Podzilla · NourAlPha · Apr 27, 2025 · Apr 27, 2025 · Apr 27, 2025 · Apr 27, 2025
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,9 @@ target/
 !.mvn/wrapper/maven-wrapper.jar
 !**/src/main/**/target/
 !**/src/test/**/target/
+logs/
+*.log
+secret.env
 
 ### STS ###
 .apt_generated

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,6 +1,7 @@
 services:
   backend:
     image: openjdk:25-ea-4-jdk-oraclelinux9
+    container_name: auth
     ports:
       - "8080:8080"
     env_file:
@@ -9,13 +10,15 @@ services:
       - auth_db
     environment:
       - SPRING_DATASOURCE_URL=jdbc:postgresql://auth_db:5432/authDB
+      - SPRING_DATA_REDIS_HOST=redis_cache
     volumes:
       - ./target:/app
       - ./logs:/logs
     command: [ "java", "-jar", "/app/auth-0.0.1-SNAPSHOT.jar" ]
 
   auth_db:
-    image: postgres:latest
+    image: postgres:14.17
+    container_name: auth_db
     environment:
       POSTGRES_PASSWORD: 1234
       POSTGRES_USER: postgres
@@ -24,13 +27,15 @@ services:
       - "5432:5432"
 
   loki:
-    image: grafana/loki:latest
+    image: grafana/loki:3.5.0
+    container_name: loki
     ports:
       - "3100:3100"
     command: -config.file=/etc/loki/local-config.yaml
 
   promtail:
-    image: grafana/promtail:latest
+    image: grafana/promtail:3.5.0
+    container_name: promtail
     volumes:
       - ./promtail-config.yml:/etc/promtail/promtail-config.yaml
       - ./logs:/logs
@@ -39,8 +44,23 @@ services:
       - loki
 
   grafana:
-    image: grafana/grafana:latest
+    image: grafana/grafana:11.6.1
+    container_name: grafana
     ports:
       - "3000:3000"
     depends_on:
       - loki
+
+
+  redis_cache:
+    image: redis:7.4.3
+    container_name: redisCache
+    ports:
+      - "6379:6379"
+
+  redisinsight:
+    image: redis/redisinsight:2.68
+    container_name: redisInsight
+    ports:
+      - "5540:5540"
+    restart: always
diff --git a/src/main/java/com/podzilla/auth/AuthApplication.java b/src/main/java/com/podzilla/auth/AuthApplication.java
@@ -2,8 +2,10 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cache.annotation.EnableCaching;
 
 @SpringBootApplication
+@EnableCaching
 public class AuthApplication {
 
     public static void main(final String[] args) {

diff --git a/src/main/java/com/podzilla/auth/dto/CustomUserDetails.java b/src/main/java/com/podzilla/auth/dto/CustomUserDetails.java
@@ -0,0 +1,42 @@
+package com.podzilla.auth.dto;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.Set;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class CustomUserDetails implements UserDetails {
+
+    private String username;
+    private String password;
+    private Set<GrantedAuthority> authorities;
+
+    public CustomUserDetails() {
+        // No-arg constructor required by Jackson
+    }
+
+    public CustomUserDetails(final String username, final String password,
+                             final Set<GrantedAuthority> authorities) {
+        this.username = username;
+        this.password = password;
+        this.authorities = authorities;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+}
diff --git a/src/main/java/com/podzilla/auth/exception/GlobalExceptionHandler.java b/src/main/java/com/podzilla/auth/exception/GlobalExceptionHandler.java
@@ -2,11 +2,31 @@
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
 
 @RestControllerAdvice
-public class GlobalExceptionHandler {
+public class GlobalExceptionHandler extends ResponseEntityExceptionHandler {
+
+
+    @ExceptionHandler(AccessDeniedException.class)
+    public ResponseEntity<ErrorResponse> handleAccessDeniedException(
+            final AccessDeniedException exception) {
+        return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                .body(new ErrorResponse(exception.getMessage(),
+                        HttpStatus.FORBIDDEN));
+    }
+
+    @ExceptionHandler(AuthenticationException.class)
+    public ResponseEntity<ErrorResponse> handleAuthenticationException(
+            final AuthenticationException exception) {
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .body(new ErrorResponse(exception.getMessage(),
+                        HttpStatus.UNAUTHORIZED));
+    }
 
     @ExceptionHandler(NotFoundException.class)
     public ResponseEntity<ErrorResponse> handleNotFoundException(

diff --git a/src/main/java/com/podzilla/auth/model/RefreshToken.java b/src/main/java/com/podzilla/auth/model/RefreshToken.java
@@ -9,9 +9,11 @@
 import jakarta.persistence.ManyToOne;
 import jakarta.persistence.Column;
 import jakarta.persistence.Table;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
 import lombok.Getter;
-import lombok.NoArgsConstructor;
 import lombok.Setter;
+import lombok.NoArgsConstructor;
 import org.springframework.data.annotation.CreatedDate;
 import org.springframework.data.jpa.domain.support.AuditingEntityListener;
 
