From 7607d6a4fc3f33f69ccab04319f3ea26559ddabf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miko=C5=82aj=20Pich?= <m.pich@outlook.com>
Date: Mon, 18 Sep 2023 21:34:29 +0200
Subject: [PATCH] Add some authorization to log endpoint

---
 .env.example                                  |  1 +
 .github/workflows/deploy.yml                  | 23 +++++++++++++++++++
 build.gradle.kts                              |  2 ++
 .../github/wulkanowy/schools/Application.kt   |  2 ++
 .../schools/plugins/Authorization.kt          | 20 ++++++++++++++++
 .../wulkanowy/schools/plugins/Routing.kt      | 11 +++++----
 6 files changed, 55 insertions(+), 4 deletions(-)
 create mode 100644 .env.example
 create mode 100644 .github/workflows/deploy.yml
 create mode 100644 src/main/kotlin/io/github/wulkanowy/schools/plugins/Authorization.kt

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..f656e0f
--- /dev/null
+++ b/.env.example
@@ -0,0 +1 @@
+TOKEN=
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..ab8e2ce
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,23 @@
+name: Deploy to Oracle Cloud
+
+on:
+  push:
+    branches: [ master ]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: oracle-cloud
+    steps:
+      - uses: actions/checkout@v2
+      - name: Create .env file
+        uses: SpicyPizza/create-envfile@v1
+        with:
+          envkey_TOKEN: ${{ secrets.TOKEN }}
+      - uses: alex-ac/github-action-ssh-docker-compose@master
+        name: Docker-Compose Remote Deployment
+        with:
+          ssh_host: ${{ secrets.ORACLE_CLOUD_SSH_HOST }}
+          ssh_private_key: ${{ secrets.ORACLE_CLOUD_SSH_PRIVATE_KEY }}
+          ssh_user: ${{ secrets.ORACLE_CLOUD_SSH_USER }}
+          docker_compose_prefix: schools
diff --git a/build.gradle.kts b/build.gradle.kts
index ab50d7c..e888309 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -40,12 +40,14 @@ dependencies {
     implementation("io.ktor:ktor-serialization-kotlinx-json-jvm:$ktor_version")
     implementation("io.ktor:ktor-server-netty-jvm:$ktor_version")
     implementation("ch.qos.logback:logback-classic:$logback_version")
+    implementation("io.ktor:ktor-server-auth:$ktor_version")
 
     implementation("org.jetbrains.exposed:exposed-core:$exposed_version")
     implementation("org.jetbrains.exposed:exposed-dao:$exposed_version")
     implementation("org.jetbrains.exposed:exposed-jdbc:$exposed_version")
     implementation("org.jetbrains.exposed:exposed-java-time:$exposed_version")
     implementation("com.impossibl.pgjdbc-ng:pgjdbc-ng:0.8.9")
+    implementation("io.ktor:ktor-server-auth-jvm:2.3.4")
 
     testImplementation("io.ktor:ktor-server-tests-jvm")
     testImplementation("io.ktor:ktor-server-test-host-jvm")
diff --git a/src/main/kotlin/io/github/wulkanowy/schools/Application.kt b/src/main/kotlin/io/github/wulkanowy/schools/Application.kt
index 8c05a48..2c02e55 100644
--- a/src/main/kotlin/io/github/wulkanowy/schools/Application.kt
+++ b/src/main/kotlin/io/github/wulkanowy/schools/Application.kt
@@ -1,5 +1,6 @@
 package io.github.wulkanowy.schools
 
+import io.github.wulkanowy.schools.plugins.configureAuthorization
 import io.github.wulkanowy.schools.plugins.configureRouting
 import io.github.wulkanowy.schools.plugins.configureSerialization
 import io.ktor.server.application.*
@@ -14,5 +15,6 @@ fun main() {
 fun Application.module() {
     DatabaseFactory.init()
     configureSerialization()
+    configureAuthorization()
     configureRouting()
 }
diff --git a/src/main/kotlin/io/github/wulkanowy/schools/plugins/Authorization.kt b/src/main/kotlin/io/github/wulkanowy/schools/plugins/Authorization.kt
new file mode 100644
index 0000000..d510968
--- /dev/null
+++ b/src/main/kotlin/io/github/wulkanowy/schools/plugins/Authorization.kt
@@ -0,0 +1,20 @@
+package io.github.wulkanowy.schools.plugins
+
+import io.ktor.server.application.*
+import io.ktor.server.auth.*
+
+fun Application.configureAuthorization() {
+    authentication {
+        bearer("auth") {
+            realm = "Access to the '/log' path"
+
+            authenticate { tokenCredential ->
+                if (tokenCredential.token == System.getenv("TOKEN")) {
+                    UserIdPrincipal("wulkanowy-app-play")
+                } else {
+                    null
+                }
+            }
+        }
+    }
+}
diff --git a/src/main/kotlin/io/github/wulkanowy/schools/plugins/Routing.kt b/src/main/kotlin/io/github/wulkanowy/schools/plugins/Routing.kt
index ca54065..8702e38 100644
--- a/src/main/kotlin/io/github/wulkanowy/schools/plugins/Routing.kt
+++ b/src/main/kotlin/io/github/wulkanowy/schools/plugins/Routing.kt
@@ -4,6 +4,7 @@ import io.github.wulkanowy.schools.dao.LoginEventDao
 import io.github.wulkanowy.schools.model.LoginEvent
 import io.ktor.http.*
 import io.ktor.server.application.*
+import io.ktor.server.auth.*
 import io.ktor.server.request.*
 import io.ktor.server.response.*
 import io.ktor.server.routing.*
@@ -12,10 +13,12 @@ fun Application.configureRouting() {
     val loginEventDao = LoginEventDao()
 
     routing {
-        post("/log/loginEvent") {
-            val loginEvent = call.receive<LoginEvent>()
-            loginEventDao.addLoginEvent(loginEvent)
-            call.respond(status = HttpStatusCode.NoContent, "")
+        authenticate("auth") {
+            post("/log/loginEvent") {
+                val loginEvent = call.receive<LoginEvent>()
+                loginEventDao.addLoginEvent(loginEvent)
+                call.respond(status = HttpStatusCode.NoContent, "")
+            }
         }
         get("/") {
             call.respond(loginEventDao.allLoginEvents())