CDCgov · jalbinson · Oct 21, 2024 · Oct 21, 2024 · Oct 21, 2024 · Oct 21, 2024
diff --git a/auth/build.gradle.kts b/auth/build.gradle.kts
@@ -21,11 +21,14 @@ dependencies {
  * Spring WebFlux was chosen for this project to be able to better handle periods of high traffic
  */
  implementation("org.springframework.boot:spring-boot-starter-webflux")
- implementation("org.springframework.cloud:spring-cloud-gateway-webflux")
+ implementation("org.springframework.cloud:spring-cloud-starter-gateway")
  implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
 
  runtimeOnly("com.nimbusds:oauth2-oidc-sdk:11.19.1")
 
+ // Swagger
+ implementation("org.springdoc:springdoc-openapi-starter-webflux-ui:2.6.0")
+
  testImplementation("org.springframework.boot:spring-boot-starter-test")
  testImplementation("org.springframework.security:spring-security-test")
  testImplementation("org.jetbrains.kotlin:kotlin-test-junit5")

diff --git a/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/AuthApplicationConstants.kt b/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/AuthApplicationConstants.kt
@@ -6,9 +6,16 @@ package gov.cdc.prime.reportstream.auth
 object AuthApplicationConstants {
 
  /**
- * All endpoints defined here
+ * All Auth service endpoints defined here
  */
  object Endpoints {
  const val HEALTHCHECK_ENDPOINT_V1 = "/api/v1/healthcheck"
  }
+
+ /**
+ * All Submissions service endpoints defined here
+ */
+ object SubmissionsEndpoints {
+ const val REPORTS_ENDPOINT_V1 = "/api/v1/reports"
+ }
 }
diff --git a/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/ApplicationConfig.kt b/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/ApplicationConfig.kt
@@ -1,7 +1,7 @@
 package gov.cdc.prime.reportstream.auth.config
 
+import gov.cdc.prime.reportstream.auth.model.Environment
 import org.springframework.boot.context.properties.ConfigurationProperties
-import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import kotlin.time.TimeSource
@@ -10,23 +10,14 @@ import kotlin.time.TimeSource
  * Simple class to automatically read configuration from application.yml (or environment variable overrides)
  */
 @Configuration
-@EnableConfigurationProperties(ProxyConfigurationProperties::class)
+@ConfigurationProperties(prefix = "app")
 class ApplicationConfig(
- val proxyConfig: ProxyConfigurationProperties,
+ var environment: Environment = Environment.LOCAL
 ) {
 
  @Bean
  fun timeSource(): TimeSource {
  return TimeSource.Monotonic
  }
-}
 
-@ConfigurationProperties("proxy")
-data class ProxyConfigurationProperties(
- val pathMappings: List<ProxyPathMapping>,
-)
-
-data class ProxyPathMapping(
- val baseUrl: String,
- val pathPrefix: String,
-)
+}
diff --git a/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/RouteConfig.kt b/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/RouteConfig.kt
@@ -0,0 +1,28 @@
+package gov.cdc.prime.reportstream.auth.config
+
+import gov.cdc.prime.reportstream.auth.AuthApplicationConstants
+import org.springframework.cloud.gateway.route.RouteLocator
+import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+
+/**
+ * Configuration class to set up route forwarding
+ */
+@Configuration
+class RouteConfig(
+ private val submissionsConfig: SubmissionsConfig
+) {
+
+ @Bean
+ fun routes(builder: RouteLocatorBuilder): RouteLocator {
+ return builder.routes()
+ .route {
+ it
+ .path(AuthApplicationConstants.SubmissionsEndpoints.REPORTS_ENDPOINT_V1)
+ .uri(submissionsConfig.baseUrl)
+ }
+ .build()
+ }
+
+}
diff --git a/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/SecurityConfig.kt b/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/SecurityConfig.kt
@@ -1,6 +1,8 @@
 package gov.cdc.prime.reportstream.auth.config
 
 import gov.cdc.prime.reportstream.auth.AuthApplicationConstants
+import gov.cdc.prime.reportstream.auth.model.Environment
+import org.apache.logging.log4j.kotlin.Logging
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
@@ -14,7 +16,9 @@ import org.springframework.security.web.server.SecurityWebFilterChain
  */
 @Configuration
 @EnableWebFluxSecurity
-class SecurityConfig {
+class SecurityConfig(
+ private val applicationConfig: ApplicationConfig
+) : Logging {
 
  @Bean
  fun securityWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
@@ -23,8 +27,15 @@ class SecurityConfig {
  authorize
  // allow health endpoint without authentication
  .pathMatchers(AuthApplicationConstants.Endpoints.HEALTHCHECK_ENDPOINT_V1).permitAll()
- // all other requests must be authenticated
- .anyExchange().authenticated()
+
+ // allow unauthenticated access to swagger on local environments
+ if (applicationConfig.environment == Environment.LOCAL) {
+ logger.info("Allowing unauthenticated Swagger access at http://localhost:9000/swagger/ui.html")
+ authorize.pathMatchers("/swagger/**").permitAll()
+ }
+
+ // all other requests must be authenticated
+ authorize.anyExchange().authenticated()
  }
  .oauth2ResourceServer {
  it.opaqueToken { }

diff --git a/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/SubmissionsConfig.kt b/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/config/SubmissionsConfig.kt
@@ -0,0 +1,13 @@
+package gov.cdc.prime.reportstream.auth.config
+
+import org.springframework.boot.context.properties.ConfigurationProperties
+import org.springframework.context.annotation.Configuration
+
+/**
+ * Configuration for Submissions microservice
+ */
+@Configuration
+@ConfigurationProperties(prefix = "submissions")
+data class SubmissionsConfig(
+ var baseUrl: String = "http://localhost:8080"
+)
diff --git a/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/controller/AuthController.kt b/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/controller/AuthController.kt
diff --git a/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/model/Environment.kt b/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/model/Environment.kt
@@ -0,0 +1,10 @@
+package gov.cdc.prime.reportstream.auth.model
+
+/**
+ * All possible environments the auth app can be running
+ */
+enum class Environment {
+ LOCAL,
+ STAGING,
+ PRODUCTION
+}
diff --git a/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/service/ProxyURIStrategy.kt b/auth/src/main/kotlin/gov/cdc/prime/reportstream/auth/service/ProxyURIStrategy.kt
diff --git a/auth/src/main/resources/application.yml b/auth/src/main/resources/application.yml
@@ -1,26 +1,28 @@
 spring:
  application:
  name: "auth"
- profiles:
- active: local
  security:
  oauth2:
  resourceserver:
  opaquetoken: # Set client secret in SPRING_SECURITY_OAUTH2_RESOURCESERVER_OPAQUETOKEN_CLIENT_SECRET env variable
  client-id: 0oaek8tip2lhrhHce1d7
  introspection-uri: https://reportstream.oktapreview.com/oauth2/ausekaai7gUuUtHda1d7/v1/introspect
- cloud:
- gateway:
- proxy:
- sensitive: [] # pass authorization and cookie headers downstream (filtered by default)
 
 server.port: 9000
 
-proxy.pathMappings:
- - pathPrefix: /reportstream
- baseUrl: http://localhost:7071
- - pathPrefix: /submissions
- baseUrl: http://localhost:8880
+app:
+ environment: local
+
+# submissions microservice configuration
+submissions:
+ baseUrl: http://localhost:8080
+
+# Ensure these are disabled in production
+springdoc:
+ swagger-ui:
+ path: /swagger/ui.html
+ api-docs:
+ path: /swagger/api-docs
 
 #Uncomment for verbose logging
 #logging: