#61 Add backend Spring Cloud Gateway (#66)

Signed-off-by: vityaman <vityaman.dev@yandex.ru>

Author: vityaman

backend/README.md

@@ -5,6 +5,7 @@
 For building and testing a project check the [GitHub Workflow](../.github/workflows/gradle.yml).
 
 To run the backend you need to make Spring Boot jars and run docker compose, but before do not forget to prepare environment variables and secret keys.
+But before ensure that frontend is already built. 
 
 ```bash
 source config/env/local.sh

backend/authik/Dockerfile

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:21-jdk-alpine
+FROM eclipse-temurin:23-jdk-alpine
 
 WORKDIR /matchmaker
 

backend/buildSrc/build.gradle.kts

@@ -26,6 +26,6 @@ dependencies {
     implementation("org.jooq:jooq-codegen:$jooqVersion")
     implementation("org.jooq:jooq-codegen-gradle:$jooqVersion")
 
-    implementation("org.springframework.boot:spring-boot-gradle-plugin:3.3.5")
-    implementation("io.spring.gradle:dependency-management-plugin:1.1.6")
+    implementation("org.springframework.boot:spring-boot-gradle-plugin:3.4.1")
+    implementation("io.spring.gradle:dependency-management-plugin:1.1.7")
 }

backend/config/crypto/keys.bash

@@ -6,21 +6,25 @@ MODE="$1"
 ENV="$2"
 
 ALIAS="itmo-dating"
+ALIAS_BACKEND="$ALIAS-backend"
 KEYSTORE="keystore.p12"
-INSTALL_PATH="foundation/src/main/resources/keystore"
+BACKEND_INSTALL_PATH="foundation/src/main/resources/keystore"
+GATEWAY_INSTALL_PATH="gateway/src/main/resources/keystore"
 PASSWORD="$ITMO_DATING_KEY_STORE_PASSWORD"
 
 function copy() {
-  mkdir -p "../../$INSTALL_PATH"
-  cp "$1" "../../$INSTALL_PATH/$1"
+  mkdir -p "../../$BACKEND_INSTALL_PATH"
+  mkdir -p "../../$GATEWAY_INSTALL_PATH"
+  cp "$1" "../../$BACKEND_INSTALL_PATH/$1"
+  cp "$1" "../../$GATEWAY_INSTALL_PATH/$1"
 }
 
 function remove() {
-  rm -f "$1" "../../$INSTALL_PATH/$1"
+  rm -f "$1" "../../$BACKEND_INSTALL_PATH/$1" "../../$GATEWAY_INSTALL_PATH/$1"
 }
 
 function generate() {
-  echo "Generation key pair keystore..."
+  echo "Generating the backend key pair keystore..."
   keytool \
     -genkeypair \
     -alias      "$ALIAS" \
@@ -34,23 +38,23 @@ function generate() {
     -storeType  PKCS12 \
     -storepass  "$PASSWORD"
 
-  echo "Exporting a private key..."
-  openssl pkcs12 -in "$KEYSTORE" -nocerts -out "$ALIAS-private.pem" \
+  echo "Exporting the backend private key..."
+  openssl pkcs12 -in "$KEYSTORE" -nocerts -out "$ALIAS_BACKEND-private.pem" \
     -passin pass:"$PASSWORD" -passout pass:"$PASSWORD"
 
-  echo "Exporting a public key..."
-  openssl pkcs12 -in "$KEYSTORE" -nokeys  -out "$ALIAS-public.pem"  \
+  echo "Exporting the backend public key..."
+  openssl pkcs12 -in "$KEYSTORE" -nokeys  -out "$ALIAS_BACKEND-public.pem"  \
     -passin pass:"$PASSWORD" -passout pass:"$PASSWORD"
 
   copy "$KEYSTORE"
-  copy "$ALIAS-private.pem"
-  copy "$ALIAS-public.pem"
+  copy "$ALIAS_BACKEND-private.pem"
+  copy "$ALIAS_BACKEND-public.pem"
 }
 
 function clear() {
   remove "$KEYSTORE"
-  remove "$ALIAS-private.pem"
-  remove "$ALIAS-public.pem"
+  remove "$ALIAS_BACKEND-private.pem"
+  remove "$ALIAS_BACKEND-public.pem"
 }
 
 if [ "$ENV" = "test" ]; then

backend/gateway/Dockerfile

@@ -0,0 +1,9 @@
+FROM eclipse-temurin:23-jdk-alpine
+
+WORKDIR /gateway
+
+COPY ./build/libs/gateway-1.0.0.jar ./gateway.jar
+
+EXPOSE 8080
+
+CMD ["java", "-jar", "gateway.jar"]

backend/gateway/build.gradle.kts

@@ -0,0 +1,13 @@
+plugins {
+    id("buildlogic.spring-conventions")
+}
+
+dependencies {
+    implementation(libs.org.springframework.boot.spring.boot)
+    implementation(libs.org.springframework.cloud.spring.cloud.starter.gateway)
+
+    implementation(libs.org.springdoc.springdoc.openapi.starter.webflux.ui)
+
+    testImplementation(libs.org.springframework.boot.spring.boot.starter.test)
+    testImplementation(libs.junit.junit)
+}

backend/gateway/src/main/kotlin/ru/ifmo/se/dating/gateway/Application.kt

@@ -0,0 +1,11 @@
+package ru.ifmo.se.dating.gateway
+
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.runApplication
+
+@SpringBootApplication
+class Application
