forked from Onlineberatung/onlineBeratung-videoService
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11 from Onlineberatung/develop
[pull] develop from Onlineberatung:develop
- Loading branch information
Showing
18 changed files
with
693 additions
and
163 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| version: '1' | ||
| version: "1" | ||
| rules: | ||
| - base: develop | ||
| upstream: Onlineberatung:develop | ||
| mergeMethod: merge | ||
| label: ':arrow_heading_down: pull' | ||
| conflictLabel: 'merge-conflict' | ||
| - base: develop | ||
| upstream: Onlineberatung:develop | ||
| mergeMethod: merge | ||
| label: ":arrow_heading_down: pull" | ||
| conflictLabel: "merge-conflict" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,8 +2,11 @@ name: Publish Docker image | |
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - "develop" | ||
| tags: | ||
| - 'dockerImage.v.*' | ||
| - "dockerImage.v.*" | ||
| - "v*" | ||
|
|
||
| jobs: | ||
| test: | ||
|
|
@@ -38,8 +41,8 @@ jobs: | |
| push_to_registry: | ||
| strategy: | ||
| matrix: | ||
| registry: [ "docker.pkg.github.com", "ghcr.io" ] | ||
| needs: [ test ] | ||
| registry: ["docker.pkg.github.com", "ghcr.io"] | ||
| needs: [test] | ||
| name: Push Docker image to GitHub Packages | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
|
|
@@ -48,10 +51,27 @@ jobs: | |
| uses: actions/download-artifact@v2 | ||
| with: | ||
| name: targetfiles | ||
| - name: Prepare Docker variables | ||
| - name: Get current time | ||
| id: time | ||
| uses: nanzm/[email protected] | ||
| with: | ||
| timeZone: 2 | ||
| format: "YYYYMMDD[_]HHmmss" | ||
| - name: Prepare environment variables | ||
| run: | | ||
| echo "DOCKER_REGISTRY=$(echo "${{ matrix.registry }}/${{ github.repository }}" | awk '{print tolower($0)}')" >> $GITHUB_ENV | ||
| echo "DOCKER_IMAGE=$(echo "${{ github.repository }}" | awk -F / '{print tolower($2)}')" >> $GITHUB_ENV | ||
| echo CLEAN_REF=$(echo "${GITHUB_REF_NAME#refs/heads/}") >> $GITHUB_ENV | ||
| echo TYPE=$(echo -n "${GITHUB_REF_TYPE}") >> $GITHUB_ENV | ||
| echo TIME_STAMP=$(echo -n "${{ steps.time.outputs.time }}") >> $GITHUB_ENV | ||
| shell: bash | ||
| - name: Set branch_timestamp for image from branch | ||
| if: ${{ env.TYPE == 'branch' }} | ||
| run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}_${{ env.TIME_STAMP }}") >> $GITHUB_ENV | ||
| shell: bash | ||
| - name: Set tag for image from tag | ||
| if: ${{ env.TYPE == 'tag' }} | ||
| run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}") >> $GITHUB_ENV | ||
| shell: bash | ||
| - name: Push to GitHub Packages | ||
| uses: docker/[email protected] | ||
|
|
@@ -60,4 +80,17 @@ jobs: | |
| password: ${{ secrets.GH_PACKAGE_RELEASE_TOKEN }} | ||
| registry: ${{ env.DOCKER_REGISTRY }} | ||
| repository: ${{ env.DOCKER_IMAGE }} | ||
| tag_with_ref: true | ||
| tags: ${{ env.DOCKER_IMAGE_TAG}} | ||
| - name: Hint about the Docker Image Tag if successfull | ||
| if: ${{ success() }} | ||
| run: | | ||
| echo "### Publish Docker image :white_check_mark:" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| echo "- Image name: ${{ env.DOCKER_IMAGE }}" >> $GITHUB_STEP_SUMMARY | ||
| echo "- Version: ${{ env.DOCKER_IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY | ||
| - name: Hint about the Docker Image Tag if not successfull | ||
| if: ${{ failure() || cancelled() }} | ||
| run: | | ||
| echo "### Publish Docker image :x:" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| echo "- It seems that something has gone wrong" >> $GITHUB_STEP_SUMMARY | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -29,4 +29,4 @@ jobs: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| branch: ${{env.BRANCH}} | ||
| force: true | ||
| tags: true | ||
| tags: true | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
53 changes: 53 additions & 0 deletions
53
src/main/java/de/caritas/cob/videoservice/api/tenant/AccessTokenTenantResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| package de.caritas.cob.videoservice.api.tenant; | ||
|
|
||
| import java.util.Map; | ||
| import java.util.Optional; | ||
| import javax.servlet.http.HttpServletRequest; | ||
| import lombok.AllArgsConstructor; | ||
| import lombok.extern.slf4j.Slf4j; | ||
| import org.keycloak.KeycloakSecurityContext; | ||
| import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken; | ||
| import org.springframework.stereotype.Component; | ||
|
|
||
|
|
||
| @AllArgsConstructor | ||
| @Component | ||
| @Slf4j | ||
| public class AccessTokenTenantResolver implements TenantResolver { | ||
|
|
||
| private static final String TENANT_ID = "tenantId"; | ||
|
|
||
| @Override | ||
| public Optional<Long> resolve(HttpServletRequest request) { | ||
| return resolveTenantIdFromTokenClaims(request); | ||
| } | ||
|
|
||
| private Optional<Long> resolveTenantIdFromTokenClaims(HttpServletRequest request) { | ||
| Map<String, Object> claimMap = getClaimMap(request); | ||
| log.debug("Found tenantId in claim : " + claimMap.toString()); | ||
| return getUserTenantIdAttribute(claimMap); | ||
