ref: improve handle of external request with token of user (#282)

Author: laurentC35

src/main/java/fr/insee/pogues/configuration/AppConfiguration.java

@@ -1,5 +1,6 @@
 package fr.insee.pogues.configuration;
 
+import fr.insee.pogues.configuration.properties.ApplicationProperties;
 import fr.insee.pogues.configuration.rest.AuthenticationHelper;
 import fr.insee.pogues.configuration.rest.WebClientTokenInterceptor;
 import lombok.extern.slf4j.Slf4j;
@@ -13,6 +14,7 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
+import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
 import org.springframework.web.reactive.function.client.WebClient;
 
 @Configuration
@@ -24,7 +26,7 @@
 public class AppConfiguration {
 
     @Autowired
-    private AuthenticationHelper authenticationHelper;
+    private ExchangeFilterFunction webClientTokenInterceptor;
 
     @Bean
     public WebClient webClient(
@@ -33,7 +35,7 @@ public WebClient webClient(
         builder
                 .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
                 .defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE);
-        if(oidcEnabled)  builder.filter(new WebClientTokenInterceptor(authenticationHelper));
+        if(oidcEnabled)  builder.filter(webClientTokenInterceptor);
         return builder.build();
     }
 

src/main/java/fr/insee/pogues/configuration/properties/ApplicationProperties.java

@@ -17,33 +17,6 @@ public record ApplicationProperties(
         String description,
         String[] publicUrls,
         @NotEmpty(message = "cors origins must be specified")
-        List<String> corsOrigins) {
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        ApplicationProperties that = (ApplicationProperties) o;
-        return Objects.equals(host, that.host)
-                && Objects.equals(title, that.title)
-                && Objects.equals(description, that.description)
-                && Arrays.equals(publicUrls, that.publicUrls);
-    }
-
-    @Override
-    public int hashCode() {
-        int result = Objects.hash(host, title, description);
-        result = 31 * result + Arrays.hashCode(publicUrls);
-        return result;
-    }
-
-    @Override
-    public String toString() {
-        return "ApplicationProperties{" +
-                "host='" + host + '\'' +
-                ", title='" + title + '\'' +
-                ", description='" + description + '\'' +
-                ", publicUrls=" + Arrays.toString(publicUrls) +
-                '}';
-    }
+        List<String> corsOrigins,
+        List<String> externalSecureUrls) {
 }

src/main/java/fr/insee/pogues/configuration/rest/WebClientTokenInterceptor.java

@@ -1,7 +1,10 @@
 package fr.insee.pogues.configuration.rest;
 
+import fr.insee.pogues.configuration.properties.ApplicationProperties;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
 import org.springframework.web.reactive.function.client.ClientRequest;
 import org.springframework.web.reactive.function.client.ClientResponse;
 import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
@@ -10,12 +13,24 @@
 
 @RequiredArgsConstructor
 @Slf4j
+@Component
 public class WebClientTokenInterceptor implements ExchangeFilterFunction {
 
-    private final AuthenticationHelper authenticationHelper;
+    @Autowired
+    private AuthenticationHelper authenticationHelper;
+
+    @Autowired
+    private ApplicationProperties applicationProperties;
 
     @Override
     public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
+        boolean needToken = applicationProperties.externalSecureUrls().stream()
+                .filter(secureUrl -> request.url().toString().contains(secureUrl))
+                .count() > 0;
+
+        if(!needToken) return next.exchange(request);
+
+        log.debug("Token is necessary to call URI :"+request.url());
         String jwt = authenticationHelper.getUserToken();
         ClientRequest newRequest = ClientRequest.from(request)
                 .headers(h -> h.setBearerAuth(jwt))

src/main/resources/application.yaml

@@ -85,6 +85,9 @@ application:
     # For Series & operations
     magma:
 
+  external-secure-urls:
+    - ${application.metadata.ddi-as}
+    - ${application.metadata.magma}
 
 springdoc:
   swagger-ui: