allow SSE endpoint

backend/src/main/kotlin/fr/gouv/cacem/monitorenv/config/OIDCProperties.kt

@@ -9,4 +9,5 @@ class OIDCProperties {
     var enabled: Boolean? = false
     var userinfoEndpoint: String? = null
     var issuerUri: String? = null
+    var cacheInMinutes: Int = 120
 }

backend/src/main/kotlin/fr/gouv/cacem/monitorenv/config/SecurityConfig.kt

@@ -26,15 +26,7 @@ class SecurityConfig(
         http
             .csrf { it.disable() }
             .authorizeHttpRequests { authorize ->
-                if (oidcProperties.enabled == null || oidcProperties.enabled == false) {
-                    logger.warn(
-                        """
-                        ⚠️   WARNING ⚠️   - OIDC Authentication is NOT enabled.
-                        """.trimIndent(),
-                    )
-
-                    authorize.requestMatchers("/**").permitAll()
-                } else {
+                if (oidcProperties.enabled == true) {
                     logger.info(
                         """
                         ✅ OIDC Authentication is enabled.
@@ -61,18 +53,28 @@ class SecurityConfig(
                         "/api/**",
                         "/version",
                         // TODO: secure SSE endpoints
-                        "/bff/v1/reportings/sse/**",
-                        "/api/v1/missions/sse/**",
+                        "/bff/reportings/sse/**",
                     ).permitAll()
                         .anyRequest()
                         .authenticated()
+                } else {
+                    logger.warn(
+                        """
+                        ⚠️   WARNING ⚠️   - OIDC Authentication is NOT enabled.
+                        """.trimIndent(),
+                    )
+
+                    authorize.requestMatchers("/**").permitAll()
                 }
-            }.oauth2ResourceServer {
-                    oauth2ResourceServer ->
+            }
+
+        if (oidcProperties.enabled == true) {
+            http.oauth2ResourceServer { oauth2ResourceServer ->
                 oauth2ResourceServer
                     .jwt(Customizer.withDefaults())
                     .authenticationEntryPoint(authenticationEntryPoint)
             }
+        }
 
         return http.build()
     }

backend/src/main/kotlin/fr/gouv/cacem/monitorenv/infrastructure/api/endpoints/bff/v1/reportings/Reportings.kt

@@ -31,8 +31,9 @@ import org.springframework.web.bind.annotation.RestController
 import org.springframework.web.servlet.mvc.method.annotation.SseEmitter
 import java.time.ZonedDateTime
 
+// TODO: remove "/v1" from the path for BFF (BFF endpoints should not be versionned)
 @RestController
-@RequestMapping("/bff/v1/reportings")
+@RequestMapping("/bff")
 @Tag(description = "API des Signalements", name = "BFF.Reportings")
 class Reportings(
     private val createOrUpdateReporting: CreateOrUpdateReporting,
@@ -44,14 +45,14 @@ class Reportings(
     private val sseReporting: SSEReporting,
 ) {
 
-    @PutMapping(value = ["/archive"])
+    @PutMapping(value = ["/v1/reportings/archive"])
     @Operation(summary = "Archive multiple reportings")
     @ResponseStatus(HttpStatus.NO_CONTENT)
     fun archiveReportings(@RequestBody ids: List<Int>) {
         archiveReportings.execute(ids)
     }
 
-    @PutMapping("", consumes = ["application/json"])
+    @PutMapping("/v1/reportings", consumes = ["application/json"])
     @Operation(summary = "Create a new reporting")
     @ResponseStatus(HttpStatus.CREATED)
     fun create(
@@ -62,7 +63,7 @@ class Reportings(
         return ReportingDataOutput.fromReportingDTO(createdReporting)
     }
 
-    @DeleteMapping(value = ["/{id}"])
+    @DeleteMapping(value = ["/v1/reportings/{id}"])
     @Operation(summary = "Delete a reporting")
     @ResponseStatus(HttpStatus.NO_CONTENT)
     fun delete(
@@ -73,14 +74,14 @@ class Reportings(
         deleteReporting.execute(id = id)
     }
 
-    @PutMapping(value = ["/delete"])
+    @PutMapping(value = ["/v1/reportings/delete"])
     @Operation(summary = "Delete multiple reportings")
     @ResponseStatus(HttpStatus.NO_CONTENT)
     fun deleteReportings(@RequestBody ids: List<Int>) {
         deleteReportings.execute(ids)
     }
 
-    @GetMapping("/{id}")
+    @GetMapping("/v1/reportings/{id}")
     @Operation(summary = "Get reporting by id")
     fun get(
         @PathParam("reporting id")
@@ -90,7 +91,7 @@ class Reportings(
         return getReportingById.execute(id).let { ReportingDataOutput.fromReportingDTO(it) }
     }
 
