security.oauth2.client.provider.cftunnels.authorization-uri=https://auth.hithomelabs.com/application/o/authorize/
 spring.security.oauth2.client.provider.cftunnels.token-uri=https://auth.hithomelabs.com/application/o/token/
 spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hithomelabs.com/application/o/userinfo/
 spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/
 spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/
 spring.datasource.url=jdbc:postgresql://192.168.0.100:5432/cftunnel
 spring.datasource.username=${POSTGRES_USERNAME}
 spring.datasource.password=${POSTGRES_PASSWORD}
 spring.datasource.driver-class-name=org.postgresql.Driver
 spring.sql.init.mode=never
 spring.jpa.hibernate.ddl-auto=update
 spring.jpa.show-sql=true
 spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
 spring.jpa.open-in-view=false
--- a/src/main/resources/schema.sql
+++ b/src/main/resources/schema.sql
@ -1,37 +0,0 @@
 -- schema.sql
 -- Roles table
 CREATE TABLE IF NOT EXISTS roles (
    role_id SERIAL PRIMARY KEY,
    role_name VARCHAR(50) UNIQUE NOT NULL
 );
 -- Users table
 CREATE TABLE IF NOT EXISTS users (
    user_id SERIAL PRIMARY KEY,
    user_name VARCHAR(100) NOT NULL,
    password VARCHAR(255) NOT NULL
 );
 -- User-Role Mapping table (many-to-many relationship)
 CREATE TABLE IF NOT EXISTS user_role_mapping (
    mapping_id SERIAL PRIMARY KEY,
    user_id INTEGER NOT NULL REFERENCES users(user_id) ON DELETE CASCADE,
    role_id INTEGER NOT NULL REFERENCES roles(role_id) ON DELETE CASCADE
 );
 -- Tunnels table
 CREATE TABLE IF NOT EXISTS tunnels (
    tunnel_id SERIAL PRIMARY KEY,
    tunnel_name VARCHAR(100) NOT NULL,
    tunnel_type VARCHAR(50) NOT NULL
 );
 -- Mapping Requests table
 CREATE TABLE IF NOT EXISTS mapping_requests (
    request_id SERIAL PRIMARY KEY,
    request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    status VARCHAR(20) NOT NULL,
    user_id INTEGER REFERENCES users(user_id) ON DELETE SET NULL,
    tunnel_id INTEGER REFERENCES tunnels(tunnel_id) ON DELETE SET NULL
 );
--- a/src/test/java/com/hithomelabs/CFTunnels/Controllers/TunnelControllerTest.java
+++ b/src/test/java/com/hithomelabs/CFTunnels/Controllers/TunnelControllerTest.java
@ -1,219 +0,0 @@
 package com.hithomelabs.CFTunnels.Controllers;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping;
 import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
 import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
 import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
 import com.hithomelabs.CFTunnels.Models.Authorities;
 import com.hithomelabs.CFTunnels.Models.Config;
 import com.hithomelabs.CFTunnels.Models.Groups;
 import com.hithomelabs.CFTunnels.Models.TunnelResponse;
 import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.http.*;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.test.context.bean.override.mockito.MockitoBean;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
 import org.springframework.web.client.RestTemplate;
 import java.io.IOException;
 import java.time.Instant;
 import java.util.*;
 import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
 import static org.hamcrest.core.IsIterableContaining.hasItem;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 import static org.hamcrest.Matchers.not;
@WebMvcTest(TunnelController.class)
 class TunnelControllerTest {
    @Autowired
    MockMvc mockMvc;
    @MockitoBean
    AuthoritiesToGroupMapping authoritiesToGroupMapping;
    @MockitoBean
    CloudflareConfig cloudflareConfig;
    @MockitoBean
    AuthKeyEmailHeader authKeyEmailHeader;
    @MockitoBean
    RestTemplate restTemplate;
    @MockitoBean
    CloudflareAPIService cloudflareAPIService;
    @MockitoBean
    RestTemplateConfig restTemplateConfig;
    private static final String tunnelResponseSmallIngressFile = "tunnelResponseSmallIngress.json";
    private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
    private static final String withAdditionalIngress;
    static {
        try {
            withAdditionalIngress = getClassPathDataResource(tunnelResponseLargeIngressFile);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    public static final String withoutAdditionalIngress;
    static {
        try {
            withoutAdditionalIngress = getClassPathDataResource(tunnelResponseSmallIngressFile);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    private static final String ingressJson = """
