Permission setup (#7)

* Added RBAC preliminary support.

* Upgraded VueJS and other server side packages.

* Bumped the version.

Author: nicholasnet

backend/main/java/com/ideasbucket/tansen/configuration/SecurityConfiguration.java renamed to backend/main/java/com/ideasbucket/tansen/configuration/CorsConfiguration.java

@@ -8,17 +8,16 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.reactive.config.CorsRegistry;
 import org.springframework.web.reactive.config.WebFluxConfigurer;
 
 @Configuration
-public class SecurityConfiguration implements WebFluxConfigurer {
+public class CorsConfiguration implements WebFluxConfigurer {
 
     private final ApplicationProperties applicationProperties;
 
     @Autowired
-    public SecurityConfiguration(ApplicationProperties applicationProperties) {
+    public CorsConfiguration(ApplicationProperties applicationProperties) {
         this.applicationProperties = applicationProperties;
     }
 
@@ -31,7 +30,7 @@ public void addCorsMappings(CorsRegistry registry) {
                 .addMapping("/**")
                 .allowedOriginPatterns(allowedSources.split(","))
                 .allowCredentials(true)
-                .allowedMethods(CorsConfiguration.ALL);
+                .allowedMethods(org.springframework.web.cors.CorsConfiguration.ALL);
         }
     }
 }

backend/main/java/com/ideasbucket/tansen/configuration/Permission.java

@@ -0,0 +1,47 @@
+/*
+ * This file is part of the Tansen project.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+package com.ideasbucket.tansen.configuration;
+
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
+import java.util.List;
+
+public class Permission {
+
+    @NotNull(message = "Resource cannot be null.")
+    @NotEmpty(message = "Resource cannot be blank.")
+    private final String resource;
+
+    @NotNull(message = "Action cannot be null.")
+    @NotEmpty(message = "Action cannot be empty.")
+    private final List<@NotNull(message = "Action cannot be null.") @NotBlank(
+        message = "Action cannot be blank."
+    ) String> actions;
+
+    @NotNull(message = "Value cannot be null.")
+    @NotEmpty(message = "Value cannot be blank.")
+    private final String value;
+
+    public Permission(String resource, List<String> actions, String value) {
+        this.resource = resource;
+        this.actions = actions;
+        this.value = value;
+    }
+
+    public String getResource() {
+        return resource;
+    }
+
+    public List<String> getActions() {
+        return actions;
+    }
+
+    public String getValue() {
+        return value;
+    }
+}

backend/main/java/com/ideasbucket/tansen/configuration/RbacProperties.java

@@ -0,0 +1,37 @@
+/*
+ * This file is part of the Tansen project.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+package com.ideasbucket.tansen.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotEmpty;
+import java.util.List;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.validation.annotation.Validated;
+
+@PropertySource(value = "classpath:roles.yml", factory = YamlPropertySourceFactory.class)
+@ConfigurationProperties(prefix = "rbac")
+@EnableConfigurationProperties(RbacProperties.class)
+@Validated
+public class RbacProperties {
+
+    @JsonProperty("roles")
+    @NotEmpty
+    private final List<@Valid Role> roles;
+
+    @JsonCreator
+    public RbacProperties(@JsonProperty("roles") List<Role> roles) {
+        this.roles = roles;
+    }
+
+    public List<Role> getRoles() {
+        return roles;
+    }
+}

backend/main/java/com/ideasbucket/tansen/configuration/Role.java

@@ -0,0 +1,70 @@
+/*
+ * This file is part of the Tansen project.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+package com.ideasbucket.tansen.configuration;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
+import java.util.List;
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonPropertyOrder({ "name", "clusters", "subjects", "permissions" })
+public class Role {
+
+    @JsonProperty("name")
+    @NotNull(message = "Role name cannot be null.")
+    @NotBlank(message = "Role name cannot be blank.")
+    private final String name;
+
+    @JsonProperty("clusters")
+    @NotNull(message = "Must have at least one cluster.")
+    @NotEmpty(message = "Must have at least one cluster.")
+    private final List<@NotNull(message = "Cluster name cannot be null.") @NotBlank(
+        message = "Cluster name cannot be blank."
+    ) String> clusters;
+
+    @JsonProperty("subjects")
+    @NotEmpty(message = "Must have at least one subject.")
+    private final List<@Valid Subject> subjects;
+
+    @JsonProperty("permissions")
+    private final List<@Valid Permission> permissions;
+
+    @JsonCreator
+    public Role(
+        @JsonProperty("name") String name,
+        @JsonProperty("clusters") List<String> clusters,
+        @JsonProperty("subjects") List<Subject> subjects,
+        @JsonProperty("permissions") List<Permission> permissions
+    ) {
+        this.name = name;
+        this.clusters = clusters;
+        this.subjects = subjects;
+        this.permissions = permissions;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public List<String> getClusters() {
+        return clusters;
+    }
+
+    public List<Subject> getSubjects() {
+        return subjects;
+    }
+
+    public List<Permission> getPermissions() {
+        return permissions;
+    }
+}

