loafle/openapi-generator
3
0
Fork 0
forked from loafle/openapi-generator-original
Code Pull Requests Activity

Java playframework: add support for oauth2 accesstoken validation (#10901)

Browse Source 
* first commit: add cli option for saga and records. Added dummy sagas.mustache test file.

* More progress with default values. First prototype for isEntity and isUniqueId.

* record generation complete

* record generation complete

* progress with saga generation

* progress with saga generation

* first fully working saga generation

* merge with latest master

* removed unneeded "items" properties.

* moved global CodegenModel modifications into subclass ExtendedCodegenModel used exclusively by TypescriptFetchClient. Adding missing samples files.

* moved global CodegenOperation modifications into subclass ExtendedCodegenOperation used exclusively by TypescriptFetchClient.

* moved global CodegenProperty modifications into subclass ExtendedCodegenProperty used exclusively by TypescriptFetchClient.

* moved global CodegenParameter modifications into subclass ExtendedCodegenParameter used exclusively by TypescriptFetchClient.

* added the missing "allSagas" export.

* renamed & reworked "meta data response" flags to a more useful general concept of "operation return passthrough"

* added vendor flag keepAsJSObject as escape hatch to support circular dependencies in models and other special cases. Also fixed issues with default values for some records properties.

* added autodetection for passthrough to simplify standardised specs.

* fix small issue with passthrough void

* fix small issues with passthrough void and missing passthrough imports in some cases. Fix issues with enum default values.

* fix small issues with passthrough void and missing passthrough imports in some cases. Fix issues with enum default values.

* Added "reservedRecordField" feature to support remapping fields names that cannot be used in Records. Added missing export to record: toApi().

* added uniqueId inference. Fix small generation when uniqueId property is an array.

* removed feature "reservedRecordField" and replaced it with existing built-in "reserved words" feature. Fix minor issues with typings in generated files.

* Changed api recType names to make them less likely to cause name conflicts. Added generated ApiEntities (record, reducer & selector) files.

* Moved location of ApiEntities related files and fix issues with exports.

* - merge latest master
- renamed fake test apis to better fit the "pet theme"
- added mode for "SourceOnlyLibrary" (same as used in codegen typescript jquery)

* - missing ganarate sampless

* - Modified way to export apiEntitiesSelectpr to reduce typescript analysis time for consuming project. Removed tab characters in mustache files. Reformat code for TypeScriptFetchClientCodegen to try to remove false positive for tabs vs spaces.

* - added markErrorsAsHandled property to api sagas. Increased typescript version to address some typing errors on library build.

* - fix bug in saga interfaces. Upgraded to typescript "strict" mode to ensure proper typechecking info is generated.

* - added optional id for apiEntity selectors. Added toInlined() support to convert an entity to an inlined model recursively.

* - minor tweak for apiEntitySelector to accept null id

* - minor tweak for apiEntitySelector

* - runned ensure up to date.

* Revert "- runned ensure up to date."

This reverts commit ea9b4aed

* - runned ensure up to date.

* - runned ensure up to date.

* - added more enhancements: New "toInlined" functionality. Support for more complex double array types. apiBaseConfiguration is not sent completely for Api.init().

* - merge master

* - fix generated api bug in some cases for typescript fetch when no request params are present.

* - commented broken tests

* - fix generate samples analysis.

* - work in progress for playframework swagger upgrade

* - first working output for playframework with oauth support for access code flow.

* update surefire to newer version

* added new sample project "...playframework-with-security.yaml" and improved tab in generated output for controllerImp files.

* split SecurityAPIUtil into more granular and useful functions.

* minor fix to have tab instead of spaces in securityapiutils mustache file

* added missing generated samples.

* added missing securityAPIUtils injection in generated "Controller" classes when "useInterfaces = false"

* added missing securityAPIUtils import

* added missing securityAPIUtils import for no-interface samples files.

