Release v0.4 (#74)

* Roles and permissions integration with Spring Security (#37)

- Roles and permissions are integrated with spring security -- you can use `@PreAuthorize` with `hasRole`, `hasAuhtority`, etc. on our endpoints now 🎉.
- The POST `/api/products` endpoint has been secured🔒.
- Removed unecessary `level` property from the `roles_permissions` ❌.
- Added `RoleService`, which provides interface for creating roles, granting users etc., it also provides the default roles and injects them in `AuthService.register()` 🔑.
- Roles and permissions are included in the jwt access token (as claims) response -- `JwtService.generateToken` relies on `JwtUserClaims` object that may be created with `JwtClaimsService` 😺.
- Created `RoleServiceTest` 👩‍🔬.
- Provided additional tests to `AuthService` (testing the default roles injection), and `JwtService` (testing the new claims mechanism) 👩‍🔬.
- Added basic roles and permissions to the liquibase migration script 📝.
- Added mocked users -- one with `USER` role one with `MODERATOR` role into the liquibase migration script. It should make the testing more convenient, but we need to change it to the production only using liquibase contexts in the future 📝.

* Products paging (#44)

* Products paging

* Tests updated (paging)

* Prepare for CD (#53)

* Update application.properties

* Git queen zofia/31 (#51)

* Products paging

* Tests updated (paging)

* Liking products doesn't work :(

* Liking products works!!

* style.

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/ProductService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/ProductService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/ProductService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/UserService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/UserService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

---------

Co-authored-by: Jakub Żuchowski <[email protected]>

* Git queen zofia/32 (#52)

* Liking ingredients (beginning)

* Liking ingredients, adding allergens

* changelog added

* Update UserService.java

* Product volume should be of type `String` (#59)

* Update User.java

* Update Product.java

* Update FullProductDto.java

* Update ProductServiceTest.java

* Prepare CD workflow

* Update test.yml

* Backend CD (#61)

* Create test.yml

* Update test.yml

* Update test.yml

* Update test.yml

* Update test.yml

* Update docker.yml

* Update test.yml

* Update test.yml

* Update test.yml

* Update test.yml

* Update test.yml

* Update test.yml

* Update test.yml

* Update test.yml

* Rename test.yml to deploy.yml

* Git queen zofia/55 (#57)

* Liking ingredients (beginning)

* Liking ingredients, adding allergens

* changelog added

* imports

---------

Co-authored-by: Jakub Żuchowski <[email protected]>

* Git queen zofia/54 (#56)

* Products paging

* Tests updated (paging)

* Liking products doesn't work :(

* Liking products works!!

* style.

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/ProductService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/ProductService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/ProductService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/UserService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

* Update src/main/java/pl/edu/pw/mini/ingreedio/api/service/UserService.java

Co-authored-by: Jakub Żuchowski <[email protected]>

* Like products tests

* imports

---------

Co-authored-by: Jakub Żuchowski <[email protected]>

* simple ingredient search (#58)

* simple ingredient search

* Update IngredientService.java

---------

Co-authored-by: Jakub Żuchowski <[email protected]>

* Filtering, searching and sorting products (#70)

* Release v0.3 (#40)

* Update docker.yml

* Update docker.yml

* Update docker.yml

* MongoDB setup (#16)

* MongoDB!

* Dockerized tests

* Bug: wrong mongo port

* Username naming changed (#18)

* Update docker-compose.yml

* Products fetching (#20)

* Products fetching

* Update Application.run.xml

* style corrected

* tests corrected

* checkstyle

* Import the ingredients names to postgres db (#21)

* HelloWorldController hotfix

* Add roles and permissions tables and entities (#22)

* Added roles sql schema
* Added entites classes

---------

Co-authored-by: Jakub Żuchowski <[email protected]>

* Filtering of products (#23)

* Permitted POST requests to /api/products

* Filtering products by fields

* Checkstyle is persecuting me

* Some tests, filtering by ingredients with array

* Builder for criteria utilized, Checkstyle corrections

* Endpoint moving, small fixes. (#24)

Closes #19

* Removed searching (by keywords) from filtering, corrected tests (#26)

* Filtering products bugfixes (#28)

* New tests, attempt to solve bugs (failed :c)

* search + fixed tests

* Revert "Merge branch 'develop' into mslup/hotfix/3"

This reverts commit eb035d8, reversing
changes made to 943168d.

