Dev oracle

.github/workflows/deploy.yml

@@ -0,0 +1,80 @@
+name: Deploy to Oracle Cloud VM
+
+on:
+  push:
+    branches:
+      - dev_oracle
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    env:
+      OCI_HOST: ${{ secrets.OCI_HOST }}
+      OCI_USERNAME: ${{ secrets.OCI_USERNAME }}
+      REPO_NAME: ${{ github.repository }}
+      API_ENV_CONTENT: ${{ secrets.API_ENV_CONTENT }}
+      SOCIAL_ENV_CONTENT: ${{ secrets.SOCIAL_ENV_CONTENT }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Configure SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.OCI_SSH_KEY }}" | tr -d '\r' > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          echo "Host *" > ~/.ssh/config
+          echo "  StrictHostKeyChecking no" >> ~/.ssh/config
+          echo "  UserKnownHostsFile /dev/null" >> ~/.ssh/config
+
+      - name: Create temp .env files
+        run: |
+          echo "$API_ENV_CONTENT" > api.env
+          echo "$SOCIAL_ENV_CONTENT" > social.env
+
+      - name: Upload .env files to Oracle VM
+        run: |
+          scp -i ~/.ssh/id_rsa api.env $OCI_USERNAME@$OCI_HOST:/home/$OCI_USERNAME/app/api-service/.env
+          scp -i ~/.ssh/id_rsa social.env $OCI_USERNAME@$OCI_HOST:/home/$OCI_USERNAME/app/social-media-service/.env
+
+      - name: Deploy to Oracle Cloud Instance
+        run: |
+          ssh -i ~/.ssh/id_rsa $OCI_USERNAME@$OCI_HOST <<EOF
+            set -e
+
+            echo "🔄 Updating packages..."
+            sudo dnf update -y
+
+            echo "🐳 Starting Docker..."
+            sudo systemctl start docker || true
+            sudo systemctl enable docker || true
+
+            echo "🧹 Preparing app directory..."
+            APP_DIR="/home/$OCI_USERNAME/app"
+            sudo rm -rf "\$APP_DIR"
+            mkdir -p "\$APP_DIR"
+            cd "\$APP_DIR"
+
+            echo "📥 Cloning latest code..."
+            git clone --branch dev_oracle https://github.com/$REPO_NAME.git .
+
+            echo "📦 Verifying uploaded .env files..."
+            ls -l ./api-service/.env || echo "❌ Missing API .env"
+            ls -l ./social-media-service/.env || echo "❌ Missing Social .env"
+
+            echo "📦 Showing contents..."
+            cat ./api-service/.env || echo "❌ Can't read API .env"
+            cat ./social-media-service/.env || echo "❌ Can't read Social .env"
+
+            echo "🧹 Stopping containers..."
+            docker-compose -f deploy/docker-compose.yml down || true
+
+            echo "🚀 Running deploy.sh..."
+            chmod +x ./deploy.sh
+            ./deploy.sh --up
+
+            echo "🧼 Cleaning Docker..."
+            docker system prune -f || true
+          EOF

.gitignore

@@ -0,0 +1,51 @@
+# General
+.idea/
+.gradle/
+build/
+gradle/
+bin/
+out/
+KEYCLOAK_QUICK_SETUP.txt
+
+# IntelliJ IDEA
+*.iws
+*.iml
+*.ipr
+/shelf/
+/workspace.xml
+/httpRequests/
+/mavenHomeManager.xml
+/dataSources/
+/dataSources.local.xml
+
+# STS
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+# NetBeans
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+
+# VS Code
+.vscode/
+
+# Specific to planning-service
+planning-service/HELP.md
+planning-service/secret_keys.txt
+
+# Negations (keep these at the end)
+!gradle/wrapper/gradle-wrapper.jar
+!**/src/main/**/build/
+!**/src/test/**/build/
+!**/src/main/**/bin/
+!**/src/test/**/bin/
+!**/src/main/**/out/
+!**/src/test/**/out/

