feature a check

.gitea/workflows/ci.yml

@@ -1,105 +0,0 @@
-name: CI/CD Pipeline for Spring Boot
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - main
-
-jobs:
-  build-and-test:
-    runs-on: ubuntu-latest
-
-    steps:
-      # Step 1: Checkout code
-      - name: Checkout Code
-        uses: actions/checkout@v3
-
-      # Step 2: Set up JDK
-      - name: Set up JDK 23
-        uses: actions/setup-java@v3
-        with:
-          java-version: 23
-          distribution: 'temurin'
-
-      # Step 3: Cache Maven dependencies
-      - name: Cache Maven Dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
-
-      # Step 4: Build and test
-      - name: Build and Test
-        run: |
-          ./mvnw clean verify
-
-  docker:
-    runs-on: ubuntu-latest
-    needs: [ build-and-test ]
-    steps:
-      - name: Install Docker
-        run: |
-          apt-get update
-          apt-get install -y docker.io
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Download buildx
-        run: |
-          mkdir -p ~/.docker/cli-plugins
-          curl -sL https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-amd64 -o ~/.docker/cli-plugins/docker-buildx
-          chmod +x ~/.docker/cli-plugins/docker-buildx                    
-
-      - name: Setup buildx
-        run: |
-          docker buildx create --use
-          docker buildx inspect --bootstrap                    
-
-      - name: Login to Cloud Coding Registry
-        uses: docker/login-action@v2
-        with:
-          registry: rg.fr-par.scw.cloud/weworkstudio
-          username: nologin
-          password: ${{ secrets.REGISTRY_TOKEN }}
-
-      - name: Build and push
-        uses: docker/build-push-action@master
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          tags: rg.fr-par.scw.cloud/weworkstudio/xpeditis-backend:prod
-          build-args: |
-            XPEDITIS_PROFILE=prod
-
-      - name: Cleanup buildx
-        run: |
-          docker buildx rm
-
-      - name: Docker cleanup
-        run: docker system prune -af
-
-      - name: Uninstall Docker
-        run: |
-          apt-get purge -y docker.io
-          apt-get autoremove -y --purge docker.io
-          rm -rf /var/lib/docker /etc/docker
-
-  deploy_server:
-    name: Deploy - Docker - serveur
-    runs-on: ubuntu-latest
-    needs: [ docker ]
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Déclencher le Webhook
-        run: |
-          curl -X POST -H "Content-Type:application/json" -d '{"data": "example" }' ${{ secrets.WEBHOOK_URL }}

.gitea/workflows/dev.yml

@@ -1,94 +0,0 @@
-name: CI/CD Pipeline for Spring Boot Dev
-
-on:
-  push:
-    branches:
-      - dev
-  pull_request:
-    branches:
-      - dev
-
-jobs:
-  build-and-test:
-    runs-on: ubuntu-latest
-
-    steps:
-      # Step 1: Checkout code
-      - name: Checkout Code
-        uses: actions/checkout@v3
-
-      # Step 2: Set up JDK
-      - name: Set up JDK 23
-        uses: actions/setup-java@v3
-        with:
-          java-version: 23
-          distribution: 'temurin'
-
-      # Step 3: Cache Maven dependencies
-      - name: Cache Maven Dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
-
-      # Step 4: Build and test
-      - name: Build and Test
-        run: |
-          ./mvnw clean verify
-
-  docker:
-    runs-on: ubuntu-latest
-    needs: [ build-and-test ]
-    steps:
-      - name: Install Docker
-        run: |
-          apt-get update
-          apt-get install -y docker.io
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Download buildx
-        run: |
-          mkdir -p ~/.docker/cli-plugins
-          curl -sL https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-amd64 -o ~/.docker/cli-plugins/docker-buildx
-          chmod +x ~/.docker/cli-plugins/docker-buildx                    
-
-      - name: Setup buildx
-        run: |
-          docker buildx create --use
-          docker buildx inspect --bootstrap                    
-
-      - name: Login to Cloud Coding Registry
-        uses: docker/login-action@v2
-        with:
-          registry: rg.fr-par.scw.cloud/weworkstudio
-          username: nologin
-          password: ${{ secrets.REGISTRY_TOKEN }}
-
-      - name: Build and push
-        uses: docker/build-push-action@master
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          tags: rg.fr-par.scw.cloud/weworkstudio/xpeditis-backend:dev
-          build-args: |
-            XPEDITIS_PROFILE=dev
-
-      - name: Cleanup buildx
-        run: |
-          docker buildx rm
-
-      - name: Docker cleanup
-        run: docker system prune -af
-
-      - name: Uninstall Docker
-        run: |
-          apt-get purge -y docker.io
-          apt-get autoremove -y --purge docker.io
-          rm -rf /var/lib/docker /etc/docker

