Compare commits
No commits in common. "main" and "bugfix/bruno_request" have entirely different histories.
main
...
bugfix/bru
@ -1,4 +0,0 @@
|
||||
CLOUDFLARE_ACCOUNT_ID="<cloudflare account id>"
|
||||
CLOUDFLARE_API_KEY="<cloudflare account key>"
|
||||
CLOUDFLARE_EMAIL="<cloudflare email>"
|
||||
ENV="<deployment env>"
|
||||
@ -1,57 +0,0 @@
|
||||
name: Promote image with tag test to prod
|
||||
run-name: Build started by $ {{gitea.actor}}
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
jobs:
|
||||
tag:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
new_version: ${{ steps.new_version.outputs.new_version }}
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Get new version
|
||||
id: new_version
|
||||
run: |
|
||||
VERSION=$(git describe --tags --abbrev=0)
|
||||
echo ${VERSION}
|
||||
MAJOR=$(echo ${VERSION} | cut -d "." -f 1)
|
||||
MINOR=$(echo ${VERSION} | cut -d "." -f 2)
|
||||
PATCH=0
|
||||
NEW_MINOR=$(( ${MINOR} + 1))
|
||||
echo ${NEW_MINOR}
|
||||
echo "new_version=$(echo "${MAJOR}.${NEW_MINOR}.${PATCH}")" >> $GITHUB_OUTPUT
|
||||
build_tag_push:
|
||||
runs-on: ubuntu-latest
|
||||
needs: tag
|
||||
container:
|
||||
image: catthehacker/ubuntu:act-latest
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Create and push tag
|
||||
run: |
|
||||
echo "NEW_VERSION=${{ needs.tag.outputs.new_version }}"
|
||||
git config --global user.name "${{gitea.actor}}"
|
||||
git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
|
||||
git tag -a ${{ needs.tag.outputs.new_version }} -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
|
||||
git push origin ${{ needs.tag.outputs.new_version }}
|
||||
- name: Log in to Gitea Docker Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: 'http://192.168.0.100:8928'
|
||||
username: hitanshu
|
||||
password: ${{ secrets.TOKEN }}
|
||||
- name: Tag prod image
|
||||
run: |
|
||||
docker tag 192.168.0.100:8928/hithomelabs/cftunnels:test 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
|
||||
docker tag 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }} 192.168.0.100:8928/hithomelabs/cftunnels:prod
|
||||
- name: Push to Gitea Registry
|
||||
run: |
|
||||
docker push 192.168.0.100:8928/hithomelabs/cftunnels:prod
|
||||
docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
|
||||
@ -1,20 +0,0 @@
|
||||
name: sample gradle build and test
|
||||
run-name: Build started by $ {{gitea.actor}}
|
||||
on:
|
||||
pull_request:
|
||||
branches: [test]
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4
|
||||
- name: JDK setup
|
||||
uses: actions/setup-java@v4
|
||||
with:
|
||||
distribution: 'zulu'
|
||||
java-version: '17'
|
||||
- name: Validate Gradle Wrapper
|
||||
uses: gradle/actions/wrapper-validation@v3
|
||||
- name: Gradle build
|
||||
run: ./gradlew build --info
|
||||
@ -3,37 +3,16 @@ run-name: Build started by $ {{gitea.actor}}
|
||||
on:
|
||||
push:
|
||||
branches: [test]
|
||||
pull_request:
|
||||
branches: [test]
|
||||
jobs:
|
||||
tag:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
new_version: ${{ steps.new_version.outputs.new_version }}
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Get new version
|
||||
id: new_version
|
||||
run: |
|
||||
VERSION=$(git describe --tags --abbrev=0)
|
||||
echo ${VERSION}
|
||||
MAJOR=$(echo ${VERSION} | cut -d "." -f 1)
|
||||
MINOR=$(echo ${VERSION} | cut -d "." -f 2)
|
||||
PATCH=$(echo ${VERSION} | cut -d "." -f 3)
|
||||
NEW_PATCH=$(( ${PATCH} + 1))
|
||||
echo ${NEW_PATCH}
|
||||
echo "new_version=$(echo "${MAJOR}.${MINOR}.${NEW_PATCH}")" >> $GITHUB_OUTPUT
|
||||
build_tag_push:
|
||||
runs-on: ubuntu-latest
|
||||
needs: tag
|
||||
container:
|
||||
image: catthehacker/ubuntu:act-latest
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: JDK setup
|
||||
uses: actions/setup-java@v4
|
||||
with:
|
||||
@ -41,13 +20,8 @@ jobs:
|
||||
java-version: '17'
|
||||
- name: Validate Gradle Wrapper
|
||||
uses: gradle/actions/wrapper-validation@v3
|
||||
- name: Create and push tag
|
||||
run: |
|
||||
echo "NEW_VERSION=${{ needs.tag.outputs.new_version }}"
|
||||
git config --global user.name "${{gitea.actor}}"
|
||||
git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
|
||||
git tag -a ${{ needs.tag.outputs.new_version }} -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
|
||||
git push origin ${{ needs.tag.outputs.new_version }}
|
||||
- name: Check secrets
|
||||
run: echo "my secret is ${{ secrets.TOKEN }}"
|
||||
- name: Log in to Gitea Docker Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
@ -55,10 +29,6 @@ jobs:
|
||||
username: hitanshu
|
||||
password: ${{ secrets.TOKEN }}
|
||||
- name: Gradle build
|
||||
run: ./gradlew bootBuildImage --imageName=192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
|
||||
- name: Tag image as test
|
||||
run: docker tag 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }} 192.168.0.100:8928/hithomelabs/cftunnels:test
|
||||
run: ./gradlew bootBuildImage --imageName=192.168.0.100:8928/hithomelabs/cftunnels:latest
|
||||
- name: Push to Gitea Registry
|
||||
run: |
|
||||
docker push 192.168.0.100:8928/hithomelabs/cftunnels:test
|
||||
docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
|
||||
run: docker push 192.168.0.100:8928/hithomelabs/cftunnels:latest
|
||||
|
||||
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,8 +1,6 @@
