BLuBin7
diff --git a/‎docker-compose.yml
Lines changed: 7 additions & 7 deletions b/‎docker-compose.yml
Lines changed: 7 additions & 7 deletions
diff --git a/‎identity-service/src/main/java/com/blubin/identityservice/config/CustomUserDetailsService.java
Lines changed: 2 additions & 1 deletion b/‎identity-service/src/main/java/com/blubin/identityservice/config/CustomUserDetailsService.java
Lines changed: 2 additions & 1 deletion
diff --git a/‎identity-service/src/main/java/com/blubin/identityservice/config/JwtAuthenticationFilter.java
Lines changed: 27 additions & 0 deletions b/‎identity-service/src/main/java/com/blubin/identityservice/config/JwtAuthenticationFilter.java
Lines changed: 27 additions & 0 deletions
diff --git a/‎identity-service/src/main/java/com/blubin/identityservice/config/OAuth2LoginSuccessHandler.java
Lines changed: 13 additions & 3 deletions b/‎identity-service/src/main/java/com/blubin/identityservice/config/OAuth2LoginSuccessHandler.java
Lines changed: 13 additions & 3 deletions
diff --git a/‎identity-service/src/main/java/com/blubin/identityservice/config/OAuth2LogoutSuccessHandler.java
Lines changed: 37 additions & 0 deletions b/‎identity-service/src/main/java/com/blubin/identityservice/config/OAuth2LogoutSuccessHandler.java
Lines changed: 37 additions & 0 deletions
diff --git a/‎identity-service/src/main/java/com/blubin/identityservice/config/SecurityConfig.java
Lines changed: 21 additions & 34 deletions b/‎identity-service/src/main/java/com/blubin/identityservice/config/SecurityConfig.java
Lines changed: 21 additions & 34 deletions
@@ -57,7 +57,7 @@ services:
     build: ./user-service
     container_name: user-service
     ports:
-      - "18080:8080" # HTTP
+      - "18080:18080" # HTTP
       - "19090:19090" # gRPC
     restart: always
     environment:
@@ -71,7 +71,7 @@ services:
     build: ./identity-service
     container_name: identity-service
     ports:
-      - "18081:8081"
+      - "18081:18081"
     restart: always
     environment:
       - SPRING_DATASOURCE_URL
@@ -87,7 +87,7 @@ services:
     build: ./product-service
     container_name: product-service
     ports:
-      - "18082:8082"
+      - "18082:18082"
     restart: always
     environment:
       - SPRING_DATASOURCE_URL
@@ -100,7 +100,7 @@ services:
     build: ./promotion-service
     container_name: promotion-service
     ports:
-      - "18084:8084"
+      - "18084:18084"
     restart: always
     environment:
       - SPRING_DATASOURCE_URL
@@ -113,7 +113,7 @@ services:
     build: ./cart-service
     container_name: cart-service
     ports:
-      - "18085:8085"
+      - "18085:18085"
     restart: always
     environment:
       - SPRING_DATASOURCE_URL
@@ -126,7 +126,7 @@ services:
     build: ./payment-service
     container_name: payment-service
     ports:
-      - "18086:8086"
+      - "18086:18086"
     restart: always
     environment:
       - SPRING_DATASOURCE_URL
@@ -139,7 +139,7 @@ services:
     build: ./rating-service
     container_name: rating-service
     ports:
-      - "18087:8087"
+      - "18087:18087"
     restart: always
     environment:
       - SPRING_DATASOURCE_URL
 
@@ -2,6 +2,7 @@
 
 import com.blubin.identityservice.model.SiteUser;
 import com.blubin.identityservice.repository.SiteUserRepository;
+import com.blubin.identityservice.utils.Constants;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -16,7 +17,7 @@ public class CustomUserDetailsService implements UserDetailsService {
     @Override
     public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
         SiteUser user = userRepository.findByEmailAddress(email)
-                .orElseThrow(() -> new UsernameNotFoundException("User not found with email: " + email));
+                .orElseThrow(() -> new UsernameNotFoundException(Constants.ErrorCodes.USER_NOT_FOUND_WITH_EMAIL + email));
 
         return org.springframework.security.core.userdetails.User.builder()
                 .username(user.getEmailAddress())
 
