integrate, tidy up docker-compose, add postman collection endpoint

Author: Psilo

.gitlab-ci.yml

@@ -17,15 +17,17 @@ services:
 #      - DB_NAME=httpserver
 #      - DB_USER=httpserver
 #      - DB_PASSWORD=DP5V7hi7xgknaH39lDTX
+#      - KEYCLOAK_HOST=keycloak
+#      - KEYCLOAK_REALM=nexus
 #    labels:
 #      - "traefik.enable=true"
 #      - "traefik.http-server.port=8080"
 #      - "traefik.http-server.backend=http-server"
 #      - "traefik.http-server.frontend.rule=Host:http-server.unterrainer.info"
 #      - "traefik.http-server.frontend.entryPoints=http,https"
 
-  db:
-    image: mariadb:latest
+  db-container:
+    image: mysql:latest
     restart: always
     ports:
       - 14300:3306
@@ -51,19 +53,20 @@ services:
       - "/app/data/keycloak/mysql-data/db:/var/lib/mysql"
 
   keycloak:
-      image: quay.io/keycloak/keycloak:latest
-      environment:
-        DB_VENDOR: mariadb
-        DB_ADDR: keycloak_db
-        DB_DATABASE: keycloak
-        DB_USER: keycloak
-        DB_PASSWORD: 8KNM3flMpEyCYkFw5wrGoCN3
-        KEYCLOAK_USER: admin
-        KEYCLOAK_PASSWORD: cTWJiYZDutP6tYxXnv2yg0A
-      ports:
-        - 8080:8080
-      depends_on:
-        - keycloak_db
+    image: quay.io/keycloak/keycloak:latest
+    restart: always
+    depends_on:
+      - keycloak_db
+    ports:
+      - 14888:8080
+    environment:
+      DB_VENDOR: mariadb
+      DB_ADDR: keycloak_db
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: 8KNM3flMpEyCYkFw5wrGoCN3
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: cTWJiYZDutP6tYxXnv2yg0A
 
 networks:
   default:

deploy/docker-compose.yml

@@ -23,6 +23,7 @@
 import info.unterrainer.commons.httpserver.handlers.AppVersionHandler;
 import info.unterrainer.commons.httpserver.handlers.DateTimeHandler;
 import info.unterrainer.commons.httpserver.handlers.HealthHandler;
+import info.unterrainer.commons.httpserver.handlers.PostmanCollectionHandler;
 import info.unterrainer.commons.httpserver.jsons.MessageJson;
 import info.unterrainer.commons.jreutils.ShutdownHook;
 import info.unterrainer.commons.rdbutils.entities.BasicJpa;
@@ -96,11 +97,14 @@ private void create() {
 		connector.setPort(config.port());
 		server.setConnectors(new ServerConnector[] { connector });
 
-		javalin = Javalin.create(config -> {
-			config.server(() -> server).accessManager(new HttpAccessManager()).enableCorsForAllOrigins();
+		javalin = Javalin.create(c -> {
+			c.server(() -> server)
+					.accessManager(new HttpAccessManager(config.keycloakHost(), config.keycloakRealm()))
+					.enableCorsForAllOrigins();
 		}).start(config.port());
 
 		javalin.before(ctx -> ctx.attribute(Attribute.JAVALIN_SERVER, this));
+		javalin.before(ctx -> ctx.attribute(Attribute.RESPONSE_TYPE, "json"));
 		javalin.before(ctx -> ctx.contentType("application/json"));
 
 		javalin.after(ctx -> render(ctx));
@@ -120,6 +124,7 @@ private void create() {
 		get("/version", new AppVersionHandler(appVersionFqns));
 		get("/datetime", new DateTimeHandler());
 		get("/health", new HealthHandler());
+		get("/postman", new PostmanCollectionHandler());
 
 		registerShutdownHook();
 	}
@@ -215,7 +220,10 @@ private void render(final Context ctx) throws IOException {
 
 		Object dto = ctx.attribute(Attribute.RESPONSE_OBJECT);
 		if (dto != null)
-			ctx.result(jsonMapper.toStringFrom(dto));
+			if (ctx.attribute(Attribute.RESPONSE_TYPE) == "json")
+				ctx.result(jsonMapper.toStringFrom(dto));
+			else
+				ctx.result((String) dto);
 