            {
                "service": "http://192.168.0.100:3457",
                "hostname": "random.hithomelabs.com",
                "originRequest": {}
            }
            """;
    private DefaultOidcUser buildOidcUser(String username, String role) {
        when(authoritiesToGroupMapping.getAuthorityForGroup()).thenReturn(Map.of(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
                Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
                Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))),
                Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN)))));
        Map<String, Set<GrantedAuthority>> roleAuthorityMapping = authoritiesToGroupMapping.getAuthorityForGroup();
        List<GrantedAuthority> authorities = roleAuthorityMapping.get(role).stream().toList();
        OidcIdToken idToken = new OidcIdToken(
                "mock-token",
                Instant.now(),
                Instant.now().plusSeconds(3600),
                Map.of("preferred_username", username, "sub", username)
        );
        return new DefaultOidcUser(authorities, idToken, "preferred_username");
    }
    @Test
    @DisplayName("should return appropriate user roles when use belongs to group GITEA_USER")
    public void testWhoAmI_user() throws Exception {
        mockMvc.perform(get("/cloudflare/whoami")
                        .with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
                .andExpect(status().isOk())
                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
                .andExpect(jsonPath("$.username").value("username"))
                .andExpect(jsonPath("$.roles", hasItem("ROLE_USER")));
    }
    @Test
    @DisplayName("should hit tunnels endpoint successfully with ROLE_USER")
    public void testGetTunnelsForRoleUser() throws Exception {
        when(cloudflareConfig.getAccountId()).thenReturn("abc123");
        HttpHeaders headers = new HttpHeaders();
        headers.set("X-Auth-Email", "me@example.com");
        when(authKeyEmailHeader.getHttpHeaders()).thenReturn(headers);
        Map<String, Object> tunnelData = Map.of("tunnels", List.of(Map.of("id", "50df9101-f625-4618-b7c5-100338a57124")));
        ResponseEntity<Map> mockResponse = new ResponseEntity<>(tunnelData, HttpStatus.OK);
        when(cloudflareAPIService.getCloudflareTunnels()).thenReturn(mockResponse);
        mockMvc.perform(get("/cloudflare/tunnels")
                        .with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
                .andExpect(status().isOk())
                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
                .andExpect(jsonPath("$.data.tunnels[0].id").value("50df9101-f625-4618-b7c5-100338a57124"));
    }
    @Test
    void getTunnelConfigurations() throws Exception {
        Map<String, Object> tunnelData = Map.of("config", Map.of("result", "success", "ingress", "sample ingress object"));
        ResponseEntity<Map> mockResponse = new ResponseEntity<>(tunnelData, HttpStatus.OK);
        when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(Map.class))).thenReturn(mockResponse);
        mockMvc.perform(get("/cloudflare/tunnel/{tunnelId}", "sampleTunnelId")
                        .with(oauth2Login().oauth2User(buildOidcUser("username", Groups.HOMELAB_DEVELOPER))))
                .andExpect(status().isOk())
                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
                .andExpect(jsonPath("$.data.config.ingress").value("sample ingress object"));
    }
    @Test
    void addTunnelconfiguration() throws Exception {
        when(restTemplateConfig.restTemplate()).thenReturn(new RestTemplate());
        ObjectMapper mapper = new ObjectMapper();
        TunnelResponse tunnelStateBefore = mapper.readValue(withoutAdditionalIngress, TunnelResponse.class);
        ResponseEntity<TunnelResponse> tunnelResponseBefore = new ResponseEntity<>(tunnelStateBefore, HttpStatus.OK);
        when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class))).thenReturn(tunnelResponseBefore);
        TunnelResponse expectedTunnelConfig = mapper.readValue(withAdditionalIngress, TunnelResponse.class);
        ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
        when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