* minor tweak: changed order of import for securityApiUtils

* minor tweak: changed order of import for securityApiUtils

* fix: securityApiUtils was incorrectly declared with "throws Exception"

* minor code tweak.

* fix potential runtime throw in SecurityApiUtils if playframework configuration variables are not found. fix minor issue with space vs tab in mustache files. Fix compilation issues in some cases when using async mode.

* run ensure-up-to-date and generate-samples

* Revert "run ensure-up-to-date and generate-samples"

This reverts commit da4d3ac755.

Co-authored-by: Bruno Flamand <bflamand@stingray.com>
Co-authored-by: William Cheng <wing328hk@gmail.com>
This commit is contained in:
bflamand
2022-01-02 07:45:33 -05:00
committed by GitHub
parent a20cee3024
commit 5152f8dee0
113 changed files with 6484 additions and 602 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
samples/server/petstore/java-play-framework-api-package-override/.openapi-generator/FILES
View File

@@ -20,6 +20,7 @@ app/com/puppies/store/apis/UserApiControllerImpInterface.java
app/openapitools/ApiCall.java
app/openapitools/ErrorHandler.java
app/openapitools/OpenAPIUtils.java
app/openapitools/SecurityAPIUtils.java
build.sbt
conf/application.conf
conf/logback.xml

2
samples/server/petstore/java-play-framework-api-package-override/app/Module.java
View File

@@ -1,6 +1,7 @@
import com.google.inject.AbstractModule;
import com.puppies.store.apis.*;
import openapitools.SecurityAPIUtils;
public class Module extends AbstractModule {
@@ -9,5 +10,6 @@ public class Module extends AbstractModule {
bind(PetApiControllerImpInterface.class).to(PetApiControllerImp.class);
bind(StoreApiControllerImpInterface.class).to(StoreApiControllerImp.class);
bind(UserApiControllerImpInterface.class).to(UserApiControllerImp.class);
bind(SecurityAPIUtils.class);
}
}

95
samples/server/petstore/java-play-framework-api-package-override/app/com/puppies/store/apis/PetApiControllerImpInterface.java
View File

