Storage issues

Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/config/SecurityConfig.kt

@@ -1,10 +1,13 @@
 package co.nilin.opex.storage.app.config
 
+import net.minidev.json.JSONArray
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.context.annotation.Bean
 import org.springframework.http.HttpMethod
+import org.springframework.security.authorization.AuthorizationDecision
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
 import org.springframework.security.config.web.server.ServerHttpSecurity
+import org.springframework.security.oauth2.jwt.Jwt
 import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder
 import org.springframework.security.web.server.SecurityWebFilterChain
@@ -25,7 +28,17 @@ class SecurityConfig(private val webClient: WebClient) {
             .pathMatchers("/actuator/**").permitAll()
             .pathMatchers("/swagger-ui/**").permitAll()
             .pathMatchers("/swagger-resources/**").permitAll()
+            .pathMatchers("/admin/**").access { mono, authorizationContext ->
+                mono.map { auth ->
+                    auth.authorities.any { authority -> authority.authority == "SCOPE_trust" }
+                            && ((auth.principal as Jwt)
+                        .claims.get("groups") as JSONArray).contains("finance-admin")
+                }.map { granted ->
+                    AuthorizationDecision(granted)
+                }
+            }
             .pathMatchers("/**").hasAuthority("SCOPE_trust")
+            .pathMatchers(HttpMethod.OPTIONS, "/**").permitAll()
             .anyExchange().authenticated()
             .and()
             .oauth2ResourceServer()

Storage/storage-app/src/main/kotlin/co/nilin/opex/storage/app/controller/FileController.kt

@@ -49,4 +49,17 @@ class FileController(private val storageService: StorageService) {
         val mimeType = URLConnection.getFileNameMap().getContentTypeFor(path.fileName.toString())
         return ResponseEntity.ok().contentType(MediaType.parseMediaType(mimeType)).body(file.readBytes())
     }
+
+    @GetMapping("/admin/download/{uid}/{filename}")
+    @ResponseBody
+    suspend fun adminFileDownload(
+        @PathVariable("uid") uid: String,
+        @PathVariable("filename") filename: String,
+        @CurrentSecurityContext securityContext: SecurityContext
+    ): ResponseEntity<ByteArray> {
+        val path = Paths.get("").resolve("/opex-storage/$uid/$filename")
+        val file = storageService.load(path.toString())
+        val mimeType = URLConnection.getFileNameMap().getContentTypeFor(path.fileName.toString())
+        return ResponseEntity.ok().contentType(MediaType.parseMediaType(mimeType)).body(file.readBytes())
+    }
 }

Storage/storage-app/src/main/resources/application-docker.yml

@@ -6,5 +6,8 @@ spring:
     allow-bean-definition-overriding: true
 
 app:
+  cors:
+    allowed-hosts: https://opex.dev, http://localhost:3000
+    allowed-patterns: http://192.168.*
   auth:
     cert-url: lb://opex-auth/auth/realms/opex/protocol/openid-connect/certs