Postgres integration

.gitea/workflows/prod_image_tag_promote.yaml

@@ -0,0 +1,57 @@
+name: Promote image with tag test to prod
+run-name: Build started by $ {{gitea.actor}}
+on:
+  push:
+    branches: [main]
+jobs:
+  tag:
+    runs-on: ubuntu-latest
+    outputs:
+      new_version: ${{ steps.new_version.outputs.new_version }}
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Get new version
+        id: new_version
+        run: |
+          VERSION=$(git describe --tags --abbrev=0)
+          echo ${VERSION}
+          MAJOR=$(echo ${VERSION} | cut -d "." -f 1)
+          MINOR=$(echo ${VERSION} | cut -d "." -f 2)
+          PATCH=0
+          NEW_MINOR=$(( ${MINOR} + 1))
+          echo ${NEW_MINOR}
+          echo "new_version=$(echo "${MAJOR}.${NEW_MINOR}.${PATCH}")" >> $GITHUB_OUTPUT
+  build_tag_push:
+    runs-on: ubuntu-latest
+    needs: tag
+    container:
+      image: catthehacker/ubuntu:act-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Create and push tag
+        run: |
+          echo "NEW_VERSION=${{ needs.tag.outputs.new_version }}"
+          git config --global user.name "${{gitea.actor}}"
+          git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
+          git tag -a ${{ needs.tag.outputs.new_version }} -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
+          git push origin ${{ needs.tag.outputs.new_version }}
+      - name: Log in to Gitea Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: 'http://192.168.0.100:8928'
+          username: hitanshu
+          password: ${{ secrets.TOKEN }}
+      - name: Tag prod image
+        run: |
+          docker tag 192.168.0.100:8928/hithomelabs/cftunnels:test 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
+          docker tag 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }} 192.168.0.100:8928/hithomelabs/cftunnels:prod
+      - name: Push to Gitea Registry
+        run: |
+          docker push 192.168.0.100:8928/hithomelabs/cftunnels:prod
+          docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}

build.gradle

@@ -27,6 +27,10 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+	implementation 'org.springframework.boot:spring-boot-starter-actuator'
+	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+	runtimeOnly 'org.postgresql:postgresql'
+	implementation 'org.hibernate.validator:hibernate-validator'
 }
 
 tasks.named('test') {

docker-compose.yaml

@@ -2,6 +2,8 @@ services:
   app:
     image: gitea.hithomelabs.com/hithomelabs/cftunnels:${ENV}
     container_name: cftunnels_${ENV}
+    ports:
+      - ${HOST_PORT}:8080
     environment:
       - CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}
       - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}
@@ -9,6 +11,24 @@ services:
       - ENV=${ENV}
       - OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID}
       - OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
-    ports:
-      - 5002:8080
+      - HOST_PORT=${HOST_PORT}
+      - POSTGRES_USER=${POSTGRES_USERNAME}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    env_file:
+      - .env
     restart: unless-stopped
+  postgres:
+    image: postgres:15
+    container_name: cftunnel-db
+    environment:
+      POSTGRES_DB: cftunnel
+      POSTGRES_USER: ${POSTGRES_USERNAME}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    restart: unless-stopped
+    ports:
+      - "5432:5432"
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+
+volumes:
+  pgdata: {}

src/main/java/com/hithomelabs/CFTunnels/Controllers/HomeController.java

@@ -0,0 +1,32 @@
+package com.hithomelabs.CFTunnels.Controllers;
+
+
+import org.springframework.boot.web.servlet.error.ErrorController;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class HomeController implements ErrorController {
+
+    private static final String ERROR_PATH = "/error";
+
+    /**
+     * Redirects the root (including any query params like ?continue=…)
+     * straight into Swagger UI.
+     */
+    @GetMapping("/")
+    public String rootRedirect() {
+        return "redirect:/swagger-ui/index.html";
+    }
+
+    /**
+     * Catches any errors (404s, unhandled paths) and punts them
+     * into the same Swagger UI page.
+     */
+    @RequestMapping(ERROR_PATH)
+    public String onError() {
+        return "redirect:/swagger-ui/index.html";
+    }
+
+}

src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java

@@ -9,6 +9,7 @@ import com.hithomelabs.CFTunnels.Models.Config;
 import com.hithomelabs.CFTunnels.Models.Ingress;
 import com.hithomelabs.CFTunnels.Models.TunnelResponse;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.web.servlet.error.ErrorController;
 import org.springframework.http.*;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.GrantedAuthority;
@@ -23,9 +24,10 @@ import java.util.Map;
 