README.md

@@ -1 +1,8 @@
-# GoTogether-backend
+# GoTogether-backend
+
+
+docker compose exec keycloak /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin
+
+docker compose exec keycloak /opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE
+
+http://localhost:8081/admin

api-gateway/Dockerfile.kong-oidc

@@ -0,0 +1,46 @@
+# FROM kong:3.5
+
+# USER root
+
+# # Install build tools and LuaRocks dependencies
+# RUN apt-get update && \
+#     apt-get install -y --no-install-recommends \
+#         build-essential \
+#         git \
+#         unzip \
+#         luarocks \
+#         libssl-dev && \
+#     rm -rf /var/lib/apt/lists/*
+
+# # Install luaossl with OpenSSL 1.1/3 support
+# RUN luarocks install https://luarocks.org/luaossl-20220711-0.src.rock \
+#     CRYPTO_INCDIR=/usr/include \
+#     CRYPTO_LIBDIR=/usr/lib/x86_64-linux-gnu \
+#     OPENSSL_INCDIR=/usr/include \
+#     OPENSSL_LIBDIR=/usr/lib/x86_64-linux-gnu
+
+# # Install Lua dependencies manually using correct rockspecs (avoids manifest issues)
+# RUN luarocks install https://raw.githubusercontent.com/SkyLothar/lua-resty-jwt/master/lua-resty-jwt-0.2.0-1.rockspec && \
+#     luarocks install https://raw.githubusercontent.com/bungle/lua-resty-session/master/lua-resty-session-3.8-1.rockspec && \
+#     luarocks install https://raw.githubusercontent.com/zmartzone/lua-resty-openidc/master/lua-resty-openidc-1.7.4-1.rockspec
+
+# # Install kong-oidc plugin
+# RUN git clone --branch v1.2.3-2 https://github.com/revomatico/kong-oidc.git && \
+#     cd kong-oidc && luarocks make && cd .. && rm -rf kong-oidc
+
+# # Install jwt-keycloak plugin
+# RUN git clone --branch 20200505-access-token-processing https://github.com/BGaunitz/kong-plugin-jwt-keycloak.git && \
+#     cd kong-plugin-jwt-keycloak && luarocks make && cd .. && rm -rf kong-plugin-jwt-keycloak
+
+# # Optional: Add your own plugin if needed
+# COPY keycloak-introspection /usr/local/share/lua/5.1/kong/plugins/keycloak-introspection
+
+# # Copy your Kong configuration
+# COPY config/kong.conf /etc/kong/kong.conf
+
+# USER kong
+
+FROM kong:3.5
+
+# Switch to the kong user
+USER kong

api-gateway/README.txt

@@ -0,0 +1,7 @@
+1. Run the scripts in sequence
+2. Use user with administrator access (Windows) or root access (Mac / Linux)
+3. You don't have to use "root" for Mac / Linux, user with "sudo" access will do
+   In such case, you need to add "sudo" for each scripts
+   Example:
+
+   $> sudo docker network create --subnet=172.1.1.0/24 kong-net

api-gateway/config/kong.conf

@@ -0,0 +1,18 @@
+# config/kong.conf
+database = postgres
+pg_host = kong-database
+pg_user = kong
+pg_password = mykongpassword
+pg_database = kong
+
+plugins = bundled,keycloak-introspection
+
+admin_listen = 0.0.0.0:8001
+proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl
+
+client_id = kong-oidc
+client_secret = xxxxxxxx
+realm = kong
+discovery = http://keycloak:8080/realms/kong/.well-known/openid-configuration
+scope = openid
+redirect_after_logout_uri = https://localhost/auth/realms/kong/protocol/openid-connect/logout?redirect_uri=https://localhost

