Merge pull request #85 from Gepardec/feature/735

Feature/735

http-client/mega.postman_collection.json

@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "120b4182-530c-427c-80ff-507add82a277",
+		"_postman_id": "40539f4c-39cb-4b6d-80fc-df63c0882d12",
 		"name": "mega",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
 		"_exporter_id": "7412098"
@@ -140,7 +140,122 @@
 					},
 					"response": []
 				}
+			],
+			"auth": {
+				"type": "oauth2",
+				"oauth2": [
+					{
+						"key": "clientSecret",
+						"value": "{{clientSecret}}",
+						"type": "string"
+					},
+					{
+						"key": "client_authentication",
+						"value": "header",
+						"type": "string"
+					},
+					{
+						"key": "scope",
+						"value": "",
+						"type": "string"
+					},
+					{
+						"key": "clientId",
+						"value": "mega-cron",
+						"type": "string"
+					},
+					{
+						"key": "accessTokenUrl",
+						"value": "https://gepardec-sso-qa.apps.cloudscale-lpg-2.appuio.cloud/realms/gepardec/protocol/openid-connect/token",
+						"type": "string"
+					},
+					{
+						"key": "grant_type",
+						"value": "client_credentials",
+						"type": "string"
+					},
+					{
+						"key": "tokenName",
+						"value": "mega-cron",
+						"type": "string"
+					},
+					{
+						"key": "refreshRequestParams",
+						"value": [],
+						"type": "any"
+					},
+					{
+						"key": "tokenRequestParams",
+						"value": [],
+						"type": "any"
+					},
+					{
+						"key": "authRequestParams",
+						"value": [],
+						"type": "any"
+					},
+					{
+						"key": "challengeAlgorithm",
+						"value": "S256",
+						"type": "string"
+					},
+					{
+						"key": "useBrowser",
+						"value": true,
+						"type": "boolean"
+					},
+					{
+						"key": "authUrl",
+						"value": "https://accounts.google.com/o/oauth2/v2/auth",
+						"type": "string"
+					},
+					{
+						"key": "addTokenTo",
+						"value": "header",
+						"type": "string"
+					}
+				]
+			},
+			"event": [
+				{
+					"listen": "prerequest",
+					"script": {
+						"type": "text/javascript",
+						"exec": [
+							""
+						]
+					}
+				},
+				{
+					"listen": "test",
+					"script": {
+						"type": "text/javascript",
+						"exec": [
+							""
+						]
+					}
+				}
 			]
 		}
+	],
+	"event": [
+		{
+			"listen": "prerequest",
+			"script": {
+				"type": "text/javascript",
+				"exec": [
+					""
+				]
+			}
+		},
+		{
+			"listen": "test",
+			"script": {
+				"type": "text/javascript",
+				"exec": [
+					""
+				]
+			}
+		}
 	]
-}
+}

pom.xml

@@ -55,6 +55,13 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+            <dependency>
+                <groupId>com.google.api-client</groupId>
+                <artifactId>google-api-client-bom</artifactId>
+                <version>2.3.0</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
         </dependencies>
     </dependencyManagement>
     <dependencies>
@@ -96,9 +103,23 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-smallrye-metrics</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.google.api-client</groupId>
+            <artifactId>google-api-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.apis</groupId>
+            <artifactId>google-api-services-gmail</artifactId>
+            <version>v1-rev20231218-2.0.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.auth</groupId>
+            <artifactId>google-auth-library-oauth2-http</artifactId>
+            <version>1.23.0</version>
+        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-smallrye-jwt</artifactId>
+            <artifactId>quarkus-oidc</artifactId>
         </dependency>
         <!-- Quarkus JPA-Extensions -->
         <dependency>
@@ -117,7 +138,7 @@
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
-            <version>42.6.1</version>
+            <version>42.7.2</version>
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
@@ -213,7 +234,7 @@
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-test-security-jwt</artifactId>
+            <artifactId>quarkus-test-security-oidc</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>