 @RestController
 @RequestMapping("/cloudflare")
-public class TunnelController {
+public class TunnelController implements ErrorController {
 
     private final RestTemplate restTemplate = new RestTemplate();
+    private static final String ERROR_PATH = "/error";
 
     @Autowired
     private AuthoritiesToGroupMapping authoritiesToGroupMapping;

src/main/resources/application-local.properties

@@ -1 +1,8 @@
 api.corsResolveUrl=http://localhost:8080
+
+management.health.db.enabled=true
+management.endpoints.web.exposure.include=health
+management.endpoint.health.show-details=always
+
+logging.level.org.hibernate.SQL=DEBUG
+debug=true

src/main/resources/application.properties

@@ -4,10 +4,27 @@ cloudflare.apiKey=${CLOUDFLARE_API_KEY}
 cloudflare.email=${CLOUDFLARE_EMAIL}
 spring.profiles.active=${ENV}
 
+/ * * Masking sure app works behind a reverse proxy
 server.forward-headers-strategy=framework
+
 spring.security.oauth2.client.registration.cftunnels.client-id=${OAUTH_CLIENT_ID}
 spring.security.oauth2.client.registration.cftunnels.client-secret=${OAUTH_CLIENT_SECRET}
 spring.security.oauth2.client.registration.cftunnels.authorization-grant-type=authorization_code
 spring.security.oauth2.client.registration.cftunnels.redirect-uri={baseUrl}/login/oauth2/code/cftunnels
 spring.security.oauth2.client.registration.cftunnels.scope=openid,profile,email,offline_access,cftunnels
-spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels
+spring.security.oauth2.client.provider.cftunnels.authorization-uri=https://auth.hithomelabs.com/application/o/authorize/
+spring.security.oauth2.client.provider.cftunnels.token-uri=https://auth.hithomelabs.com/application/o/token/
+spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hithomelabs.com/application/o/userinfo/
+spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/
+spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/
+
+spring.datasource.url=jdbc:postgresql://localhost:5432/cftunnel
+spring.datasource.username=${POSTGRES_USERNAME}
+spring.datasource.password=${POSTGRES_PASSWORD}
+spring.datasource.driver-class-name=org.postgresql.Driver
+spring.sql.init.mode=always
+
+spring.jpa.hibernate.ddl-auto=update
+spring.jpa.show-sql=true
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
+

src/main/resources/schema.sql

@@ -0,0 +1,37 @@
+-- schema.sql
+
+-- Roles table
+CREATE TABLE IF NOT EXISTS roles (
+    role_id SERIAL PRIMARY KEY,
+    role_name VARCHAR(50) UNIQUE NOT NULL
+);
+
+-- Users table
+CREATE TABLE IF NOT EXISTS users (
+    user_id SERIAL PRIMARY KEY,
+    user_name VARCHAR(100) NOT NULL,
+    password VARCHAR(255) NOT NULL
+);
+
+-- User-Role Mapping table (many-to-many relationship)
+CREATE TABLE IF NOT EXISTS user_role_mapping (
+    mapping_id SERIAL PRIMARY KEY,
+    user_id INTEGER NOT NULL REFERENCES users(user_id) ON DELETE CASCADE,
+    role_id INTEGER NOT NULL REFERENCES roles(role_id) ON DELETE CASCADE
+);
+
+-- Tunnels table
+CREATE TABLE IF NOT EXISTS tunnels (
+    tunnel_id SERIAL PRIMARY KEY,
+    tunnel_name VARCHAR(100) NOT NULL,
+    tunnel_type VARCHAR(50) NOT NULL
+);
+
+-- Mapping Requests table
+CREATE TABLE IF NOT EXISTS mapping_requests (
+    request_id SERIAL PRIMARY KEY,
+    request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    status VARCHAR(20) NOT NULL,
+    user_id INTEGER REFERENCES users(user_id) ON DELETE SET NULL,
+    tunnel_id INTEGER REFERENCES tunnels(tunnel_id) ON DELETE SET NULL
+);