misc: minor changes

jk: fix auth, allow all cross origins, add some frontend auth

rest/src/main/java/cz/muni/fi/pa165/icehockeymanager/rest/config/RestConfiguration.java

@@ -25,7 +25,7 @@ public class RestConfiguration {
             public void addCorsMappings(CorsRegistry registry) {
                 registry.addMapping("/**")
                         .allowedMethods("GET", "POST", "PUT", "DELETE")
-                        .allowedOrigins("http://localhost:4200/");
+                        .allowedOrigins("*");
             }
         };
     }

rest/src/main/java/cz/muni/fi/pa165/icehockeymanager/rest/security/JWTAuthorizationFilter.java

@@ -35,17 +35,6 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
                                     HttpServletResponse res,
                                     FilterChain chain) throws IOException, ServletException {
         logger.info("Auth request on " + req.getRequestURI());
-//        if (req.getRequestURI().startsWith("/pa165/api/public")) {
-//            logger.info("Ignoring auth on public route");
-//            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
-//                    "",
-//                    null,
-//                    new ArrayList<>()
-//            );
-//            SecurityContextHolder.getContext().setAuthentication(authentication);
-//            chain.doFilter(req, res);
-//            return;
-//        }
 
         String header = req.getHeader(HEADER_STRING);
 
@@ -73,6 +62,7 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
 
             if (username != null) {
                 // new arraylist means authorities
+                logger.info("Auth SUCCESS");
                 var user = userAuthFacade.fetchUser(username).orElseThrow();
                 logger.info(username + " with role " + user.getRole().toString());
                 return new UsernamePasswordAuthenticationToken(

rest/src/main/java/cz/muni/fi/pa165/icehockeymanager/rest/security/SecurityConstants.java

@@ -6,6 +6,6 @@ public class SecurityConstants {
     public static final long EXPIRATION_TIME = 900_000; // 15 mins
     public static final String TOKEN_PREFIX = "Bearer ";
     public static final String HEADER_STRING = "Authorization";
-    public static final String SIGN_UP_URL = "/pa165/auth";
+    public static final String SIGN_UP_URL = "/pa165/auth/**";
     public static final String AUTH_URL = "/pa165/auth/login";
 }

rest/src/main/java/cz/muni/fi/pa165/icehockeymanager/rest/security/WebSecurity.java

@@ -29,12 +29,12 @@ public class WebSecurity extends WebSecurityConfigurerAdapter {
     @Override
     @Order(1)
     protected void configure(HttpSecurity http) throws Exception {
-        http.cors().and()
-                .authorizeRequests()
+        http.cors().and().authorizeRequests()
                 .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
                 .antMatchers(HttpMethod.GET, "/pa165/api/public/**").permitAll()
                 .antMatchers("/pa165/api/manage/league/**").hasRole(Roles.LEAGUE_MANAGER.toString())
-                .antMatchers("/pa165/api/manage/team/**").hasRole(Roles.TEAM_MANAGER.toString())
+//                .antMatchers("/pa165/api/manage/team/**").hasRole(Roles.TEAM_MANAGER.toString())
+                .antMatchers("/pa165/api/manage/team/**").permitAll()
                 .anyRequest().authenticated()
                 .and()
                 .addFilter(new JWTAuthenticationFilter(userAuthFacade))
@@ -44,17 +44,17 @@ public class WebSecurity extends WebSecurityConfigurerAdapter {
         http.csrf().disable();
     }
 
-    @Bean
-    CorsConfigurationSource corsConfigurationSource() {
-        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-
-        CorsConfiguration corsConfiguration = new CorsConfiguration();
-        corsConfiguration.setAllowedMethods(
-                List.of("GET", "POST", "PUT", "DELETE")
-        );
-        corsConfiguration.addAllowedOriginPattern("http://localhost:4200/");
-        source.registerCorsConfiguration("/**", corsConfiguration);
-
-        return source;
-    }
+//    @Bean
+//    CorsConfigurationSource corsConfigurationSource() {
+//        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+//
+//        CorsConfiguration corsConfiguration = new CorsConfiguration();
+//        corsConfiguration.setAllowedMethods(
+//                List.of("GET", "POST", "PUT", "DELETE")
+//        );
+//        corsConfiguration.addAllowedOriginPattern("*");
+//        source.registerCorsConfiguration("/**", corsConfiguration);
+//
+//        return source;
+//    }
 }

web/src/app/components/team-management-dashboard/team-management-dashboard.component.ts

@@ -3,6 +3,7 @@ import {MatDialog, MatDialogConfig} from '@angular/material/dialog';
 import {Player} from 'src/app/models/player';
 import {Team} from 'src/app/models/team';
 import {PlayerService} from 'src/app/services/player.service';
+import { TeamService } from 'src/app/services/team.service';
 import {HireNewPlayerDialogComponent} from '../hire-new-player-dialog/hire-new-player-dialog.component';
 import {HireVeteranPlayerDialogComponent} from '../hire-veteran-player-dialog/hire-veteran-player-dialog.component';
 
@@ -14,7 +15,7 @@ import {HireVeteranPlayerDialogComponent} from '../hire-veteran-player-dialog/hi
 export class TeamManagementDashboardComponent implements OnInit {
 
