v0.7.0 HTTP improvements

.gitignore

@@ -1,11 +1,13 @@
+build
+
+# IntelliJ IDEA
 .idea
 
 # Gradle
 .gradle
-build
+
 # Gradle binaries
-# These are not needed for building the project with Docker
-# These would be needed to build the projct without Docker, so instead just install Gradle on your system
-gradle
+# just install gradle lol
+gradle/wrapper
 gradlew
 gradlew.bat

CHANGELOG.md

@@ -145,7 +145,7 @@ Canvas manipulation
 
 did a bunch of commits on master
 
-### v0.6
+## v0.6
 Rework project architecture
 
 ### v0.6.0
@@ -154,4 +154,13 @@ Typescript refactor
 
 ### v0.6.1
 Fix build system
-- Rework rollup with typescript and environment variables
+- Rework rollup with typescript and environment variables
+
+## v0.7
+HTTP improvements
+
+### v0.7.0
+Rework authentication
+- Robust exception handling
+- Password based authentication schemes
+- Log in, log out, registration pages

scribbleshare-app/Dockerfile → app/Dockerfile

@@ -5,11 +5,11 @@ FROM node:15 AS scribbleshare-frontend-build
 
 WORKDIR /usr/src/app
 
-COPY scribbleshare-frontend .
+COPY frontend .
 
 RUN npm install
-RUN chmod +x build.sh \
-build.sh
+RUN chmod +x build.sh
+RUN ./build.sh
 
 
 #
@@ -25,7 +25,7 @@ WORKDIR /usr/app
 COPY --from=scribbleshare-frontend-build /usr/src/app/build ./html
 
 # Copy jar (should already be built with gradle shadowJar)
-COPY scribbleshare-backend/build/libs/scribbleshare-backend-all.jar scribbleshare-backend.jar
+COPY backend/build/libs/scribbleshare-backend-all.jar scribbleshare-backend.jar
 
 HEALTHCHECK --interval=5s --timeout=5s --retries=5 CMD curl --fail http://localhost:80/healthcheck || exit 1
 

scribbleshare-app/scribbleshare-backend/build.gradle → app/backend/build.gradle

@@ -3,12 +3,8 @@ plugins {
     id 'com.github.johnrengelman.shadow' version '6.1.0'
 }
 
-repositories {
-    mavenCentral()
-}
-
 dependencies {
-    implementation project(':scribbleshare-commons')
+    implementation project(':commons')
 }
 
 // https://github.com/johnrengelman/shadow/issues/609#issuecomment-795983873

scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackend.java → app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackend.java

@@ -2,9 +2,9 @@
 
 import io.netty.channel.ChannelFuture;
 import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.backend.data.database.ScribbleshareBackendDatabase;
+import net.stzups.scribbleshare.backend.data.database.implementations.PostgresDatabase;
 import net.stzups.scribbleshare.backend.server.BackendHttpServerInitializer;
-import net.stzups.scribbleshare.data.database.ScribbleshareDatabase;
-import net.stzups.scribbleshare.data.database.implementations.PostgresDatabase;
 
 public class ScribbleshareBackend extends Scribbleshare implements AutoCloseable {
     private final ScribbleshareBackendConfig config;
@@ -33,7 +33,7 @@ public static void main(String[] args) throws Exception {
         }
     }
 
-    public ScribbleshareDatabase getDatabase() {
+    public ScribbleshareBackendDatabase getDatabase() {
         return database;
     }
 

scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfig.java → app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfig.java

@@ -1,8 +1,8 @@
 package net.stzups.scribbleshare.backend;
 
+import net.stzups.netty.http.handler.handlers.FileRequestHandler;
 import net.stzups.scribbleshare.ScribbleshareConfig;
-import net.stzups.scribbleshare.backend.server.http.HttpServerHandler;
 
-public interface ScribbleshareBackendConfig extends ScribbleshareConfig, HttpServerHandler.Config {
+public interface ScribbleshareBackendConfig extends ScribbleshareConfig, FileRequestHandler.Config {
 
 }

scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfigImplementation.java → app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfigImplementation.java

@@ -1,13 +1,14 @@
 package net.stzups.scribbleshare.backend;
 
