Merge pull request #35 from hotungkhanh/kan-77/backend-basic-authenti…

…cation

Kan 77/backend basic authentication

.vscode/settings.json

@@ -1,3 +1,7 @@
 {
-  "conventionalCommits.scopes": ["database", "display ganttchart"]
+  "conventionalCommits.scopes": [
+    "database",
+    "display ganttchart"
+  ],
+  "java.configuration.updateBuildConfiguration": "interactive"
 }

backend/pom.xml

@@ -98,11 +98,7 @@
     </dependency>
     <dependency>
       <groupId>io.quarkus</groupId>
-      <artifactId>quarkus-smallrye-metrics</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>io.quarkus</groupId>
-      <artifactId>quarkus-narayana-jta</artifactId>
+      <artifactId>quarkus-security-jpa</artifactId>
     </dependency>
   </dependencies>
 

backend/src/main/java/org/acme/TimetableResource.java

@@ -1,6 +1,7 @@
 package org.acme;
 
 import ai.timefold.solver.core.api.solver.SolverManager;
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.inject.Inject;
 import jakarta.transaction.Transactional;
 import jakarta.ws.rs.Consumes;
@@ -36,6 +37,7 @@ public class TimetableResource {
     SolverManager<Timetable, String> solverManager;
 
     @POST
+    @RolesAllowed({"user"})
     @Transactional
     public Timetable handleRequest(Timetable problem) throws ExecutionException, InterruptedException {
         UUID uuid = UUID.randomUUID();
@@ -57,6 +59,7 @@ public Timetable handleRequest(Timetable problem) throws ExecutionException, Int
 
     @Path("/view")
     @GET
+    @RolesAllowed({"user"})
     @Produces(MediaType.APPLICATION_JSON)
     public List<Timetable> view() {
         return Timetable.listAll();
@@ -72,13 +75,16 @@ public Unit handleUnit(Unit unit) {
     public void findByCampusAndDelete(String campusName) {
         List<Timetable> timetables = Timetable.listAll();
         for (Timetable timetable : timetables) {
+            System.out.println("CHECKING NOW\n");
             if (campusName.equals(timetable.campusName)) {
+                System.out.println("SMTH HAS BEEN DELETED WOOOO\n");
                 timetable.delete();
             }
         }
     }
 
     @GET
+    @RolesAllowed({"user"})
     @Transactional
     @Produces(MediaType.APPLICATION_JSON)
     public Timetable solveExample() throws ExecutionException, InterruptedException {
@@ -93,14 +99,14 @@ public Timetable solveExample() throws ExecutionException, InterruptedException
         Student h = new Student("h");
         Student i = new Student("i");
 
-        Room r1 = new Room("Room1", "building A", "campus A", 2, true);
-        Room r2 = new Room("Room2", "building B", "campus A", 4, false);
-        Room r3 = new Room("Room3", "building A", "campus B", 4, false);
+        Room r1 = new Room("Room1", "Building1", "Campus1", 2, true);
+        Room r2 = new Room("Room2", "Building2", "Campus2", 4, false);
+        Room r3 = new Room("Room3", "Building3", "Campus3", 4, false);
 
-        Unit u1 = new Unit(1, "1", "Course A", Duration.ofHours(2), List.of(a, b), true);
-        Unit u2 = new Unit(2, "2", "Course A", Duration.ofHours(2), List.of(a, c, d, e), true);
-        Unit u3 = new Unit(3, "3", "Course B", Duration.ofHours(2), List.of(f, g, h, i), false);
-        Unit u4 = new Unit(4, "4", "Course C", Duration.ofHours(2), List.of(a, b), false);
+        Unit u1 = new Unit(1, "This", "Course A", Duration.ofHours(2), List.of(a, b), true);
+        Unit u2 = new Unit(2, "Is", "Course A", Duration.ofHours(2), List.of(a, c, d, e), true);
+        Unit u3 = new Unit(3, "A", "Course B", Duration.ofHours(2), List.of(f, g, h, i), false);
+        Unit u4 = new Unit(4, "Test", "Course C", Duration.ofHours(2), List.of(a, b), false);
 
         var problem = new Timetable("Campus A",
                 List.of(
@@ -128,7 +134,7 @@ public Timetable solveExample() throws ExecutionException, InterruptedException
 
         /*
          * During this solving phase, new Unit objects will be created with the
-         * alloted date and Room assignment.
+         * allotted date and Room assignment.
          * 
          * Currently, the 'old' Unit objects in the 'problem' variable and the
          * 'new' Unit objects in the 'solution' variable are stored as different

backend/src/main/java/org/acme/domain/Room.java

@@ -57,7 +57,7 @@ public Room() {
      *
      * @param id            The room’s id.
      * @param buildingId    The building that the room belongs to.
-     * @param buildingId    The campus that the room belongs to.
+     * @param campus    The campus that the room belongs to.
      * @param capacity      The room's capacity.
      * @param isLab         Whether the room is a laboratory.
      */

backend/src/main/java/org/acme/domain/RoomResource.java

@@ -2,6 +2,7 @@
 
 import java.util.List;
 
