[SPD-6697] update user auth (#12)

java/Makefile

@@ -1,4 +1,4 @@
-VERSION?=1.0.4
+VERSION?=1.0.5
 REGISTRY?=gcr.io/speedscale-demos/java-server:${VERSION}
 NAMESPACE?=default
 

java/server/src/main/java/speedscale/server/SpaceX.java → java/server/src/main/java/speedscale/lib/SpaceX.java

@@ -1,4 +1,4 @@
-package speedscale.server;
+package speedscale.lib;
 
 import java.net.URI;
 import java.net.http.HttpClient;

java/server/src/main/java/speedscale/server/Treasury.java → java/server/src/main/java/speedscale/lib/Treasury.java

@@ -1,4 +1,4 @@
-package speedscale.server;
+package speedscale.lib;
 
 import java.net.URI;
 import java.net.http.HttpClient;

java/server/src/main/java/speedscale/lib/UserAuth.java

@@ -0,0 +1,9 @@
+package speedscale.lib;
+
+import speedscale.model.Login;
+
+public class UserAuth {
+    public static boolean validate(Login login) {
+        return true;
+    }
+}

java/server/src/main/java/speedscale/server/Controller.java

@@ -16,17 +16,13 @@
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
+import speedscale.lib.*;
 import speedscale.model.Login;
 import speedscale.model.TreasuryResponse;
 
 @RestController
 public class Controller {
 
-    @Value("${my.username}")
-    private String username;
-    @Value("${my.password}")
-    private String password;
-
     @Autowired
     TokenManager jwt;
 
@@ -42,24 +38,34 @@ public Map<String, String> health() {
     @PostMapping("/login")
     public Map<String, String> login(@RequestBody Login login) {
         Map<String, String> m = new HashMap<String, String>();
-        if (!username.equals(login.getUsername()) || !password.equals(login.getPassword())) {
+
+        // Check the user auth
+        boolean valid = UserAuth.validate(login);
+        if (!valid) {
             m.put("err", "invalid auth");
             return m;
         }
 
         m.put("access_token", jwt.generateHmacToken(login.getUsername()));
+        m.put("token_type", "Bearer");
+        m.put("expires_id", TokenManager.EXPIRATION_OFFSET + "");
         return m;
     }
 
     @PostMapping("/rsaToken")
     public Map<String, String> rsaToken(@RequestBody Login login) {
         Map<String, String> m = new HashMap<String, String>();
-        if (!username.equals(login.getUsername()) || !password.equals(login.getPassword())) {
+
+        // Check the user auth
+        boolean valid = UserAuth.validate(login);
+        if (!valid) {
             m.put("err", "invalid auth");
             return m;
         }
 
         m.put("access_token", jwt.generateRsaToken(login.getUsername()));
+        m.put("token_type", "Bearer");
+        m.put("expires_id", TokenManager.EXPIRATION_OFFSET + "");
         return m;
     }
 

java/server/src/main/java/speedscale/server/TokenManager.java

@@ -48,6 +48,8 @@ public class TokenManager {
 
     private MySigningKeyResolver resolver = new MySigningKeyResolver();
 
+    public static int EXPIRATION_OFFSET = 60 * 60 * 24 * 1000;
+
     public String generateHmacToken(String username) {
         Key hmacShaKey = Keys.hmacShaKeyFor(hmacSecret.getBytes());
         return makeBuilder(username)
@@ -100,7 +102,7 @@ private JwtBuilder makeBuilder(String username) {
             .setSubject(username)
             .setAudience("spacex-fans")
             .setIssuedAt(new Date(ts))
-            .setExpiration(new Date(ts + 60 * 60 * 24 * 1000))
+            .setExpiration(new Date(ts + EXPIRATION_OFFSET))
             .setNotBefore(new Date(ts - 60 * 60 * 1000));
     }
 

java/server/src/main/resources/application.properties

@@ -1,5 +1,3 @@
-my.username = admin
-my.password = pass
 my.hmacSecret = this-is-a-very-good-secret-jwt-key
 my.rsaPrivateKeyFile = tls.key
 my.rsaPublicKeyFile = tls.crt