|
||||
HELP.md
|
||||
.gradle
|
||||
.run
|
||||
build/
|
||||
.env*
|
||||
!gradle/wrapper/gradle-wrapper.jar
|
||||
!**/src/main/**/build/
|
||||
!**/src/test/**/build/
|
||||
|
||||
@ -5,7 +5,7 @@ meta {
|
||||
}
|
||||
|
||||
get {
|
||||
url: {{base_url}}/cloudflare/tunnels
|
||||
url: {{base_url}}cloudflare/tunnels
|
||||
body: none
|
||||
auth: none
|
||||
}
|
||||
|
||||
@ -5,7 +5,7 @@ meta {
|
||||
}
|
||||
|
||||
get {
|
||||
url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}
|
||||
url: {{base_url}}cloudflare/tunnel/{{tunnel_id}}
|
||||
body: none
|
||||
auth: none
|
||||
}
|
||||
|
||||
@ -5,7 +5,7 @@ meta {
|
||||
}
|
||||
|
||||
put {
|
||||
url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}/add
|
||||
url: {{base_url}}cloudflare/tunnel/{{tunnel_id}}/add
|
||||
body: json
|
||||
auth: none
|
||||
}
|
||||
|
||||
@ -5,7 +5,7 @@ meta {
|
||||
}
|
||||
|
||||
put {
|
||||
url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}/delete
|
||||
url: {{base_url}}cloudflare/tunnel/{{tunnel_id}}/delete
|
||||
body: json
|
||||
auth: none
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
vars {
|
||||
tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
|
||||
base_url: http://localhost:8080
|
||||
base_url: http://localhost:8080/
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
vars {
|
||||
tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
|
||||
base_url: https://testcf.hithomelabs.com
|
||||
base_url: https://testcf.hithomelabs.com/
|
||||
}
|
||||
|
||||
13
build.gradle
13
build.gradle
@ -13,26 +13,15 @@ java {
|
||||
}
|
||||
}
|
||||
|
||||
test {
|
||||
systemProperty 'spring.profiles.active', 'test'
|
||||
}
|
||||
|
||||
repositories {
|
||||
mavenCentral()
|
||||
}
|
||||
|
||||
dependencies {
|
||||
implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.5'
|
||||
implementation group: 'org.springframework.boot', name:'spring-boot-starter-oauth2-client', version: '3.5.5'
|
||||
compileOnly 'org.projectlombok:lombok:1.18.30'
|
||||
annotationProcessor 'org.projectlombok:lombok:1.18.30'
|
||||
implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.0.3'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-web'
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
testImplementation 'org.springframework.security:spring-security-test'
|
||||
testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
|
||||
runtimeOnly 'org.postgresql:postgresql'
|
||||
implementation 'org.hibernate.validator:hibernate-validator'
|
||||
}
|
||||
|
||||
tasks.named('test') {
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
services:
|
||||
app:
|
||||
image: gitea.hithomelabs.com/hithomelabs/cftunnels:${ENV}
|
||||
container_name: cftunnels_${ENV}
|
||||
ports:
|
||||
- ${HOST_PORT}:8080
|
||||
environment:
|
||||
- CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}
|
||||
- CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}
|
||||
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
|
||||
- ENV=${ENV}
|
||||
- OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID}
|
||||
- OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
|
||||
- HOST_PORT=${HOST_PORT}
|
||||
- POSTGRES_USER=${POSTGRES_USERNAME}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||
env_file:
|
||||
- stack.env
|
||||
restart: unless-stopped
|
||||
postgres:
|
||||
image: postgres:15-alpine
|
||||
container_name: cftunnel-db-${ENV}
|
||||
environment:
|
||||
POSTGRES_DB: cftunnel
|
||||
POSTGRES_USER: ${POSTGRES_USERNAME}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "${DB_PORT}:5432"
|
||||
volumes:
|
||||
- ${DB_PATH}:/var/lib/postgresql/data
|
||||
@ -1,28 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Config;
|
||||
|
||||
import com.hithomelabs.CFTunnels.Models.Authorities;
|
||||
import com.hithomelabs.CFTunnels.Models.Groups;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
@Configuration
|
||||
public class AuthoritiesToGroupMapping {
|
||||
|
||||
public Map<String, Set<GrantedAuthority>> getAuthorityForGroup(){
|
||||
HashMap<String, Set<GrantedAuthority>> mappings = new HashMap<>();
|
||||
mappings.put(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))));
|
||||
mappings.put(Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))));
|
||||
mappings.put(Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))));
|
||||
mappings.put(Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN))));
|
||||
return mappings;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
@ -1,45 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
|
||||
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
|
||||
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
@Configuration
|
||||
public class CustomOidcUserConfiguration extends OidcUserService {
|
||||
|
||||
@Autowired
|
||||
AuthoritiesToGroupMapping authoritiesToGroupMapping;
|
||||
|
||||
@Override
|
||||
public OidcUser loadUser(OidcUserRequest userRequest) {
|
||||
// * * Delegate to the default implementation for loading user and claims
|
||||
OidcUser oidcUser = super.loadUser(userRequest);
|
||||
|
||||
// * * Copy existing authorities (e.g. scopes → authorities)
|
||||
Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
|
||||
|
||||
// * * Extract your custom claim (change "roles" to your claim name)
|
||||