api-gateway/docker-compose.yml

@@ -0,0 +1,89 @@
+version: "3"
+
+x-kong-env: &kong-env
+  KONG_DATABASE: postgres
+  KONG_PG_DATABASE: kong
+  KONG_PG_HOST: kong-database
+  KONG_PG_USER: kong
+  KONG_PG_PASSWORD: kong
+
+volumes:
+  kong_data: {}
+  kong_prefix_vol:
+    driver_opts:
+      type: tmpfs
+      device: tmpfs
+  kong_tmp_vol:
+    driver_opts:
+      type: tmpfs
+      device: tmpfs
+
+networks:
+  kong-net:
+    ipam:
+      config:
+        - subnet: 172.1.1.0/24
+
+services:
+  kong-database:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_DB: kong
+      POSTGRES_USER: kong
+      POSTGRES_PASSWORD: kong
+    volumes:
+      - kong_data:/var/lib/postgresql/data
+    networks:
+      - kong-net
+    healthcheck:
+      test: ["CMD", "pg_isready", "-d", "kong", "-U", "kong"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    restart: unless-stopped
+
+  kong-migrations:
+    image: kong:3.5
+    command: kong migrations bootstrap
+    environment:
+      <<: *kong-env
+    networks:
+      - kong-net
+    depends_on:
+      - kong-database
+    restart: on-failure
+
+  kong:
+    image: kong:3.5
+    user: kong
+    environment:
+      <<: *kong-env
+      KONG_ADMIN_ACCESS_LOG: /dev/stdout
+      KONG_ADMIN_ERROR_LOG: /dev/stderr
+      KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 ssl
+      KONG_ADMIN_LISTEN: 0.0.0.0:8001
+      KONG_ADMIN_GUI_LISTEN: 0.0.0.0:8002
+      KONG_PROXY_ACCESS_LOG: /dev/stdout
+      KONG_PROXY_ERROR_LOG: /dev/stderr
+      KONG_PREFIX: /var/run/kong
+      KONG_TRACING_INSTRUMENTATIONS: request
+    ports:
+      - "8000:8000"
+      - "8443:8443"
+      - "8001:8001"
+      - "8444:8444"
+      - "8002:8002"
+    networks:
+      - kong-net
+    healthcheck:
+      test: ["CMD", "kong", "health"]
+      interval: 10s
+      timeout: 10s
+      retries: 10
+    restart: on-failure
+    read_only: true
+    volumes:
+      - kong_prefix_vol:/var/run/kong
+      - kong_tmp_vol:/tmp
+    security_opt:
+      - no-new-privileges

api-gateway/keycloak-introspection/handler.lua

@@ -0,0 +1,80 @@
+-- keycloak-introspection/handler.lua
+
+local http = require("resty.http")
+local cjson = require("cjson")
+
+local KeycloakIntrospectionHandler = {
+  VERSION  = "1.0.0",
+  PRIORITY = 10,
+}
+
+function KeycloakIntrospectionHandler:access(config)
+
+    -- Get the access token from the request headers
+    --local access_token = ngx.req.get_headers()["Authorization"]
+    local access_token= ngx.var.http_authorization
+
+    if not access_token then
+        ngx.log(ngx.ERR, "Access token not found in request headers")
+        return ngx.exit(ngx.HTTP_UNAUTHORIZED)
+    end
+    -- Introspect the access token with Keycloak
+
+    local introspection_url = config.keycloak_introspection_url
+    --local access_token = ngx.var.http_authorization
+    local httpc = http.new()
+
+
+     local headers = {
+     ["Content-Type"] = "application/x-www-form-urlencoded",
+        ["Authorization"] = "Basic " .. ngx.encode_base64(config.client_id .. ":" .. config.client_secret),
+     } 
+
+    local body = "token=" .. access_token
+
+    local request_options = {
+     method = "POST",
+     body = body,
+     headers = headers,
+    }
+
+    local res, err = httpc:request_uri(introspection_url, request_options)
+
+    ngx.log(ngx.NOTICE, "Entering access function")
+    ngx.log(ngx.NOTICE, "body ", cjson.encode(request_options))
+    ngx.log(ngx.NOTICE, "Plugin Configuration :", cjson.encode(config))
+
+
+
+
+    if not res then
+        ngx.log(ngx.ERR, "Failed to introspect token: ", err)
+        return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+    end
+
+    if res.status ~= 200 then
+        ngx.log(ngx.ERR, "Token introspection failed with status: ", res.status)
+        return ngx.exit(ngx.HTTP_UNAUTHORIZED)
+    end
+
+    -- Parse the introspection response
+    local introspection_result = cjson.decode(res.body)
+    ngx.log(ngx.NOTICE, "Introspection result: ", res.body)
+
+    -- Check if the token is active
+    if not introspection_result.active then
+        ngx.log(ngx.ERR, "Access token is not active")
+        return ngx.exit(ngx.HTTP_UNAUTHORIZED)
+    end
+
+    -- Add introspection result to request headers
+    ngx.req.set_header("X-User-Id", introspection_result.sub)
+    ngx.req.set_header("X-Username", introspection_result.username)
+
+    ngx.log(ngx.INFO, "Token introspection successful")
+
+    -- Close the HTTP connection
+    httpc:close()
+end
+
+return KeycloakIntrospectionHandler