✨ Gestion des JsonWebToken

Sources/pom.xml

@@ -68,6 +68,11 @@
             <artifactId>ktor-server-content-negotiation-jvm</artifactId>
             <version>${ktor_version}</version>
         </dependency>
+        <dependency>
+            <groupId>io.ktor</groupId>
+            <artifactId>ktor-server-auth-jwt</artifactId>
+            <version>${ktor_version}</version>
+        </dependency>
         <dependency>
             <groupId>io.ktor</groupId>
             <artifactId>ktor-server-html-builder-jvm</artifactId>
@@ -105,6 +110,23 @@
             <artifactId>ktor-server-content-negotiation-jvm</artifactId>
             <version>${ktor_version}</version>
         </dependency>
+        <dependency>
+            <groupId>io.ktor</groupId>
+            <artifactId>ktor-server-auth-jvm</artifactId>
+            <version>2.3.4</version>
+            <scope>implementation</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.ktor</groupId>
+            <artifactId>ktor-server-auth-jwt-jvm</artifactId>
+            <version>2.3.4</version>
+            <scope>implementation</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>4.4.0</version>
+        </dependency>
     </dependencies>
     <build>
         <sourceDirectory>${project.basedir}/src/main/kotlin</sourceDirectory>

Sources/src/main/kotlin/allin/Application.kt

@@ -2,22 +2,47 @@ package allin
 
 import allin.routing.BasicRouting
 import allin.routing.UserRouter
+import allin.routing.tokenManager
+import com.auth0.jwt.JWT
+import com.auth0.jwt.algorithms.Algorithm
+import com.typesafe.config.ConfigFactory
 import io.ktor.http.*
 import io.ktor.serialization.kotlinx.json.*
 import io.ktor.server.application.*
+import io.ktor.server.application.*
+import io.ktor.server.auth.*
+import io.ktor.server.auth.*
+import io.ktor.server.auth.jwt.*
+import io.ktor.server.config.*
 import io.ktor.server.engine.*
 import io.ktor.server.netty.*
 import io.ktor.server.plugins.contentnegotiation.*
 import io.ktor.server.response.*
+import io.ktor.server.response.*
 import io.ktor.server.routing.*
+import io.ktor.server.routing.*
+import allin.utils.TokenManager
 
 fun main() {
-    embeddedServer(Netty,port=8080,host="0.0.0.0"){
+    embeddedServer(Netty, port = 8080, host = "0.0.0.0") {
         extracted()
     }.start(wait = true)
 }
 
 private fun Application.extracted() {
+    val config=HoconApplicationConfig(ConfigFactory.load())
+    val tokenManager= TokenManager(config)
+    authentication {
+        jwt {
+            verifier(tokenManager.verifyJWTToken())
+            realm=config.property("realm").getString()
+            validate { jwtCredential ->
+                if(jwtCredential.payload.getClaim("username").asString().isNotEmpty())
+                    JWTPrincipal(jwtCredential.payload)
+                else null
+            }
+        }
+    }
     install(ContentNegotiation) {
         json()
     }

Sources/src/main/kotlin/allin/model/User.kt

@@ -3,12 +3,7 @@ package allin.model
 import kotlinx.serialization.Serializable
 
 @Serializable
-data class User(val username: String, val email: String, val password: String, var nbCoins: Int = 1000)
+data class User(val username: String, val email: String, val password: String, var nbCoins: Int = 1000, var token: String? = null)
 
 @Serializable
 data class CheckUser(val login: String,val password: String)
-
-fun isEmailValid(email: String): Boolean {
-    val emailRegex = Regex("^[A-Za-z0-9+_.-]+@(.+)$")
-    return !emailRegex.matches(email)
-}

Sources/src/main/kotlin/allin/routing/UserRouter.kt

@@ -2,23 +2,28 @@ package allin.routing
 
 import allin.model.CheckUser
 import allin.model.User
-import allin.model.isEmailValid
+import com.typesafe.config.ConfigFactory
-import io.ktor.client.utils.*
 import io.ktor.http.*
 import io.ktor.server.application.*
+import io.ktor.server.auth.*
+import io.ktor.server.auth.jwt.*
+import io.ktor.server.config.*
 import io.ktor.server.request.*
 import io.ktor.server.response.*
 import io.ktor.server.routing.*
+import allin.utils.RegexChecker
+import allin.utils.TokenManager
 
 val users = mutableListOf<User>()
-
+val tokenManager= TokenManager(HoconApplicationConfig(ConfigFactory.load()))
+val RegexChecker= RegexChecker()
 fun Application.UserRouter() {
 
     routing {
         route("/users/register"){
             post {
                 val TempUser = call.receive<User>()
-                if (isEmailValid(TempUser.email)){
+                if (RegexChecker.isEmailInvalid(TempUser.email)){
                     call.respond(HttpStatusCode.Forbidden,"Input a valid mail !")
                 }
                 val user = users.find { it.username == TempUser.username || it.email == TempUser.email }
@@ -35,6 +40,7 @@ fun Application.UserRouter() {
                 val checkUser = call.receive<CheckUser>()
                 val user = users.find { it.username == checkUser.login || it.email == checkUser.login }
                 if (user != null && user.password == checkUser.password) {
+                    user.token=tokenManager.generateJWTToken(user)
                     call.respond(HttpStatusCode.OK, user)
                 } else {
                     call.respond(HttpStatusCode.NotFound,"Login and/or password incorrect.")
@@ -54,7 +60,19 @@ fun Application.UserRouter() {
                 }
             }
         }
+
+        authenticate {
+            get("/users/token") {
+                val principal = call.principal<JWTPrincipal>()
+                val username = principal!!.payload.getClaim("username").asString()
+                val user = users.find { it.username == username }
+                if (user != null) {
+                    call.respond(HttpStatusCode.OK, user)
+                } else {
+                    call.respond(HttpStatusCode.NotFound, "User not found with the valid token !")
+                }
+            }
+        }
+
     }
 }
-// REGISTER 201 created 400 bad request
-// LOGIN 200 OK 404

Sources/src/main/kotlin/allin/utils/RegexChecker.kt

@@ -0,0 +1,13 @@
+package allin.utils
+
+class RegexChecker {
+
+    private val emailRegex="^[A-Za-z0-9+_.-]+@(.+)$"
+
+
+    fun isEmailInvalid(email: String): Boolean {
+        val emailRegex = Regex(emailRegex)
+        return !emailRegex.matches(email)
+    }
+
+}

Sources/src/main/kotlin/allin/utils/TokenManager.kt

@@ -0,0 +1,33 @@
+package allin.utils
+
+import allin.model.User
+import com.auth0.jwt.JWT
+import com.auth0.jwt.JWTVerifier
+import com.auth0.jwt.algorithms.Algorithm
+import io.ktor.server.config.*
+import java.util.*
+
+class TokenManager (val config: HoconApplicationConfig){
+
+    val audience=config.property("audience").getString()
+    val secret=config.property("secret").getString()
+    val issuer=config.property("issuer").getString()
+    val expirationDate = System.currentTimeMillis() + 60000
+    fun generateJWTToken(user : User): String {
+
+        val token = JWT.create()
+            .withAudience(audience)
+            .withIssuer(issuer)
+            .withClaim("username", user.username)
+            .withExpiresAt(Date(expirationDate))
+            .sign(Algorithm.HMAC256(secret))
+        return token
+    }
+
+    fun verifyJWTToken(): JWTVerifier{
+        return JWT.require(Algorithm.HMAC256(secret))
+            .withAudience(audience)
+            .withIssuer(issuer)
+            .build()
+    }
+}