Close $321: whitelist

accountant/accountant-app/src/main/resources/application.yml

@@ -47,4 +47,4 @@ spring:
 app:
   address: 1
   wallet:
-    url: lb://opex-wallet/
+    url: lb://opex-wallet/

docker-compose.override.yml

@@ -19,6 +19,9 @@ services:
     build: matching-gateway/matching-gateway-app
   auth:
     build: user-management/keycloak-gateway
+    volumes:
+      - "./preferences-dev.yml:/preferences.yml"
+      - "./whitelist.txt:/whitelist.txt"
   wallet:
     build: wallet/wallet-app
     volumes:

docker-compose.yml

@@ -281,6 +281,7 @@ services:
       - FORGOT_REDIRECT_URL=$KEYCLOAK_FORGOT_REDIRECT_URL
       - VAULT_URL=http://vault:8200
       - VAULT_HOST=vault
+      - PREFERENCES=$PREFERENCES
     depends_on:
       - captcha
       - kafka-1

preferences-demo.yml

@@ -225,3 +225,7 @@ userLimits:
 system:
   walletTitle: system
   walletLevel: basic
+auth:
+  whitelist:
+    enabled: false
+    file: /whitelist.txt

preferences-dev.yml

@@ -260,4 +260,8 @@ userLimits:
     monthlyCount: 3000
 system:
   walletTitle: system
-  walletLevel: basic
+  walletLevel: basic
+auth:
+  whitelist:
+    enabled: false
+    file: /whitelist.txt

user-management/keycloak-gateway/src/main/kotlin/co/nilin/opex/auth/gateway/KeycloakGatewayApp.kt

@@ -1,13 +1,15 @@
 package co.nilin.opex.auth.gateway
 
+import co.nilin.opex.utility.error.EnableOpexErrorHandler
 import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.boot.autoconfigure.liquibase.LiquibaseAutoConfiguration
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.boot.runApplication
 import org.springframework.context.annotation.ComponentScan
 
 @SpringBootApplication(exclude = [LiquibaseAutoConfiguration::class])
-@ComponentScan(basePackages = ["co.nilin.opex.auth.gateway"])
+@ComponentScan("co.nilin.opex")
+@EnableOpexErrorHandler
 @EnableConfigurationProperties
 class KeycloakGatewayApp
 

user-management/keycloak-gateway/src/main/kotlin/co/nilin/opex/auth/gateway/config/WhitelistConfig.kt

@@ -0,0 +1,38 @@
+package co.nilin.opex.auth.gateway.config
+
+import co.nilin.opex.auth.gateway.data.Whitelist
+import co.nilin.opex.utility.preferences.Preferences
+import org.slf4j.LoggerFactory
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import java.io.File
+
+@Configuration
+class WhitelistConfig(private val preferences: Preferences) {
+
+    private val logger = LoggerFactory.getLogger(WhitelistConfig::class.java)
+
+    @Bean("whitelist")
+    fun whitelist(): Whitelist {
+        val whitelist = with(preferences.auth.whitelist) {
+            val file = File(file)
+            if (!enabled) {
+                logger.info("whitelist disabled by preferences")
+                Whitelist()
+            }
+
+            if (!file.exists()) {
+                logger.info("whitelist file doesn't exists")
+                Whitelist()
+            }
+
+            val list = file.readLines().onEach { it.trim().toLowerCase() }
+            Whitelist(list.isNotEmpty(), list)
+        }
+
+        logger.info("whitelist enabled: ${whitelist.isEnabled}")
+        logger.info("whitelist emails: ${whitelist.emails}")
+        return whitelist
+    }
+
+}

user-management/keycloak-gateway/src/main/kotlin/co/nilin/opex/auth/gateway/data/Whitelist.kt

@@ -0,0 +1,6 @@
+package co.nilin.opex.auth.gateway.data
+
+data class Whitelist(
+    val isEnabled: Boolean = false,
+    val emails: List<String> = emptyList()
+)

user-management/keycloak-gateway/src/main/kotlin/co/nilin/opex/auth/gateway/extension/UserManagementResource.kt

@@ -41,6 +41,7 @@ class UserManagementResource(private val session: KeycloakSession) : RealmResour
 
     private val logger = LoggerFactory.getLogger(UserManagementResource::class.java)
     private val opexRealm = session.realms().getRealm("opex")
+    private val whitelist by lazy { ApplicationContextHolder.getCurrentContext()!!.getBean("whitelist") as Whitelist }
     private val verifyUrl by lazy {
         ApplicationContextHolder.getCurrentContext()!!.environment.resolvePlaceholders("\${verify-redirect-url}")
     }
@@ -59,6 +60,10 @@ class UserManagementResource(private val session: KeycloakSession) : RealmResour
         val auth = ResourceAuthenticator.bearerAuth(session)
         if (!auth.hasScopeAccess("trust")) return ErrorHandler.forbidden()
 
+        if (whitelist.isEnabled && request.email != null && !whitelist.emails.contains(request.email!!.toLowerCase())) {
+            return ErrorHandler.forbidden()
+        }
+
         runCatching {
             validateCaptcha("${request.captchaAnswer}-${session.context.connection.remoteAddr}")
         }.onFailure {

user-management/keycloak-gateway/src/main/resources/application.yml

@@ -73,3 +73,5 @@ keycloak:
 app:
   verify-redirect-url: ${VERIFY_REDIRECT_URL}
   forgot-redirect-url: ${FORGOT_REDIRECT_URL}
+  whitelist:
+    enabled: ${WHITELIST_ENABLED:false}

user-management/pom.xml

@@ -30,6 +30,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
         </dependency>
+        <dependency>
+            <groupId>co.nilin.opex.utility.preferences</groupId>
+            <artifactId>preferences</artifactId>
+        </dependency>
     </dependencies>
 
     <dependencyManagement>
@@ -39,6 +43,11 @@
                 <artifactId>error-handler</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>co.nilin.opex.utility.preferences</groupId>
+                <artifactId>preferences</artifactId>
+                <version>${project.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 </project>

utility/preferences/src/main/kotlin/co/nilin/opex/utility/preferences/Auth.kt

@@ -0,0 +1,3 @@
+package co.nilin.opex.utility.preferences
+
+data class Auth(val whitelist: WhitelistConfig = WhitelistConfig())

utility/preferences/src/main/kotlin/co/nilin/opex/utility/preferences/Preferences.kt

@@ -6,5 +6,6 @@ data class Preferences(
     var currencies: List<Currency> = emptyList(),
     var markets: List<Market> = emptyList(),
     var userLimits: List<UserLimit> = emptyList(),
-    var system: System = System()
+    var system: System = System(),
+    val auth: Auth = Auth()
 )

utility/preferences/src/main/kotlin/co/nilin/opex/utility/preferences/WhitelistConfig.kt

@@ -0,0 +1,6 @@
+package co.nilin.opex.utility.preferences
+
+data class WhitelistConfig(
+    val enabled: Boolean = false,
+    val file: String = "/whitelist.txt"
+)