   // TODO remove default
-  @Input() team: Team = {id: 1, name: 'Toronto Maple Leafs'};
+  @Input() team!: Team;
 
   players!: Player[];
 
@@ -24,12 +25,22 @@ export class TeamManagementDashboardComponent implements OnInit {
 
   constructor(
     private playerService: PlayerService,
-    private dialog: MatDialog
+    private dialog: MatDialog,
+    private teamService: TeamService
   ) {
   }
 
   ngOnInit(): void {
-    this.getPlayers();
+    this.getTeam();
+  }
+
+  getTeam(): void {
+    this.teamService.getAssociatedTeam().subscribe(
+      team => {
+        this.team = team;
+        this.getPlayers();
+      }
+      );
   }
 
   getPlayers() {

web/src/app/services/auth-service.service.ts

+import { HttpClient } from '@angular/common/http';
 import {Injectable} from '@angular/core';
 import {Observable, of} from 'rxjs';
 import {UserAuthRequest} from '../models/user-auth-request';
@@ -7,27 +8,27 @@ import {UserAuthRequest} from '../models/user-auth-request';
 })
 export class AuthServiceService {
 
+  readonly AUTH_URL: string = 'http://localhost:8080/pa165/auth/login';
+  readonly JWT: string = "JWT";
+
   authenticated: boolean = false;
   leagueManager: boolean = false;
   teamManager: boolean = false;
 
-  constructor() {
+  constructor(private http: HttpClient) {
   }
 
   authenticate(userAuthRequest: UserAuthRequest) {
-    let username = userAuthRequest.username;
-    let password = userAuthRequest.password;
-    if (username === "testteam" && password === "pass") {
-      this.authenticated = true;
-      this.teamManager = true;
-    }
-    if (username === "testleague" && password === "pass") {
-      this.authenticated = true;
-      this.leagueManager = true;
-    }
+    this.http.post(
+      this.AUTH_URL, 
+      userAuthRequest,
+      {responseType : 'text'}
+      )
+      .subscribe((response: string) => this.handleAuthResponse(response));
   }
 
   logOut(): Observable<boolean> {
+    localStorage.removeItem(this.JWT)
     this.authenticated = false;
     this.teamManager = false;
     this.leagueManager = false;
@@ -35,6 +36,7 @@ export class AuthServiceService {
   }
 
   isAuthenticated(): Observable<boolean> {
+    this.authenticated = localStorage.getItem(this.JWT) !== null;
     return of(this.authenticated);
   }
 
@@ -45,4 +47,16 @@ export class AuthServiceService {
   isTeamManager(): Observable<boolean> {
     return of(this.teamManager);
   }
+
+  handleAuthResponse(response: string) : void {
+    console.log("aaaaaaaaaaaaaaa");
+    let parts = response.split(" ");
+    let token = parts[1];
+    localStorage.setItem(this.JWT, token);
+  }
+
+  getBearerHeader(): string {
+    let token = localStorage.getItem(this.JWT);
+    return token !== null ? `Bearer ${token}` : "";
+  }
 }

web/src/app/services/team.service.ts

 import {Injectable} from '@angular/core';
-import {HttpClient} from '@angular/common/http';
+import {HttpClient, HttpErrorResponse, HttpHeaders} from '@angular/common/http';
+import {catchError, map} from 'rxjs/operators'; 
 
-import {Observable, of} from 'rxjs';
+import {EMPTY, Observable, of} from 'rxjs';
 import {AccessEnum} from '../models/access-enum';
 import {AssociatedTeam} from '../models/associated-team';
 import {CreateTeam} from '../models/create-team';
 
 import {Team} from '../models/team'
+import { AuthServiceService } from './auth-service.service';
 
 @Injectable({
   providedIn: 'root'
@@ -21,7 +23,12 @@ export class TeamService {
   getAllUrl: string = 'http://localhost:8080/pa165/api/public/team/all';
   createUrl: string = 'http://localhost:8080/pa165/api/manage/league/team/create';
 
-  constructor(private http: HttpClient) {
+  readonly GET_MANAGED_TEAM: string = 'http://localhost:8080/pa165/api/manage/team/team/get';
+
+  constructor(
+    private http: HttpClient,
+    private auth: AuthServiceService
+    ) {
   }
 
   getTeams(): Observable<Team[]> {
@@ -33,10 +40,23 @@ export class TeamService {
       .subscribe();
   }
 
-  getAssociatedTeam(): Observable<AssociatedTeam> {
-    return of({
-      stats: AccessEnum.OK,
-      team: this.teams[0]
-    });
+  getAssociatedTeam(): Observable<Team> {
+    const headerVal = this.auth.getBearerHeader();
+    return this.http.get<Team>(
+        this.GET_MANAGED_TEAM,
+        {
+          headers: {Authorization : headerVal}
+        }
+      );
+    // return of({
+    //   stats: AccessEnum.OK,
+    //   team: this.teams[0]
+    // });
   }
 }
+function mergeMap(arg0: (team: any) => void): import("rxjs").OperatorFunction<Team, unknown> {
+  throw new Error('Function not implemented.');
+}
+
+
+// mergeMap(team => {stats: AccessEnum.OK; team: team});
\ No newline at end of file