Merge pull request #48 from TTG-Club/feat/transfer-nuxt-backend

Перенос бэка с Nuxt
TTG-Club · Jan 13, 2025 · eb704f9 · eb704f9
2 parents f14ceb7 + 9925b29
commit eb704f9
Show file tree

Hide file tree

Showing 48 changed files with 1,496 additions and 295 deletions.
diff --git a/pom.xml b/pom.xml
@@ -26,6 +26,17 @@
 		<tag/>
 		<url/>
 	</scm>
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>io.awspring.cloud</groupId>
+				<artifactId>spring-cloud-aws-dependencies</artifactId>
+				<version>3.0.0-RC2</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
 	<properties>
 		<java.version>17</java.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -36,6 +47,9 @@
 		<mapstruct.version>1.6.0.Beta2</mapstruct.version>
 		<mapstruct-processor.version>1.5.5.Final</mapstruct-processor.version>
 		<liqui-base.version>4.24.0</liqui-base.version>
+		<slugify.version>3.0.7</slugify.version>
+		<icu4j.version>76.1</icu4j.version>
+		<commons-io.version>2.18.0</commons-io.version>
 	</properties>
 	<dependencies>
 		<dependency>
@@ -117,6 +131,25 @@
 			<version>5.12.0</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>io.awspring.cloud</groupId>
+			<artifactId>spring-cloud-aws-starter-s3</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.github.slugify</groupId>
+			<artifactId>slugify</artifactId>
+			<version>${slugify.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>com.ibm.icu</groupId>
+			<artifactId>icu4j</artifactId>
+			<version>${icu4j.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>commons-io</groupId>
+			<artifactId>commons-io</artifactId>
+			<version>${commons-io.version}</version>
+		</dependency>
 	</dependencies>
 
 	<build>

diff --git a/src/main/java/club/ttg/dnd5/config/SecurityConfig.java b/src/main/java/club/ttg/dnd5/config/SecurityConfig.java
@@ -1,22 +1,27 @@
 package club.ttg.dnd5.config;
 
+import club.ttg.dnd5.security.JwtAuthFilter;
+import club.ttg.dnd5.service.user.UserService;
 import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
 import io.swagger.v3.oas.annotations.security.SecurityScheme;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 
+import java.util.Arrays;
 import java.util.List;
 
 import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
@@ -29,32 +34,54 @@
 )
 @Configuration
 @EnableWebSecurity
-@EnableMethodSecurity
 @RequiredArgsConstructor
+@EnableMethodSecurity(securedEnabled = true)
 public class SecurityConfig {
-    private final UserDetailsService userDetailsService;
+    private final UserService userService;
+    private final JwtAuthFilter jwtAuthFilter;
+
+    private final String[] ignored = Arrays
+            .asList(
+                    "/v3/api-docs/**",
+                    "/swagger-ui.html",
+                    "/swagger-ui/**",
+                    "/scalar-ui.html",
+                    "/api/auth/**",
+                    "/api/v2/**"
+            )
+            .toArray(String[]::new);
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .csrf(AbstractHttpConfigurer::disable)
             .cors(cors -> cors.configurationSource(this::getCorsConfigurer))
             .authorizeHttpRequests(request -> request
-                .requestMatchers("/**").permitAll()
+                .requestMatchers(ignored).permitAll()
                 .anyRequest().authenticated()
             )
             .sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS))
-            .authenticationProvider(authenticationProvider());
+            .authenticationProvider(authenticationProvider())
+            .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
+
         http.httpBasic(AbstractHttpConfigurer::disable);
+
         return http.build();
     }
 
     @Bean
-    AuthenticationProvider authenticationProvider() {
-        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-        provider.setUserDetailsService(userDetailsService);
-        provider.setPasswordEncoder(passwordEncoder());
-        return provider;
+    public AuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
+
+        authProvider.setUserDetailsService(userService.userDetailsService());
+        authProvider.setPasswordEncoder(passwordEncoder());
+
+        return authProvider;
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
+        return config.getAuthenticationManager();
     }
 