+import net.stzups.config.ConfigKey;
+import net.stzups.config.OptionalConfigKey;
 import net.stzups.scribbleshare.ScribbleshareConfigImplementation;
-import net.stzups.scribbleshare.config.ConfigKey;
-import net.stzups.scribbleshare.config.OptionalConfigKey;
 
 public class ScribbleshareBackendConfigImplementation extends ScribbleshareConfigImplementation implements ScribbleshareBackendConfig {
     private static final ConfigKey<String> HTML_ROOT = new OptionalConfigKey<>("html.root", "html");
     private static final ConfigKey<String> MIME_TYPES_FILE_PATH = new OptionalConfigKey<>("mimetypes.path", "mime.types");
     private static final ConfigKey<Integer> HTTP_CACHE_SECONDS = new OptionalConfigKey<>("http.cache.seconds", 0);
+    private static final ConfigKey<String> DEBUG_JS_ROOT = new OptionalConfigKey<>("debug.js.root", "");
 
     @Override
     public String getHttpRoot() {
@@ -24,4 +25,9 @@ public String getMimeTypesFilePath() {
         return getString(MIME_TYPES_FILE_PATH);
     }
 
+    @Override
+    public String getDebugJsRoot() {
+        return getString(DEBUG_JS_ROOT);
+    }
+
 }

app/backend/src/main/java/net/stzups/scribbleshare/backend/data/PersistentHttpUserSession.java

@@ -0,0 +1,102 @@
+package net.stzups.scribbleshare.backend.data;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import net.stzups.netty.http.exception.exceptions.BadRequestException;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.netty.http.exception.exceptions.UnauthorizedException;
+import net.stzups.scribbleshare.backend.data.database.databases.PersistentHttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.HttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.UserDatabase;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.User;
+import net.stzups.scribbleshare.data.objects.authentication.AuthenticationResult;
+import net.stzups.scribbleshare.data.objects.authentication.UserSession;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpSessionCookie;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSession;
+import net.stzups.util.DebugString;
+
+import java.sql.Timestamp;
+import java.time.Duration;
+import java.time.Instant;
+
+public class PersistentHttpUserSession extends UserSession {
+    private static final Duration MAX_AGE = Duration.ofDays(90);
+
+    public static final String LOGIN_PATH = "/";
+
+    public PersistentHttpUserSession(HttpConfig config, HttpUserSession httpSession, HttpResponse response) {
+        super(httpSession.getUser());
+        new PersistentHttpUserSessionCookie(getId(), generateToken()).setCookie(config, response);
+    }
+
+    public PersistentHttpUserSession(long id, Timestamp creation, Timestamp expiration, long userId, ByteBuf byteBuf) {
+        super(id, creation, expiration, userId, byteBuf);
+    }
+
+    public AuthenticationResult validate(HttpSessionCookie cookie) {
+        if (!Instant.now().isBefore(getCreated().toInstant().plus(MAX_AGE)))
+            return AuthenticationResult.STALE;
+
+        return validate(cookie.getToken());
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(PersistentHttpUserSession.class, super.toString())
+                .toString();
+    }
+
+    /** get and expire persistent http user session */
+
+    public static<T extends PersistentHttpSessionDatabase> PersistentHttpUserSession getSession(T database, FullHttpRequest request, HttpResponse response) throws UnauthorizedException, InternalServerException {
+        PersistentHttpUserSessionCookie cookie = PersistentHttpUserSessionCookie.getCookie(request);
+        if (cookie == null) {
+            return null;
+        }
+
+        PersistentHttpUserSession session;
+        try {
+            session = database.getPersistentHttpUserSession(cookie);
+
+            if (session == null) {
+                throw new UnauthorizedException("No " + PersistentHttpUserSession.class + " for " + cookie);
+            }
+
+            database.expirePersistentHttpUserSession(session);
+            PersistentHttpUserSessionCookie.clearCookie(response);
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+
+        AuthenticationResult result = session.validate(cookie);
+        if (result != AuthenticationResult.SUCCESS) {
+            throw new UnauthorizedException("Validating " + cookie + " for " + session + " resulted in " + result);
+        }
+
+        return session;
+    }
+
+     /** logs in if not authenticated, or null if no auth */
+    public static<T extends HttpSessionDatabase & PersistentHttpSessionDatabase & UserDatabase> HttpUserSession logIn(HttpConfig config, T database, FullHttpRequest request, HttpResponse response) throws UnauthorizedException, InternalServerException, BadRequestException {
+        PersistentHttpUserSession session = getSession(database, request, response);
+        if (session == null) {
+            return null;
+        }
+
+        User user;
+        try {
+            user = database.getUser(session.getUser());
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+        if (user == null) {
+            throw new InternalServerException("User somehow does not exist " + user);
+        }
+
+        HttpUserSession s = new HttpUserSession(config, user, response);
+        return createHttpSession(config, database, user, headers);
+    }
+}

app/backend/src/main/java/net/stzups/scribbleshare/backend/data/PersistentHttpUserSessionCookie.java

