Add some authorization to log endpoint

.env.example

@@ -0,0 +1 @@
+TOKEN=

.github/workflows/deploy.yml

@@ -0,0 +1,23 @@
+name: Deploy to Oracle Cloud
+
+on:
+  push:
+    branches: [ master ]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: oracle-cloud
+    steps:
+      - uses: actions/checkout@v2
+      - name: Create .env file
+        uses: SpicyPizza/create-envfile@v1
+        with:
+          envkey_TOKEN: ${{ secrets.TOKEN }}
+      - uses: alex-ac/github-action-ssh-docker-compose@master
+        name: Docker-Compose Remote Deployment
+        with:
+          ssh_host: ${{ secrets.ORACLE_CLOUD_SSH_HOST }}
+          ssh_private_key: ${{ secrets.ORACLE_CLOUD_SSH_PRIVATE_KEY }}
+          ssh_user: ${{ secrets.ORACLE_CLOUD_SSH_USER }}
+          docker_compose_prefix: schools

build.gradle.kts

@@ -40,12 +40,14 @@ dependencies {
     implementation("io.ktor:ktor-serialization-kotlinx-json-jvm:$ktor_version")
     implementation("io.ktor:ktor-server-netty-jvm:$ktor_version")
     implementation("ch.qos.logback:logback-classic:$logback_version")
+    implementation("io.ktor:ktor-server-auth:$ktor_version")
 
     implementation("org.jetbrains.exposed:exposed-core:$exposed_version")
     implementation("org.jetbrains.exposed:exposed-dao:$exposed_version")
     implementation("org.jetbrains.exposed:exposed-jdbc:$exposed_version")
     implementation("org.jetbrains.exposed:exposed-java-time:$exposed_version")
     implementation("com.impossibl.pgjdbc-ng:pgjdbc-ng:0.8.9")
+    implementation("io.ktor:ktor-server-auth-jvm:2.3.4")
 
     testImplementation("io.ktor:ktor-server-tests-jvm")
     testImplementation("io.ktor:ktor-server-test-host-jvm")

src/main/kotlin/io/github/wulkanowy/schools/Application.kt

@@ -1,5 +1,6 @@
 package io.github.wulkanowy.schools
 
+import io.github.wulkanowy.schools.plugins.configureAuthorization
 import io.github.wulkanowy.schools.plugins.configureRouting
 import io.github.wulkanowy.schools.plugins.configureSerialization
 import io.ktor.server.application.*
@@ -14,5 +15,6 @@ fun main() {
 fun Application.module() {
     DatabaseFactory.init()
     configureSerialization()
+    configureAuthorization()
     configureRouting()
 }

src/main/kotlin/io/github/wulkanowy/schools/plugins/Authorization.kt

@@ -0,0 +1,20 @@
+package io.github.wulkanowy.schools.plugins
+
+import io.ktor.server.application.*
+import io.ktor.server.auth.*
+
+fun Application.configureAuthorization() {
+    authentication {
+        bearer("auth") {
+            realm = "Access to the '/log' path"
+
+            authenticate { tokenCredential ->
+                if (tokenCredential.token == System.getenv("TOKEN")) {
+                    UserIdPrincipal("wulkanowy-app-play")
+                } else {
+                    null
+                }
+            }
+        }
+    }
+}

src/main/kotlin/io/github/wulkanowy/schools/plugins/Routing.kt

@@ -4,6 +4,7 @@ import io.github.wulkanowy.schools.dao.LoginEventDao
 import io.github.wulkanowy.schools.model.LoginEvent
 import io.ktor.http.*
 import io.ktor.server.application.*
+import io.ktor.server.auth.*
 import io.ktor.server.request.*
 import io.ktor.server.response.*
 import io.ktor.server.routing.*
@@ -12,10 +13,12 @@ fun Application.configureRouting() {
     val loginEventDao = LoginEventDao()
 
     routing {
-        post("/log/loginEvent") {
-            val loginEvent = call.receive<LoginEvent>()
-            loginEventDao.addLoginEvent(loginEvent)
-            call.respond(status = HttpStatusCode.NoContent, "")
+        authenticate("auth") {
+            post("/log/loginEvent") {
+                val loginEvent = call.receive<LoginEvent>()
+                loginEventDao.addLoginEvent(loginEvent)
+                call.respond(status = HttpStatusCode.NoContent, "")
+            }
         }
         get("/") {
             call.respond(loginEventDao.allLoginEvents())