Added Authentication to Gateway (not finished and tested yet)

MichiBaum · Jun 26, 2024 · 603cd3f · 603cd3f
1 parent f6d202e
commit 603cd3f
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 8 deletions.
diff --git a/authentication-library/src/main/kotlin/com/michibaum/authentication_library/JWSValidator.kt b/authentication-library/src/main/kotlin/com/michibaum/authentication_library/JWSValidator.kt
@@ -6,7 +6,7 @@ import com.auth0.jwt.algorithms.Algorithm
 import com.auth0.jwt.exceptions.JWTVerificationException
 import java.security.interfaces.RSAPublicKey
 
-class JWSValidator {
+open class JWSValidator {
     fun validate(token: String?, publicKey: RSAPublicKey?): Boolean {
         try {
             val algorithm = Algorithm.RSA256(publicKey, null)

diff --git a/gateway-service/pom.xml b/gateway-service/pom.xml
@@ -58,6 +58,17 @@
 			<version>1.0.0-TEST-8</version>
 		</dependency>
 
+		<dependency>
+			<groupId>com.michibaum</groupId>
+			<artifactId>authentication-library</artifactId>
+			<version>1.0.0-TEST-8</version>
+		</dependency>
+		<dependency>
+			<groupId>com.michibaum</groupId>
+			<artifactId>authentication-library</artifactId>
+			<version>1.0.0-TEST-8</version>
+		</dependency>
+
 	</dependencies>
 
 	<build>

diff --git a/gateway-service/src/main/kotlin/com/michibaum/gatewayservice/AuthenticationFilter.kt b/gateway-service/src/main/kotlin/com/michibaum/gatewayservice/AuthenticationFilter.kt
@@ -0,0 +1,34 @@
+package com.michibaum.gatewayservice
+
+import org.springframework.cloud.gateway.filter.GatewayFilter
+import org.springframework.cloud.gateway.filter.GatewayFilterChain
+import org.springframework.http.HttpStatus
+import org.springframework.http.server.reactive.ServerHttpResponse
+import org.springframework.stereotype.Component
+import org.springframework.web.server.ServerWebExchange
+import reactor.core.publisher.Mono
+
+@Component
+class AuthenticationFilter(private val authenticationValidator: AuthenticationValidator): GatewayFilter {
+
+    override fun filter(exchange: ServerWebExchange?, chain: GatewayFilterChain?): Mono<Void> {
+        exchange?.let {
+            val authHeaders = it.request.headers["Authorization"]
+            val headerExists = (authHeaders?.size ?: 0) == 1
+            if(headerExists){
+                val authHeader = authHeaders!![0]
+                val valid = authenticationValidator.valid(authHeader)
+                if(valid) {
+                    return chain!!.filter(exchange); // Forward to route
+                }
+            }
+        }
+        return exchange!!.let { this.onError(it) }
+    }
+
+    private fun onError(exchange: ServerWebExchange): Mono<Void> {
+        val response: ServerHttpResponse = exchange.response
+        response.setStatusCode(HttpStatus.FORBIDDEN)
+        return response.setComplete()
+    }
+}
diff --git a/gateway-service/src/main/kotlin/com/michibaum/gatewayservice/AuthenticationValidator.kt b/gateway-service/src/main/kotlin/com/michibaum/gatewayservice/AuthenticationValidator.kt
@@ -0,0 +1,16 @@
+package com.michibaum.gatewayservice
+
+import com.michibaum.authentication_library.JWSValidator
+import org.springframework.stereotype.Component
+import java.security.interfaces.RSAPublicKey
+
+@Component
+class AuthenticationValidator: JWSValidator() {
+
+    var publicKey: RSAPublicKey? = null
+
+    fun valid(token: String): Boolean {
+        return this.validate(token, publicKey)
+    }
+
+}
diff --git a/gateway-service/src/main/kotlin/com/michibaum/gatewayservice/RoutesConfiguration.kt b/gateway-service/src/main/kotlin/com/michibaum/gatewayservice/RoutesConfiguration.kt
@@ -9,39 +9,56 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 
 @Configuration
-class RoutesConfiguration {
+class RoutesConfiguration (private val authenticationFilter: AuthenticationFilter) {
 
     @Bean
     fun routes(builder: RouteLocatorBuilder): RouteLocator {
         return builder.routes {
             route {
                 host("admin.michibaum.ch")
-                filters { AuthorizationPreFilter(Permissions.Admin_Service.CAN_SEND_REQUEST) }
+                filters {
+                    authenticationFilter
+                    AuthorizationPreFilter(Permissions.Admin_Service.CAN_SEND_REQUEST)
+                }
                 uri("lb://admin-service")
             }
             route {
                 host("authentication.michibaum.ch")
-                filters {}
+                filters {
+
+                }
                 uri("lb://authentication-service")
             }
             route {
                 host("javadoc.michibaum.ch")
-                filters { AuthorizationPreFilter(Permissions.JavaDoc_Service.CAN_READ) }
+                filters {
+                    authenticationFilter
+                    AuthorizationPreFilter(Permissions.JavaDoc_Service.CAN_READ)
+                }
                 uri("lb://javadoc-service")
             }
             route {
                 host("registry.michibaum.ch")
-                filters { AuthorizationPreFilter() }
+                filters {
+                    authenticationFilter
+                    AuthorizationPreFilter()
+                }
                 uri("lb://registry-service")
             }
             route {
                 host("usermanagement.michibaum.ch")
-                filters { AuthorizationPreFilter() }
+                filters {
+                    authenticationFilter
+                    AuthorizationPreFilter()
+                }
                 uri("lb://usermanagement-service")
             }
             route {
                 host("michibaum.ch")
-                filters { AuthorizationPreFilter() }
+                filters {
+                    authenticationFilter
+                    AuthorizationPreFilter()
+                }
                 uri("lb://website-service")
             }
         }