src/main/java/com/gepardec/mega/application/configuration/GoogleCloudConfig.java

@@ -0,0 +1,51 @@
+package com.gepardec.mega.application.configuration;
+
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
+
+import java.util.List;
+
+@ApplicationScoped
+public class GoogleCloudConfig {
+
+    @Inject
+    @ConfigProperty(name = "mega.google.service-account-key")
+    String serviceAccountKey;
+
+    @Inject
+    @ConfigProperty(name = "mega.google.gmail.api.application-name")
+    String applicationName;
+
+    @Inject
+    @ConfigProperty(name = "mega.google.gmail.api.workspace-user")
+    String workspaceUser;
+
+    @Inject
+    @ConfigProperty(name = "mega.google.gmail.api.label-filter")
+    List<String> labelFilter;
+
+    @Inject
+    @ConfigProperty(name = "mega.google.pubsub.topic")
+    String topicName;
+
+    public String getServiceAccountKey() {
+        return serviceAccountKey;
+    }
+
+    public String getApplicationName() {
+        return applicationName;
+    }
+
+    public String getWorkspaceUser() {
+        return workspaceUser;
+    }
+
+    public List<String> getLabelFilter() {
+        return labelFilter;
+    }
+
+    public String getTopicName() {
+        return topicName;
+    }
+}

src/main/java/com/gepardec/mega/application/filter/MegaCronSecuritySchemaOASFilter.java

@@ -0,0 +1,18 @@
+package com.gepardec.mega.application.filter;
+
+import org.eclipse.microprofile.config.ConfigProvider;
+import org.eclipse.microprofile.openapi.OASFilter;
+import org.eclipse.microprofile.openapi.models.security.SecurityScheme;
+
+public class MegaCronSecuritySchemaOASFilter implements OASFilter {
+
+    @Override
+    public SecurityScheme filterSecurityScheme(SecurityScheme securityScheme) {
+        if (securityScheme.getType() == SecurityScheme.Type.OAUTH2) {
+            securityScheme.getFlows().getClientCredentials().tokenUrl(ConfigProvider.getConfig().getConfigValue("mega.oauth.issuer").getValue() + "/protocol/openid-connect/token");
+            return OASFilter.super.filterSecurityScheme(securityScheme);
+        } else {
+            return null;
+        }
+    }
+}

src/main/java/com/gepardec/mega/application/interceptor/RolesAllowed.java → src/main/java/com/gepardec/mega/application/interceptor/MegaRolesAllowed.java

@@ -14,7 +14,7 @@
 @Inherited
 @Retention(RetentionPolicy.RUNTIME)
 @Target({ElementType.TYPE, ElementType.METHOD})
-public @interface RolesAllowed {
+public @interface MegaRolesAllowed {
 
     @Nonbinding
     Role[] value() default {Role.EMPLOYEE};

src/main/java/com/gepardec/mega/application/interceptor/RolesAllowedInterceptor.java → src/main/java/com/gepardec/mega/application/interceptor/MegaRolesAllowedInterceptor.java

@@ -13,24 +13,24 @@
 import java.util.Set;
 
 @Interceptor
-@RolesAllowed
+@MegaRolesAllowed
 @Priority(Interceptor.Priority.APPLICATION)
-public class RolesAllowedInterceptor {
+public class MegaRolesAllowedInterceptor {
 
     @Inject
     UserContext userContext;
 
     @AroundInvoke
     public Object intercept(InvocationContext invocationContext) throws Exception {
-        RolesAllowed rolesAllowedAnnotation = invocationContext.getMethod().getAnnotation(RolesAllowed.class);
-        if (rolesAllowedAnnotation == null) {
-            rolesAllowedAnnotation = invocationContext.getTarget().getClass().getAnnotation(RolesAllowed.class);
+        MegaRolesAllowed megaRolesAllowedAnnotation = invocationContext.getMethod().getAnnotation(MegaRolesAllowed.class);
+        if (megaRolesAllowedAnnotation == null) {
+            megaRolesAllowedAnnotation = invocationContext.getTarget().getClass().getAnnotation(MegaRolesAllowed.class);
         }
 