@@ -15,7 +15,9 @@ import play.mvc.Result;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.JsonNode;
import openapitools.OpenAPIUtils;
import openapitools.SecurityAPIUtils;
import static play.mvc.Results.ok;
import static play.mvc.Results.unauthorized;
import play.libs.Files.TemporaryFile;
import javax.validation.constraints.*;
@@ -23,47 +25,70 @@ import javax.validation.constraints.*;
@SuppressWarnings("RedundantThrows")
public abstract class PetApiControllerImpInterface {
@Inject private Config configuration;
@Inject private SecurityAPIUtils securityAPIUtils;
private ObjectMapper mapper = new ObjectMapper();
public Result addPetHttp(Http.Request request, Pet body) throws Exception {
if (!securityAPIUtils.isRequestTokenValid(request, "petstore_auth")) {
return unauthorized();
}
addPet(request, body);
return ok();
return ok();
}
public abstract void addPet(Http.Request request, Pet body) throws Exception;
public Result deletePetHttp(Http.Request request, Long petId, String apiKey) throws Exception {
if (!securityAPIUtils.isRequestTokenValid(request, "petstore_auth")) {
return unauthorized();
}
deletePet(request, petId, apiKey);
return ok();
return ok();
}
public abstract void deletePet(Http.Request request, Long petId, String apiKey) throws Exception;
public Result findPetsByStatusHttp(Http.Request request, @NotNull List<String> status) throws Exception {
List<Pet> obj = findPetsByStatus(request, status);
if (configuration.getBoolean("useOutputBeanValidation")) {
for (Pet curItem : obj) {
OpenAPIUtils.validate(curItem);
if (!securityAPIUtils.isRequestTokenValid(request, "petstore_auth")) {
return unauthorized();
}
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
List<Pet> obj = findPetsByStatus(request, status);
if (configuration.getBoolean("useOutputBeanValidation")) {
for (Pet curItem : obj) {
OpenAPIUtils.validate(curItem);
}
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
public abstract List<Pet> findPetsByStatus(Http.Request request, @NotNull List<String> status) throws Exception;
public Result findPetsByTagsHttp(Http.Request request, @NotNull List<String> tags) throws Exception {
List<Pet> obj = findPetsByTags(request, tags);
if (configuration.getBoolean("useOutputBeanValidation")) {
for (Pet curItem : obj) {
OpenAPIUtils.validate(curItem);
if (!securityAPIUtils.isRequestTokenValid(request, "petstore_auth")) {
return unauthorized();
}
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
List<Pet> obj = findPetsByTags(request, tags);
if (configuration.getBoolean("useOutputBeanValidation")) {
for (Pet curItem : obj) {
OpenAPIUtils.validate(curItem);
}
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
@@ -71,39 +96,57 @@ return ok(result);
public Result getPetByIdHttp(Http.Request request, Long petId) throws Exception {
Pet obj = getPetById(request, petId);
if (configuration.getBoolean("useOutputBeanValidation")) {
if (configuration.getBoolean("useOutputBeanValidation")) {
OpenAPIUtils.validate(obj);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
public abstract Pet getPetById(Http.Request request, Long petId) throws Exception;
public Result updatePetHttp(Http.Request request, Pet body) throws Exception {
if (!securityAPIUtils.isRequestTokenValid(request, "petstore_auth")) {
return unauthorized();
}
updatePet(request, body);
return ok();
return ok();
}
public abstract void updatePet(Http.Request request, Pet body) throws Exception;
public Result updatePetWithFormHttp(Http.Request request, Long petId, String name, String status) throws Exception {
if (!securityAPIUtils.isRequestTokenValid(request, "petstore_auth")) {
return unauthorized();
}
updatePetWithForm(request, petId, name, status);
return ok();
return ok();
}
public abstract void updatePetWithForm(Http.Request request, Long petId, String name, String status) throws Exception;
public Result uploadFileHttp(Http.Request request, Long petId, String additionalMetadata, Http.MultipartFormData.FilePart<TemporaryFile> file) throws Exception {
if (!securityAPIUtils.isRequestTokenValid(request, "petstore_auth")) {
return unauthorized();
}
ModelApiResponse obj = uploadFile(request, petId, additionalMetadata, file);
if (configuration.getBoolean("useOutputBeanValidation")) {
if (configuration.getBoolean("useOutputBeanValidation")) {
OpenAPIUtils.validate(obj);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}

32
samples/server/petstore/java-play-framework-api-package-override/app/com/puppies/store/apis/StoreApiControllerImpInterface.java
View File

@@ -14,7 +14,9 @@ import play.mvc.Result;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.JsonNode;
import openapitools.OpenAPIUtils;
import openapitools.SecurityAPIUtils;
import static play.mvc.Results.ok;
import static play.mvc.Results.unauthorized;
import play.libs.Files.TemporaryFile;
import javax.validation.constraints.*;
@@ -22,11 +24,12 @@ import javax.validation.constraints.*;
@SuppressWarnings("RedundantThrows")
public abstract class StoreApiControllerImpInterface {
@Inject private Config configuration;
@Inject private SecurityAPIUtils securityAPIUtils;
private ObjectMapper mapper = new ObjectMapper();
public Result deleteOrderHttp(Http.Request request, String orderId) throws Exception {
deleteOrder(request, orderId);
return ok();
return ok();
}
@@ -34,8 +37,9 @@ return ok();
public Result getInventoryHttp(Http.Request request) throws Exception {
Map<String, Integer> obj = getInventory(request);
JsonNode result = mapper.valueToTree(obj);
return ok(result);
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
@@ -43,11 +47,14 @@ return ok(result);
public Result getOrderByIdHttp(Http.Request request, @Min(1) @Max(5)Long orderId) throws Exception {
Order obj = getOrderById(request, orderId);
if (configuration.getBoolean("useOutputBeanValidation")) {
if (configuration.getBoolean("useOutputBeanValidation")) {
OpenAPIUtils.validate(obj);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
@@ -55,11 +62,14 @@ return ok(result);
public Result placeOrderHttp(Http.Request request, Order body) throws Exception {
Order obj = placeOrder(request, body);
if (configuration.getBoolean("useOutputBeanValidation")) {
if (configuration.getBoolean("useOutputBeanValidation")) {
OpenAPIUtils.validate(obj);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}