@@ -1,10 +1,13 @@
 package com.blubin.identityservice.config;
 
+import com.blubin.identityservice.service.RefreshTokenService;
 import com.blubin.identityservice.utils.JwtUtils;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
@@ -38,6 +41,9 @@ protected void doFilterInternal(HttpServletRequest request,
                 );
                 authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                 SecurityContextHolder.getContext().setAuthentication(authentication);
+                System.out.println("Authenticated user: " + email);
+                String authHeader = request.getHeader("Authorization");
+                System.out.println("Authorization Header: " + authHeader);
             }
         } catch(Exception e) {
             logger.error("Cannot set user authentication}");
@@ -46,11 +52,32 @@ protected void doFilterInternal(HttpServletRequest request,
         filterChain.doFilter(request, response);
     }
 
+//    get JWT from header
     private String parseJwt(HttpServletRequest request) {
         String headerAuth = request.getHeader("Authorization");
+
         if(headerAuth != null && headerAuth.startsWith("Bearer ")) {
             return headerAuth.substring(7);
         }
+
         return null;
     }
+
+//    get JWT from header and cookie
+//    private String parseJwt(HttpServletRequest request) {
+//        String headerAuth = request.getHeader("Authorization");
+//        if (headerAuth != null && headerAuth.startsWith("Bearer ")) {
+//            return headerAuth.substring(7);
+//        }
+//
+//        if (request.getCookies() != null) {
+//            for (Cookie cookie : request.getCookies()) {
+//                if ("SERVER_SESSION".equals(cookie.getName())) {
+//                    return URLDecoder.decode(cookie.getValue(), StandardCharsets.UTF_8);
+//                }
+//            }
+//        }
+//
+//        return null;
+//    }
 }
@@ -1,10 +1,10 @@
 package com.blubin.identityservice.config;
+
 import com.blubin.identityservice.model.SiteUser;
 import com.blubin.identityservice.repository.SiteUserRepository;
 import com.blubin.identityservice.service.GrpcUserService;
-import com.blubin.identityservice.service.SiteUserService;
+import com.blubin.identityservice.service.RefreshTokenService;
 import com.blubin.identityservice.utils.JwtUtils;
-import com.blubin.proto.service.UserProfileRequest;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -28,6 +28,9 @@ public class OAuth2LoginSuccessHandler implements AuthenticationSuccessHandler {
     @Autowired
     private SiteUserRepository siteUserRepository;
 
+    @Autowired
+    private RefreshTokenService refreshTokenService;
+
     public OAuth2LoginSuccessHandler(JwtUtils jwtUtils) {
         this.jwtUtils = jwtUtils;
     }
@@ -51,8 +54,15 @@ public void onAuthenticationSuccess(HttpServletRequest request,
                 });
 
         String token = jwtUtils.generateJwtToken(siteUser);
+        String refreshToken = refreshTokenService.createRefreshToken(siteUser.getId());
+        System.out.println(token);
+        System.out.println(refreshToken);
+//       Save JWT to Header
+        response.setHeader("Access-Control-Expose-Headers", "Authorization");
+        response.setHeader("Authorization", "Bearer " + token);
 
-        Cookie cookie = new Cookie("SERVER_SESSION", URLEncoder.encode(token, StandardCharsets.UTF_8));
+//       Save JWT to Cookie
+        Cookie cookie = new Cookie("SERVER_SESSION", URLEncoder.encode(refreshToken, StandardCharsets.UTF_8));
 //        XSS
         cookie.setHttpOnly(true);
 //        cookie.setSecure(true);
 
@@ -0,0 +1,37 @@
+package com.blubin.identityservice.config;
+
+import com.blubin.identityservice.service.RefreshTokenService;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class OAuth2LogoutSuccessHandler implements LogoutSuccessHandler {
+
+    @Autowired
+    private RefreshTokenService refreshTokenService;
+
+    @Override
+    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+            for (Cookie cookie : cookies) {
+                if ("SERVER_SESSION".equals(cookie.getName())) {
+                    String refreshToken = cookie.getValue();
+                    refreshTokenService.revokeRefreshToken(refreshToken);
+                }
+            }
+        }
+
+        response.setContentType("application/json");
+        response.setCharacterEncoding("UTF-8");
+        response.getWriter().write("{\"message\": \"Logged out successfully\"}");
+    }
+}
@@ -3,6 +3,7 @@
 import com.blubin.identityservice.model.CustomOidcUserService;
 import com.blubin.identityservice.utils.Constants;
 import io.github.cdimascio.dotenv.Dotenv;
+import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -31,8 +32,10 @@
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
+import org.springframework.web.cors.CorsConfiguration;
 
 import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -45,12 +48,23 @@ public class SecurityConfig {
     @Autowired
     private OAuth2LoginSuccessHandler oAuth2LoginSuccessHandler;
 
