[Gepardec/mega#735] temp commit authentication

Gepardec · Sep 24, 2024 · 1a8f50f · 1a8f50f
1 parent 37b5883
commit 1a8f50f
Show file tree

Hide file tree

Showing 5 changed files with 90 additions and 68 deletions.
diff --git a/src/main/java/com/gepardec/mega/rest/api/MailResource.java b/src/main/java/com/gepardec/mega/rest/api/MailResource.java
@@ -2,11 +2,8 @@
 
 import io.quarkus.oidc.Tenant;
 import jakarta.ws.rs.GET;
-import jakarta.ws.rs.POST;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.Produces;
-import jakarta.ws.rs.core.Context;
-import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
 import org.eclipse.microprofile.openapi.annotations.Operation;
@@ -24,21 +21,20 @@
 @Tenant("mega-cron")
 @Tag(name = "MailResource")
 @Produces(MediaType.APPLICATION_JSON)
-//@SecurityRequirement(name = "mega-cron")
-//@SecuritySchemes(
-//        @SecurityScheme(
-//                securitySchemeName = "mega-cron",
-//                type = SecuritySchemeType.OAUTH2,
-//                flows = @OAuthFlows(clientCredentials = @OAuthFlow())
-//        )
-//)
+@SecurityRequirement(name = "mega-cron")
+@SecuritySchemes(
+        @SecurityScheme(
+                securitySchemeName = "mega-cron",
+                type = SecuritySchemeType.OAUTH2,
+                flows = @OAuthFlows(clientCredentials = @OAuthFlow())
+        )
+)
 public interface MailResource {
 
     @Operation(operationId = "send-reminder", description = "Sends reminder emails to affected employees.")
     @GET
     @Path("/send-reminder")
     Response sendReminder();
-//    service-60018822787@gcp-sa-pubsub.iam.gserviceaccount.com
 
     /**
      * The sole purpose of this endpoint is to trigger the retrieval of emails from the ZEP inbox manually.
@@ -52,23 +48,7 @@ public interface MailResource {
     @Path("/retrieve-zep-mails")
     Response retrieveZepEmailsFromInbox();
 
-    /**
-     * This endpoint serves as a webhook for new emails from ZEP to trigger comment creation.
-     * A Google Cloud Pub/Sub subscription is set up to call this endpoint when a new email is received.
-     *
-     * @return
-     */
-    @Operation(operationId = "gmailMessageReceivedWebhook", description = "Webhook for new emails from ZEP to trigger comment creation.")
-    @POST
-    @Path("/message-received")
-    Response gmailMessageReceivedWebhook(String payload);
-
     @Path("/ping")
     @GET
     LocalDateTime ping();
-
-    @Tenant("google")
-    @Path("/ping")
-    @POST
-    LocalDateTime postPing(@Context HttpHeaders headers);
 }
diff --git a/src/main/java/com/gepardec/mega/rest/api/PubSubResource.java b/src/main/java/com/gepardec/mega/rest/api/PubSubResource.java
@@ -0,0 +1,33 @@
+package com.gepardec.mega.rest.api;
+
+import io.quarkus.oidc.Tenant;
+import io.quarkus.security.Authenticated;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.Response;
+import org.eclipse.microprofile.openapi.annotations.Operation;
+
+import java.time.LocalDateTime;
+
+@Tenant("pubsub")
+@Path("/pubsub")
+public interface PubSubResource {
+
+    /**
+     * This endpoint serves as a webhook for new emails from ZEP to trigger comment creation.
+     * A Google Cloud Pub/Sub subscription is set up to call this endpoint when a new email is received.
+     *
+     * @return
+     */
+    @Operation(operationId = "gmailMessageReceivedWebhook", description = "Webhook for new emails from ZEP to trigger comment creation.")
+    @POST
+    @Path("/message-received")
+    Response gmailMessageReceivedWebhook(String payload);
+
+    @Path("/ping")
+    @POST
+    LocalDateTime postPing(@Context HttpHeaders headers);
+}
diff --git a/src/main/java/com/gepardec/mega/rest/impl/MailResourceImpl.java b/src/main/java/com/gepardec/mega/rest/impl/MailResourceImpl.java
@@ -1,22 +1,18 @@
 package com.gepardec.mega.rest.impl;
 