application/src/main/java/com/dh7789dev/xpeditis/controller/api/v1/AuthenticationRestController.java

@@ -11,6 +11,8 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 
 import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 
@@ -33,4 +35,11 @@ public class AuthenticationRestController {
             @RequestBody @Valid RegisterRequest request) {
         return ResponseEntity.ok(service.register(request));
     }
+
+    // Optional: simple endpoint to start OAuth2 authorization if frontend needs a redirect URL
+    @GetMapping("/oauth2/authorization")
+    public ResponseEntity<Void> oauth2Authorization(@RequestParam("provider") String provider) {
+        // Frontend should redirect to /oauth2/authorization/{provider}
+        return ResponseEntity.status(302).header("Location", "/oauth2/authorization/" + provider).build();
+    }
 }

bootstrap/src/main/java/com/dh7789dev/xpeditis/configuration/CustomOAuth2UserService.java

@@ -0,0 +1,49 @@
+package com.dh7789dev.xpeditis.configuration;
+
+import com.dh7789dev.xpeditis.dao.UserDao;
+import com.dh7789dev.xpeditis.entity.UserEntity;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.stereotype.Service;
+
+import java.util.Map;
+
+@Service
+@RequiredArgsConstructor
+public class CustomOAuth2UserService extends DefaultOAuth2UserService {
+
+    private final UserDao userDao;
+
+    @Override
+    public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
+        OAuth2User oAuth2User = super.loadUser(userRequest);
+
+        Map<String, Object> attributes = oAuth2User.getAttributes();
+        String registrationId = userRequest.getClientRegistration().getRegistrationId();
+
+        String email;
+        if ("google".equals(registrationId)) {
+            email = (String) attributes.get("email");
+        } else if ("linkedin".equals(registrationId)) {
+            email = (String) attributes.getOrDefault("email", attributes.get("emailAddress"));
+        } else {
+            throw new OAuth2AuthenticationException("Unsupported provider: " + registrationId);
+        }
+
+        if (email == null) {
+            throw new OAuth2AuthenticationException("Email not provided by OAuth2 provider.");
+        }
+
+        UserEntity user = userDao.findByEmail(email)
+                .orElseThrow(() -> new UsernameNotFoundException("No local user bound to email: " + email));
+
+        return new DefaultOAuth2User(user.getAuthorities(), attributes, "email");
+    }
+}
+
+

bootstrap/src/main/java/com/dh7789dev/xpeditis/configuration/GlobalConfiguration.java

@@ -88,8 +88,8 @@ public class GlobalConfiguration {
 
     @Bean
     public UserDetailsService userDetailsService() {
-        return username -> userDao.findByUsername(username)
+        return identifier -> userDao.findByUsernameOrEmail(identifier)
-                .orElseThrow(() -> new UsernameNotFoundException(String.format(USER_NOT_FOUND_MSG, username)));
+                .orElseThrow(() -> new UsernameNotFoundException(String.format(USER_NOT_FOUND_MSG, identifier)));
     }
 
 }

bootstrap/src/main/java/com/dh7789dev/xpeditis/configuration/JwtAuthenticationFilter.java

@@ -45,7 +45,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
         final String jwt;
         final String username;
 
-        if (request.getServletPath().contains("/api/v1/auth")) {
+        if (request.getServletPath().contains("/api/v1/auth") ||
+                request.getServletPath().startsWith("/oauth2/") ||
+                request.getServletPath().startsWith("/login/oauth2/")) {
             filterChain.doFilter(request, response);
             return;
         }

bootstrap/src/main/java/com/dh7789dev/xpeditis/configuration/OAuth2AuthenticationSuccessHandler.java