* Checkstyle corrections

---------

Co-authored-by: GitQueenZofia <[email protected]>
Co-authored-by: GitQueenZofia <[email protected]>

* Reviewdog setup (#38)

* Endpoint moving, small fixes.
Closes #19

* Reviewdog setup

* Update reviewdog.yml

* Version bump

* Update gradle.yml

---------

Co-authored-by: Marcin Słupczyński <[email protected]>
Co-authored-by: GitQueenZofia <[email protected]>
Co-authored-by: Michał Okurowski <[email protected]>
Co-authored-by: GitQueenZofia <[email protected]>

* Added 2 stages of searching

* Moved keywords creation logic

* Fixed paging

* matchScore works

* Styling fix

* Added TODO

* Added brand, provider and category to criteria

* Fixed tests

* Fixed styling issues

* Added suppress warnings to tests

* Added suppress warnings to tests 2

* Checkstyle

* Update Application.run.xml

* Fixed case sensitivity issues

* Fixed ProductsCriteriaService

* Added case sensitivity test

* Changed ingredients List to Set

* Upgrade Optional stream

Co-authored-by: Jakub Żuchowski <[email protected]>

* Comment typo fix

Co-authored-by: Jakub Żuchowski <[email protected]>

* Changed ProductCriteria to record

* Moved query to resource

* Json should be .json :)

* typo

* change the format also in test
im dumbo and i forgor

---------

Co-authored-by: Jakub Żuchowski <[email protected]>
Co-authored-by: Marcin Słupczyński <[email protected]>
Co-authored-by: GitQueenZofia <[email protected]>
Co-authored-by: GitQueenZofia <[email protected]>

* Version bump

---------

Co-authored-by: Michał Okurowski <[email protected]>
Co-authored-by: GitQueenZofia <[email protected]>
Co-authored-by: Marcin Słupczyński <[email protected]>
Co-authored-by: GitQueenZofia <[email protected]>

Author: 4 people

.github/workflows/deploy.yml

@@ -0,0 +1,68 @@
+on:
+  workflow_run:
+    workflows: ["Build and Prepare Docker Image"]
+    types:
+      - completed
+  workflow_dispatch:
+
+name: Deploy to Cloud Run
+
+env:
+  PROJECT_ID: able-balm-421213
+  GAR_LOCATION: europe-central2
+  SERVICE: ingreedio-api
+  REGION: europe-west1
+  REGISTRY: ghcr.io
+  IMAGE_NAME: java-dzgs/ingreedio-api
+
+jobs:
+  deploy:
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+      packages: 'write'
+      
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Docker auth for the GitHub Container registry
+        uses: docker/[email protected]
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          
+      - name: Pull latest develop Backend image
+        run: |-
+           docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:develop
+           docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:develop ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/docker-dev/ingreedio-api
+        
+      - name: Google auth
+        id: auth
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
+          service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+          
+      - name: Set up Cloud SDK
+        uses: 'google-github-actions/setup-gcloud@v1'
+        with:
+          project_id: '${{ env.PROJECT_ID }}'
+
+      - name: Docker auth for Cloud
+        run: |-
+          gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev
+          
+      - name: Docker push image to Cloud
+        run: |-
+          docker push ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/docker-dev/ingreedio-api
+          
+      - name: Deploy image to Cloud Run
+        id: deploy
+        uses: google-github-actions/deploy-cloudrun@v2
+        with:
+          service: ${{ env.SERVICE }}
+          region: ${{ env.REGION }}
+          image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/docker-dev/ingreedio-api:latest

.github/workflows/docker.yml

@@ -17,14 +17,6 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
-      # Checkout your repository content into GitHub Actions runner
-
-    # - name: Docker Compose
-    #   run: docker compose build
-    #   # Builds the Docker image
-
-    - name: Log in to registry
-      run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
 
     - name: Log in to the Container registry
       uses: docker/[email protected]
@@ -46,22 +38,3 @@ jobs:
         push: true
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
-
-    # - name: Save Docker image
-    #   run: docker save ingreedio-api-app -o api-image.tar
-    #   # Saves the Docker image as a tarball
-
-    # - name: Upload Docker image as an artifact
-    #   uses: actions/upload-artifact@v3
-    #   with:
-    #     name: api-docker-image
-    #     path: api-image.tar
-    #     retention-days: 7
-    # - uses: "marvinpinto/action-automatic-releases@latest"
-    #   with:
-    #     repo_token: "${{ secrets.GITHUB_TOKEN }}"
-    #     automatic_release_tag: "latest"
-    #     prerelease: true
-    #     title: "Automatic build"
-    #     files: |
-    #       api-image.tar

build.gradle

@@ -5,7 +5,7 @@ plugins {
 }
 
 group = 'pl.edu.pw.mini.ingreedio'
-version = 'v0.3'
+version = 'v0.4'
 
 java {
     sourceCompatibility = '21'
@@ -35,9 +35,11 @@ dependencies {
     runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.5'
     runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.5'
 
