diff --git a/build.gradle.kts b/build.gradle.kts index c239504..ee86ae2 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -20,6 +20,8 @@ repositories { } dependencies { + // Koin for Ktor + implementation("io.insert-koin:koin-ktor3:4.1.0-Beta5") implementation(libs.ktor.server.content.negotiation) implementation(libs.ktor.server.core) implementation(libs.ktor.serialization.kotlinx.json) diff --git a/src/main/kotlin/Application.kt b/src/main/kotlin/Application.kt index c921ada..993298c 100644 --- a/src/main/kotlin/Application.kt +++ b/src/main/kotlin/Application.kt @@ -1,12 +1,19 @@ package com.example +import com.example.config.JwtConfig +import com.example.di.configureDependencyInjection +import com.example.security.JwtManager import io.ktor.server.application.* +import org.koin.ktor.plugin.Koin fun main(args: Array) { io.ktor.server.netty.EngineMain.main(args) } fun Application.module() { + install(Koin){ + modules(configureDependencyInjection(this@module)) + } configureSecurity() configureSerialization() configureRouting() diff --git a/src/main/kotlin/Security.kt b/src/main/kotlin/Security.kt index 8309a0c..621e7d0 100644 --- a/src/main/kotlin/Security.kt +++ b/src/main/kotlin/Security.kt @@ -1,7 +1,6 @@ package com.example -import com.auth0.jwt.JWT -import com.auth0.jwt.algorithms.Algorithm +import com.example.security.JwtManager import io.ktor.http.* import io.ktor.resources.* import io.ktor.serialization.kotlinx.json.* @@ -12,27 +11,14 @@ import io.ktor.server.plugins.contentnegotiation.* import io.ktor.server.resources.* import io.ktor.server.response.* import io.ktor.server.routing.* -import kotlinx.serialization.Serializable +import org.koin.ktor.ext.inject fun Application.configureSecurity() { - val jwtAudience = environment.config.property("jwt.audience").getString() - val jwtIssue = environment.config.property("jwt.issue").getString() - val jwtRealm = environment.config.property("jwt.realm").getString() - val jwtSecret = environment.config.property("jwt.secret").getString() + val jwtManager: JwtManager by inject() install(Authentication) authentication { - jwt("auth-jwt") { - realm = jwtRealm - verifier( - JWT - .require(Algorithm.HMAC256(jwtSecret)) - .withAudience(jwtAudience) - .withIssuer(jwtIssue) - .build() - ) - validate { credential -> - if (credential.payload.audience.contains(jwtAudience)) JWTPrincipal(credential.payload) else null - } + jwt { + verifier(jwtManager.verifyJwt()) challenge { defaultScheme, realm -> call.respond(HttpStatusCode.Unauthorized, "Token is not valid or has expire") } diff --git a/src/main/kotlin/command/auth/GetAuthByEmailCommand.kt b/src/main/kotlin/command/auth/GetAuthByEmailCommand.kt new file mode 100644 index 0000000..298cdc2 --- /dev/null +++ b/src/main/kotlin/command/auth/GetAuthByEmailCommand.kt @@ -0,0 +1,5 @@ +package com.example.command.request + +data class GetAuthByEmailCommand( + val email: String +) \ No newline at end of file diff --git a/src/main/kotlin/command/auth/InsertAuthCommand.kt b/src/main/kotlin/command/auth/InsertAuthCommand.kt new file mode 100644 index 0000000..5db152f --- /dev/null +++ b/src/main/kotlin/command/auth/InsertAuthCommand.kt @@ -0,0 +1,7 @@ +package com.example.command.request + +data class InsertAuthCommand( + val email: String, + val password: String, + val userName: String +) diff --git a/src/main/kotlin/command/auth/UpdateAuthByEmailCommand.kt b/src/main/kotlin/command/auth/UpdateAuthByEmailCommand.kt new file mode 100644 index 0000000..926cacc --- /dev/null +++ b/src/main/kotlin/command/auth/UpdateAuthByEmailCommand.kt @@ -0,0 +1,7 @@ +package com.example.command.request + +data class UpdateAuthByEmailCommand( + val