@@ -0,0 +1,51 @@
+package com.dh7789dev.xpeditis.configuration;
+
+import com.dh7789dev.xpeditis.dao.TokenDao;
+import com.dh7789dev.xpeditis.dao.UserDao;
+import com.dh7789dev.xpeditis.entity.TokenEntity;
+import com.dh7789dev.xpeditis.entity.UserEntity;
+import com.dh7789dev.xpeditis.util.JwtUtil;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor
+public class OAuth2AuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+
+    private final UserDao userDao;
+    private final TokenDao tokenDao;
+    private final JwtUtil jwtUtil;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        String email = authentication.getName();
+        UserEntity user = userDao.findByEmail(email)
+                .orElseThrow(() -> new UsernameNotFoundException("User not found for email: " + email));
+
+        String accessToken = jwtUtil.generateToken(user);
+        String refreshToken = jwtUtil.generateRefreshToken(user);
+
+        // Save token (like classic login)
+        TokenEntity tokenEntity = new TokenEntity()
+                .setUser(user)
+                .setToken(accessToken)
+                .setTokenType(TokenEntity.Type.BEARER)
+                .setExpired(false)
+                .setRevoked(false);
+        tokenDao.save(tokenEntity);
+
+        response.setContentType("application/json");
+        response.getWriter().write("{\"access_token\":\"" + accessToken + "\", \"refresh_token\":\"" + refreshToken + "\"}");
+        response.getWriter().flush();
+    }
+}
+
+

bootstrap/src/main/java/com/dh7789dev/xpeditis/configuration/SecurityConfiguration.java

@@ -34,13 +34,15 @@ public class SecurityConfiguration {
     boolean csrfEnabled;
 
     private static final String ADMIN_ROLE = "ADMIN";
-    private static final String ADMIN_PLATFORM_ROLE = "ADMIN_PLATFORM";
+    // private static final String ADMIN_PLATFORM_ROLE = "ADMIN_PLATFORM";
 
     private static final String API_V1_URI = "/api/v1/**";
 
     private static final String[] WHITE_LIST_URL = {
             "/api/v1/auth/**",
-            "/actuator/health/**"};
+            "/actuator/health/**",
+            "/oauth2/**",
+            "/login/oauth2/**"};
 
     private static final String[] INTERNAL_WHITE_LIST_URL = {
             "/v2/api-docs",
@@ -61,11 +63,17 @@ public class SecurityConfiguration {
     private final UserDetailsService userDetailsService;
 
     private final LogoutHandler logoutHandler;
+    private final CustomOAuth2UserService customOAuth2UserService;
+    private final OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
 
     @Autowired
-    public SecurityConfiguration(UserDetailsService userDetailsService, LogoutHandler logoutHandler) {
+    public SecurityConfiguration(UserDetailsService userDetailsService, LogoutHandler logoutHandler,
+                                 CustomOAuth2UserService customOAuth2UserService,
+                                 OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler) {
         this.userDetailsService = userDetailsService;
         this.logoutHandler = logoutHandler;
+        this.customOAuth2UserService = customOAuth2UserService;
+        this.oAuth2AuthenticationSuccessHandler = oAuth2AuthenticationSuccessHandler;
     }
 
     @Bean
@@ -111,12 +119,14 @@ public class SecurityConfiguration {
                 .sessionManagement(session -> session.sessionCreationPolicy(STATELESS))
                 .authenticationProvider(authenticationProvider())
                 .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
+                .oauth2Login(oauth -> oauth
+                        .userInfoEndpoint(userInfo -> userInfo.userService(customOAuth2UserService))
+                        .successHandler(oAuth2AuthenticationSuccessHandler)
+                )
                 .logout(logout -> logout
                         .logoutUrl("/api/v1/auth/logout")
                         .addLogoutHandler(logoutHandler)
-                        .logoutSuccessHandler((request,
+                        .logoutSuccessHandler((req, res, auth) -> SecurityContextHolder.clearContext()));
-                                               response,
-                                               authentication) -> SecurityContextHolder.clearContext()));
 
         return http.build();
     }

bootstrap/src/main/resources/application-dev.yml

@@ -47,6 +47,28 @@ spring:
           timeout: 3000
           writetimeout: 5000
 
