Separación microservicio user

.trunk/.gitignore

+*out
+*logs
+*actions
+*notifications
+*tools
+plugins
+user_trunk.yaml
+user.yaml
+tmp

.trunk/configs/.hadolint.yaml

+# Following source doesn't work in most setups
+ignored:
+  - SC1090
+  - SC1091

.trunk/configs/.markdownlint.yaml

+# Prettier friendly markdownlint config (all formatting rules disabled)
+extends: markdownlint/style/prettier

.trunk/configs/.shellcheckrc

+enable=all
+source-path=SCRIPTDIR
+disable=SC2154
+
+# If you're having issues with shellcheck following source, disable the errors via:
+# disable=SC1090
+# disable=SC1091

.trunk/configs/.yamllint.yaml

+rules:
+  quoted-strings:
+    required: only-when-needed
+    extra-allowed: ["{|}"]
+  key-duplicates: {}
+  octal-values:
+    forbid-implicit-octal: true

.trunk/configs/svgo.config.js

+module.exports = {
+  plugins: [
+    {
+      name: "preset-default",
+      params: {
+        overrides: {
+          removeViewBox: false, // https://github.com/svg/svgo/issues/1128
+          sortAttrs: true,
+          removeOffCanvasPaths: true,
+        },
+      },
+    },
+  ],
+};

.trunk/trunk.yaml

+# This file controls the behavior of Trunk: https://docs.trunk.io/cli
+# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
+version: 0.1
+cli:
+  version: 1.22.8
+# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
+plugins:
+  sources:
+    - id: trunk
+      ref: v1.6.6
+      uri: https://github.com/trunk-io/plugins
+# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
+runtimes:
+  enabled:
+    - go@1.21.0
+    - node@18.20.5
+    - python@3.10.8
+# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
+lint:
+  disabled:
+    - git-diff-check
+  enabled:
+    - checkov@3.2.334
+    - dotenv-linter@3.3.0
+    - hadolint@2.12.1-beta
+    - markdownlint@0.43.0
+    - osv-scanner@1.9.1
+    - prettier@3.4.2
+    - shellcheck@0.10.0
+    - shfmt@3.6.0
+    - svgo@3.3.2
+    - trufflehog@3.86.1
+    - yamllint@1.35.1
+actions:
+  disabled:
+    - trunk-announce
+    - trunk-check-pre-push
+    - trunk-fmt-pre-commit
+  enabled:
+    - trunk-upgrade-available

java/roomBooking/pom.xml

@@ -54,21 +54,9 @@
     <artifactId>spring-boot-starter-security</artifactId>
 	</dependency>
 	<dependency>
-		<groupId>io.jsonwebtoken</groupId>
-		<artifactId>jjwt-api</artifactId>
-		<version>0.11.5</version>
-	</dependency>
-	<dependency>
-		<groupId>io.jsonwebtoken</groupId>
-		<artifactId>jjwt-impl</artifactId>
-		<version>0.11.5</version>
-		<scope>runtime</scope>
-	</dependency>
-	<dependency>
-		<groupId>io.jsonwebtoken</groupId>
-		<artifactId>jjwt-jackson</artifactId>
-		<version>0.11.5</version>
-		<scope>runtime</scope>
+		<groupId>com.auth0</groupId>
+		<artifactId>java-jwt</artifactId>
+		<version>4.4.0</version>
 	</dependency>
 	<dependency>
 		<groupId>jakarta.servlet</groupId>

java/roomBooking/src/main/java/com/uva/monolith/RoomBookingApplication.java

-package com.uva.monolith;
+package com.uva.api;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;

java/roomBooking/src/main/java/com/uva/monolith/config/SecurityConfig.java

-package com.uva.monolith.config;
+package com.uva.api.config;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -8,8 +8,8 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
-import com.uva.monolith.filter.JwtAuthenticationFilter;
-import com.uva.monolith.services.users.models.UserRol;
+import com.uva.api.filter.JwtAuthenticationFilter;
+import com.uva.api.services.users.models.UserRol;
 
 @Configuration
 @EnableWebSecurity

java/roomBooking/src/main/java/com/uva/monolith/exceptions/GlobalExceptionHandler.java

-package com.uva.monolith.exceptions;
+package com.uva.api.exceptions;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;

java/roomBooking/src/main/java/com/uva/monolith/exceptions/HotelNotFoundException.java

-package com.uva.monolith.exceptions;
+package com.uva.api.exceptions;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ResponseStatus;

java/roomBooking/src/main/java/com/uva/monolith/exceptions/InvalidDateRangeException.java

-package com.uva.monolith.exceptions;
+package com.uva.api.exceptions;
 
 public class InvalidDateRangeException extends RuntimeException {
     public InvalidDateRangeException(String message) {

java/roomBooking/src/main/java/com/uva/monolith/exceptions/InvalidRequestException.java

-package com.uva.monolith.exceptions;
+package com.uva.api.exceptions;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ResponseStatus;

java/roomBooking/src/main/java/com/uva/monolith/filter/JwtAuthenticationFilter.java

-package com.uva.monolith.filter;
+package com.uva.api.filter;
 
-import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.ExpiredJwtException;
-import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.MalformedJwtException;
-import io.jsonwebtoken.UnsupportedJwtException;
-import io.jsonwebtoken.io.Decoders;
-import io.jsonwebtoken.security.Keys;
-import io.jsonwebtoken.security.SignatureException;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import com.auth0.jwt.exceptions.JWTVerificationException;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
 
-import com.uva.monolith.services.users.models.UserRol;
+import com.uva.api.services.users.models.UserRol;
 
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
@@ -23,71 +21,56 @@ import jakarta.servlet.ServletRequest;
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.Filter;
+
 import java.io.IOException;
-import java.security.Key;
 import java.time.LocalDateTime;
 import java.util.Collections;
-import java.util.Date;
 
 @Component
 public class JwtAuthenticationFilter implements Filter {
 
-    private final String SECRET_KEY = "3cfa76ef14937c1c0ea519f8fc057a80fcd04a7420f8e8bcd0a7567c272e007b";
+    @Value("${security.jwt.secret-key}")
+    private String secretKey;
+
+    @Value("${security.jwt.kid}")
+    private String kid;
 
-    private Key getSignInKey() {
-        byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
-        return Keys.hmacShaKeyFor(keyBytes);
+    @Value("${security.jwt.expiration-time}")
+    private long jwtExpiration;
+
+    private Algorithm getSigningAlgorithm() {
+        return Algorithm.HMAC256(secretKey); // Usar HMAC256 con la clave secreta
     }
 
     private String getTokenFromRequest(HttpServletRequest request) {
         String authHeader = request.getHeader("Authorization");
-        if (authHeader == null || !authHeader.startsWith("Bearer "))
+        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
             return null;
-        return authHeader.substring(7);
         }
-
-    private Claims getClaimsFromToken(String token) {
-        return Jwts.parserBuilder()
-                .setSigningKey(getSignInKey())
-                .build()
-                .parseClaimsJws(token)
-                .getBody();
+        return authHeader.substring(7);
     }
 
-    private boolean validateToken(String token) {
-        if (token == null)
-            return false;// no token
+    private DecodedJWT validateAndDecodeToken(String token) {
         try {
-            // Verifica y analiza el token
-            Claims claims = getClaimsFromToken(token);
-
-            // Verifica que el token no esté expirado
-            return claims.getExpiration().after(new Date());
-        } catch (ExpiredJwtException e) {
-            System.out.println("[" + LocalDateTime.now().toString() + "] Token expirado: " + e.getMessage());
-        } catch (UnsupportedJwtException e) {
-            System.out.println("[" + LocalDateTime.now().toString() + "] Token no soportado: " + e.getMessage());
-        } catch (MalformedJwtException e) {
-            System.out.println("[" + LocalDateTime.now().toString() + "] Token malformado: " + e.getMessage());
-        } catch (SignatureException e) {
-            System.out.println("[" + LocalDateTime.now().toString() + "] Firma inválida: " + e.getMessage());
-        } catch (IllegalArgumentException e) {
-            System.out.println("[" + LocalDateTime.now().toString() + "] Token vacío o nulo: " + e.getMessage());
+            JWTVerifier verifier = JWT.require(getSigningAlgorithm()).build();
+            return verifier.verify(token); // Verifica y decodifica el token
+        } catch (JWTVerificationException ex) {
+            System.out.println(
+                    "[" + LocalDateTime.now().toString() + "] Error de verificación del token: " + ex.getMessage());
+            return null;
         }
-        return false; // Si ocurre cualquier excepción, el token es inválido
-
     }
 
-    private String getEmailFromToken(String token) {
-        return getClaimsFromToken(token).getSubject();
+    private String getEmailFromToken(DecodedJWT jwt) {
+        return jwt.getClaim("email").asString();
     }
 
-    private UserRol getRoleFromToken(String token) {
-        String rol = getClaimsFromToken(token).get("rol", String.class);
-        return UserRol.valueOf(rol);
+    private UserRol getRoleFromToken(DecodedJWT jwt) {
+        String role = jwt.getClaim("rol").asString();
+        return UserRol.valueOf(role);
     }
 
-    public static String getRol(UserRol rol) {
+    private String formatRole(UserRol rol) {
         return String.format("ROLE_%s", rol.toString());
     }
 
@@ -97,28 +80,37 @@ public class JwtAuthenticationFilter implements Filter {
         HttpServletRequest httpRequest = (HttpServletRequest) request;
         String token = getTokenFromRequest(httpRequest);
 
-        System.out.println("[" + LocalDateTime.now().toString() + "] TOKEN " + token);
+        boolean aproved = false;
 
-        if (validateToken(token)) {
+        System.out.print("[" + LocalDateTime.now().toString() + "] TOKEN: " + token);
 
-            String email = getEmailFromToken(token);
-            UserRol role = getRoleFromToken(token); // Extraer el rol del token
+        if (token != null) {
+            DecodedJWT jwt = validateAndDecodeToken(token);
+            System.out.print(" " + jwt.toString() + " ");
+            if (jwt != null) {
+                String email = getEmailFromToken(jwt);
+                UserRol role = getRoleFromToken(jwt);
+                System.out.print(" email=" + email + " role=" + role + " ");
 
-            if (email != null && SecurityContextHolder.getContext().getAuthentication() == null) {
-                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
-                        email, null, null);
+                if (email != null && role != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+                    // Crear la autoridad con el rol del token
+                    SimpleGrantedAuthority authority = new SimpleGrantedAuthority(formatRole(role));
+
+                    // Crear autenticación
+                    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(email,
+                            null, Collections.singletonList(authority));
                     authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
-                SecurityContextHolder.getContext().setAuthentication(authentication);
-            }
 
-            // Agregar el rol como autoridad
-            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(getRol(role));
-            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(email, null,
-                    Collections.singletonList(authority));
+                    // Establecer autenticación en el contexto de seguridad
                     SecurityContextHolder.getContext().setAuthentication(authentication);
+                    aproved = true;
+                }
             }
+        }
+
+        System.out.println(" APROVED: " + aproved);
 
+        // Continuar con el resto de filtros
         chain.doFilter(request, response);
     }
-
 }

java/roomBooking/src/main/java/com/uva/monolith/services/bookings/controllers/BookingController.java

-package com.uva.monolith.services.bookings.controllers;
+package com.uva.api.services.bookings.controllers;
 
-import com.uva.monolith.services.bookings.models.Booking;
-import com.uva.monolith.services.bookings.services.BookingService;
+import com.uva.api.services.bookings.models.Booking;
+import com.uva.api.services.bookings.services.BookingService;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;

java/roomBooking/src/main/java/com/uva/monolith/services/bookings/models/Booking.java