-        Objects.requireNonNull(rolesAllowedAnnotation,
+        Objects.requireNonNull(megaRolesAllowedAnnotation,
                 "Could not resolve Authorizaion annotation. Do you use Stereotype annotations, which are currently not supported?");
 
-        Role[] allowedRoles = rolesAllowedAnnotation.value();
+        Role[] allowedRoles = megaRolesAllowedAnnotation.value();
         if (isInRole(userContext.getUser().getRoles(), allowedRoles)) {
             return invocationContext.proceed();
         } else {

src/main/java/com/gepardec/mega/application/observer/LifecycleObserver.java

@@ -1,7 +1,10 @@
 package com.gepardec.mega.application.observer;
 
 import com.gepardec.mega.application.configuration.ApplicationConfig;
+import com.gepardec.mega.service.api.GmailService;
+import io.quarkus.arc.profile.IfBuildProfile;
 import io.quarkus.runtime.StartupEvent;
+import io.quarkus.runtime.configuration.ConfigUtils;
 import jakarta.enterprise.context.Dependent;
 import jakarta.enterprise.event.Observes;
 import liquibase.Contexts;
@@ -38,4 +41,13 @@ void initDatabase(final @Observes StartupEvent event,
             logger.error("Initialization of the database with liquibase failed", e);
         }
     }
+
+    void watchGmailInbox(final @Observes StartupEvent event,
+                         final GmailService gmailService,
+                         final Logger logger) {
+        if (ConfigUtils.isProfileActive("prod")) {
+            logger.info("Starting to watch the Gmail inbox. Renewals will be handled by the corresponding scheduled task.");
+            gmailService.watchInbox();
+        }
+    }
 }

src/main/java/com/gepardec/mega/application/producer/GoogleCredentialsProducer.java

@@ -0,0 +1,27 @@
+package com.gepardec.mega.application.producer;
+
+import com.gepardec.mega.application.configuration.GoogleCloudConfig;
+import com.google.api.services.gmail.GmailScopes;
+import com.google.auth.oauth2.GoogleCredentials;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.enterprise.inject.Produces;
+import jakarta.inject.Inject;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.util.Collections;
+
+@ApplicationScoped
+public class GoogleCredentialsProducer {
+
+    @Inject
+    GoogleCloudConfig googleCloudConfig;
+
+    @Produces
+    @ApplicationScoped
+    public GoogleCredentials produceGoogleCredentials() throws IOException {
+        return GoogleCredentials.fromStream(new ByteArrayInputStream(googleCloudConfig.getServiceAccountKey().getBytes()))
+                .createScoped(Collections.singleton(GmailScopes.GMAIL_READONLY))
+                .createDelegated(googleCloudConfig.getWorkspaceUser());
+    }
+}

src/main/java/com/gepardec/mega/application/schedule/MailSchedules.java

@@ -0,0 +1,33 @@
+package com.gepardec.mega.application.schedule;
+
+import com.gepardec.mega.notification.mail.ReminderEmailSender;
+import com.gepardec.mega.service.api.GmailService;
+import io.quarkus.scheduler.Scheduled;
+import jakarta.enterprise.context.Dependent;
+import jakarta.inject.Inject;
+
+@Dependent
+public class MailSchedules {
+
+    @Inject
+    ReminderEmailSender reminderEmailSender;
+
+    @Inject
+    GmailService gmailService;
+
+    @Scheduled(
+            identity = "Send E-Mail reminder to users",
+            cron = "0 0 7 ? * MON-FRI"
+    )
+    void sendReminder() {
+        reminderEmailSender.sendReminder();
+    }
+
+    @Scheduled(
+            identity = "Renew the mailbox watch for the Gmail API every day at 06:00",
+            cron = "0 0 6 * * ? *"
+    )
+    void renewMailboxWatch() {
+        gmailService.watchInbox();
+    }
+}