@@ -21,8 +23,10 @@
 @Entity
 @Table(name = "refresh_tokens")
 @Getter
+@Builder
 @Setter
 @NoArgsConstructor
+@AllArgsConstructor
 @EntityListeners(AuditingEntityListener.class)
 public class RefreshToken {
 

diff --git a/src/main/java/com/podzilla/auth/redis/RedisCacheConfig.java b/src/main/java/com/podzilla/auth/redis/RedisCacheConfig.java
@@ -0,0 +1,38 @@
+package com.podzilla.auth.redis;
+
+import com.podzilla.auth.dto.CustomUserDetails;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.cache.RedisCacheConfiguration;
+import org.springframework.data.redis.cache.RedisCacheManager;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializationContext;
+
+import java.time.Duration;
+
+@Configuration
+public class RedisCacheConfig {
+
+    private static final int CACHE_TTL = 60 * 60;
+
+    @Bean
+    public RedisCacheManager cacheManager(
+            final RedisConnectionFactory redisConnectionFactory) {
+
+        RedisCacheConfiguration defaultConfig = RedisCacheConfiguration
+                .defaultCacheConfig()
+                .entryTtl(Duration.ofMinutes(CACHE_TTL))
+                .disableCachingNullValues()
+                .serializeValuesWith(
+                        RedisSerializationContext.
+                                SerializationPair.
+                                fromSerializer(
+                                        new Jackson2JsonRedisSerializer<>(
+                                                CustomUserDetails.class)));
+
+        return RedisCacheManager.builder(redisConnectionFactory)
+                .cacheDefaults(defaultConfig)
+                .build();
+    }
+}
diff --git a/src/main/java/com/podzilla/auth/security/JWTAuthenticationFilter.java b/src/main/java/com/podzilla/auth/security/JWTAuthenticationFilter.java
@@ -62,7 +62,7 @@ protected void doFilterInternal(final HttpServletRequest request,
             context.setAuthentication(authToken);
             SecurityContextHolder.setContext(context);
 
-
+            LOGGER.info("User {} authenticated", userEmail);
         } catch (Exception e) {
             LOGGER.error("Invalid JWT token: {}", e.getMessage());
         }

diff --git a/src/main/java/com/podzilla/auth/security/RestAuthenticationEntryPoint.java b/src/main/java/com/podzilla/auth/security/RestAuthenticationEntryPoint.java
diff --git a/src/main/java/com/podzilla/auth/security/SecurityConfig.java b/src/main/java/com/podzilla/auth/security/SecurityConfig.java
@@ -2,7 +2,6 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@@ -35,22 +34,20 @@ SecurityFilterChain securityFilterChain(final HttpSecurity http)
                 .csrf(AbstractHttpConfigurer::disable)
                 .addFilterBefore(jwtAuthenticationFilter,
                         UsernamePasswordAuthenticationFilter.class)
-                .exceptionHandling(exceptionHandling ->
-                        exceptionHandling
-                                .authenticationEntryPoint(
-                                        new RestAuthenticationEntryPoint())
-                )
                 .authorizeHttpRequests((auth) ->
-                        auth.requestMatchers(
-                                        HttpMethod.GET, "public_resource")
+                        auth
+                                .requestMatchers("/auth/login")
+                                .permitAll()
+                                .requestMatchers("/auth/register")
+                                .permitAll()
+                                .requestMatchers("/auth/refresh-token")
                                 .permitAll()
-                                .requestMatchers("/auth/**").permitAll()
                                 .requestMatchers("/admin/**")
                                 .hasRole("ADMIN")
                                 .requestMatchers("/swagger-ui/**",
-                                        "/v3/api-docs/**").permitAll()
+                                        "/v3/api-docs/**")
+                                .permitAll()
                                 .anyRequest().authenticated()
-
                 )
                 .sessionManagement(s -> s
                         .sessionCreationPolicy(

diff --git a/src/main/java/com/podzilla/auth/service/AuthenticationService.java b/src/main/java/com/podzilla/auth/service/AuthenticationService.java
@@ -65,22 +65,31 @@ public String login(final LoginRequest loginRequest,
     }
 
     public void registerAccount(final SignupRequest signupRequest) {
+        if (signupRequest.getPassword().isEmpty()) {
+            throw new ValidationException("Password cannot be empty.");
+        }
+
         if (userRepository.existsByEmail(signupRequest.getEmail())) {
             throw new ValidationException("Email already in use.");
         }
 
-        User account = new User(
-                signupRequest.getName(),
-                signupRequest.getEmail(),
-                passwordEncoder.encode(signupRequest.getPassword()));
+        User account =
+                User.builder()
+                        .name(signupRequest.getName())
+                        .email(signupRequest.getEmail())
+                        .password(
+                                passwordEncoder.encode(
+                                        signupRequest.getPassword()))
+                        .build();
         Role role = roleRepository.findByErole(ERole.ROLE_USER).orElse(null);
         account.setRoles(Collections.singleton(role));
         userRepository.save(account);
     }
 
-    public void logoutUser(final HttpServletResponse response) {
+    public void logoutUser(
+            final HttpServletResponse response) {
         tokenService.removeAccessTokenFromCookie(response);
-        tokenService.removeRefreshTokenFromCookie(response);
+        tokenService.removeRefreshTokenFromCookieAndExpire(response);
     }
 
     public String refreshToken(final HttpServletRequest request,

diff --git a/src/main/java/com/podzilla/auth/service/CustomUserDetailsService.java b/src/main/java/com/podzilla/auth/service/CustomUserDetailsService.java
@@ -1,9 +1,11 @@
 package com.podzilla.auth.service;
 
+import com.podzilla.auth.dto.CustomUserDetails;
 import com.podzilla.auth.exception.NotFoundException;
 import com.podzilla.auth.model.User;
 import com.podzilla.auth.repository.UserRepository;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -24,6 +26,7 @@ public CustomUserDetailsService(final UserRepository userRepository) {
     }
 
     @Override
+    @Cacheable(value = "userDetails", key = "#email")
     public UserDetails loadUserByUsername(final String email) {
         User user = userRepository.findByEmail(email)
                 .orElseThrow(() ->
@@ -37,7 +40,7 @@ public UserDetails loadUserByUsername(final String email) {
                         role.getErole().name()))
                 .collect(Collectors.toSet());
 
-        return new org.springframework.security.core.userdetails.User(
+        return new CustomUserDetails(
                 user.getEmail(),
                 user.getPassword(),
                 authorities