31
samples/server/petstore/java-play-framework-api-package-override/app/com/puppies/store/apis/UserApiControllerImpInterface.java
View File

@@ -15,7 +15,9 @@ import play.mvc.Result;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.JsonNode;
import openapitools.OpenAPIUtils;
import openapitools.SecurityAPIUtils;
import static play.mvc.Results.ok;
import static play.mvc.Results.unauthorized;
import play.libs.Files.TemporaryFile;
import javax.validation.constraints.*;
@@ -23,11 +25,12 @@ import javax.validation.constraints.*;
@SuppressWarnings("RedundantThrows")
public abstract class UserApiControllerImpInterface {
@Inject private Config configuration;
@Inject private SecurityAPIUtils securityAPIUtils;
private ObjectMapper mapper = new ObjectMapper();
public Result createUserHttp(Http.Request request, User body) throws Exception {
createUser(request, body);
return ok();
return ok();
}
@@ -35,7 +38,7 @@ return ok();
public Result createUsersWithArrayInputHttp(Http.Request request, List<User> body) throws Exception {
createUsersWithArrayInput(request, body);
return ok();
return ok();
}
@@ -43,7 +46,7 @@ return ok();
public Result createUsersWithListInputHttp(Http.Request request, List<User> body) throws Exception {
createUsersWithListInput(request, body);
return ok();
return ok();
}
@@ -51,7 +54,7 @@ return ok();
public Result deleteUserHttp(Http.Request request, String username) throws Exception {
deleteUser(request, username);
return ok();
return ok();
}
@@ -59,11 +62,14 @@ return ok();
public Result getUserByNameHttp(Http.Request request, String username) throws Exception {
User obj = getUserByName(request, username);
if (configuration.getBoolean("useOutputBeanValidation")) {
if (configuration.getBoolean("useOutputBeanValidation")) {
OpenAPIUtils.validate(obj);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
@@ -71,8 +77,9 @@ return ok(result);
public Result loginUserHttp(Http.Request request, @NotNull String username, @NotNull String password) throws Exception {
String obj = loginUser(request, username, password);
JsonNode result = mapper.valueToTree(obj);
return ok(result);
JsonNode result = mapper.valueToTree(obj);
return ok(result);
}
@@ -80,7 +87,7 @@ return ok(result);
public Result logoutUserHttp(Http.Request request) throws Exception {
logoutUser(request);
return ok();
return ok();
}
@@ -88,7 +95,7 @@ return ok();
public Result updateUserHttp(Http.Request request, String username, User body) throws Exception {
updateUser(request, username, body);
return ok();
return ok();
}

165
samples/server/petstore/java-play-framework-api-package-override/app/openapitools/SecurityAPIUtils.java Normal file
View File

@@ -0,0 +1,165 @@
package openapitools;
import com.auth0.jwk.Jwk;
import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import com.typesafe.config.Config;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import play.mvc.Http;
import java.net.URL;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
@Singleton
public class SecurityAPIUtils {
private final String bearerPrefix = "Bearer ";
private final ObjectMapper mapper;
private boolean useOnlineValidation = false;
// Online validation
private HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
// Offline validation
private HashMap<String, String> jwksEndpoints = new HashMap<>();
private String tokenKeyId = "";
private JWTVerifier tokenVerifier; //Reusable verifier instance until tokenKeyId changes.
@Inject
SecurityAPIUtils(Config configuration) {
mapper = new ObjectMapper();
clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
tokenIntrospectEndpoints.put("petstore_auth", "");
jwksEndpoints.put("petstore_auth", "");
}
private boolean isRequestTokenValidByOnlineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authToken = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authToken.isPresent()) {
String tokenWithoutBearerPrefix = authToken.get().substring(bearerPrefix.length());
HttpClientBuilder builder = HttpClientBuilder.create();
HttpClient httpClient = builder.build();
HttpPost httppost = new HttpPost(this.tokenIntrospectEndpoints.get(securityMethodName));
List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair("token", tokenWithoutBearerPrefix));
params.add(new BasicNameValuePair("client_id", clientId));
params.add(new BasicNameValuePair("client_secret", clientSecret));
httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
HttpResponse response = httpClient.execute(httppost);
String responseJsonString = EntityUtils.toString(response.getEntity());
HashMap responseJsonObject = mapper.readValue(responseJsonString, HashMap.class);
return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && (boolean) responseJsonObject.get("active");
}
} catch (Exception exception) {
return false;
}
return false;
}
private boolean isRequestTokenValidByOfflineCheck(Http.Request request, String securityMethodName) {
try {
Optional<String> authHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
String bearerToken = authHeader.get().substring(bearerPrefix.length());
return isTokenValidByOfflineCheck(bearerToken, securityMethodName);
}
} catch (Exception exception) {
return false;
}
return false;
}
public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMethodName) {
try {
DecodedJWT jwt = JWT.decode(bearerToken);
String issuer = jwt.getIssuer();
String keyId = jwt.getKeyId();
if (!tokenKeyId.equals(keyId)) {
if (securityMethodName == null) {
securityMethodName = jwksEndpoints.keySet().stream().findFirst().get();
}
Jwk jwk = new UrlJwkProvider(new URL(this.jwksEndpoints.get(securityMethodName))).get(keyId);
final PublicKey publicKey = jwk.getPublicKey();
if (!(publicKey instanceof RSAPublicKey)) {
throw new IllegalArgumentException(String.format("Key with ID %s was found in JWKS but is not a RSA-key.", keyId));
}
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.build();
tokenKeyId = keyId;
}
DecodedJWT verifiedJWT = tokenVerifier.verify(bearerToken);
return true;
} catch (Exception exception) {
return false;
}
}
public String getOAuthUserIdFromRequestToken(Http.Request requestWithPreviouslyVerifiedToken) {
try {
Optional<String> authHeader = requestWithPreviouslyVerifiedToken.getHeaders().get(HttpHeaders.AUTHORIZATION);
if (authHeader.isPresent()) {
String bearerToken = authHeader.get().substring(bearerPrefix.length());
return getOAuthUserIdFromToken(bearerToken);
}
} catch (Exception exception) {
return null;
}
return null;
}
public String getOAuthUserIdFromToken(String bearerToken) {
try {
DecodedJWT jwt = JWT.decode(bearerToken);
return jwt.getSubject();
} catch (Exception exception) {
return null;
}
}
public boolean isRequestTokenValid(Http.Request request, String securityMethodName) {
return useOnlineValidation ? isRequestTokenValidByOnlineCheck(request, securityMethodName) : isRequestTokenValidByOfflineCheck(request, securityMethodName);
}
}

3
samples/server/petstore/java-play-framework-api-package-override/build.sbt
View File

@@ -9,3 +9,6 @@ scalaVersion := "2.12.6"
libraryDependencies += "org.webjars" % "swagger-ui" % "3.32.5"
libraryDependencies += "javax.validation" % "validation-api" % "2.0.1.Final"
libraryDependencies += guice
libraryDependencies += "com.auth0" % "java-jwt" % "3.18.1"
libraryDependencies += "com.auth0" % "jwks-rsa" % "0.19.0"
libraryDependencies += "org.apache.httpcomponents" % "httpclient" % "4.5.6"