List<String> groups = oidcUser.getClaimAsStringList("groups");
|
||||
if (groups != null) {
|
||||
groups.forEach(group ->
|
||||
mappedAuthorities.addAll(authoritiesToGroupMapping.getAuthorityForGroup().get(group))
|
||||
);
|
||||
}
|
||||
|
||||
// * * Return a new DefaultOidcUser with merged authorities
|
||||
return new DefaultOidcUser(
|
||||
mappedAuthorities,
|
||||
oidcUser.getIdToken(),
|
||||
oidcUser.getUserInfo()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Config;
|
||||
|
||||
import io.swagger.v3.oas.models.OpenAPI;
|
||||
import io.swagger.v3.oas.models.servers.Server;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
@Configuration
|
||||
public class OpenApiConfig {
|
||||
|
||||
@Value("${api.baseUrl}")
|
||||
private String baseUrl;
|
||||
|
||||
@Bean
|
||||
public OpenAPI openAPI(){
|
||||
Server httpsServer = new Server().url(baseUrl);
|
||||
OpenAPI openApi = new OpenAPI();
|
||||
ArrayList<Server> servers = new ArrayList<>();
|
||||
servers.add(httpsServer);
|
||||
openApi.setServers(servers);
|
||||
return openApi;
|
||||
}
|
||||
}
|
||||
@ -1,40 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Config.Security;
|
||||
|
||||
import com.hithomelabs.CFTunnels.Config.CustomOidcUserConfiguration;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableMethodSecurity(
|
||||
prePostEnabled = true,
|
||||
securedEnabled = true,
|
||||
jsr250Enabled = true
|
||||
)
|
||||
public class SecuirtyConfig {
|
||||
|
||||
@Autowired
|
||||
private CustomOidcUserConfiguration customOidcUserConfiguration;
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.anyRequest().authenticated()
|
||||
).csrf(csrf -> csrf.disable())
|
||||
.with(new OAuth2LoginConfigurer<>(),
|
||||
oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration)));
|
||||
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,32 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Controllers;
|
||||
|
||||
|
||||
import org.springframework.boot.web.servlet.error.ErrorController;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
@Controller
|
||||
public class HomeController implements ErrorController {
|
||||
|
||||
private static final String ERROR_PATH = "/error";
|
||||
|
||||
/**
|
||||
* Redirects the root (including any query params like ?continue=…)
|
||||
* straight into Swagger UI.
|
||||
*/
|
||||
@GetMapping("/")
|
||||
public String rootRedirect() {
|
||||
return "redirect:/swagger-ui/index.html";
|
||||
}
|
||||
|
||||
/**
|
||||
* Catches any errors (404s, unhandled paths) and punts them
|
||||
* into the same Swagger UI page.
|
||||
*/
|
||||
@RequestMapping(ERROR_PATH)
|
||||
public String onError() {
|
||||
return "redirect:/swagger-ui/index.html";
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,21 +1,17 @@
|
||||
package com.hithomelabs.CFTunnels.Controllers;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
|
||||
import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
|
||||
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
|
||||
import com.hithomelabs.CFTunnels.Models.Config;
|
||||
import com.hithomelabs.CFTunnels.Models.Ingress;
|
||||
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
|
||||
import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.web.servlet.error.ErrorController;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.http.converter.HttpMessageConverter;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
@ -25,13 +21,10 @@ import java.util.Map;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/cloudflare")
|
||||
public class TunnelController implements ErrorController {
|
||||
public class TunnelController {
|
||||
|
||||
private final RestTemplate restTemplate = new RestTemplate();
|
||||
private static final String ERROR_PATH = "/error";
|
||||
|
||||
@Autowired
|
||||
private AuthoritiesToGroupMapping authoritiesToGroupMapping;
|
||||
@Autowired
|
||||
private CloudflareConfig cloudflareConfig;
|
||||
|
||||
@ -41,27 +34,15 @@ public class TunnelController implements ErrorController {
|
||||
@Autowired
|
||||
private RestTemplateConfig restTemplateConfig;
|
||||
|
||||
@Autowired
|
||||
CloudflareAPIService cloudflareAPIService;
|
||||
|
||||
@PreAuthorize("hasAnyRole('USER')")
|
||||
@GetMapping("/whoami")
|
||||
public Map<String,Object> whoAmI(@AuthenticationPrincipal OidcUser oidcUser) {
|
||||
|
||||
List<String> authorities = oidcUser.getAuthorities().stream()
|
||||
.map(GrantedAuthority::getAuthority)
|
||||
.toList();
|
||||
return Map.of(
|
||||
"username", oidcUser.getPreferredUsername(),
|
||||
"roles", authorities
|
||||
);
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('USER')")
|
||||
@GetMapping("/tunnels")
|
||||
public ResponseEntity<Map<String,Object>> getTunnels(){
|
||||
|
||||
ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnels();
|
||||
// * * Resource URL to hit get request at
|
||||
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
|
||||
|
||||
HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
|
||||
ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
|
||||
|
||||
Map<String, Object> jsonResponse = new HashMap<>();
|
||||
jsonResponse.put("status", "success");
|
||||
jsonResponse.put("data", responseEntity.getBody());
|
||||
@ -69,11 +50,15 @@ public class TunnelController implements ErrorController {
|
||||
return ResponseEntity.ok(jsonResponse);