@@ -0,0 +1,66 @@
+package net.stzups.scribbleshare.backend.data;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.handler.codec.http.HttpHeaders;
+import io.netty.handler.codec.http.HttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import io.netty.handler.codec.http.cookie.Cookie;
+import net.stzups.netty.http.HttpUtils;
+import net.stzups.netty.http.exception.exceptions.BadRequestException;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpSessionCookie;
+import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
+import net.stzups.util.DebugString;
+
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
+
+public class PersistentHttpUserSessionCookie extends HttpSessionCookie {
+    private static final String COOKIE_NAME = "persistent_session";
+    private static final Duration MAX_AGE = Duration.ofDays(90);
+
+    PersistentHttpUserSessionCookie(ByteBuf byteBuf) throws DeserializationException {
+        super(byteBuf);
+    }
+
+    PersistentHttpUserSessionCookie(long id, byte[] token) {
+        super(id, token);
+    }
+
+  /*  @Override
+    protected static void setCookie(HttpConfig config, DefaultCookie cookie) {
+
+    }*/
+
+    public void setCookie(HttpConfig config, HttpHeaders headers) {
+        Cookie cookie = getCookie(config, COOKIE_NAME);
+        cookie.setMaxAge(MAX_AGE.get(ChronoUnit.SECONDS)); //persistent cookie
+        cookie.setPath("/login");//todo
+        HttpUtils.setCookie(headers, cookie);
+    }
+
+    public static PersistentHttpUserSessionCookie getCookie(HttpRequest request) throws BadRequestException {
+        ByteBuf byteBuf = HttpSessionCookie.getCookie(request, COOKIE_NAME);
+        if (byteBuf != null) {
+            try {
+                return new PersistentHttpUserSessionCookie(byteBuf);
+            } catch (DeserializationException e) {
+                throw new BadRequestException("Malformed cookie", e);
+            } finally {
+                byteBuf.release();
+            }
+        }
+
+        return null;
+    }
+
+    public static void clearCookie(HttpResponse response) {
+        HttpSessionCookie.clearCookie(COOKIE_NAME, response);
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(PersistentHttpUserSessionCookie.class, super.toString())
+                .toString();
+    }
+}

app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/ScribbleshareBackendDatabase.java

@@ -0,0 +1,7 @@
+package net.stzups.scribbleshare.backend.data.database;
+
+import net.stzups.scribbleshare.backend.data.database.databases.PersistentHttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.ScribbleshareDatabase;
+
+public interface ScribbleshareBackendDatabase extends ScribbleshareDatabase, PersistentHttpSessionDatabase {
+}

app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/databases/PersistentHttpSessionDatabase.java

@@ -0,0 +1,24 @@
+package net.stzups.scribbleshare.backend.data.database.databases;
+
+import net.stzups.scribbleshare.backend.data.PersistentHttpUserSession;
+import net.stzups.scribbleshare.backend.data.PersistentHttpUserSessionCookie;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpSessionCookie;
+import org.jetbrains.annotations.Nullable;
+
+public interface PersistentHttpSessionDatabase {
+    /**
+     * @param cookie {@link HttpSessionCookie} of {@link PersistentHttpUserSession}
+     * @return null if {@link PersistentHttpUserSession} does not exist
+     */
+    @Nullable
+    PersistentHttpUserSession getPersistentHttpUserSession(PersistentHttpUserSessionCookie cookie) throws DatabaseException;
+
+    void addPersistentHttpUserSession(PersistentHttpUserSession persistentHttpSession) throws DatabaseException;
+
+    /**
+     * Expire existing {@link PersistentHttpUserSession}
+     * todo fail silently or loudly if the persistent http user session does not exist?
+     */
+    void expirePersistentHttpUserSession(PersistentHttpUserSession persistentHttpUserSession) throws DatabaseException;
+}