 		Integer status = ctx.attribute(Attribute.RESPONSE_STATUS);
 		if (status != null)

src/main/java/info/unterrainer/commons/httpserver/HttpServer.java

@@ -14,6 +14,8 @@ private HttpServerConfiguration() {
 
 	private int port;
 	private String host;
+	private String keycloakHost;
+	private String keycloakRealm;
 
 	public static HttpServerConfiguration read() {
 		return read(null);
@@ -26,6 +28,8 @@ public static HttpServerConfiguration read(final String prefix) {
 		HttpServerConfiguration config = new HttpServerConfiguration();
 		config.port = Integer.parseInt(Optional.ofNullable(System.getenv(p + "HTTP_PORT")).orElse("8080"));
 		config.host = Optional.ofNullable(System.getenv(p + "HTTP_HOST")).orElse("0.0.0.0");
+		config.keycloakHost = Optional.ofNullable(System.getenv(p + "KEYCLOAK_HOST")).orElse("http://localhost:14888");
+		config.keycloakRealm = Optional.ofNullable(System.getenv(p + "KEYCLOAK_REALM")).orElse("nexus");
 		return config;
 	}
 }

src/main/java/info/unterrainer/commons/httpserver/HttpServerConfiguration.java

@@ -3,5 +3,6 @@
 import io.javalin.core.security.Role;
 
 public enum DefaultRoles implements Role {
-	PUBLIC, AUTHENTICATED;
+	PUBLIC,
+	AUTHENTICATED;
 }

src/main/java/info/unterrainer/commons/httpserver/accessmanager/DefaultRoles.java

@@ -6,7 +6,6 @@
 import java.net.URISyntaxException;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
-import java.net.http.HttpResponse;
 import java.net.http.HttpResponse.BodyHandlers;
 import java.security.PublicKey;
 import java.util.Set;
@@ -20,63 +19,97 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import info.unterrainer.commons.httpserver.exceptions.ForbiddenException;
+import info.unterrainer.commons.httpserver.exceptions.GatewayTimeoutException;
 import info.unterrainer.commons.httpserver.exceptions.UnauthorizedException;
 import io.javalin.core.security.AccessManager;
 import io.javalin.core.security.Role;
 import io.javalin.http.Context;
 import io.javalin.http.Handler;
+import lombok.extern.slf4j.Slf4j;
 
+@Slf4j
 public class HttpAccessManager implements AccessManager {
 
-	private PublicKey publicKey;
+	private String host;
+	private String realm;
+	private PublicKey publicKey = null;
 
-	public HttpAccessManager() {
+	public HttpAccessManager(final String host, final String realm) {
+		this.host = host;
+		this.realm = realm;
 		try {
-			String authUrl = "http://localhost:8080" + "/auth/realms/" + "nexus";
+			initPublicKey();
+		} catch (Exception e) {
+			// Exceptions will terminate a request later on, but should not terminate the
+			// main-thread here.
+		}
+	}
+
+	@Override
+	public void manage(final Handler handler, final Context ctx, final Set<Role> permittedRoles) throws Exception {
+		checkAccess(ctx, permittedRoles);
+		handler.handle(ctx);
+	}
+
+	private void initPublicKey() {
+		if (publicKey != null)
+			return;
+
+		if (!host.endsWith("/"))
+			host += "/";
+
+		if (!realm.startsWith("/"))
+			realm = "/" + realm;
 
+		String authUrl = host + "auth/realms" + realm;
+		try {
+			log.info("Getting public key from: [{}]", authUrl);
 			HttpClient client = HttpClient.newHttpClient();
 			HttpRequest request = HttpRequest.newBuilder().uri(new URI(authUrl)).build();
 			ObjectMapper objectMapper = new ObjectMapper();
 