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('DEVELOPER')")
|
||||
@GetMapping("/tunnel/{tunnelId}")
|
||||
public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) {
|
||||
public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) throws JsonProcessingException {
|
||||
|
||||
// * * Resource URL to hit get request at
|
||||
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
|
||||
|
||||
HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
|
||||
ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
|
||||
|
||||
ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplate, Map.class);
|
||||
Map<String, Object> jsonResponse = new HashMap<>();
|
||||
jsonResponse.put("status", "success");
|
||||
jsonResponse.put("data", responseEntity.getBody());
|
||||
@ -82,11 +67,15 @@ public class TunnelController implements ErrorController {
|
||||
}
|
||||
|
||||
// 50df9101-f625-4618-b7c5-100338a57124
|
||||
@PreAuthorize("hasAnyRole('ADMIN')")
|
||||
@PutMapping("/tunnel/{tunnelId}/add")
|
||||
public ResponseEntity<Map<String, Object>> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
|
||||
|
||||
ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
|
||||
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
|
||||
|
||||
// * * Getting existing public hostname mappings
|
||||
HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
|
||||
HttpEntity<String> httpEntity = new HttpEntity<>("",httpHeaders);
|
||||
ResponseEntity<TunnelResponse> responseEntity = restTemplateConfig.restTemplate().exchange(url, HttpMethod.GET, httpEntity, TunnelResponse.class);
|
||||
|
||||
// * * Inserting new ingress value at second-to last position in list
|
||||
Config config = responseEntity.getBody().getResult().getConfig();
|
||||
@ -94,7 +83,9 @@ public class TunnelController implements ErrorController {
|
||||
response_ingress.add(response_ingress.size()-1, ingress);
|
||||
|
||||
// * * Hitting put endpoint
|
||||
ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config);
|
||||
httpHeaders.setContentType(MediaType.APPLICATION_JSON);
|
||||
HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
|
||||
ResponseEntity<Map> response = restTemplateConfig.restTemplate().exchange(url, HttpMethod.PUT, entity, Map.class);
|
||||
|
||||
// * * Displaying response
|
||||
Map<String, Object> jsonResponse = new HashMap<>();
|
||||
@ -104,11 +95,15 @@ public class TunnelController implements ErrorController {
|
||||
return ResponseEntity.ok(jsonResponse);
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyRole('DEVELOPER')")
|
||||
@PutMapping("/tunnel/{tunnelId}/delete")
|
||||
public ResponseEntity<Map<String, Object>> deleteTunnelConfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
|
||||
|
||||
ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
|
||||
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
|
||||
|
||||
// * * Getting existing public hostname mappings
|
||||
HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
|
||||
HttpEntity<String> httpEntity = new HttpEntity<>("",httpHeaders);
|
||||
ResponseEntity<TunnelResponse> responseEntity = restTemplateConfig.restTemplate().exchange(url, HttpMethod.GET, httpEntity, TunnelResponse.class);
|
||||
|
||||
// * * Deleting the selected ingress value
|
||||
Config config = responseEntity.getBody().getResult().getConfig();
|
||||
@ -116,7 +111,9 @@ public class TunnelController implements ErrorController {
|
||||
Boolean result = Ingress.deleteByHostName(response_ingress, ingress.getHostname());
|
||||
|
||||
// * * Hitting put endpoint
|
||||
ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config);
|
||||
httpHeaders.setContentType(MediaType.APPLICATION_JSON);
|
||||
HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
|
||||
ResponseEntity<Map> response = restTemplateConfig.restTemplate().exchange(url, HttpMethod.PUT, entity, Map.class);
|
||||
|
||||
// * * Displaying response
|
||||
Map<String, Object> jsonResponse = new HashMap<>();
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Models;
|
||||
|
||||
public class Authorities {
|
||||
|
||||
public static final String ROLE_ADMIN = "ROLE_ADMIN";
|
||||
public static final String ROLE_DEVELOPER = "ROLE_DEVELOPER";
|
||||
public static final String ROLE_USER = "ROLE_USER";
|
||||
public static final String ROLE_APPROVER = "ROLE_APPROVER";
|
||||
|
||||
}
|
||||
@ -1,10 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Models;
|
||||
|
||||
public class Groups {
|
||||
|
||||
public static final String HOMELAB_DEVELOPER = "homelab developer";
|
||||
public static final String SYSTEM_ADMIN = "authentik Admins";
|
||||
public static final String POWER_USER = "arr premium";
|
||||
public static final String GITEA_USER = "gitrestricted";
|
||||
|
||||
}
|
||||
@ -8,16 +8,6 @@ public class Ingress {
|
||||
private String service;
|
||||
private String hostname;
|
||||
private Map<String, Object> originRequest;
|
||||
private String path;
|
||||
|
||||
|
||||
public String getPath() {
|
||||
return path;
|
||||
}
|
||||
|
||||
public void setPath(String path) {
|
||||
this.path = path;
|
||||
}
|
||||
|
||||
public static boolean deleteByHostName(List<Ingress> ingressList, String toBeDeleted){
|
||||
return ingressList.removeIf(ingress -> ingress.getHostname() != null && ingress.getHostname().equals(toBeDeleted));
|