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.transaction.Transactional;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
@@ -12,6 +13,7 @@
 import jakarta.ws.rs.core.Response;
 
 @Path("/rooms")
+@RolesAllowed({"user"})
 public class RoomResource {
 
     @GET

backend/src/main/java/org/acme/domain/UnitResource.java

@@ -2,6 +2,7 @@
 
 import java.util.List;
 
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.transaction.Transactional;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
@@ -12,6 +13,7 @@
 import jakarta.ws.rs.core.Response;
 
 @Path("/units")
+@RolesAllowed({"user"})
 public class UnitResource {
     @GET
     @Produces(MediaType.APPLICATION_JSON)

backend/src/main/java/org/acme/security/jpa/Startup.java

@@ -0,0 +1,25 @@
+package org.acme.security.jpa;
+
+import io.quarkus.runtime.StartupEvent;
+import jakarta.enterprise.event.Observes;
+import jakarta.inject.Inject;
+import jakarta.inject.Singleton;
+import jakarta.transaction.Transactional;
+
+import org.eclipse.microprofile.config.Config;
+
+@Singleton
+public class Startup {
+    @Inject
+    Config config;
+
+    @Transactional
+    public void loadUsers(@Observes StartupEvent evt) {
+        String username = config.getValue("frontend.username", String.class);
+        String password = config.getValue("frontend.password", String.class);
+
+        // reset and load user
+        User.deleteAll();
+        User.add(username, password, "user");
+    }
+}

backend/src/main/java/org/acme/security/jpa/User.java

@@ -0,0 +1,36 @@
+package org.acme.security.jpa;
+
+import io.quarkus.elytron.security.common.BcryptUtil;
+import io.quarkus.hibernate.orm.panache.PanacheEntity;
+import io.quarkus.security.jpa.Password;
+import io.quarkus.security.jpa.Roles;
+import io.quarkus.security.jpa.UserDefinition;
+import io.quarkus.security.jpa.Username;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "frontend_user")
+@UserDefinition
+public class User extends PanacheEntity {
+    @Username
+    public String username;
+    @Password
+    public String password;
+    @Roles
+    public String role;
+
+    /**
+     * Adds a new user to the database
+     * @param username the username
+     * @param password the unencrypted password (it is encrypted with bcrypt)
+     * @param role the comma-separated roles
+     */
+    public static void add(String username, String password, String role) {
+        User user = new User();
+        user.username = username;
+        user.password = BcryptUtil.bcryptHash(password);
+        user.role = role;
+        user.persist();
+    }
+}

backend/src/main/java/org/acme/security/jpa/UserResource.java

@@ -0,0 +1,17 @@
+package org.acme.security.jpa;
+
+import jakarta.annotation.security.RolesAllowed;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.SecurityContext;
+
+@Path("/login")
+public class UserResource {
+
+    @GET
+    @RolesAllowed({"user"})
+    public String me(@Context SecurityContext securityContext) {
+        return securityContext.getUserPrincipal().getName();
+    }
+}

backend/src/main/resources/application.properties

@@ -2,7 +2,9 @@ quarkus.http.port=${PORT:8080}
 
 # The solver runs only for 5 seconds to avoid a HTTP timeout in this simple implementation.
 # It's recommended to run for at least 5 minutes ("5m") otherwise.
+
 quarkus.timefold.solver.termination.spent-limit=60s
+
 quarkus.http.cors=true
 quarkus.http.cors.origins=*
 quarkus.http.cors.methods=GET,POST,PUT,DELETE,OPTIONS
@@ -72,3 +74,7 @@ quarkus.log.file.enable=true
 quarkus.log.file.path=logs/quarkus.log
 quarkus.log.file.rotation.max-file-size=10M
 quarkus.log.file.rotation.max-backup-index=10
+
+# log in details for frontend
+frontend.username=${FRONTEND_USERNAME}
+frontend.password=${FRONTEND_PASSWORD}

frontend/src/App.tsx

@@ -5,6 +5,6 @@ const router = createBrowserRouter(routes);
 
 export default function App() {
   return (
-    <RouterProvider router={router} />
+      <RouterProvider router={router} />
   )
 }

frontend/src/main.tsx

@@ -2,9 +2,12 @@ import { StrictMode } from 'react'
 import { createRoot } from 'react-dom/client'
 import App from './App.tsx'
 import './styles/global.css'
+import AuthContextProvider from './security/AuthContext.tsx'
 
 createRoot(document.getElementById('root')!).render(
   <StrictMode>
-    <App />
+    <AuthContextProvider>
+      <App />
+    </AuthContextProvider>
   </StrictMode>
 )