     @Bean
@@ -63,11 +90,13 @@ public BCryptPasswordEncoder passwordEncoder(){
     }
 
     CorsConfiguration getCorsConfigurer(final HttpServletRequest httpServletRequest) {
-        var corsConfiguration = new CorsConfiguration();
-        corsConfiguration.setAllowedOrigins(List.of("*"));
+        CorsConfiguration corsConfiguration = new CorsConfiguration();
+
+        corsConfiguration.setAllowedOriginPatterns(List.of("*"));
         corsConfiguration.setAllowedMethods(List.of("*"));
         corsConfiguration.setAllowedHeaders(List.of("*"));
-        corsConfiguration.setAllowCredentials(false);
+        corsConfiguration.setAllowCredentials(true);
+
         return corsConfiguration;
     }
 }
diff --git a/src/main/java/club/ttg/dnd5/controller/MenuApiController.java b/src/main/java/club/ttg/dnd5/controller/MenuApiController.java
diff --git a/src/main/java/club/ttg/dnd5/controller/character/ClassController.java b/src/main/java/club/ttg/dnd5/controller/character/ClassController.java
@@ -54,7 +54,7 @@ public ClassDto getClass(@PathVariable String url) {
             @ApiResponse(responseCode = "403", description = "Доступ запрещен")
     })
     @ResponseStatus(HttpStatus.CREATED)
-    @Secured("ROLE_ADMIN")
+    @Secured("ADMIN")
     @PostMapping
     public ClassDto addClass(@RequestBody final ClassDto request) {
         return classService.addClass(request);
@@ -106,7 +106,7 @@ public ClassDto addFeature(
             @ApiResponse(responseCode = "404", description = "Класс не найден"),
             @ApiResponse(responseCode = "403", description = "Доступ запрещен")
     })
-    @Secured("ROLE_ADMIN")
+    @Secured("ADMIN")
     @PutMapping("/{url}")
     public ClassDto updateClass(
             @PathVariable final String url,

diff --git a/src/main/java/club/ttg/dnd5/controller/engine/ErrorHandlerControllerAdvice.java b/src/main/java/club/ttg/dnd5/controller/engine/ErrorHandlerControllerAdvice.java
diff --git a/src/main/java/club/ttg/dnd5/controller/engine/ExceptionController.java b/src/main/java/club/ttg/dnd5/controller/engine/ExceptionController.java
@@ -0,0 +1,77 @@
+package club.ttg.dnd5.controller.engine;
+
+import club.ttg.dnd5.dto.ErrorResponseDto;
+import club.ttg.dnd5.exception.ApiException;
+import club.ttg.dnd5.exception.EntityExistException;
+import club.ttg.dnd5.exception.EntityNotFoundException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.log4j.Log4j2;
+import org.apache.commons.lang3.exception.ExceptionUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authorization.AuthorizationDeniedException;
+import org.springframework.web.bind.MissingServletRequestParameterException;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.multipart.MaxUploadSizeExceededException;
+import org.springframework.web.servlet.NoHandlerFoundException;
+
+import java.io.IOException;
+
+@Log4j2
+@ControllerAdvice
+@RequiredArgsConstructor
+public class ExceptionController {
+    @Value("${spring.servlet.multipart.max-file-size}")
+    private String MAX_FILE_SIZE;
+
+    @ExceptionHandler(ApiException.class)
+    public ResponseEntity<ErrorResponseDto> handleApiException(ApiException ex, HttpServletRequest request, HttpServletResponse response) {
+        log.error(ExceptionUtils.getStackTrace(ex));
+
+        return convertToResponseEntity(ex.getStatus(), ex.getMessage());
+    }
+
+    @ExceptionHandler({SecurityException.class, AuthorizationDeniedException.class})
+    public ResponseEntity<ErrorResponseDto> handleSecurityException() {
+        return convertToResponseEntity(HttpStatus.FORBIDDEN, "Доступ запрещен");
+    }
+
+    @ExceptionHandler(MissingServletRequestParameterException.class)
+    public ResponseEntity<ErrorResponseDto> handleRequestParamException(MissingServletRequestParameterException ex, HttpServletRequest request, HttpServletResponse response) {
+        String message = String.format("Отсутствует необходимый параметр \"%s\"", ex.getParameterName());
+
+        return convertToResponseEntity(HttpStatus.BAD_REQUEST, message);
+    }
+
+    @ExceptionHandler(MaxUploadSizeExceededException.class)
+    public ResponseEntity<ErrorResponseDto> handleMaxUploadSizeExceededException(MaxUploadSizeExceededException ex, HttpServletRequest request, HttpServletResponse response) {
+        String message = String.format("Максимальный размер загружаемых файлов – %s", MAX_FILE_SIZE);
+
+        return convertToResponseEntity(HttpStatus.BAD_REQUEST, message);
+    }
+
+    @ExceptionHandler({NoHandlerFoundException.class, IOException.class, Exception.class})
+    public ResponseEntity<ErrorResponseDto> handleOtherExceptions(Exception ex, HttpServletRequest request, HttpServletResponse response) {
+        log.error(ExceptionUtils.getStackTrace(ex));
+
+        return convertToResponseEntity(HttpStatus.INTERNAL_SERVER_ERROR, ex.getMessage());
+    }
+
+    @ExceptionHandler(EntityNotFoundException.class)
+    public ResponseEntity<ErrorResponseDto> handleEntityNotFound(Exception exception) {
+        return convertToResponseEntity(HttpStatus.NOT_FOUND, exception.getMessage());
+    }
+
+    @ExceptionHandler(EntityExistException.class)
+    public ResponseEntity<ErrorResponseDto> handleHandleEntityExistException(Exception exception) {
+        return convertToResponseEntity(HttpStatus.BAD_REQUEST, exception.getMessage());
+    }
+
+    private ResponseEntity<ErrorResponseDto> convertToResponseEntity(HttpStatus status, String message) {
+        return ResponseEntity.status(status).body(new ErrorResponseDto(status, message));
+    }
+}