        mockMvc.perform(put("/cloudflare/tunnel/{tunnelId}/add", "sampleTunnelId")
                        .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
                        .with(csrf())
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(ingressJson))
                .andExpect(status().isOk())
                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
                .andExpect(jsonPath("$.data.result.config.ingress[*].hostname", hasItem("random.hithomelabs.com")));
    }
    @Test
    void deleteTunnelConfiguration() throws Exception {
        when(restTemplateConfig.restTemplate()).thenReturn(new RestTemplate());
        ObjectMapper mapper = new ObjectMapper();
        TunnelResponse tunnelStateBefore = mapper.readValue(withAdditionalIngress, TunnelResponse.class);
        ResponseEntity<TunnelResponse> tunnelResponseBefore = new ResponseEntity<>(tunnelStateBefore, HttpStatus.OK);
        when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class))).thenReturn(tunnelResponseBefore);
        TunnelResponse expectedTunnelConfig = mapper.readValue(withoutAdditionalIngress, TunnelResponse.class);
        ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
        when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
        mockMvc.perform(put("/cloudflare/tunnel/{tunnelId}/delete", "sampleTunnelId")
                        .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
                        .with(csrf())
                        .contentType(MediaType.APPLICATION_JSON)
                        .content(ingressJson))
                .andExpect(status().isOk())
                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
                .andExpect(jsonPath("$.data.result.config.ingress[*].hostname", not(hasItem("random.hithomelabs.com"))));
    }
 }
--- a/src/test/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIServiceTest.java
+++ b/src/test/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIServiceTest.java
@ -1,117 +0,0 @@
 package com.hithomelabs.CFTunnels.Services;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
 import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
 import com.hithomelabs.CFTunnels.Models.Config;
 import com.hithomelabs.CFTunnels.Models.TunnelResponse;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.http.*;
 import org.springframework.web.client.RestTemplate;
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
 class CloudflareAPIServiceTest {
    @InjectMocks
    private CloudflareAPIService cloudflareAPIService;
    @Mock
    AuthKeyEmailHeader authKeyEmailHeader;
    @Mock
    private RestTemplate restTemplate;
    @Mock
    CloudflareConfig cloudflareConfig;
    private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
    private static final String bigTunnelResponse;
    static {
        try {
            bigTunnelResponse = getClassPathDataResource(tunnelResponseLargeIngressFile);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    @Test
    void testGetCloudflareTunnels() {
        when(cloudflareConfig.getAccountId()).thenReturn("account-123");
        when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
        Map<String, Object> mockBody = Map.of("tunnels", List.of(Map.of("id", "t1")));
        ResponseEntity<Map> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
        when(restTemplate.exchange(
                any(String.class),
                eq(HttpMethod.GET),
                any(HttpEntity.class),
                eq(Map.class)
        )).thenReturn(mockResponse);
        ResponseEntity<Map> response = cloudflareAPIService.getCloudflareTunnels();
        assertEquals(HttpStatus.OK, response.getStatusCode());
    }
    @Test
    void getCloudflareTunnelConfigurations() throws JsonProcessingException {
        when(cloudflareConfig.getAccountId()).thenReturn("account-123");
        when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
        TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
        ResponseEntity<TunnelResponse> tunnelResponseResponseEntity = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
        when(restTemplate.exchange(
                any(String.class),
                eq(HttpMethod.GET),
                any(HttpEntity.class),
                eq(TunnelResponse.class)
        )).thenReturn(tunnelResponseResponseEntity);