||||
|
||||
@ -1,17 +1,8 @@
|
||||
package com.hithomelabs.CFTunnels.Models;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class TunnelResponse {
|
||||
|
||||
private List<Map<String, Object>> errors;
|
||||
@ -21,4 +12,45 @@ public class TunnelResponse {
|
||||
private Boolean success;
|
||||
|
||||
private Result result;
|
||||
|
||||
public Result getResult() {
|
||||
return result;
|
||||
}
|
||||
|
||||
public void setResult(Result result) {
|
||||
this.result = result;
|
||||
}
|
||||
|
||||
public List<Map<String, Object>> getErrors() {
|
||||
return errors;
|
||||
}
|
||||
|
||||
public void setErrors(List<Map<String, Object>> errors) {
|
||||
this.errors = errors;
|
||||
}
|
||||
|
||||
public List<Map<String, Object>> getMessages() {
|
||||
return messages;
|
||||
}
|
||||
|
||||
public void setMessages(List<Map<String, Object>> messages) {
|
||||
this.messages = messages;
|
||||
}
|
||||
|
||||
public boolean isSuccess() {
|
||||
return success;
|
||||
}
|
||||
|
||||
public void setSuccess(boolean success) {
|
||||
this.success = success;
|
||||
}
|
||||
|
||||
public Boolean getSuccess() {
|
||||
return success;
|
||||
}
|
||||
|
||||
public void setSuccess(Boolean success) {
|
||||
this.success = success;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,61 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Services;
|
||||
|
||||
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
|
||||
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
|
||||
import com.hithomelabs.CFTunnels.Models.Config;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
@Service
|
||||
public class CloudflareAPIService {
|
||||
|
||||
@Autowired
|
||||
CloudflareConfig cloudflareConfig;
|
||||
|
||||
@Autowired
|
||||
AuthKeyEmailHeader authKeyEmailHeader;
|
||||
|
||||
@Autowired
|
||||
RestTemplate restTemplate;
|
||||
|
||||
public ResponseEntity<Map> getCloudflareTunnels() {
|
||||
|
||||
// * * Resource URL to hit get request at
|
||||
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
|
||||
|
||||
HttpEntity<String> httpEntity = new HttpEntity<>("", authKeyEmailHeader.getHttpHeaders());
|
||||
ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
|
||||
return responseEntity;
|
||||
}
|
||||
|
||||
public <T> ResponseEntity<T> getCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType) {
|
||||
|
||||
// * * Resource URL to hit get request at
|
||||
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
|
||||
|
||||
HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
|
||||
ResponseEntity<T> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, responseType);
|
||||
return responseEntity;
|
||||
}
|
||||
|
||||
public <T> ResponseEntity<T> putCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType, Config config) {
|
||||
|
||||
// * * Resource URL to hit get request at
|
||||
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
|
||||
|
||||
HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
|
||||
httpHeaders.setContentType(MediaType.APPLICATION_JSON);
|
||||
HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
|
||||
ResponseEntity<T> responseEntity = restTemplate.exchange(url, HttpMethod.PUT, entity, responseType);
|
||||
return responseEntity;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
@ -1,10 +0,0 @@
|
||||
api.baseUrl=http://localhost:8080
|
||||
|
||||
management.health.db.enabled=true
|
||||
management.endpoints.web.exposure.include=health
|
||||
management.endpoint.health.show-details=always
|
||||
|
||||
logging.level.org.hibernate.SQL=DEBUG
|
||||
debug=true
|
||||
|
||||
spring.datasource.url=jdbc:postgresql://localhost:5432/cftunnel
|
||||
@ -1 +0,0 @@
|
||||
api.baseUrl=https://cftunnels.hithomelabs.com
|
||||
@ -1 +0,0 @@
|
||||
api.baseUrl=https://testcf.hithomelabs.com
|
||||
@ -2,36 +2,3 @@ spring.application.name=CFTunnels
|
||||
cloudflare.accountId=${CLOUDFLARE_ACCOUNT_ID}
|
||||
cloudflare.apiKey=${CLOUDFLARE_API_KEY}
|
||||
cloudflare.email=${CLOUDFLARE_EMAIL}
|
||||
spring.profiles.active=${ENV}
|
||||
|
||||
# set root level
|
||||
logging.level.root=INFO
|
||||
# package-specific
|
||||
logging.level.org.springframework=TRACE
|
||||
logging.level.com.myapp=INFO
|
||||
|
||||
/ * * Masking sure app works behind a reverse proxy
|
||||
server.forward-headers-strategy=framework
|
||||
|
||||
spring.security.oauth2.client.registration.cftunnels.client-id=${OAUTH_CLIENT_ID}
|
||||
spring.security.oauth2.client.registration.cftunnels.client-secret=${OAUTH_CLIENT_SECRET}
|
||||
spring.security.oauth2.client.registration.cftunnels.authorization-grant-type=authorization_code
|
||||
spring.security.oauth2.client.registration.cftunnels.redirect-uri={baseUrl}/login/oauth2/code/cftunnels
|
||||
spring.security.oauth2.client.registration.cftunnels.scope=openid,profile,email,offline_access,cftunnels
|
||||
spring.security.oauth2.client.provider.cftunnels.authorization-uri=https://auth.hithomelabs.com/application/o/authorize/
|
||||
spring.security.oauth2.client.provider.cftunnels.token-uri=https://auth.hithomelabs.com/application/o/token/
|
||||
spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hithomelabs.com/application/o/userinfo/
|
||||
spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/
|
||||
spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/
|
||||
|
||||
