Merge branch 'swagger' into 'main'

add Swagger / OpenAPI #30

See merge request !24

pom.xml

@@ -74,6 +74,12 @@
             <version>3.16.1</version>
             <scope>test</scope>
         </dependency>
+        <!-- Aufrufbar unter http://localhost:8080/swagger-ui/index.html -->
+        <dependency>
+            <groupId>org.springdoc</groupId>
+            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+            <version>2.2.0</version>
+        </dependency>
     </dependencies>
 
     <build>

requests.http

@@ -17,6 +17,17 @@ content-type: application/json
   "password": "myPassword123"
 }
 
+###
+POST http://localhost:8080/api/v1/auth/register
+content-type: application/json
+
+{
+  "email": "lb210@hdm-stuttgart.de",
+  "firstname": "Lara",
+  "lastname": "Blersch",
+  "password": "Lara123"
+}
+
 ### Authenticate
 POST http://localhost:8080/api/v1/auth/authenticate
 content-type: application/json

src/main/java/hdm/mi/growbros/config/OpenApiConfig.java

+package hdm.mi.growbros.config;
+
+import io.swagger.v3.oas.models.Components;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
+import io.swagger.v3.oas.models.security.SecurityScheme;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+
+@Configuration
+public class OpenApiConfig {
+    @Bean
+    public OpenAPI customizeOpenAPI() {
+        final String securitySchemeName = "bearerAuth";
+        return new OpenAPI()
+                .info(new Info()
+                        .description("GrowBros API documentation.")
+                        .title("GrowBros")
+                        .version("1.0"))
+                .addSecurityItem(new SecurityRequirement()
+                        .addList(securitySchemeName))
+                .components(new Components()
+                        .addSecuritySchemes(securitySchemeName, new SecurityScheme()
+                                .name(securitySchemeName)
+                                .type(SecurityScheme.Type.HTTP)
+                                .scheme("bearer")
+                                .bearerFormat("JWT")));
+    }
+}

src/main/java/hdm/mi/growbros/security/SecurityConfiguration.java

@@ -13,7 +13,9 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
+import static hdm.mi.growbros.models.user.Role.ADMIN;
 import static org.springframework.boot.autoconfigure.security.servlet.PathRequest.toH2Console;
+import static org.springframework.security.authorization.AuthorityAuthorizationManager.hasRole;
 
 /**
  * Configuration of the filter chain.
@@ -36,6 +38,8 @@ public class SecurityConfiguration {
                         authorize
                                 .requestMatchers(toH2Console()).permitAll()
                                 .requestMatchers(mvc.pattern("/api/v1/auth/**")).permitAll()
+                                .requestMatchers(mvc.pattern("/swagger-ui/**")).permitAll()
+                                .requestMatchers(mvc.pattern("/v3/api-docs/**")).permitAll()
                                 .anyRequest().authenticated()
                 )
                 .headers(headers -> headers.frameOptions(
@@ -56,4 +60,10 @@ public class SecurityConfiguration {
         //see https://stackoverflow.com/questions/76809698/spring-security-method-cannot-decide-pattern-is-mvc-or-not-spring-boot-applicati
         return new MvcRequestMatcher.Builder(introspector);
     }
+
+    /*@Bean
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests().requestMatchers("/swagger-ui.html")
+                .access("hasRole('ROLE_ADMIN')");
+    }*/
 }