From 3035916a9662e1a1f75a91aebd608dacdf992259 Mon Sep 17 00:00:00 2001 From: Peyman Date: Wed, 20 Oct 2021 17:06:45 +0330 Subject: [PATCH] Add admin service for download --- .../nilin/opex/storage/app/config/SecurityConfig.kt | 12 ++++++++++++ .../opex/storage/app/controller/FileController.kt | 13 +++++++++++++ .../src/main/resources/application-docker.yml | 3 +++ 3 files changed, 28 insertions(+) diff --git a/Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/config/SecurityConfig.kt b/Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/config/SecurityConfig.kt index 2e8056707..12c5383c2 100644 --- a/Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/config/SecurityConfig.kt +++ b/Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/config/SecurityConfig.kt @@ -1,10 +1,13 @@ package co.nilin.opex.storage.app.config +import net.minidev.json.JSONArray import org.springframework.beans.factory.annotation.Value import org.springframework.context.annotation.Bean import org.springframework.http.HttpMethod +import org.springframework.security.authorization.AuthorizationDecision import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.oauth2.jwt.Jwt import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder import org.springframework.security.web.server.SecurityWebFilterChain @@ -25,6 +28,15 @@ class SecurityConfig(private val webClient: WebClient) { .pathMatchers("/actuator/**").permitAll() .pathMatchers("/swagger-ui/**").permitAll() .pathMatchers("/swagger-resources/**").permitAll() + .pathMatchers("/admin/**").access { mono, authorizationContext -> + mono.map { auth -> + auth.authorities.any { authority -> authority.authority == "SCOPE_trust" } + && ((auth.principal as Jwt) + .claims.get("groups") as JSONArray).contains("finance-admin") + }.map { granted -> + AuthorizationDecision(granted) + } + } .pathMatchers("/**").hasAuthority("SCOPE_trust") .anyExchange().authenticated() .and() diff --git a/Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/controller/FileController.kt b/Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/controller/FileController.kt index cc24f5f92..c6ee996a0 100644 --- a/Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/controller/FileController.kt +++ b/Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/controller/FileController.kt @@ -49,4 +49,17 @@ class FileController(private val storageService: StorageService) { val mimeType = URLConnection.getFileNameMap().getContentTypeFor(path.fileName.toString()) return ResponseEntity.ok().contentType(MediaType.parseMediaType(mimeType)).body(file.readBytes()) } + + @GetMapping("/admin/download/{uid}/{filename}") + @ResponseBody + suspend fun adminFileDownload( + @PathVariable("uid") uid: String, + @PathVariable("filename") filename: String, + @CurrentSecurityContext securityContext: SecurityContext + ): ResponseEntity { + val path = Paths.get("").resolve("/opex-storage/$uid/$filename") + val file = storageService.load(path.toString()) + val mimeType = URLConnection.getFileNameMap().getContentTypeFor(path.fileName.toString()) + return ResponseEntity.ok().contentType(MediaType.parseMediaType(mimeType)).body(file.readBytes()) + } } diff --git a/Storage/storage-app/src/main/resources/application-docker.yml b/Storage/storage-app/src/main/resources/application-docker.yml index 33d94df25..53df2e9b4 100644 --- a/Storage/storage-app/src/main/resources/application-docker.yml +++ b/Storage/storage-app/src/main/resources/application-docker.yml @@ -6,5 +6,8 @@ spring: allow-bean-definition-overriding: true app: + cors: + allowed-hosts: https://opex.dev, http://localhost:3000 + allowed-patterns: http://192.168.* auth: cert-url: lb://opex-auth/auth/realms/opex/protocol/openid-connect/certs