+
+fun main(args: Array<String>) {
+    runApplication<Application>(args = args)
+}

backend/gateway/src/main/kotlin/ru/ifmo/se/dating/gateway/SSLContextConfig.kt

@@ -0,0 +1,53 @@
+package ru.ifmo.se.dating.gateway
+
+import io.netty.handler.ssl.SslContext
+import io.netty.handler.ssl.SslContextBuilder
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.core.io.Resource
+import reactor.netty.http.client.HttpClient
+import java.security.KeyStore
+import javax.net.ssl.KeyManagerFactory
+import javax.net.ssl.TrustManagerFactory
+
+@Configuration
+class SSLContextConfig(
+    @Value("\${server.ssl.key-store-type}")
+    private val keyStoreType: String,
+
+    @Value("\${server.ssl.key-store}")
+    private val keyStore: Resource,
+
+    @Value("\${server.ssl.key-store-password}")
+    private val keyStorePassword: String,
+
+    @Value("\${server.ssl.protocol}")
+    private val sslProtocol: String,
+) {
+    @Bean
+    fun sslContext(): SslContext {
+        val keystore = KeyStore.getInstance(keyStoreType)
+        keyStore.inputStream.use { inputStream ->
+            keystore.load(inputStream, keyStorePassword.toCharArray())
+        }
+
+        val keyManager = KeyManagerFactory.getDefaultAlgorithm()
+            .let { KeyManagerFactory.getInstance(it) }
+            .apply { init(keystore, keyStorePassword.toCharArray()) }
+
+        val trustManager = TrustManagerFactory.getDefaultAlgorithm()
+            .let { TrustManagerFactory.getInstance(it) }
+            .apply { init(keystore) }
+
+        return SslContextBuilder.forClient()
+            .keyManager(keyManager)
+            .trustManager(trustManager)
+            .protocols(sslProtocol)
+            .build()
+    }
+
+    @Bean
+    fun httpClient(ssl: SslContext): HttpClient = HttpClient.create()
+        .secure { sslSpec -> sslSpec.sslContext(ssl) }
+}

backend/gateway/src/main/resources/application.yml

@@ -0,0 +1,107 @@
+server:
+  ssl:
+    enabled: true
+    key-store-type: PKCS12
+    key-store: classpath:keystore/keystore.p12
+    key-store-password: ${KEY_STORE_PASSWORD}
+    protocol: TLSv1.3
+    enabled-protocols: TLSv1.3
+spring:
+  cloud:
+    gateway:
+      routes:
+
+        - id: get-authik-openapi-api-yml
+          uri: https://authik:8080
+          predicates:
+            - Method=GET
+            - Path=/openapi/authik/api.yml
+          filters:
+            - RewritePath=/openapi/authik/api.yml, /openapi/api.yml
+
+        - id: get-matchmaker-openapi-api-yml
+          uri: https://matchmaker:8080
+          predicates:
+            - Method=GET
+            - Path=/openapi/matchmaker/api.yml
+          filters:
+            - RewritePath=/openapi/matchmaker/api.yml, /openapi/api.yml
+
+        - id: get-people-openapi-api-yml
+          uri: https://people:8080
+          predicates:
+            - Method=GET
+            - Path=/openapi/people/api.yml
+          filters:
+            - RewritePath=/openapi/people/api.yml, /openapi/api.yml
+
+        - id: put-authik-auth-telegram-web-app
+          uri: https://authik:8080
+          predicates:
+            - Method=PUT
+            - Path=/api/auth/telegram/web-app
+
+        - id: get-matchmaker-suggestions
+          uri: https://matchmaker:8080
+          predicates:
+            - Method=GET
+            - Path=/api/suggestions
+
+        - id: post-matchmaker-people-attitudes-incoming
+          uri: https://matchmaker:8080
+          predicates:
+            - Method=POST
+            - Path=/api/people/*/attitudes/incoming/*
+
+        - id: delete-matchmaker-attitudes
+          uri: https://matchmaker:8080
+          predicates:
+            - Method=DELETE
+            - Path=/api/attitudes
+
+        - id: get-matchmaker-people-matches
+          uri: https://matchmaker:8080
+          predicates:
+            - Method=GET
+            - Path=/api/people/{person_id}/matches
+
+        - id: get-people-person-id
+          uri: https://people:8080
+          predicates:
+            - Method=GET
+            - Path=/api/people/*
+