-    @GetMapping("")
+    @GetMapping("/v1/reportings")
     @Operation(summary = "Get reportings")
     fun getAll(
         @Parameter(description = "Is Attached to mission")
@@ -145,7 +146,7 @@ class Reportings(
             .map { ReportingsDataOutput.fromReportingDTO(it) }
     }
 
-    @PutMapping(value = ["/{id}"], consumes = ["application/json"])
+    @PutMapping(value = ["/v1/reportings/{id}"], consumes = ["application/json"])
     @Operation(summary = "update a reporting")
     fun update(
         @PathParam("reporting id")
@@ -163,7 +164,8 @@ class Reportings(
     /**
      * This method create the connexion to the frontend (with EventSource)
      */
-    @GetMapping(value = ["/sse"], produces = [MediaType.TEXT_EVENT_STREAM_VALUE])
+    // TODO: secure SSE endpoint with JWT authentication
+    @GetMapping(value = ["/reportings/sse"], produces = [MediaType.TEXT_EVENT_STREAM_VALUE])
     fun createReportingSSE(): SseEmitter {
         return sseReporting.registerListener()
     }

backend/src/main/kotlin/fr/gouv/cacem/monitorenv/infrastructure/cache/CaffeineConfiguration.kt

@@ -2,6 +2,7 @@ package fr.gouv.cacem.monitorenv.infrastructure.cache
 
 import com.github.benmanes.caffeine.cache.Caffeine
 import com.github.benmanes.caffeine.cache.Ticker
+import fr.gouv.cacem.monitorenv.config.OIDCProperties
 import org.springframework.cache.CacheManager
 import org.springframework.cache.annotation.EnableCaching
 import org.springframework.cache.caffeine.CaffeineCache
@@ -12,15 +13,17 @@ import java.util.concurrent.TimeUnit
 
 @EnableCaching
 @Configuration
-class CaffeineConfiguration {
+class CaffeineConfiguration(
+    private val oidcProperties: OIDCProperties,
+) {
 
     val userAuthorization = "user_authorization"
 
     @Bean
     fun cacheManager(ticker: Ticker): CacheManager? {
-        val twoHours = 120
+        val cacheInMinutes = oidcProperties.cacheInMinutes
 
-        val userAuthorizationCache = buildMinutesCache(userAuthorization, ticker, twoHours)
+        val userAuthorizationCache = buildMinutesCache(userAuthorization, ticker, cacheInMinutes)
 
         val manager = SimpleCacheManager()
         manager.setCaches(

backend/src/main/resources/application.properties

@@ -46,6 +46,8 @@ monitorenv.api.protected.api-key=${monitorenv.api.protected.api-key}
 
 # OIDC Ressource server
 spring.security.oauth2.resourceserver.jwt.issuer-uri=${monitorenv.oidc.issuer-uri}
+monitorenv.oidc.cache-in-minutes=${monitorenv.oidc.cache-in-minutes}
 monitorenv.oidc.enabled=${monitorenv.oidc.enabled}
 monitorenv.oidc.issuer-uri=${monitorenv.oidc.issuer-uri}
 monitorenv.oidc.userinfo-endpoint=${monitorenv.oidc.userinfo-endpoint}
+

backend/src/test/kotlin/fr/gouv/cacem/monitorenv/infrastructure/api/endpoints/bff/ReportingsITests.kt

@@ -553,7 +553,7 @@ class ReportingsITests {
         // Then
         val missionUpdateEvent =
             mockedApi
-                .perform(get("/bff/v1/reportings/sse"))
+                .perform(get("/bff/reportings/sse"))
                 .andExpect(status().isOk)
                 .andExpect(MockMvcResultMatchers.request().asyncStarted())
                 .andExpect(

frontend/src/features/Reportings/components/ReportingForm/hooks/useListenReportingEventUpdates.ts

@@ -4,7 +4,7 @@ import { useEffect, useRef } from 'react'
 
 import { reportingEventListener } from '../sse'
 