spring.datasource.url=jdbc:postgresql://192.168.0.100:5432/cftunnel
|
||||
spring.datasource.username=${POSTGRES_USERNAME}
|
||||
spring.datasource.password=${POSTGRES_PASSWORD}
|
||||
spring.datasource.driver-class-name=org.postgresql.Driver
|
||||
spring.sql.init.mode=never
|
||||
|
||||
spring.jpa.hibernate.ddl-auto=update
|
||||
spring.jpa.show-sql=true
|
||||
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
|
||||
|
||||
spring.jpa.open-in-view=false
|
||||
@ -1,37 +0,0 @@
|
||||
-- schema.sql
|
||||
|
||||
-- Roles table
|
||||
CREATE TABLE IF NOT EXISTS roles (
|
||||
role_id SERIAL PRIMARY KEY,
|
||||
role_name VARCHAR(50) UNIQUE NOT NULL
|
||||
);
|
||||
|
||||
-- Users table
|
||||
CREATE TABLE IF NOT EXISTS users (
|
||||
user_id SERIAL PRIMARY KEY,
|
||||
user_name VARCHAR(100) NOT NULL,
|
||||
password VARCHAR(255) NOT NULL
|
||||
);
|
||||
|
||||
-- User-Role Mapping table (many-to-many relationship)
|
||||
CREATE TABLE IF NOT EXISTS user_role_mapping (
|
||||
mapping_id SERIAL PRIMARY KEY,
|
||||
user_id INTEGER NOT NULL REFERENCES users(user_id) ON DELETE CASCADE,
|
||||
role_id INTEGER NOT NULL REFERENCES roles(role_id) ON DELETE CASCADE
|
||||
);
|
||||
|
||||
-- Tunnels table
|
||||
CREATE TABLE IF NOT EXISTS tunnels (
|
||||
tunnel_id SERIAL PRIMARY KEY,
|
||||
tunnel_name VARCHAR(100) NOT NULL,
|
||||
tunnel_type VARCHAR(50) NOT NULL
|
||||
);
|
||||
|
||||
-- Mapping Requests table
|
||||
CREATE TABLE IF NOT EXISTS mapping_requests (
|
||||
request_id SERIAL PRIMARY KEY,
|
||||
request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
status VARCHAR(20) NOT NULL,
|
||||
user_id INTEGER REFERENCES users(user_id) ON DELETE SET NULL,
|
||||
tunnel_id INTEGER REFERENCES tunnels(tunnel_id) ON DELETE SET NULL
|
||||
);
|
||||
@ -1,219 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Controllers;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping;
|
||||
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
|
||||
import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
|
||||
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
|
||||
import com.hithomelabs.CFTunnels.Models.Authorities;
|
||||
import com.hithomelabs.CFTunnels.Models.Config;
|
||||
import com.hithomelabs.CFTunnels.Models.Groups;
|
||||
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
|
||||
import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
|
||||
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
|
||||
import org.springframework.test.context.bean.override.mockito.MockitoBean;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.time.Instant;
|
||||
import java.util.*;
|
||||
|
||||
import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
|
||||
import static org.hamcrest.core.IsIterableContaining.hasItem;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
|
||||
|
||||
@WebMvcTest(TunnelController.class)
|
||||
class TunnelControllerTest {
|
||||
|
||||
@Autowired
|
||||
MockMvc mockMvc;
|
||||
|
||||
@MockitoBean
|
||||
AuthoritiesToGroupMapping authoritiesToGroupMapping;
|
||||
|
||||
@MockitoBean
|
||||
CloudflareConfig cloudflareConfig;
|
||||
|
||||
@MockitoBean
|
||||
AuthKeyEmailHeader authKeyEmailHeader;
|
||||
|
||||
@MockitoBean
|
||||
RestTemplate restTemplate;
|
||||
|
||||
@MockitoBean
|
||||
CloudflareAPIService cloudflareAPIService;
|
||||
|
||||
@MockitoBean
|
||||
RestTemplateConfig restTemplateConfig;
|
||||
|
||||
private static final String tunnelResponseSmallIngressFile = "tunnelResponseSmallIngress.json";
|
||||
|
||||
private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
|
||||
|
||||
private static final String withAdditionalIngress;
|
||||
|
||||
static {
|
||||
try {
|
||||
withAdditionalIngress = getClassPathDataResource(tunnelResponseLargeIngressFile);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
public static final String withoutAdditionalIngress;
|
||||
static {
|
||||
try {
|
||||
withoutAdditionalIngress = getClassPathDataResource(tunnelResponseSmallIngressFile);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
private static final String ingressJson = """
|
||||
{
|
||||
"service": "http://192.168.0.100:3457",
|
||||
"hostname": "random.hithomelabs.com",
|
||||
"originRequest": {}
|
||||
}
|
||||
""";
|
||||
|
||||
private DefaultOidcUser buildOidcUser(String username, String role) {
|
||||
|
||||
when(authoritiesToGroupMapping.getAuthorityForGroup()).thenReturn(Map.of(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
|
||||
Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
|
||||
Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))),
|
||||
Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN)))));
|
||||
|
||||
Map<String, Set<GrantedAuthority>> roleAuthorityMapping = authoritiesToGroupMapping.getAuthorityForGroup();
|
||||
List<GrantedAuthority> authorities = roleAuthorityMapping.get(role).stream().toList();
|
||||
|
||||
OidcIdToken idToken = new OidcIdToken(
|
||||
"mock-token",
|
||||
Instant.now(),
|
||||
Instant.now().plusSeconds(3600),
|
||||
Map.of("preferred_username", username, "sub", username)
|
||||
);
|
||||
|
||||
return new DefaultOidcUser(authorities, idToken, "preferred_username");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("should return appropriate user roles when use belongs to group GITEA_USER")
|
||||
public void testWhoAmI_user() throws Exception {