+    @Autowired
+    private OAuth2LogoutSuccessHandler oAuth2LogoutSuccessHandler;
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity httpSecurity, CustomOidcUserService customOidcUserService) throws Exception {
         httpSecurity
                 .csrf(AbstractHttpConfigurer::disable)
-//                .cors(AbstractHttpConfigurer::disable)
-                .cors(Customizer.withDefaults())
+//                .cors(Customizer.withDefaults())
+                .cors(cors -> cors.configurationSource(request -> {
+                    CorsConfiguration config = new CorsConfiguration();
+                    config.setAllowedOrigins(List.of("http://localhost:3000"));
+                    config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE"));
+                    config.setAllowedHeaders(List.of("Authorization", "Content-Type"));
+                    config.setExposedHeaders(List.of("Authorization"));
+                    config.setAllowCredentials(true);
+                    return config;
+                }))
                 .headers(headers -> headers
                         .xssProtection(xss -> xss.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK))
                         .contentSecurityPolicy(cps -> cps.policyDirectives("default-src 'self';base-uri 'self';"
@@ -66,33 +80,26 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity, CustomOidcUser
                         .requestMatchers("/api/v1/**").hasAnyAuthority("ADMIN")
                         .anyRequest().authenticated()
                 )
-//                .formLogin((form) -> form
-//                        .defaultSuccessUrl("/swagger-ui/index.html", true)
-//                        .permitAll()
-//                )
-
                 .oauth2Login(oauth2 -> oauth2
-//                        .loginPage("/login")
                         .userInfoEndpoint(userInfo -> userInfo
                                 .oidcUserService(customOidcUserService)
                                 .userAuthoritiesMapper(this.userAuthoritiesMapper()))
                                 .successHandler(oAuth2LoginSuccessHandler)
 //                        .defaultSuccessUrl("/users", true)
-//                        .defaultSuccessUrl("/users")
                         .failureUrl("/login?error")
                 )
-//                .oauth2Login(Customizer.withDefaults())
-
                 // JWT-based resource server configuration
-                .oauth2ResourceServer(oauth2 -> oauth2
-                        .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter()))
-                )
+//                 .oauth2ResourceServer(oauth2 -> oauth2
+//                        .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter()))
+//                )
 
                 .logout(logout -> logout
                         .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                         .logoutSuccessUrl("/login?logout")
+                        .logoutSuccessHandler(oAuth2LogoutSuccessHandler)
                         .permitAll()
                 )
+
                 .httpBasic(Customizer.withDefaults());
 
         httpSecurity.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
@@ -123,10 +130,6 @@ private GrantedAuthoritiesMapper userAuthoritiesMapper() {
                     OAuth2UserAuthority oauth2UserAuthority = (OAuth2UserAuthority)authority;
 
                     Map<String, Object> userAttributes = oauth2UserAuthority.getAttributes();
-
-                    // Map the attributes found in userAttributes
-                    // to one or more GrantedAuthority's and add it to mappedAuthorities
-
                 }
             });
 
@@ -181,22 +184,6 @@ private ClientRegistration googleClientRegistration(String google_client_id, Str
                 .build();
     }
 
-//    @Bean
-//    public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
-//        UserDetails admin = User.builder()
-//                .username("admin")
-//                .password(passwordEncoder.encode("admin"))
-//                .authorities("ADMIN")
-//                .build();
-//
-//        UserDetails user = User.builder()
-//                .username("user")
-//                .password(passwordEncoder.encode("user"))
-//                .authorities("USER")
-//                .build();
-//
-//        return new InMemoryUserDetailsManager(admin, user);
-//    }
 
     @Bean
     public PasswordEncoder passwordEncoder() {