| } | ||
|
|
||
| private Optional<Long> getUserTenantIdAttribute(Map<String, Object> claimMap) { | ||
| if (claimMap.containsKey(TENANT_ID)) { | ||
| Integer tenantId = (Integer) claimMap.get(TENANT_ID); | ||
| return Optional.of(Long.valueOf(tenantId)); | ||
| } else { | ||
| return Optional.empty(); | ||
| } | ||
| } | ||
|
|
||
| private Map<String, Object> getClaimMap(HttpServletRequest request) { | ||
| KeycloakSecurityContext keycloakSecContext = | ||
| ((KeycloakAuthenticationToken) request.getUserPrincipal()).getAccount() | ||
| .getKeycloakSecurityContext(); | ||
| return keycloakSecContext.getToken().getOtherClaims(); | ||
| } | ||
|
|
||
| @Override | ||
| public boolean canResolve(HttpServletRequest request) { | ||
| return resolve(request).isPresent(); | ||
| } | ||
|
|
||
|
|
||
| } |
24 changes: 24 additions & 0 deletions
24
src/main/java/de/caritas/cob/videoservice/api/tenant/CustomHeaderTenantResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| package de.caritas.cob.videoservice.api.tenant; | ||
|
|
||
| import de.caritas.cob.videoservice.api.service.TenantHeaderSupplier; | ||
| import java.util.Optional; | ||
| import javax.servlet.http.HttpServletRequest; | ||
| import lombok.AllArgsConstructor; | ||
| import lombok.NonNull; | ||
| import org.springframework.stereotype.Component; | ||
|
|
||
| @Component | ||
| @AllArgsConstructor | ||
| public class CustomHeaderTenantResolver implements TenantResolver { | ||
| private final @NonNull TenantHeaderSupplier tenantHeaderSupplier; | ||
|
|
||
| @Override | ||
| public Optional<Long> resolve(HttpServletRequest request) { | ||
| return tenantHeaderSupplier.getTenantFromHeader(); | ||
| } | ||
|
|
||
| @Override | ||
| public boolean canResolve(HttpServletRequest request) { | ||
| return resolve(request).isPresent(); | ||
| } | ||
| } |
45 changes: 45 additions & 0 deletions
45
src/main/java/de/caritas/cob/videoservice/api/tenant/SubdomainTenantResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| package de.caritas.cob.videoservice.api.tenant; | ||
|
|
||
| import static java.util.Optional.empty; | ||
| import static java.util.Optional.of; | ||
|
|
||
| import de.caritas.cob.videoservice.api.service.TenantService; | ||
| import de.caritas.cob.videoservice.filter.SubdomainExtractor; | ||
| import java.util.Optional; | ||
| import javax.servlet.http.HttpServletRequest; | ||
| import lombok.AllArgsConstructor; | ||
| import lombok.NonNull; | ||
| import org.springframework.stereotype.Component; | ||
|
|
||
|
|
||
| @AllArgsConstructor | ||
| @Component | ||
| public class SubdomainTenantResolver implements TenantResolver { | ||
|
|
||
| private final @NonNull SubdomainExtractor subdomainExtractor; | ||
|
|
||
| private final @NonNull TenantService tenantService; | ||
|
|
||
| @Override | ||
| public Optional<Long> resolve(HttpServletRequest request) { | ||
| return resolveTenantFromSubdomain(); | ||
| } | ||
|
|
||
| private Optional<Long> resolveTenantFromSubdomain() { | ||
| Optional<String> currentSubdomain = subdomainExtractor.getCurrentSubdomain(); | ||
| if (currentSubdomain.isPresent()) { | ||
| return of(getTenantIdBySubdomain(currentSubdomain.get())); | ||
| } else { | ||
| return empty(); | ||
| } | ||
| } | ||
|
|
||
| private Long getTenantIdBySubdomain(String currentSubdomain) { | ||
| return tenantService.getRestrictedTenantDataBySubdomain(currentSubdomain).getId(); | ||
| } | ||
|
|
||
| @Override | ||
| public boolean canResolve(HttpServletRequest request) { | ||
| return resolve(request).isPresent(); | ||
| } | ||
| } |
31 changes: 31 additions & 0 deletions
31
src/main/java/de/caritas/cob/videoservice/api/tenant/TechnicalUserTenantResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| package de.caritas.cob.videoservice.api.tenant; | ||
|
|
||
| import java.util.Optional; | ||
| import javax.servlet.http.HttpServletRequest; | ||
| import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken; | ||
| import org.keycloak.representations.AccessToken; | ||
| import org.springframework.stereotype.Component; | ||
|
|
||
| @Component | ||
| public class TechnicalUserTenantResolver implements TenantResolver { | ||
|
|
||
| @Override | ||
| public Optional<Long> resolve(HttpServletRequest request) { | ||
| return isTechnicalUserRole(request) ? Optional.of(0L) : Optional.empty(); | ||
| } | ||
|
|
||
| private boolean isTechnicalUserRole(HttpServletRequest request) { | ||
| AccessToken token = ((KeycloakAuthenticationToken) request.getUserPrincipal()).getAccount() | ||
| .getKeycloakSecurityContext().getToken(); | ||
| return hasRoles(token) && token.getRealmAccess().getRoles().contains("technical"); | ||
| } | ||
|
|
||
| private boolean hasRoles(AccessToken accessToken) { | ||
| return accessToken.getRealmAccess() != null && accessToken.getRealmAccess().getRoles() != null; | ||
| } | ||
|
|
||
| @Override | ||
| public boolean canResolve(HttpServletRequest request) { | ||
| return resolve(request).isPresent(); | ||
| } | ||
| } |
Oops, something went wrong.