|
||||
mockMvc.perform(get("/cloudflare/whoami")
|
||||
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
|
||||
.andExpect(jsonPath("$.username").value("username"))
|
||||
.andExpect(jsonPath("$.roles", hasItem("ROLE_USER")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("should hit tunnels endpoint successfully with ROLE_USER")
|
||||
public void testGetTunnelsForRoleUser() throws Exception {
|
||||
|
||||
when(cloudflareConfig.getAccountId()).thenReturn("abc123");
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.set("X-Auth-Email", "me@example.com");
|
||||
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(headers);
|
||||
|
||||
Map<String, Object> tunnelData = Map.of("tunnels", List.of(Map.of("id", "50df9101-f625-4618-b7c5-100338a57124")));
|
||||
ResponseEntity<Map> mockResponse = new ResponseEntity<>(tunnelData, HttpStatus.OK);
|
||||
|
||||
when(cloudflareAPIService.getCloudflareTunnels()).thenReturn(mockResponse);
|
||||
|
||||
mockMvc.perform(get("/cloudflare/tunnels")
|
||||
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
|
||||
.andExpect(jsonPath("$.data.tunnels[0].id").value("50df9101-f625-4618-b7c5-100338a57124"));
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
void getTunnelConfigurations() throws Exception {
|
||||
|
||||
Map<String, Object> tunnelData = Map.of("config", Map.of("result", "success", "ingress", "sample ingress object"));
|
||||
ResponseEntity<Map> mockResponse = new ResponseEntity<>(tunnelData, HttpStatus.OK);
|
||||
|
||||
when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(Map.class))).thenReturn(mockResponse);
|
||||
|
||||
mockMvc.perform(get("/cloudflare/tunnel/{tunnelId}", "sampleTunnelId")
|
||||
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.HOMELAB_DEVELOPER))))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
|
||||
.andExpect(jsonPath("$.data.config.ingress").value("sample ingress object"));
|
||||
}
|
||||
|
||||
@Test
|
||||
void addTunnelconfiguration() throws Exception {
|
||||
|
||||
when(restTemplateConfig.restTemplate()).thenReturn(new RestTemplate());
|
||||
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
TunnelResponse tunnelStateBefore = mapper.readValue(withoutAdditionalIngress, TunnelResponse.class);
|
||||
ResponseEntity<TunnelResponse> tunnelResponseBefore = new ResponseEntity<>(tunnelStateBefore, HttpStatus.OK);
|
||||
|
||||
when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class))).thenReturn(tunnelResponseBefore);
|
||||
|
||||
TunnelResponse expectedTunnelConfig = mapper.readValue(withAdditionalIngress, TunnelResponse.class);
|
||||
ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
|
||||
when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
|
||||
|
||||
mockMvc.perform(put("/cloudflare/tunnel/{tunnelId}/add", "sampleTunnelId")
|
||||
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
|
||||
.with(csrf())
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content(ingressJson))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
|
||||
.andExpect(jsonPath("$.data.result.config.ingress[*].hostname", hasItem("random.hithomelabs.com")));
|
||||
}
|
||||
|
||||
@Test
|
||||
void deleteTunnelConfiguration() throws Exception {
|
||||
|
||||
when(restTemplateConfig.restTemplate()).thenReturn(new RestTemplate());
|
||||
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
TunnelResponse tunnelStateBefore = mapper.readValue(withAdditionalIngress, TunnelResponse.class);
|
||||
ResponseEntity<TunnelResponse> tunnelResponseBefore = new ResponseEntity<>(tunnelStateBefore, HttpStatus.OK);
|
||||
|
||||
when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class))).thenReturn(tunnelResponseBefore);
|
||||
|
||||
TunnelResponse expectedTunnelConfig = mapper.readValue(withoutAdditionalIngress, TunnelResponse.class);
|
||||
ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
|
||||
when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
|
||||
|
||||
mockMvc.perform(put("/cloudflare/tunnel/{tunnelId}/delete", "sampleTunnelId")
|
||||
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
|
||||
.with(csrf())
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content(ingressJson))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
|
||||
.andExpect(jsonPath("$.data.result.config.ingress[*].hostname", not(hasItem("random.hithomelabs.com"))));
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@ -1,117 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.Services;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
|
||||
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
|
||||
import com.hithomelabs.CFTunnels.Models.Config;
|
||||
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class CloudflareAPIServiceTest {
|
||||
|
||||
@InjectMocks
|
||||
private CloudflareAPIService cloudflareAPIService;
|
||||
|
||||
@Mock
|
||||
AuthKeyEmailHeader authKeyEmailHeader;
|
||||
|
||||
@Mock
|
||||
private RestTemplate restTemplate;
|
||||
|
||||
@Mock
|
||||
CloudflareConfig cloudflareConfig;
|
||||
|
||||
private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
|
||||
|
||||
private static final String bigTunnelResponse;
|
||||
|
||||
static {
|
||||
try {
|
||||
bigTunnelResponse = getClassPathDataResource(tunnelResponseLargeIngressFile);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void testGetCloudflareTunnels() {