-const REPORTING_UPDATES_URL = `/bff/v1/reportings/sse`
+const REPORTING_UPDATES_URL = `/bff/reportings/sse`
 const REPORTING_UPDATE_EVENT = `REPORTING_UPDATE`
 
 export function useListenReportingEventUpdates() {

infra/.env.example

@@ -47,6 +47,7 @@ MONITORFISH_API_KEY=""
 # OICD
 MONITORENV_OIDC_ENABLED=false
 MONITORENV_OIDC_AUTHORITY=https://authentification.recette.din.developpement-durable.gouv.fr/authSAML/oidc/monitorenv
+MONITORENV_OIDC_CACHE_IN_MINUTES=120
 FRONTEND_OIDC_AUTHORITY=${MONITORENV_OIDC_AUTHORITY}
 FRONTEND_OIDC_CLIENT_ID=monitorenv
 FRONTEND_OIDC_ENABLED=${MONITORENV_OIDC_ENABLED}

infra/configurations/backend/application-dev.properties

@@ -17,9 +17,9 @@ monitorenv.oidc.enabled=false
 monitorenv.oidc.issuer-uri=http://localhost:8085/realms/monitor
 monitorenv.oidc.userinfo-endpoint=/protocol/openid-connect/userinfo
 
-monitorenv.api.protected.paths=/bff/*
+monitorenv.api.protected.paths=/bff/v1/*
 # Super-user paths of type /** are not supported
-monitorenv.api.protected.super-user-paths=/bff/v1/*
+monitorenv.api.protected.super-user-paths=/bff/v1/missions/*,/bff/v1/reportings/*,/bff/v1/semaphores/*,/bff/v1/stations/*
 monitorenv.api.protected.public-paths=/api/v1/authorization/management/*
 
 monitorenv.api.protected.api-key=DUMMY-API-KEY

infra/configurations/backend/application-integration.properties

@@ -14,9 +14,9 @@ monitorenv.oidc.enabled=false
 monitorenv.oidc.issuer-uri=http://localhost:8085/realms/monitor
 monitorenv.oidc.userinfo-endpoint=/protocol/openid-connect/userinfo
 
-monitorenv.api.protected.paths=/bff/*
+monitorenv.api.protected.paths=/bff/v1/*
 # Super-user paths of type /** are not supported
-monitorenv.api.protected.super-user-paths=/bff/v1/*
+monitorenv.api.protected.super-user-paths=/bff/v1/missions/*,/bff/v1/reportings/*,/bff/v1/semaphores/*,/bff/v1/stations/*
 monitorenv.api.protected.public-paths=/api/v1/authorization/management/*
 
 monitorenv.api.protected.api-key=DUMMY-API-KEY

infra/configurations/backend/application-prod.properties

@@ -15,9 +15,9 @@ monitorenv.oidc.enabled=false
 monitorenv.oidc.issuer-uri=https://authentification.recette.din.developpement-durable.gouv.fr/authSAML/oidc/monitorenv
 monitorenv.oidc.userinfo-endpoint=/api/user
 
-monitorenv.api.protected.paths=/bff/*
+monitorenv.api.protected.paths=/bff/v1/*
 # Super-user paths of type /** are not supported
-monitorenv.api.protected.super-user-paths=/bff/v1/*
+monitorenv.api.protected.super-user-paths=/bff/v1/missions/*,/bff/v1/reportings/*,/bff/v1/semaphores/*,/bff/v1/stations/*
 monitorenv.api.protected.public-paths=/api/v1/authorization/management/*
 
 monitorenv.api.protected.api-key=DUMMY-API-KEY

infra/configurations/backend/application-test.properties

@@ -18,9 +18,9 @@ monitorenv.oidc.enabled=false
 monitorenv.oidc.issuer-uri=http://localhost:8085/realms/monitor
 monitorenv.oidc.userinfo-endpoint=/protocol/openid-connect/userinfo
 
-monitorenv.api.protected.paths=/bff/*
+monitorenv.api.protected.paths=/bff/v1/*
 # Super-user paths of type /** are not supported
-monitorenv.api.protected.super-user-paths=/bff/v1/*
+monitorenv.api.protected.super-user-paths=/bff/v1/missions/*,/bff/v1/reportings/*,/bff/v1/semaphores/*
 monitorenv.api.protected.public-paths=/api/v1/authorization/management/*
 
 monitorenv.api.protected.api-key=DUMMY-API-KEY

infra/docker/docker-compose.prod.yml

@@ -22,6 +22,7 @@ services:
       - FRONTEND_OIDC_CLIENT_ID=$MONITORENV_OIDC_CLIENT
       - FRONTEND_OIDC_ENABLED=$MONITORENV_OIDC_ENABLED
       - FRONTEND_OIDC_REDIRECT_URI=$MONITORENV_OIDC_REDIRECT_URI
+      - MONITORENV_OIDC_CACHE_IN_MINUTES=${MONITORENV_OIDC_CACHE_IN_MINUTES}
       - MONITORENV_OIDC_ENABLED=$MONITORENV_OIDC_ENABLED
       - MONITORENV_OIDC_ISSUER_URI=$MONITORENV_OIDC_AUTHORITY
       - MONITORENV_URL=${MONITORENV_URL}