+  security:
+    oauth2:
+      client:
+        registration:
+          google:
+            client-id: ${GOOGLE_CLIENT_ID:}
+            client-secret: ${GOOGLE_CLIENT_SECRET:}
+            scope: openid,profile,email
+            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
+          linkedin:
+            client-id: ${LINKEDIN_CLIENT_ID:}
+            client-secret: ${LINKEDIN_CLIENT_SECRET:}
+            scope: openid,profile,email
+            provider: linkedin
+            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
+        provider:
+          linkedin:
+            authorization-uri: https://www.linkedin.com/oauth/v2/authorization
+            token-uri: https://www.linkedin.com/oauth/v2/accessToken
+            user-info-uri: https://api.linkedin.com/v2/userinfo
+            user-name-attribute: sub
+
 application:
   email:
     from: randommailjf@gmail.com

bootstrap/src/main/resources/application-prod.yml

@@ -51,6 +51,28 @@ spring:
           timeout: 3000
           writetimeout: 5000
 
+  security:
+    oauth2:
+      client:
+        registration:
+          google:
+            client-id: ${GOOGLE_CLIENT_ID:}
+            client-secret: ${GOOGLE_CLIENT_SECRET:}
+            scope: openid,profile,email
+            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
+          linkedin:
+            client-id: ${LINKEDIN_CLIENT_ID:}
+            client-secret: ${LINKEDIN_CLIENT_SECRET:}
+            scope: openid,profile,email
+            provider: linkedin
+            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
+        provider:
+          linkedin:
+            authorization-uri: https://www.linkedin.com/oauth/v2/authorization
+            token-uri: https://www.linkedin.com/oauth/v2/accessToken
+            user-info-uri: https://api.linkedin.com/v2/userinfo
+            user-name-attribute: sub
+
 application:
   email:
     from: contact@leblr.fr

infrastructure/pom.xml

@@ -42,6 +42,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>

infrastructure/src/main/java/com/dh7789dev/xpeditis/dao/UserDao.java

@@ -6,12 +6,16 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import java.util.Optional;
 
 import org.springframework.data.jpa.repository.Query;
-import org.springframework.stereotype.Repository;
 
 public interface UserDao extends JpaRepository<UserEntity, Long> {
 
     @Query("SELECT u FROM UserEntity u WHERE u.username = :username")
     Optional<UserEntity> findByUsername(String username);
     boolean existsByUsername(String username);
+    Optional<UserEntity> findByEmail(String email);
+    boolean existsByEmail(String email);
+
+    @Query("SELECT u FROM UserEntity u WHERE u.username = :identifier OR u.email = :identifier")
+    Optional<UserEntity> findByUsernameOrEmail(String identifier);
 
 }

infrastructure/src/main/java/com/dh7789dev/xpeditis/repository/AuthenticationJwtRepository.java

@@ -33,7 +33,7 @@ public class AuthenticationJwtRepository implements AuthenticationRepository {
     @Override
     public AuthenticationResponse authenticate(AuthenticationRequest request) {
 
-        log.info("username: {}, password: {}", request.getUsername(), request.getPassword());
+        log.info("identifier: {}", request.getUsername());
         UsernamePasswordAuthenticationToken authToken = UsernamePasswordAuthenticationToken
                 .unauthenticated(request.getUsername(), request.getPassword());
         Authentication authentication = authenticationManager.authenticate(authToken);
@@ -42,7 +42,7 @@ public class AuthenticationJwtRepository implements AuthenticationRepository {
             throw new UsernameNotFoundException("Failed to authenticate");
         }
 
-        var userEntity = userDao.findByUsername(request.getUsername()).orElseThrow();
+        var userEntity = userDao.findByUsernameOrEmail(request.getUsername()).orElseThrow();
 
         var jwtToken = jwtUtil.generateToken(userEntity);
         var refreshToken = jwtUtil.generateRefreshToken(userEntity);