|
||||
|
||||
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
|
||||
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
|
||||
Map<String, Object> mockBody = Map.of("tunnels", List.of(Map.of("id", "t1")));
|
||||
ResponseEntity<Map> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
|
||||
|
||||
when(restTemplate.exchange(
|
||||
any(String.class),
|
||||
eq(HttpMethod.GET),
|
||||
any(HttpEntity.class),
|
||||
eq(Map.class)
|
||||
)).thenReturn(mockResponse);
|
||||
|
||||
ResponseEntity<Map> response = cloudflareAPIService.getCloudflareTunnels();
|
||||
assertEquals(HttpStatus.OK, response.getStatusCode());
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
void getCloudflareTunnelConfigurations() throws JsonProcessingException {
|
||||
|
||||
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
|
||||
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
|
||||
|
||||
TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
|
||||
ResponseEntity<TunnelResponse> tunnelResponseResponseEntity = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
|
||||
|
||||
when(restTemplate.exchange(
|
||||
any(String.class),
|
||||
eq(HttpMethod.GET),
|
||||
any(HttpEntity.class),
|
||||
eq(TunnelResponse.class)
|
||||
)).thenReturn(tunnelResponseResponseEntity);
|
||||
|
||||
ResponseEntity<TunnelResponse> response = cloudflareAPIService.getCloudflareTunnelConfigurations("sampleTunnelID", restTemplate, TunnelResponse.class);
|
||||
assertEquals(HttpStatus.OK, response.getStatusCode());
|
||||
assertEquals(response.getBody().getResult().getConfig().getIngress().get(0).getHostname(), "giteabkp.hithomelabs.com");
|
||||
}
|
||||
|
||||
@Test
|
||||
void putCloudflareTunnelConfigurations() throws JsonProcessingException {
|
||||
|
||||
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
|
||||
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
|
||||
|
||||
TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
|
||||
ResponseEntity<TunnelResponse> tunnelResponseResponseEntity = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
|
||||
|
||||
Config config = tunnelResponse.getResult().getConfig();
|
||||
|
||||
when(restTemplate.exchange(
|
||||
any(String.class),
|
||||
eq(HttpMethod.PUT),
|
||||
any(HttpEntity.class),
|
||||
eq(TunnelResponse.class)
|
||||
)).thenReturn(tunnelResponseResponseEntity);
|
||||
|
||||
ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations("sampleTunnelID", restTemplate, TunnelResponse.class, config);
|
||||
assertEquals(HttpStatus.OK, response.getStatusCode());
|
||||
assertEquals(response.getBody().getResult().getConfig().getIngress().get(2).getHostname(), "random.hithomelabs.com");
|
||||
}
|
||||
}
|
||||
@ -1,17 +0,0 @@
|
||||
package com.hithomelabs.CFTunnels.TestUtils;
|
||||
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.nio.file.Files;
|
||||
|
||||
public class Util {
|
||||
|
||||
public static String getClassPathDataResource(String filename) throws IOException {
|
||||
return Files.readString(
|
||||
new ClassPathResource(String.format("data/%s", filename)).getFile().toPath(),
|
||||
StandardCharsets.UTF_8);
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,38 +0,0 @@
|
||||
{
|
||||
"success": true,
|
||||
"errors": [],
|
||||
"messages": [],
|
||||
"result": {
|
||||
"tunnel_id": "50df9101-f625-4618-b7c5-100338a57124",
|
||||
"version": 63,
|
||||
"config": {
|
||||
"ingress": [
|
||||
{
|
||||
"service": "http://192.168.0.100:8928",
|
||||
"hostname": "giteabkp.hithomelabs.com",
|
||||
"originRequest": {}
|
||||
},
|
||||
{
|
||||
"service": "https://192.168.0.100:9442",
|
||||
"hostname": "devdocker.hithomelabs.com",
|
||||
"originRequest": {
|
||||
"noTLSVerify": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"service": "http://192.168.0.100:3457",
|
||||
"hostname": "random.hithomelabs.com",
|
||||
"originRequest": {}
|
||||
},
|
||||
{
|
||||
"service": "http_status:404"
|
||||
}
|
||||
],
|
||||
"warp-routing": {
|
||||
"enabled": false
|
||||
}
|
||||
},
|
||||
"source": "cloudflare",
|
||||
"created_at": "2025-10-24T18:17:26.914217Z"
|
||||
}
|
||||
}
|
||||
@ -1,33 +0,0 @@
|
||||
{
|
||||
"success": true,
|
||||
"errors": [],
|
||||
"messages": [],
|
||||
"result": {
|
||||
"tunnel_id": "50df9101-f625-4618-b7c5-100338a57124",
|
||||
"version": 63,
|
||||
"config": {
|
||||
"ingress": [
|
||||
{
|
||||
"service": "http://192.168.0.100:8928",
|
||||
"hostname": "giteabkp.hithomelabs.com",
|
||||
"originRequest": {}
|
||||
},
|
||||
{
|
||||
"service": "https://192.168.0.100:9442",
|
||||
"hostname": "devdocker.hithomelabs.com",
|
||||
"originRequest": {
|
||||
"noTLSVerify": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"service": "http_status:404"
|
||||
}
|
||||
],
|
||||
"warp-routing": {
|
||||
"enabled": false
|
||||
}
|
||||
},
|
||||
"source": "cloudflare",
|
||||
"created_at": "2025-10-24T18:17:26.914217Z"
|
||||
}
|
||||
}
|
||||
@ -1,13 +0,0 @@
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:15-alpine
|
||||
container_name: cftunnel-db-${ENV}
|
||||
environment:
|
||||
POSTGRES_DB: cftunnel
|
||||
POSTGRES_USER: ${POSTGRES_USERNAME}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "${DB_PORT}:5432"
|
||||
volumes:
|
||||
- ${DB_PATH}:/var/lib/postgresql/data
|
||||
Loading…
Reference in New Issue
Block a user