+        - id: delete-people-person-id
+          uri: https://people:8080
+          predicates:
+            - Method=DELETE
+            - Path=/api/people/*
+
+        - id: patch-people-person-id
+          uri: https://people:8080
+          predicates:
+            - Method=PATCH
+            - Path=/api/people/*
+
+        - id: get-people-faculties
+          uri: https://people:8080
+          predicates:
+            - Method=GET
+            - Path=/api/faculties
+
+        - id: get-people-locations
+          uri: https://people:8080
+          predicates:
+            - Method=GET
+            - Path=/api/locations
+
+springdoc:
+  swagger-ui:
+    path: /swagger-ui.html
+    urls:
+      - name: authik
+        url: openapi/authik/api.yml
+      - name: matchmaker
+        url: openapi/matchmaker/api.yml
+      - name: people
+        url: openapi/people/api.yml

backend/gateway/src/test/kotlin/ru/ifmo/se/dating/gateway/GatewayStartupTest.kt

@@ -0,0 +1,23 @@
+package ru.ifmo.se.dating.gateway
+
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.test.context.ActiveProfiles
+import org.springframework.test.context.ContextConfiguration
+import org.springframework.test.context.junit4.SpringRunner
+
+@RunWith(SpringRunner::class)
+@ActiveProfiles(profiles = ["test"])
+@SpringBootTest(
+    classes = [Application::class],
+    webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT,
+    useMainMethod = SpringBootTest.UseMainMethod.ALWAYS,
+)
+@ContextConfiguration(initializers = [SecurityInitializer::class])
+class GatewayStartupTest {
+    @Test
+    fun contextLoads() {
+        // Okay
+    }
+}

backend/gateway/src/test/kotlin/ru/ifmo/se/dating/gateway/SecurityInitializer.kt

@@ -0,0 +1,17 @@
+package ru.ifmo.se.dating.gateway
+
+import org.springframework.boot.test.util.TestPropertyValues
+import org.springframework.context.ApplicationContextInitializer
+import org.springframework.context.ConfigurableApplicationContext
+
+class SecurityInitializer :
+    ApplicationContextInitializer<ConfigurableApplicationContext> {
+
+    private val keyStorePassword: String = "testing-keystore-password"
+
+    override fun initialize(ctx: ConfigurableApplicationContext) {
+        TestPropertyValues.of(
+            "server.ssl.key-store-password=$keyStorePassword",
+        ).applyTo(ctx.environment)
+    }
+}

backend/gradle/libs.versions.toml

@@ -1,6 +1,7 @@
 [versions]
-org-springframework-boot-spring-boot = "3.3.5"
-org-springframework-spring = "6.1.14"
+org-springframework-boot-spring-boot = "3.4.1"
+org-springframework-spring = "6.2.1"
+org-springframework-cloud = "4.2.0"
 
 io-swagger-core-v3-swagger = "2.2.25"
 org-openapitools-jackson-databind-nullable = "0.2.6"
@@ -35,6 +36,8 @@ org-springframework-boot-spring-boot-starter-test = { module = "org.springframew
 org-springframework-spring-context = { module = "org.springframework:spring-context", version.ref = "org-springframework-spring" }
 org-springframework-spring-web = { module = "org.springframework:spring-web", version.ref = "org-springframework-spring" }
 
+org-springframework-cloud-spring-cloud-starter-gateway = { module = "org.springframework.cloud:spring-cloud-starter-gateway", version.ref = "org-springframework-cloud" }
+
 org-springdoc-springdoc-openapi-starter-webflux-ui = { module = "org.springdoc:springdoc-openapi-starter-webflux-ui", version.ref = "org-springdoc-springdoc-openapi-starter" }
 
 io-swagger-core-v3-swagger-annotations = { module = "io.swagger.core.v3:swagger-annotations", version.ref = "io-swagger-core-v3-swagger" }

backend/matchmaker/Dockerfile

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:21-jdk-alpine
+FROM eclipse-temurin:23-jdk-alpine
 
 WORKDIR /matchmaker
 

backend/people/Dockerfile

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:21-jdk-alpine
+FROM eclipse-temurin:23-jdk-alpine
 
 WORKDIR /people
 

backend/settings.gradle.kts

@@ -7,6 +7,7 @@ rootProject.name = "itmo-dating-backend"
 include(
     ":foundation",
     ":foundation-test",
+    ":gateway",
     ":authik",
     ":matchmaker",
     ":people",