-
+    implementation 'com.google.cloud.sql:postgres-socket-factory:1.18.0'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'org.testcontainers:testcontainers'
+
+    testImplementation 'org.springframework.security:spring-security-test'
 }
 
 tasks.named('test') {

src/main/java/pl/edu/pw/mini/ingreedio/api/config/OpenApi30Configuration.java

@@ -14,6 +14,6 @@
         scheme = "bearer"
 )
 @OpenAPIDefinition(
-        info = @Info(title = "InGreed.io", version = "v0.3")
+        info = @Info(title = "InGreed.io", version = "v0.4")
 )
 public class OpenApi30Configuration {}

src/main/java/pl/edu/pw/mini/ingreedio/api/config/SecurityConfig.java

@@ -5,6 +5,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -15,10 +16,9 @@
 
 @Configuration
 @EnableWebSecurity
-//@EnableMethodSecurity
+@EnableMethodSecurity
 @RequiredArgsConstructor
 public class SecurityConfig {
-
     private final JwtAuthFilter jwtAuthFilter;
     private final AuthenticationProvider authenticationProvider;
 

src/main/java/pl/edu/pw/mini/ingreedio/api/controller/IngredientController.java

@@ -0,0 +1,109 @@
+package pl.edu.pw.mini.ingreedio.api.controller;
+
+import com.mongodb.event.CommandSucceededEvent;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import java.util.List;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import pl.edu.pw.mini.ingreedio.api.dto.IngredientDto;
+import pl.edu.pw.mini.ingreedio.api.dto.ProductDto;
+import pl.edu.pw.mini.ingreedio.api.model.Ingredient;
+import pl.edu.pw.mini.ingreedio.api.service.IngredientService;
+
+@RestController
+@RequestMapping("/api/ingredients")
+@RequiredArgsConstructor
+@Tag(name = "Ingredients" /*, description = "..."*/)
+public class IngredientController {
+    private final IngredientService ingredientService;
+
+    @Operation(summary = "Search ingredients",
+        description = "Search ingredients",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @GetMapping
+    public ResponseEntity<List<IngredientDto>> getIngredients(
+        @RequestParam int count,
+        @RequestParam(required = false) String query) {
+        String name = query != null ? query : "";
+        List<IngredientDto> matchingIngredients = ingredientService.getIngredients(name);
+        if (matchingIngredients.size() > count) {
+            matchingIngredients = matchingIngredients.subList(0, count);
+        }
+        return ResponseEntity.ok(matchingIngredients);
+    }
+
+    @Operation(summary = "Get liked ingredients",
+        description = "Get liked ingredients",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @GetMapping("/liked")
+    public ResponseEntity<List<IngredientDto>> getLikedIngredients() {
+        List<IngredientDto> likedIngredients = ingredientService.getLikedIngredients();
+        return ResponseEntity.ok(likedIngredients);
+    }
+
+    @Operation(summary = "Get allergens",
+        description = "Get allergens",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @GetMapping("/allergens")
+    public ResponseEntity<List<IngredientDto>> getAllergens() {
+        List<IngredientDto> allergens = ingredientService.getAllergens();
+        return ResponseEntity.ok(allergens);
+    }
+
+    @Operation(summary = "Like an ingredient",
+        description = "Like an ingredient",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @PostMapping("/{id}/likes")
+    public ResponseEntity<Void> likeIngredient(@PathVariable Long id) {
+        boolean likeSucceeded = ingredientService.likeIngredient(id);
+        if (likeSucceeded) {
+            return ResponseEntity.ok().build();
+        }
+        return ResponseEntity.notFound().build();
+    }
+
+    @Operation(summary = "Unlike ingredient",
+        description = "Unlike ingredient",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @DeleteMapping("/{id}/likes")
+    public ResponseEntity<Void> unlikeIngredient(@PathVariable Long id) {
+        boolean unlikeSucceeded = ingredientService.unlikeIngredient(id);
+        if (unlikeSucceeded) {
+            return ResponseEntity.ok().build();
+        }
+        return ResponseEntity.notFound().build();
+    }
+
+    @Operation(summary = "Add allergen",
+        description = "Add allergen",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @PostMapping("/{id}/allergens")
+    public ResponseEntity<Void> addAllergen(@PathVariable Long id) {
+        boolean addAllergenSucceeded = ingredientService.addAllergen(id);
+        if (addAllergenSucceeded) {
+            return ResponseEntity.ok().build();
+        }
+        return ResponseEntity.notFound().build();
+    }
+
+    @Operation(summary = "Remove allergen",
+        description = "Remove allergen",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @DeleteMapping("/{id}/allergens")
+    public ResponseEntity<Void> removeAllergen(@PathVariable Long id) {
+        boolean removeAllergenSucceeded = ingredientService.removeAllergen(id);
+        if (removeAllergenSucceeded) {
+            return ResponseEntity.ok().build();
+        }
+        return ResponseEntity.notFound().build();
+    }
+}