        ResponseEntity<TunnelResponse> response = cloudflareAPIService.getCloudflareTunnelConfigurations("sampleTunnelID", restTemplate, TunnelResponse.class);
        assertEquals(HttpStatus.OK, response.getStatusCode());
        assertEquals(response.getBody().getResult().getConfig().getIngress().get(0).getHostname(), "giteabkp.hithomelabs.com");
    }
    @Test
    void putCloudflareTunnelConfigurations() throws JsonProcessingException {
        when(cloudflareConfig.getAccountId()).thenReturn("account-123");
        when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
        TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
        ResponseEntity<TunnelResponse> tunnelResponseResponseEntity = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
        Config config = tunnelResponse.getResult().getConfig();
        when(restTemplate.exchange(
                any(String.class),
                eq(HttpMethod.PUT),
                any(HttpEntity.class),
                eq(TunnelResponse.class)
        )).thenReturn(tunnelResponseResponseEntity);
        ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations("sampleTunnelID", restTemplate, TunnelResponse.class, config);
        assertEquals(HttpStatus.OK, response.getStatusCode());
        assertEquals(response.getBody().getResult().getConfig().getIngress().get(2).getHostname(), "random.hithomelabs.com");
    }
 }
--- a/src/test/java/com/hithomelabs/CFTunnels/TestUtils/Util.java
+++ b/src/test/java/com/hithomelabs/CFTunnels/TestUtils/Util.java
@ -1,17 +0,0 @@
 package com.hithomelabs.CFTunnels.TestUtils;
 import org.springframework.core.io.ClassPathResource;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 public class Util {
    public static String getClassPathDataResource(String filename) throws IOException {
        return Files.readString(
                new ClassPathResource(String.format("data/%s", filename)).getFile().toPath(),
                StandardCharsets.UTF_8);
    }
 }
--- a/src/test/resources/data/tunnelResponseLargeIngress.json
+++ b/src/test/resources/data/tunnelResponseLargeIngress.json
@ -1,38 +0,0 @@
 {
  "success": true,
  "errors": [],
  "messages": [],
  "result": {
    "tunnel_id": "50df9101-f625-4618-b7c5-100338a57124",
    "version": 63,
    "config": {
      "ingress": [
        {
          "service": "http://192.168.0.100:8928",
          "hostname": "giteabkp.hithomelabs.com",
          "originRequest": {}
        },
        {
          "service": "https://192.168.0.100:9442",
          "hostname": "devdocker.hithomelabs.com",
          "originRequest": {
            "noTLSVerify": true
          }
        },
        {
          "service": "http://192.168.0.100:3457",
          "hostname": "random.hithomelabs.com",
          "originRequest": {}
        },
        {
          "service": "http_status:404"
        }
      ],
      "warp-routing": {
        "enabled": false
      }
    },
    "source": "cloudflare",
    "created_at": "2025-10-24T18:17:26.914217Z"
  }
 }
--- a/src/test/resources/data/tunnelResponseSmallIngress.json
+++ b/src/test/resources/data/tunnelResponseSmallIngress.json
@ -1,33 +0,0 @@
 {
  "success": true,
  "errors": [],
  "messages": [],
  "result": {
    "tunnel_id": "50df9101-f625-4618-b7c5-100338a57124",
    "version": 63,
    "config": {
      "ingress": [
        {
          "service": "http://192.168.0.100:8928",
          "hostname": "giteabkp.hithomelabs.com",
          "originRequest": {}
        },
        {
          "service": "https://192.168.0.100:9442",
          "hostname": "devdocker.hithomelabs.com",
          "originRequest": {
            "noTLSVerify": true
          }
        },
        {
          "service": "http_status:404"
        }
      ],
      "warp-routing": {
        "enabled": false
      }
    },
    "source": "cloudflare",
    "created_at": "2025-10-24T18:17:26.914217Z"
  }
 }
--- a/src/test/resources/docker-compose.yaml
+++ b/src/test/resources/docker-compose.yaml
@ -1,13 +0,0 @@
 services:
  postgres:
    image: postgres:15-alpine
    container_name: cftunnel-db-${ENV}
    environment:
      POSTGRES_DB: cftunnel
      POSTGRES_USER: ${POSTGRES_USERNAME}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    restart: unless-stopped
    ports:
      - "${DB_PORT}:5432"
    volumes:
      - ${DB_PATH}:/var/lib/postgresql/data
		`@ -1 +0,0 @@`
			`api.baseUrl=https://cftunnels.hithomelabs.com`