backend/main/java/com/ideasbucket/tansen/configuration/Subject.java

@@ -0,0 +1,61 @@
+/*
+ * This file is part of the Tansen project.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+package com.ideasbucket.tansen.configuration;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import com.ideasbucket.tansen.validator.FromList;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonPropertyOrder({ "provider", "type", "value" })
+public class Subject {
+
+    @JsonProperty("provider")
+    @NotNull(message = "Provider cannot be null.")
+    @NotBlank(message = "Provider cannot be blank.")
+    @FromList(acceptedValues = { "okta" }, message = "Currently only Okta provider is supported.")
+    private final String provider;
+
+    @JsonProperty("type")
+    @NotNull(message = "Type cannot be null.")
+    @NotBlank(message = "Type cannot be blank.")
+    @FromList(
+        acceptedValues = { "domain", "user", "organization", "group" },
+        message = "Type must be either domain, user, organization, group."
+    )
+    private final String type;
+
+    @JsonProperty("value")
+    @NotNull(message = "Value cannot be null.")
+    @NotBlank(message = "Value cannot be blank.")
+    private final String value;
+
+    public Subject(
+        @JsonProperty("provider") String provider,
+        @JsonProperty("type") String type,
+        @JsonProperty("value") String value
+    ) {
+        this.provider = provider.toLowerCase();
+        this.type = type.toLowerCase();
+        this.value = value;
+    }
+
+    public String getProvider() {
+        return provider;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public String getValue() {
+        return value;
+    }
+}

backend/main/java/com/ideasbucket/tansen/configuration/YamlPropertySourceFactory.java

@@ -0,0 +1,44 @@
+/*
+ * This file is part of the Tansen project.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+package com.ideasbucket.tansen.configuration;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.Objects;
+import java.util.Properties;
+import org.springframework.beans.factory.config.YamlPropertiesFactoryBean;
+import org.springframework.core.env.PropertiesPropertySource;
+import org.springframework.core.env.PropertySource;
+import org.springframework.core.io.support.EncodedResource;
+import org.springframework.core.io.support.PropertySourceFactory;
+
+public class YamlPropertySourceFactory implements PropertySourceFactory {
+
+    @Override
+    public PropertySource<?> createPropertySource(String name, EncodedResource encodedResource) throws IOException {
+        YamlPropertiesFactoryBean factory = new YamlPropertiesFactoryBean();
+        factory.setResources(encodedResource.getResource());
+
+        try {
+            Properties properties = factory.getObject();
+
+            assert properties != null;
+            return new PropertiesPropertySource(
+                Objects.requireNonNull(encodedResource.getResource().getFilename()),
+                properties
+            );
+        } catch (Exception exception) {
+            if (exception.getCause() instanceof FileNotFoundException) {
+                if (exception.getCause().getMessage().contains("roles.yml")) {
+                    return new PropertiesPropertySource("roles.yml", new Properties());
+                }
+            }
+
+            throw exception;
+        }
+    }
+}

backend/main/java/com/ideasbucket/tansen/validator/FromList.java

@@ -0,0 +1,33 @@
+/*
+ * This file is part of the Tansen project.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+package com.ideasbucket.tansen.validator;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+
+import jakarta.validation.Constraint;
+import jakarta.validation.Payload;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Documented
+@Target({ METHOD, FIELD })
+@Retention(RetentionPolicy.RUNTIME)
+@Constraint(validatedBy = { FromListValidator.class })
+public @interface FromList {
+    String[] acceptedValues();
+
+    String message() default "Invalid value.";
+
+    boolean caseSensitive() default false;
+
+    Class<?>[] groups() default {};
+
+    Class<? extends Payload>[] payload() default {};
+}

backend/main/java/com/ideasbucket/tansen/validator/FromListValidator.java

@@ -0,0 +1,36 @@
+/*
+ * This file is part of the Tansen project.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+package com.ideasbucket.tansen.validator;
+
+import jakarta.validation.ConstraintValidator;
+import jakarta.validation.ConstraintValidatorContext;
+import java.util.HashSet;
+import java.util.Set;
+
+public class FromListValidator implements ConstraintValidator<FromList, String> {
+
+    private final Set<String> valueList = new HashSet<>();
+
+    private Boolean isCaseSensitiveComparison;
+
+    public void initialize(FromList constraintAnnotation) {
+        isCaseSensitiveComparison = constraintAnnotation.caseSensitive();
+
+        for (String val : constraintAnnotation.acceptedValues()) {
+            if (isCaseSensitiveComparison) {
+                valueList.add(val);
+            } else {
+                valueList.add(val.toLowerCase());
+            }
+        }
+    }
+
+    @Override
+    public boolean isValid(String value, ConstraintValidatorContext context) {
+        return (isCaseSensitiveComparison) ? valueList.contains(value) : valueList.contains(value.toLowerCase());
+    }
+}

backend/main/resources/application-prod.properties

@@ -0,0 +1,9 @@
+logging:
+    pattern:
+        console: '%d{yyyy-MM-dd HH:mm:ss} - %msg%n'
+    level:
+        org:
+            springframework:
+                web: INFO
+                kafka: INFO
+        root: INFO