-			client.sendAsync(request, BodyHandlers.ofString()).thenApply(HttpResponse::body).thenAccept(body -> {
+			client.sendAsync(request, BodyHandlers.ofString()).thenApply(response -> {
+				if (response.statusCode() >= 300) {
+					log.error("HTTP status [{}] getting public key from keycloak instance [{}].", response.statusCode(),
+							authUrl);
+					throw new GatewayTimeoutException(String
+							.format("The keycloak instance returned an error (status: %d).", response.statusCode()));
+				}
+				return response.body();
+			}).thenAccept(body -> {
+				if (body == null)
+					return;
 				try {
 					publicKey = objectMapper.readValue(body, PublishedRealmRepresentation.class).getPublicKey();
 				} catch (IOException e) {
+					log.error("Error parsing answer from keycloak.");
 					throw new UncheckedIOException(e);
 				}
 			}).join();
 		} catch (URISyntaxException e) {
+			log.error("The keycloak URL was illegal [{}].", authUrl);
 			throw new IllegalStateException(e);
 		}
-
 	}
 
-	@Override
-	public void manage(Handler handler, Context ctx, Set<Role> permittedRoles) throws Exception {
-
-		checkAccess(ctx, permittedRoles);
+	private void checkAccess(final Context ctx, final Set<Role> permittedRoles) {
 
-		handler.handle(ctx);
-	}
-
-	private void checkAccess(Context ctx, Set<Role> permittedRoles) {
-
-		if (permittedRoles.isEmpty() || permittedRoles.contains(DefaultRoles.PUBLIC)) {
+		if (permittedRoles.isEmpty() || permittedRoles.contains(DefaultRoles.PUBLIC))
 			return;
-		}
 
+		initPublicKey();
 		String authorizationHeader = ctx.header(HttpHeader.AUTHORIZATION.asString());
-		TokenVerifier<AccessToken> accessToken = TokenVerifier.create(authorizationHeader, AccessToken.class);
-		accessToken.publicKey(publicKey);
+		TokenVerifier<AccessToken> tokenVerifier = TokenVerifier.create(authorizationHeader, AccessToken.class);
+		tokenVerifier.publicKey(publicKey);
 
 		try {
-			accessToken.verifySignature();
+			tokenVerifier.verifySignature();
 		} catch (VerificationException e) {
 			throw new UnauthorizedException();
 		}
 
 		try {
-			accessToken.verify();
+			tokenVerifier.verify();
 		} catch (VerificationException e) {
 			throw new ForbiddenException();
 		}

src/main/java/info/unterrainer/commons/httpserver/accessmanager/HttpAccessManager.java

@@ -4,4 +4,5 @@ public class Attribute {
 	public static final String JAVALIN_SERVER = "javalin_server";
 	public static final String RESPONSE_OBJECT = "response_object";
 	public static final String RESPONSE_STATUS = "response_status";
+	public static final String RESPONSE_TYPE = "response_type";
 }

src/main/java/info/unterrainer/commons/httpserver/enums/Attribute.java

@@ -0,0 +1,21 @@
+package info.unterrainer.commons.httpserver.exceptions;
+
+public class GatewayTimeoutException extends HttpException {
+
+	private static final long serialVersionUID = 6409374003218276906L;
+
+	public static final int HTTP_STATUS = 504;
+	public static final String HTTP_TEXT = "Gateway Timeout";
+
+	public GatewayTimeoutException(final String message, final Throwable cause) {
+		super(HTTP_STATUS, HTTP_TEXT, message, cause);
+	}
+
+	public GatewayTimeoutException(final String message) {
+		super(HTTP_STATUS, HTTP_TEXT, message);
+	}
+
+	public GatewayTimeoutException() {
+		super(HTTP_STATUS, HTTP_TEXT);
+	}
+}

src/main/java/info/unterrainer/commons/httpserver/exceptions/GatewayTimeoutException.java

@@ -0,0 +1,23 @@
+package info.unterrainer.commons.httpserver.handlers;
+
+import info.unterrainer.commons.httpserver.enums.Attribute;
+import info.unterrainer.commons.jreutils.Resources;
+import io.javalin.http.Context;
+import io.javalin.http.Handler;
+import lombok.RequiredArgsConstructor;
+
+@RequiredArgsConstructor
+public class PostmanCollectionHandler implements Handler {
+
+	private String collection;
+
+	@Override
+	public void handle(final Context ctx) throws Exception {
+		if (collection == null)
+			collection = Resources.readResource(PostmanCollectionHandler.class, "/postman_collection.json");
+
+		ctx.attribute(Attribute.RESPONSE_OBJECT, collection);
+		ctx.attribute(Attribute.RESPONSE_TYPE, "text");
+		ctx.attribute(Attribute.RESPONSE_STATUS, 200);
+	}
+}