-import com.gepardec.mega.application.exception.UnauthorizedException;
 import com.gepardec.mega.notification.mail.ReminderEmailSender;
 import com.gepardec.mega.notification.mail.receiver.MailReceiver;
 import com.gepardec.mega.rest.api.MailResource;
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.enterprise.context.RequestScoped;
 import jakarta.inject.Inject;
-import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.Response;
-import org.eclipse.microprofile.jwt.Claim;
-import org.eclipse.microprofile.jwt.ClaimValue;
-import org.eclipse.microprofile.jwt.Claims;
 import org.slf4j.Logger;
 
 import java.time.LocalDateTime;
 
 @RequestScoped
-//@RolesAllowed("mega-cron:mail")
+@RolesAllowed("mega-cron:mail")
 public class MailResourceImpl implements MailResource {
 
     @Inject
@@ -52,38 +48,8 @@ public Response retrieveZepEmailsFromInbox() {
         return Response.ok().build();
     }
 
-    @Override
-    public Response gmailMessageReceivedWebhook(String payload) {
-        try {
-            logger.info("Received payload: {}", payload);
-            mailReceiver.retrieveZepEmailsFromInbox();
-        } catch (Exception e) {
-            logger.error(e.getMessage());
-            return Response.serverError().entity(e.getMessage()).build();
-        }
-
-        return Response.ok().build();
-    }
-
     @Override
     public LocalDateTime ping() {
         return LocalDateTime.now();
     }
-
-    @Inject
-    @Claim(standard = Claims.email)
-    ClaimValue<String> email;
-
-    @Override
-    public LocalDateTime postPing(HttpHeaders httpHeaders) {
-        logger.info("Received POST request");
-        logger.info("Headers: {}", httpHeaders.getRequestHeaders());
-        logger.info("Email: {}", email.getValue());
-
-        if (!"gepardec-service-mail@mega-260510.iam.gserviceaccount.com".equals(email.getValue())) {
-            throw new UnauthorizedException("Account not authorized to access this resource.");
-        }
-
-        return LocalDateTime.now();
-    }
 }
diff --git a/src/main/java/com/gepardec/mega/rest/impl/PubSubResourceImpl.java b/src/main/java/com/gepardec/mega/rest/impl/PubSubResourceImpl.java
@@ -0,0 +1,42 @@
+package com.gepardec.mega.rest.impl;
+
+import com.gepardec.mega.notification.mail.receiver.MailReceiver;
+import com.gepardec.mega.rest.api.PubSubResource;
+import io.quarkus.security.Authenticated;
+import jakarta.inject.Inject;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.Response;
+import org.slf4j.Logger;
+
+import java.time.LocalDateTime;
+
+@Authenticated
+public class PubSubResourceImpl implements PubSubResource {
+
+    @Inject
+    Logger logger;
+
+    @Inject
+    MailReceiver mailReceiver;
+
+    @Override
+    public Response gmailMessageReceivedWebhook(String payload) {
+        try {
+            logger.info("Received payload: {}", payload);
+            mailReceiver.retrieveZepEmailsFromInbox();
+        } catch (Exception e) {
+            logger.error(e.getMessage());
+            return Response.serverError().entity(e.getMessage()).build();
+        }
+
+        return Response.ok().build();
+    }
+
+    @Override
+    public LocalDateTime postPing(HttpHeaders httpHeaders) {
+        logger.info("Received POST request");
+        logger.info("Headers: {}", httpHeaders.getRequestHeaders());
+
+        return LocalDateTime.now();
+    }
+}
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
@@ -102,11 +102,12 @@ quarkus:
       roles:
         source: accesstoken
         role-claim-path: "resource_access/mega-cron/roles"
-    google:
-      auth-server-url: "https://accounts.google.com"
+    pubsub:
+      provider: google
       application-type: "service"
-      token:
-        issuer: "https://accounts.google.com"
+
+
+
 
 mp:
   openapi: