Merge pull request #4 from felixojiambo/auth_role

Auth role

Author: felixojiambo

apigateway/src/main/java/com/finpay/apigateway/config/SecurityConfig.java

@@ -0,0 +1,4 @@
+package com.finpay.apigateway.config;
+
+public class SecurityConfig {
+}

authentication-service/pom.xml

@@ -32,6 +32,11 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.kafka</groupId>
+            <artifactId>spring-kafka</artifactId>
+
+        </dependency>
 
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -79,6 +84,12 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-commons</artifactId>
+            <version>4.2.0-RC1</version>
+            <scope>compile</scope>
+        </dependency>
 
 
     </dependencies>

authentication-service/src/main/java/com/finpay/authentication/clients/UserServiceClient.java

@@ -0,0 +1,38 @@
+package com.finpay.authentication.clients;
+import com.finpay.authentication.dtos.UserDto;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import java.util.Optional;
+
+@Component
+public class UserServiceClient {
+
+    private final RestTemplate restTemplate;
+    private final String apiGatewayBaseUrl = "http://api-gateway"; // API Gateway base URL
+    private final String userServicePath = "/user-service/api/users"; // Path to User Service in the gateway
+
+    public UserServiceClient(RestTemplate restTemplate) {
+        this.restTemplate = restTemplate;
+    }
+
+    /**
+     * Fetch a user by email from the User Service via the API Gateway.
+     *
+     * @param email the email of the user
+     * @return an Optional containing UserDto if the user exists, or empty if not found
+     */
+    public Optional<UserDto> getUserByEmail(String email) {
+        String url = UriComponentsBuilder.fromHttpUrl(apiGatewayBaseUrl + userServicePath)
+                .queryParam("email", email)
+                .toUriString();
+        try {
+            UserDto userDto = restTemplate.getForObject(url, UserDto.class);
+            return Optional.ofNullable(userDto);
+        } catch (Exception e) {
+            // Log error or handle exception as needed
+            return Optional.empty();
+        }
+    }
+}

authentication-service/src/main/java/com/finpay/authentication/config/AppConfig.java

@@ -0,0 +1,16 @@
+package com.finpay.authentication.config;
+
+import org.springframework.cloud.client.loadbalancer.LoadBalanced;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.client.RestTemplate;
+
+@Configuration
+public class AppConfig {
+
+    @Bean
+    @LoadBalanced
+    public RestTemplate restTemplate() {
+        return new RestTemplate();
+    }
+}

authentication-service/src/main/java/com/finpay/authentication/controllers/AuthController.java

@@ -1,11 +1,7 @@
 package com.finpay.authentication.controllers;
 
-import com.finpay.authentication.dtos.JwtResponse;
-import com.finpay.authentication.dtos.LoginRequest;
-import com.finpay.authentication.dtos.MessageResponse;
-import com.finpay.authentication.dtos.SignupRequest;
-import com.finpay.authentication.models.User;
-import com.finpay.authentication.repository.UserRepository;
+import com.finpay.authentication.clients.UserServiceClient;
+import com.finpay.authentication.dtos.*;
 import com.finpay.authentication.utils.JwtUtil;
 import org.springframework.http.*;
 import org.springframework.security.authentication.*;
@@ -14,67 +10,46 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.bind.annotation.*;
 
-import java.util.UUID;
-
 @RestController
 @RequestMapping("/api/auth")
 public class AuthController {
 
     private final AuthenticationManager authenticationManager;
-    private final UserRepository userRepository;
     private final PasswordEncoder passwordEncoder;
     private final JwtUtil jwtUtil;
+    private final UserServiceClient userServiceClient; // Add UserServiceClient
 
     // Constructor-based injection
     public AuthController(AuthenticationManager authenticationManager,
-                          UserRepository userRepository,
                           PasswordEncoder passwordEncoder,
-                          JwtUtil jwtUtil) {
+                          JwtUtil jwtUtil,
+                          UserServiceClient userServiceClient) {
         this.authenticationManager = authenticationManager;
-        this.userRepository = userRepository;
         this.passwordEncoder = passwordEncoder;
         this.jwtUtil = jwtUtil;
-    }
-
-    @PostMapping("/register")
-    public ResponseEntity<?> registerUser(@RequestBody SignupRequest signupRequest) {
-        if (userRepository.existsByEmail(signupRequest.getEmail())) {
-            return ResponseEntity
-                    .badRequest()
-                    .body(new MessageResponse("Error: Email is already in use!"));
-        }
-
-        // Create new user
-        User user = User.builder()
-                .id(UUID.randomUUID())
-                .name(signupRequest.getName())
-                .email(signupRequest.getEmail())
-                .password(passwordEncoder.encode(signupRequest.getPassword()))
-                .build();
-
-        userRepository.save(user);
-
-        return ResponseEntity.ok(new MessageResponse("User registered successfully!"));
+        this.userServiceClient = userServiceClient; // Initialize UserServiceClient
     }
 
     @PostMapping("/login")
-    public ResponseEntity<?> authenticateUser(@RequestBody LoginRequest loginRequest) {
+      public ResponseEntity<?> authenticateUser(@RequestBody LoginRequest loginRequest) {
         try {
+            // Authenticate user
             Authentication authentication = authenticationManager.authenticate(
                     new UsernamePasswordAuthenticationToken(
                             loginRequest.getEmail(),
                             loginRequest.getPassword()
                     )
             );
 
-            // If authentication is successful
-            String jwt = jwtUtil.generateJwtToken(loginRequest.getEmail());
-
-            User user = userRepository.findByEmail(loginRequest.getEmail())
+            // Fetch user details from User Service
+            UserDto userDto = userServiceClient.getUserByEmail(loginRequest.getEmail())
                     .orElseThrow(() -> new UsernameNotFoundException("User not found"));
 
-            JwtResponse jwtResponse = new JwtResponse(jwt, user.getId(), user.getName(), user.getEmail());
+            // Generate JWT with email and roles
+            String jwt = jwtUtil.generateJwtToken(loginRequest.getEmail(), userDto.getRoles());
 
+            // Build JWT response
+            JwtResponse jwtResponse = new JwtResponse(jwt, userDto.getId(), userDto.getName(), userDto.getEmail());
             return ResponseEntity.ok(jwtResponse);
 
         } catch (BadCredentialsException e) {
@@ -83,4 +58,6 @@ public ResponseEntity<?> authenticateUser(@RequestBody LoginRequest loginRequest
                     .body(new MessageResponse("Error: Invalid email or password"));
         }
     }
+
+
 }

authentication-service/src/main/java/com/finpay/authentication/dtos/UserDto.java

@@ -0,0 +1,15 @@
+package com.finpay.authentication.dtos;
+
+import lombok.Data;
+
+import java.util.Set;
+import java.util.UUID;
+
+@Data
+public class UserDto {
+    private UUID id;
+    private String email;
+    private String password;
+    private String name;
+    private Set<String> roles;
+}

authentication-service/src/main/java/com/finpay/authentication/dtos/UserEvent.java

@@ -0,0 +1,11 @@
+//package com.finpay.authentication.dtos;
+//
+//import lombok.Data;
+//import java.util.UUID;
+//
+//@Data
+//public class UserEvent {
+//    private UUID id;
+//    private String email;
+//    private String roles;
+//}

authentication-service/src/main/java/com/finpay/authentication/filter/JwtAuthenticationFilter.java

@@ -3,6 +3,7 @@
 import com.finpay.authentication.services.UserDetailsServiceImpl;
 import com.finpay.authentication.utils.JwtUtil;
 import org.springframework.security.authentication.*;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.filter.OncePerRequestFilter;
@@ -11,6 +12,9 @@
 import jakarta.servlet.*;
 import jakarta.servlet.http.*;
 import java.io.IOException;
+import java.util.List;
+import java.util.Set;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 @Component
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
@@ -38,21 +42,18 @@ protected void doFilterInternal(HttpServletRequest request,
         }
 
         if (email != null && SecurityContextHolder.getContext().getAuthentication() == null) {
-            UserDetails userDetails = userDetailsService.loadUserByUsername(email);
-            if (jwtUtil.validateJwtToken(jwt)) {
-                UsernamePasswordAuthenticationToken authToken =
-                        new UsernamePasswordAuthenticationToken(
-                                userDetails,
-                                null,
-                                userDetails.getAuthorities()
-                        );
-                authToken.setDetails(
-                        new WebAuthenticationDetailsSource().buildDetails(request)
-                );
-                SecurityContextHolder.getContext().setAuthentication(authToken);
-            }
+            Set<String> roles = jwtUtil.getRolesFromJwtToken(jwt); // Add method to extract roles
+            List<SimpleGrantedAuthority> authorities = roles.stream()
+                    .map(SimpleGrantedAuthority::new)
+                    .toList();
+
+            UsernamePasswordAuthenticationToken authToken =
+                    new UsernamePasswordAuthenticationToken(email, null, authorities);
+
+            SecurityContextHolder.getContext().setAuthentication(authToken);
         }
 
         filterChain.doFilter(request, response);
     }
+
 }

authentication-service/src/main/java/com/finpay/authentication/models/User.java

@@ -1,38 +1,34 @@
 package com.finpay.authentication.services;
-
-import com.finpay.authentication.models.User;
-import com.finpay.authentication.repository.UserRepository;
-import org.springframework.security.core.*;
+import com.finpay.authentication.clients.UserServiceClient;
+import com.finpay.authentication.dtos.UserDto;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.*;
 import org.springframework.stereotype.Service;
 
 import java.util.*;
 
 @Service
+
 public class UserDetailsServiceImpl implements UserDetailsService {
 
-    private final UserRepository userRepository;
+    private final UserServiceClient userServiceClient; // REST or gRPC client to fetch user data
 
-    // Constructor-based injection
-    public UserDetailsServiceImpl(UserRepository userRepository) {
-        this.userRepository = userRepository;
+    public UserDetailsServiceImpl(UserServiceClient userServiceClient) {
+        this.userServiceClient = userServiceClient;
     }
 
     @Override
-    public UserDetails loadUserByUsername(String email)
-            throws UsernameNotFoundException {
-        User user = userRepository.findByEmail(email)
-                .orElseThrow(() ->
-                        new UsernameNotFoundException("User Not Found with email: " + email));
+    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
+        UserDto userDto = userServiceClient.getUserByEmail(email)
+                .orElseThrow(() -> new UsernameNotFoundException("User Not Found with email: " + email));
 
-        // For simplicity, all users have ROLE_USER
-        List<GrantedAuthority> authorities =
-                Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
+        List<SimpleGrantedAuthority> authorities = userDto.getRoles().stream()
+                .map(SimpleGrantedAuthority::new)
+                .toList();
 
         return new org.springframework.security.core.userdetails.User(
-                user.getEmail(),
-                user.getPassword(),
+                userDto.getEmail(),
+                userDto.getPassword(),
                 authorities
         );
     }