email: String, + val password: String?, + val userName: String? +) \ No newline at end of file diff --git a/src/main/kotlin/common/Either.kt b/src/main/kotlin/common/Either.kt new file mode 100644 index 0000000..637ef49 --- /dev/null +++ b/src/main/kotlin/common/Either.kt @@ -0,0 +1,6 @@ +package com.example.common + +sealed class Either { + class Left(val data: A): Either() + class Right(val data: B): Either() +} \ No newline at end of file diff --git a/src/main/kotlin/config/JwtConfig.kt b/src/main/kotlin/config/JwtConfig.kt new file mode 100644 index 0000000..b61368c --- /dev/null +++ b/src/main/kotlin/config/JwtConfig.kt @@ -0,0 +1,7 @@ +package com.example.config + +data class JwtConfig( + val jwtAudience: String, + val jwtIssue: String, + val jwtSecret: String +) \ No newline at end of file diff --git a/src/main/kotlin/di/appModule.kt b/src/main/kotlin/di/appModule.kt new file mode 100644 index 0000000..7a57a92 --- /dev/null +++ b/src/main/kotlin/di/appModule.kt @@ -0,0 +1,27 @@ +package com.example.di + +import com.example.config.JwtConfig +import com.example.repository.AuthRepository +import com.example.repository.AuthRepositoryImpl +import com.example.security.JwtManager +import com.example.service.AuthServiceImpl +import io.ktor.server.application.* +import org.koin.core.module.Module +import org.koin.dsl.module + +fun configureDependencyInjection(application: Application): Module{ + return module { + single { provideJwtConfiguration(application.environment) } + single { JwtManager(get()) } + single { AuthRepositoryImpl() } + single { AuthServiceImpl(get(), get()) } + } +} + +fun provideJwtConfiguration(environment: ApplicationEnvironment): JwtConfig{ + return JwtConfig( + jwtIssue = environment.config.property("jwt.issue").toString(), + jwtAudience = environment.config.property("jwt.audience").toString(), + jwtSecret = environment.config.property("jwt.secret").toString() + ) +} \ No newline at end of file diff --git a/src/main/kotlin/dto/request/LoginRequest.kt b/src/main/kotlin/dto/request/LoginRequest.kt new file mode 100644 index 0000000..373918f --- /dev/null +++ b/src/main/kotlin/dto/request/LoginRequest.kt @@ -0,0 +1,6 @@ +package com.example.dto.request + +import kotlinx.serialization.Serializable + +@Serializable +data class LoginRequest(val email: String, val password: String) \ No newline at end of file diff --git a/src/main/kotlin/dto/response/LoginResponse.kt b/src/main/kotlin/dto/response/LoginResponse.kt new file mode 100644 index 0000000..a389334 --- /dev/null +++ b/src/main/kotlin/dto/response/LoginResponse.kt @@ -0,0 +1,6 @@ +package com.example.dto.response + +import kotlinx.serialization.Serializable + +@Serializable +data class LoginResponse(val token: String) \ No newline at end of file diff --git a/src/main/kotlin/model/AuthEntity.kt b/src/main/kotlin/model/AuthEntity.kt new file mode 100644 index 0000000..c4dde1d --- /dev/null +++ b/src/main/kotlin/model/AuthEntity.kt @@ -0,0 +1,20 @@ +package com.example.model + +import com.example.command.request.UpdateAuthByEmailCommand + +data class AuthEntity( + val userId: Int, + var userName: String, + val email: String, + var password: String +){ + fun update(updateAuthByEmailCommand: UpdateAuthByEmailCommand): AuthEntity{ + updateAuthByEmailCommand.password?.let { + this.password = it + } + updateAuthByEmailCommand.userName?.let { + this.userName = it + } + return this + } +} \ No newline at end of file diff --git a/src/main/kotlin/repository/AuthRepository.kt b/src/main/kotlin/repository/AuthRepository.kt new file mode 100644 index 0000000..b624847 --- /dev/null +++ b/src/main/kotlin/repository/AuthRepository.kt @@ -0,0 +1,12 @@ +package com.example.repository + +import com.example.command.request.GetAuthByEmailCommand +import com.example.command.request.InsertAuthCommand +import com.example.command.request.UpdateAuthByEmailCommand +import com.example.model.AuthEntity + +interface AuthRepository { + suspend fun getAuthByEmail(getAuthByEmailCommand: GetAuthByEmailCommand): AuthEntity? + suspend fun updateAuthByEmail(updateAuthByEmailCommand: UpdateAuthByEmailCommand): Boolean + suspend fun insertAuth(insertAuthCommand: InsertAuthCommand): AuthEntity +} \ No newline at end of file diff --git a/src/main/kotlin/repository/AuthRepositoryImpl.kt b/src/main/kotlin/repository/AuthRepositoryImpl.kt new file mode 100644 index 0000000..e93d161 --- /dev/null +++ b/src/main/kotlin/repository/AuthRepositoryImpl.kt @@ -0,0 +1,51 @@ +package com.example.repository + +import com.example.command.request.GetAuthByEmailCommand +import com.example.command.request.InsertAuthCommand +import com.example.command.request.UpdateAuthByEmailCommand +import com.example.model.AuthEntity + +class AuthRepositoryImpl: AuthRepository { + private val users = mutableListOf( + AuthEntity( + userId = 1, + userName = "user1", + email = "user1@mail.ru", + password = "123" + ), + AuthEntity( + userId = 2, + userName = "user2", + email = "user2@mail.ru", + password = "123" + ), + AuthEntity( + userId = 3, + userName = "user3", + email = "user3@mail.ru", + password = "123" + ), + ) + override suspend fun getAuthByEmail(getAuthByEmailCommand: GetAuthByEmailCommand): AuthEntity? { + return users.find { it.email == getAuthByEmailCommand.email } + } + + override suspend fun updateAuthByEmail(updateAuthByEmailCommand: UpdateAuthByEmailCommand): Boolean { + val user = users.find { it.email == updateAuthByEmailCommand.email } + if (user != null) { + user.update(updateAuthByEmailCommand) + return true + } + return false + } + + override suspend fun insertAuth(insertAuthCommand: InsertAuthCommand): AuthEntity { + val authEntity = AuthEntity( + userId = users.size + 1, + userName = insertAuthCommand.userName, + password = insertAuthCommand.password, + email = insertAuthCommand.email + ) + return authEntity + } +} \ No newline at end of file diff --git a/src/main/kotlin/route/UserRoute.kt b/src/main/kotlin/route/UserRoute.kt index e9bf6a7..0ec2b3d 100644 --- a/src/main/kotlin/route/UserRoute.kt +++ b/src/main/kotlin/route/UserRoute.kt @@ -1,56 +1,42 @@ package com.example.route -import com.auth0.jwt.JWT -import com.auth0.jwt.algorithms.Algorithm +import com.example.common.Either +import com.example.config.JwtConfig +import com.example.dto.request.LoginRequest +import com.example.repository.AuthRepositoryImpl +import com.example.security.JwtManager +import com.example.service.AuthServiceImpl +import com.example.service.exception.ErrorService import io.ktor.http.* -import io.ktor.server.auth.* import io.ktor.server.request.* import io.ktor.server.response.* import io.ktor.server.routing.* -import kotlinx.serialization.Serializable -import java.util.* +import org.koin.ktor.ext.inject -@Serializable -data class User(val userId: Int, - val userName: String, - val email: String, - val password: String) -@Serializable -data class CreateUserRequest( - val userName: String, - val email: String, - val password: String) -val userList = mutableListOf() fun Route.authRoute(){ - post("login"){ - } - post("registration"){ - val user = call.receive() - userList.add(User( - userId = userList.size + 1, - userName = user.userName, - password = user.password, - email = user.email - )) - val jwtAudience = environment.config.property("jwt.audience").getString() - val jwtIssue = environment.config.property("jwt.issue").getString() - val jwtSecret = environment.config.property("jwt.secret").getString() - val token = JWT.create() - .withAudience(jwtAudience) - .withIssuer(jwtIssue) - .withClaim("user", user.userName) - .withExpiresAt(Date(System.currentTimeMillis() + 60000)) - .sign(Algorithm.HMAC256(jwtSecret)) - call.respond("Token" to token) - } - authenticate("auth-jwt") { - get("/profile/{userId}"){ - val userId = call.pathParameters["userId"]?.toInt() - val findUser = userList.firstOrNull { it.userId == userId } - if(findUser != null) call.respond(findUser) - call.respond(HttpStatusCode.NotFound) + val authServiceImpl: AuthServiceImpl by inject() + + route("/auth"){ + post("/login") { + val loginRequest = call.receive() + val result = authServiceImpl.login(loginRequest) + when(result){ + is Either.Left -> { + when(result.data){ + ErrorService.NOT_FOUND -> { + call.respond(HttpStatusCode.NotFound) + } + ErrorService.UNAUTHORIZED -> { + call.respond(HttpStatusCode.Unauthorized) + } + } + } + is Either.Right -> { + call.respond(HttpStatusCode.OK, result.data) + } + } } } } \ No newline at end of file diff --git a/src/main/kotlin/security/JwtManager.kt b/src/main/kotlin/security/JwtManager.kt new file mode 100644 index 0000000..5d9a371 --- /dev/null +++ b/src/main/kotlin/security/JwtManager.kt @@ -0,0 +1,25 @@ +package com.example.security + +import com.auth0.jwt.JWT +import com.auth0.jwt.JWTVerifier +import com.auth0.jwt.algorithms.Algorithm +import com.example.config.JwtConfig +import java.util.* + +class JwtManager(private val jwtConfig: JwtConfig) { + fun createJwt(): String{ + return JWT.create() + .withAudience(jwtConfig.jwtAudience) + .withIssuer(jwtConfig.jwtIssue) + .withExpiresAt(Date(System.currentTimeMillis() + 7 * 24 * 60 * 60 * 1000)) + .sign(Algorithm.HMAC256(jwtConfig.jwtSecret)) + + } + fun verifyJwt(): JWTVerifier{ + return JWT + .require(Algorithm.HMAC256(jwtConfig.jwtSecret)) + .withAudience(jwtConfig.jwtAudience) + .withIssuer(jwtConfig.jwtIssue) + .build() + } +} \ No newline at end of file diff --git a/src/main/kotlin/service/AuthServiceImpl.kt b/src/main/kotlin/service/AuthServiceImpl.kt new file mode 100644 index 0000000..75610fb --- /dev/null +++ b/src/main/kotlin/service/AuthServiceImpl.kt @@ -0,0 +1,29 @@ +package com.example.service + +import com.example.command.request.GetAuthByEmailCommand +import com.example.common.Either +import com.example.dto.request.LoginRequest +import com.example.dto.response.LoginResponse +import com.example.repository.AuthRepository +import com.example.security.JwtManager +import com.example.service.exception.ErrorService + +class AuthServiceImpl( + private val authRepository: AuthRepository, + private val jwtManager: JwtManager +) { + suspend fun login(loginRequest: LoginRequest): Either{ + val getAuthByEmailCommand = GetAuthByEmailCommand(loginRequest.email) + val user = authRepository.getAuthByEmail(getAuthByEmailCommand) ?: return Either.Left(ErrorService.NOT_FOUND) + if(user.password == loginRequest.password){ + val token = jwtManager.createJwt() + val response = LoginResponse(token = token) + return Either.Right(response) + } + return Either.Left(ErrorService.UNAUTHORIZED) + } + suspend fun registration(){ + } + suspend fun resetPassword(){ + } +} \ No newline at end of file diff --git a/src/main/kotlin/service/exception/ErrorService.kt b/src/main/kotlin/service/exception/ErrorService.kt new file mode 100644 index 0000000..ef6a0e5 --- /dev/null +++ b/src/main/kotlin/service/exception/ErrorService.kt @@ -0,0 +1,6 @@ +package com.example.service.exception + +enum class ErrorService { + NOT_FOUND, + UNAUTHORIZED +} \ No newline at end of file