From 0eb650cc8f608ca746074777185e72259aadcc9e Mon Sep 17 00:00:00 2001
From: Jan-Niclas Struewer <j.n.struewer@gmail.com>
Date: Wed, 27 Sep 2023 15:01:59 +0200
Subject: [PATCH] Updated Readme

---
 README.md                                     | 30 ++++++++++++++-----
 .../security/SecurityProperties.kt            |  3 ++
 .../security/WebSecurityConfiguration.kt      |  4 +--
 src/main/resources/application.properties     |  8 +++++
 4 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 8730d286..bfdfeaec 100644
--- a/README.md
+++ b/README.md
@@ -4,23 +4,38 @@
 
 1. Start the database docker service in `tools/db`.
 2. Install [OCCMD](https://gitlab.opencode.de/opencode-analyzer/occmd-public.git) and edit the
-   script `resources/scripts/occmd.sh` to point at the installation directory
+   script `resources/scripts/occmd.sh` to point at the executable.
+   The default implementation of the script expects a docker container with the name occmd to be present. A Dockerfile
+   is contained in this repository in `tools/occmd`.
 3. Set the necessary environment variables, which are used in the application.properties:
 
 ```
-opencode.access-token=${OC_GL_APIKEY}
+opencode.access-token=${OC_GL_APIKEY} // this is the api key for opencode
 
 # DB Login data
-spring.datasource.url=${DB_URL}
-#spring.datasource.url=jdbc:postgresql://${host}:26257/${DB_USER}?sslmode=${ssl_mode}&sslrootcert=${ca_crt}&sslcert=${ssl_cert}&sslkey=${ssl_key}
+// either connect to a local postgresql db or the deployed test db
+// the test db is a cockroach db and the expected url schema looks as follows:
+// #spring.datasource.url=jdbc:postgresql://${host}:26257/${DB_USER}?sslmode=${ssl_mode}&sslrootcert=${ca_crt}&sslcert=${ssl_cert}&sslkey=${ssl_key}
+spring.datasource.url=${DB_URL} 
 spring.datasource.username=${DB_USER}
 spring.datasource.password=${DB_PW}
 
+# OCCMD specific settings
+// path to the occmd tool executable
+// this can e.g, be the occmd.sh script in this project
+occmd.occmd-path=${OCCMD_PATH}
+
 # API key to access this server's API
+// The api key is needed for all routes.
+// the admin password is needed for the repo changed route.
+// It is expected as basic auth with the admin username
+// details can be found in configuration/security/WebSecurityConfiguration.kt
 security.api-key=${API_KEY}
+security.admin-username=${ADMIN_PASSWORD}
 security.admin-password=${ADMIN_PASSWORD}
+// a local repository to which the git repositories are temporarily cloned.
+// they are automatically deleted after every tool run.
 directories.git-clone-target-directory=${GIT_CLONE_TARGET_DIRECTORY}
-directories.tool-results-target-directory=${TOOL_RESULTS_TARGET_DIRECTORY}
 
 server.port=${PORT}
 ```
@@ -32,6 +47,7 @@ This file is automatically loaded by the IDE.
 4. Import the project into your IDE or use the commandline to build the application and run the server. For details on
    how to run the program manually consider the spring boot documentation.
 
-## Tests
+### Important Note for the dev deployment and testing.
 
-To run the e2e tests make sure to install the git submodules in the test directory.
\ No newline at end of file
+The dev ORT API doesn't have results for all projects. Thus make sure to edit the `MetricsService.kt` to
+point to the repository with id 106 for testing purposes.
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/SecurityProperties.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/SecurityProperties.kt
index 56c94d25..b30a2877 100644
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/SecurityProperties.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/SecurityProperties.kt
@@ -13,6 +13,9 @@ data class SecurityProperties(
     @Length(min = 20)
     val adminPassword: String,
     @NotBlank
+    @Length(min = 5)
+    val adminUsername: String,
+    @NotBlank
     @Length(min = 30)
     val apiKey: String
 )
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/WebSecurityConfiguration.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/WebSecurityConfiguration.kt
index 53343b74..297bfc9a 100644
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/WebSecurityConfiguration.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/configuration/security/WebSecurityConfiguration.kt
@@ -15,7 +15,6 @@ import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.security.web.server.SecurityWebFilterChain
 
 
-const val ADMIN_USERNAME: String = "admin"
 const val ADMIN_ROLE: String = "ADMIN"
 
 @Configuration
@@ -26,7 +25,7 @@ class SecurityConfiguration(val apiKeyFilter: ApiKeyFilter, private val security
     @Bean
     fun userDetailsService(): MapReactiveUserDetailsService {
         val user: UserDetails = User
-            .withUsername(ADMIN_USERNAME)
+            .withUsername(securityProperties.adminUsername)
             .password(passwordEncoder().encode(securityProperties.adminPassword))
             .roles(ADMIN_ROLE)
             .build()
@@ -51,7 +50,6 @@ class SecurityConfiguration(val apiKeyFilter: ApiKeyFilter, private val security
                 authorize(ApiPaths.REPOSITORY, permitAll)
                 authorize(ApiPaths.REPOSITORY_ID, permitAll)
                 authorize(ApiPaths.OPENCODE_REPO_CHANGED, hasRole(ADMIN_ROLE))
-                authorize("${ApiPaths.DEBUG}/**", hasRole(ADMIN_ROLE))
                 authorize(anyExchange, denyAll)
             }
             httpBasic { }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index d31e4dbc..0fd9cc3e 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -9,8 +9,16 @@ opencode.api.base-path=https://sl.dev.o4oe.de/api/v1/project/
 opencode.api.ort=/cve-result
 
 # API key to access this server's API
+#  The api key is needed for all routes.
+#  the admin password is needed for the repo changed route.
+#  It is expected as basic auth with the admin username
+# details can be found in configuration/security/WebSecurityConfiguration.kt
 security.api-key=${API_KEY}
 security.admin-password=${ADMIN_PASSWORD}
+security.admin-username=${ADMIN_USERNAME}
+# OCCMD specific settings
+# path to the occmd tool executable
+# this can e.g, be the occmd.sh script in this project
 occmd.git-clone-target-directory=${GIT_CLONE_TARGET_DIRECTORY}
 occmd.occmd-path=${OCCMD_PATH}
 
-- 
GitLab