-package com.uva.monolith.services.bookings.models;
+package com.uva.api.services.bookings.models;
 
 import jakarta.persistence.Basic;
 import jakarta.persistence.CascadeType;
@@ -13,8 +13,8 @@ import jakarta.persistence.ManyToOne;
 import jakarta.persistence.Table;
 import java.time.LocalDate;
 
-import com.uva.monolith.services.hotels.models.Room;
-import com.uva.monolith.services.users.models.Client;
+import com.uva.api.services.hotels.models.Room;
+import com.uva.api.services.users.models.Client;
 
 @Entity
 @Table(name = "bookings")

java/roomBooking/src/main/java/com/uva/monolith/services/bookings/repositories/BookingRepository.java

 // BookingRepository.java
-package com.uva.monolith.services.bookings.repositories;
+package com.uva.api.services.bookings.repositories;
 
 import jakarta.transaction.Transactional;
 
@@ -11,7 +11,7 @@ import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
 
-import com.uva.monolith.services.bookings.models.Booking;
+import com.uva.api.services.bookings.models.Booking;
 
 public interface BookingRepository extends JpaRepository<Booking, Integer> {
         @Query("SELECT b FROM Booking b WHERE b.userId.id = ?1")

java/roomBooking/src/main/java/com/uva/monolith/services/bookings/services/BookingService.java

-package com.uva.monolith.services.bookings.services;
-
-import com.uva.monolith.services.bookings.models.Booking;
-import com.uva.monolith.services.bookings.repositories.BookingRepository;
-import com.uva.monolith.services.hotels.models.Room;
-import com.uva.monolith.services.hotels.repositories.RoomRepository;
-import com.uva.monolith.services.users.models.Client;
-import com.uva.monolith.services.users.repositories.ClientRepository;
+package com.uva.api.services.bookings.services;
+
+import com.uva.api.services.bookings.models.Booking;
+import com.uva.api.services.bookings.repositories.BookingRepository;
+import com.uva.api.services.hotels.models.Room;
+import com.uva.api.services.hotels.repositories.RoomRepository;
+import com.uva.api.services.users.models.Client;
+import com.uva.api.services.users.repositories.ClientRepository;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

java/roomBooking/src/main/java/com/uva/monolith/services/hotels/controllers/HotelController.java

-package com.uva.monolith.services.hotels.controllers;
+package com.uva.api.services.hotels.controllers;
 
 import java.util.List;
 import java.util.Map;
@@ -11,16 +11,16 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 
-import com.uva.monolith.exceptions.HotelNotFoundException;
-import com.uva.monolith.exceptions.InvalidDateRangeException;
-import com.uva.monolith.exceptions.InvalidRequestException;
-import com.uva.monolith.services.bookings.repositories.BookingRepository;
-import com.uva.monolith.services.hotels.models.Hotel;
-import com.uva.monolith.services.hotels.models.Room;
-import com.uva.monolith.services.hotels.repositories.HotelRepository;
-import com.uva.monolith.services.hotels.repositories.RoomRepository;
-import com.uva.monolith.services.users.models.HotelManager;
-import com.uva.monolith.services.users.repositories.HotelManagerRepository;
+import com.uva.api.exceptions.HotelNotFoundException;
+import com.uva.api.exceptions.InvalidDateRangeException;
+import com.uva.api.exceptions.InvalidRequestException;
+import com.uva.api.services.bookings.repositories.BookingRepository;
+import com.uva.api.services.hotels.models.Hotel;
+import com.uva.api.services.hotels.models.Room;
+import com.uva.api.services.hotels.repositories.HotelRepository;
+import com.uva.api.services.hotels.repositories.RoomRepository;
+import com.uva.api.services.users.models.HotelManager;
+import com.uva.api.services.users.repositories.HotelManagerRepository;
 
 @RestController
 @RequestMapping("hotels")