Some improvements:

* Switches to PostgreSQL * Added Minio storage * Added attachments to properties * Introduced DTOs for improved security
2025-09-03 15:40:26 +02:00
parent 9735f1f398
commit 5eb6b6e738
26 changed files with 879 additions and 67 deletions
--- a/src/main/java/de/iwomm/propify_api/security/CorsConfig.java
+++ b/src/main/java/de/iwomm/propify_api/security/CorsConfig.java
@@ -1,14 +1,9 @@
 package de.iwomm.propify_api.security;

-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

-import java.util.ArrayList;
-import java.util.List;
-
@Configuration
 public class CorsConfig implements WebMvcConfigurer {
    private final CorsProperties corsProperties;
@@ -21,7 +16,7 @@ public class CorsConfig implements WebMvcConfigurer {
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**") // Apply rules to all endpoints
                .allowedOrigins(corsProperties.getAllowedOrigins().toArray(new String[0])) // This targets the frontend app's URLs (you can allow multiple URLs, e.g. "http://localhost:4200,http://example.com"
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                .allowedMethods("GET", "POST", "PATCH", "PUT", "DELETE", "OPTIONS")
                .allowedHeaders(corsProperties.getAllowedHeaders())
                .allowCredentials(true); // Allow cookies and authentication headers
    }
--- a/src/main/java/de/iwomm/propify_api/security/KeycloakRoleConverter.java
+++ b/src/main/java/de/iwomm/propify_api/security/KeycloakRoleConverter.java
@@ -14,17 +14,17 @@ public class KeycloakRoleConverter implements Converter<Jwt, Collection<GrantedA

    @Override
    public Collection<GrantedAuthority> convert(Jwt jwt) {
-        // Holen Sie sich das "realm_access" Feld aus dem Token
+        // Get the "realm_access" field from token
        Map<String, Object> realmAccess = (Map<String, Object>) jwt.getClaims().get("realm_access");

        if (realmAccess == null || realmAccess.isEmpty()) {
            return List.of();
        }

-        // Holen Sie sich die Liste der Rollen
+        // Get list of roles
        List<String> roles = (List<String>) realmAccess.get("roles");

-        // Konvertieren Sie die Rollen in Spring Security GrantedAuthority-Objekte
+        // KConvert roles to Spring Security GrantedAuthority-Objects
        return roles.stream()
                .map(roleName -> "ROLE_" + roleName.toUpperCase()) // Empfohlene Namenskonvention
                .map(SimpleGrantedAuthority::new)
--- a/src/main/java/de/iwomm/propify_api/security/SecurityConfig.java
+++ b/src/main/java/de/iwomm/propify_api/security/SecurityConfig.java
@@ -9,7 +9,6 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
@@ -36,7 +35,7 @@ public class SecurityConfig {
        return http.build();
    }

-    // Konvertiert die Keycloak-Rollen (im JWT) in Spring Security Authorities
+    // Convert Keycloak-Roles (in JWT) in Spring Security Authorities
    private JwtAuthenticationConverter jwtAuthenticationConverter() {
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new KeycloakRoleConverter());