src/main/java/pl/edu/pw/mini/ingreedio/api/controller/ProductController.java

@@ -3,11 +3,15 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Optional;
+import java.util.Set;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -16,44 +20,54 @@
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
-import pl.edu.pw.mini.ingreedio.api.criteria.ProductFilterCriteria;
 import pl.edu.pw.mini.ingreedio.api.dto.FullProductDto;
-import pl.edu.pw.mini.ingreedio.api.dto.ProductDto;
+import pl.edu.pw.mini.ingreedio.api.dto.ProductListResponseDto;
 import pl.edu.pw.mini.ingreedio.api.model.Product;
+import pl.edu.pw.mini.ingreedio.api.service.PaginationService;
 import pl.edu.pw.mini.ingreedio.api.service.ProductService;
+import pl.edu.pw.mini.ingreedio.api.service.ProductsCriteriaService;
 
 @RestController
 @RequestMapping("/api/products")
 @RequiredArgsConstructor
 @Tag(name = "Products" /*, description = "..."*/)
 public class ProductController {
     private final ProductService productService;
+    private final PaginationService paginationService;
+    private final ProductsCriteriaService productsCriteriaService;
 
-    @Operation(summary = "Get matching products", description = "Get matching products")
+    @Operation(summary = "Get matching products",
+        description = "Get matching products",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
     @GetMapping
-    public ResponseEntity<List<ProductDto>> getProducts(
-        @RequestParam Optional<String> name,
-        @RequestParam Optional<String> provider,
-        @RequestParam Optional<String> brand,
-        @RequestParam Optional<Integer> volumeFrom,
-        @RequestParam Optional<Integer> volumeTo,
-        @RequestParam Optional<String[]> ingredients) {
-        List<ProductDto> products = productService.getProductsMatching(
-            ProductFilterCriteria.builder()
-                .name(name.orElse(null))
-                .provider(provider.orElse(null))
-                .brand(brand.orElse(null))
-                .volumeFrom(volumeFrom.orElse(null))
-                .volumeTo(volumeTo.orElse(null))
-                .ingredients(ingredients.orElse(null))
-                .build()
+    public ResponseEntity<ProductListResponseDto> getProducts(
+        @RequestParam("page-number") Optional<Integer> pageNumber,
+        @RequestParam("ingredients-exclude") Optional<Set<Long>> ingredientsToExclude,
+        @RequestParam("ingredients-include") Optional<Set<Long>> ingredientsToInclude,
+        @RequestParam("min-rating") Optional<Integer> minRating,
+        @RequestParam("phrase") Optional<String> phrase,
+        @RequestParam("sort-by") Optional<List<String>> sortBy,
+        @RequestParam("liked") Optional<Boolean> liked) {
+
+        ProductListResponseDto products = productService.getProductsMatchingCriteria(
+            productsCriteriaService.getProductsCriteria(
+                ingredientsToExclude,
+                ingredientsToInclude,
+                minRating,
+                phrase,
+                sortBy,
+                liked
+                // TODO: provider, brand, category
+            ),
+            paginationService.getPageRequest(pageNumber)
         );
 
         return ResponseEntity.ok(products);
     }
 
     @Operation(summary = "Get info of a specific product",
-        description = "Get info of a specific product")
+        description = "Get info of a specific product",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
     @GetMapping("/{id}")
     public ResponseEntity<FullProductDto> getProductById(@PathVariable Long id) {
         return productService.getProductById(id).map(ResponseEntity::ok)
@@ -63,11 +77,39 @@ public ResponseEntity<FullProductDto> getProductById(@PathVariable Long id) {
     @Operation(summary = "Add a product to the database",
         description = "Add a product to the database",
         security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @PreAuthorize("hasAuthority('ADD_PRODUCT')")
     @PostMapping
     @ResponseBody
     public ResponseEntity<Product> addProduct(@RequestBody Product product) {
         Product savedProduct = productService.addProduct(product);
         return new ResponseEntity<>(savedProduct, HttpStatus.CREATED);
     }
 
+    @Operation(summary = "",
+        description = "",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @PostMapping("/{id}/likes")
+    @ResponseBody
+    public ResponseEntity<Void> likeProduct(@PathVariable Long id) {
+        boolean likeSucceeded = productService.likeProduct(id);
+        if (likeSucceeded) {
+            return ResponseEntity.ok().build();
+        } else {
+            return ResponseEntity.notFound().build();
+        }
+    }
+
+    @Operation(summary = "",
+        description = "",
+        security = {@SecurityRequirement(name = "Bearer Authentication")})
+    @DeleteMapping("/{id}/likes")
+    @ResponseBody
+    public ResponseEntity<Void> unlikeProduct(@PathVariable Long id) {
+        boolean unlikeSucceeded = productService.unlikeProduct(id);
+        if (unlikeSucceeded) {
+            return ResponseEntity.ok().build();
+        } else {
+            return ResponseEntity.notFound().build();
+        }
+    }
 }