2026-01-23 13:45:46 +00:00
5 changed files with 37 additions and 18 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -14,6 +14,7 @@ services:
      - HOST_PORT=${HOST_PORT}
      - POSTGRES_USER=${POSTGRES_USERNAME}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - SWAGGER_OAUTH_CLIENT_ID=${SWAGGER_OAUTH_CLIENT_ID}
    env_file:
      - stack.env
    restart: unless-stopped
--- a/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java
@ -1,6 +1,8 @@
 package com.hithomelabs.CFTunnels.Config;

+import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.security.*;
 import io.swagger.v3.oas.models.servers.Server;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@ -16,13 +18,37 @@ public class OpenApiConfig {
    @Value("${api.baseUrl}")
    private String baseUrl;

+    @Value("${springdoc.swagger-ui.oauth.authorization-url}")
+    private String authorizationUri;
+
+    @Value("${springdoc.swagger-ui.oauth.token-url}")
+    private String tokenUri;
+
    @Bean
-    public OpenAPI openAPI(){
+    public OpenAPI openAPI() {
        Server httpsServer = new Server().url(baseUrl);
        OpenAPI openApi = new OpenAPI();
        ArrayList<Server> servers = new ArrayList<>();
        servers.add(httpsServer);
        openApi.setServers(servers);
+        openApi.addSecurityItem(new SecurityRequirement().addList("oidcAuth"))
+                .components(new Components()
+                        .addSecuritySchemes("oidcAuth",
+                                new SecurityScheme()
+                                        .type(SecurityScheme.Type.OAUTH2)
+                                        .flows(new OAuthFlows()
+                                                .authorizationCode(new OAuthFlow()
+                                                        .authorizationUrl(authorizationUri)
+                                                        .tokenUrl(tokenUri)
+                                                        .scopes(new Scopes()
+                                                                .addString("openid", "OpenID scope")
+                                                                .addString("profile", "OpenID profile")
+                                                                .addString("email", "OpenID email"))
+                                                )
+                                        )
+                        )
+                )
+                .addSecurityItem(new SecurityRequirement().addList("oidcAuth"));
        return openApi;
    }
 }
--- a/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java
@ -28,6 +28,7 @@ public class SecuirtyConfig {
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests(auth -> auth
+                        //.requestMatchers( "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html" ).permitAll()
                        .anyRequest().authenticated()
                ).csrf(csrf -> csrf.disable())
                .with(new OAuth2LoginConfigurer<>(),
--- a/src/main/java/com/hithomelabs/CFTunnels/Controllers/HomeController.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Controllers/HomeController.java
@ -11,22 +11,6 @@ public class HomeController implements ErrorController {

    private static final String ERROR_PATH = "/error";

-    /**
-     * Redirects the root (including any query params like ?continue=…)
-     * straight into Swagger UI.
-     */
-    @GetMapping("/")
-    public String rootRedirect() {
-        return "redirect:/swagger-ui/index.html";
-    }
    
-    /**
-     * Catches any errors (404s, unhandled paths) and punts them
-     * into the same Swagger UI page.
-     */
-    @RequestMapping(ERROR_PATH)
-    public String onError() {
-        return "redirect:/swagger-ui/index.html";
-    }

 }
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -18,6 +18,13 @@ spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hith
 spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/
 spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/

+springdoc.swagger-ui.oauth.client-id=${SWAGGER_OAUTH_CLIENT_ID}
+springdoc.swagger-ui.oauth.client-secret= # leave empty for public client
+springdoc.swagger-ui.oauth.use-pkce=true
+springdoc.swagger-ui.oauth.scopes=openid,profile,email
+springdoc.swagger-ui.oauth.authorization-url=https://auth.hithomelabs.com/application/o/authorize/
+springdoc.swagger-ui.oauth.token-url=https://auth.hithomelabs.com/application/o/token/
+
 spring.datasource.url=jdbc:postgresql://192.168.0.100:5432/cftunnel
 spring.datasource.username=${POSTGRES_USERNAME}
 spring.datasource.password=${POSTGRES_PASSWORD}