Merge branch 'master' into feature/inntektstub-datepicker-refaktor

navikt · Oct 29, 2024 · f2fff70 · f2fff70
2 parents aedbeee + 2d35f97
commit f2fff70
Show file tree

Hide file tree

Showing 50 changed files with 583 additions and 333 deletions.
diff --git a/apps/dolly-frontend/src/main/js/src/api/index.ts b/apps/dolly-frontend/src/main/js/src/api/index.ts
@@ -130,8 +130,20 @@ export const cvFetcher = (url, headers) =>
 			throw new Error(`Henting av data fra ${url} feilet.`)
 		})
 
-export const fetcher = (url, headers) =>
-	axios
+const clearLargeCookies = () => {
+	const cookies = document.cookie.split(';')
+	cookies.forEach((cookie) => {
+		const [name, value] = cookie.split('=')
+		if (value && value.length > 1000) {
+			// Fjerner cookies som er over 1000 tegn
+			document.cookie = `${name}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/`
+		}
+	})
+}
+
+export const fetcher = (url, headers) => {
+	clearLargeCookies()
+	return axios
 		.get(url, { headers: headers })
 		.then((res) => {
 			return res.data
@@ -152,11 +164,14 @@ export const fetcher = (url, headers) =>
 			}
 			throw new Error(`Henting av data fra ${url} feilet.`)
 		})
+}
 
-export const imageFetcher = (...args: Argument[]) =>
-	originalFetch(...args).then((res: Response) =>
+export const imageFetcher = (...args: Argument[]) => {
+	clearLargeCookies()
+	return originalFetch(...args).then((res: Response) =>
 		res.ok ? res.blob().then((blob: Blob) => URL.createObjectURL(blob)) : null,
 	)
+}
 
 type Method = 'POST' | 'GET' | 'PUT' | 'DELETE'
 
@@ -166,8 +181,9 @@ type Config = {
 	redirect?: 'follow' | 'manual'
 }
 
-const _fetch = (url: string, config: Config, body?: object): Promise<Response> =>
-	fetchRetry(url, {
+const _fetch = (url: string, config: Config, body?: object): Promise<Response> => {
+	clearLargeCookies()
+	return fetchRetry(url, {
 		retryOn: (attempt, error, response) => {
 			if (!response.ok && response?.status !== 404 && !runningE2ETest()) {
 				if (response?.status === 401 && !allowForbidden.some((value) => url.includes(value))) {
@@ -216,6 +232,7 @@ const _fetch = (url: string, config: Config, body?: object): Promise<Response> =
 		}
 		return response
 	})
+}
 
 const fetchJson = (url: string, config: Config, body?: object): Promise =>
 	_fetch(

diff --git a/apps/levende-arbeidsforhold-ansettelse/99-dolly-convert-to-pk8.sh b/apps/levende-arbeidsforhold-ansettelse/99-dolly-convert-to-pk8.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+#
+# Converts NAIS provided key.pem to PKCS#8 PEM format, which can be used by R2dbc.
+#
+openssl pkey -in /var/run/secrets/nais.io/sqlcertificate/key.pem -out /tmp/pk8.pem
diff --git a/apps/levende-arbeidsforhold-ansettelse/Dockerfile b/apps/levende-arbeidsforhold-ansettelse/Dockerfile
@@ -3,6 +3,7 @@ LABEL maintainer="Team Dolly"
 
 ENV JAVA_OPTS="-Dspring.profiles.active=prod"
 
-ADD /build/libs/app.jar /app/app.jar
+COPY 99-dolly-convert-to-pk8.sh /init-scripts/
+COPY /build/libs/app.jar /app/
 
 EXPOSE 8080
diff --git a/apps/levende-arbeidsforhold-ansettelse/build.gradle b/apps/levende-arbeidsforhold-ansettelse/build.gradle
@@ -2,57 +2,36 @@ plugins {
     id "dolly-apps"
 }
 
-test {
-    useJUnitPlatform()
-}
-
 sonarqube {
     properties {
-        property "sonar.dynamicAnalysis", "reuseReports"
-        property "sonar.host.url", "https://sonarcloud.io"
-        property "sonar.java.coveragePlugin", "jacoco"
-        property "sonar.language", "java"
-        property "sonar.token", System.getenv("SONAR_TOKEN")
-        property "sonar.organization", "navikt"
-        property "sonar.project.monorepo.enabled", true
         property "sonar.projectKey", "testnav-levende-arbeidsforhold-ansettelse"
         property "sonar.projectName", "testnav-levende-arbeidsforhold-ansettelse"
-        property "sonar.sourceEncoding", "UTF-8"
     }
 }
 
-
 dependencies {
     implementation "no.nav.testnav.libs:data-transfer-objects"
     implementation "no.nav.testnav.libs:data-transfer-search-objects"
-    implementation "no.nav.testnav.libs:database"
     implementation "no.nav.testnav.libs:reactive-core"
     implementation "no.nav.testnav.libs:security-core"
-    implementation "no.nav.testnav.libs:servlet-core"
+    implementation "no.nav.testnav.libs:reactive-security"
     implementation "no.nav.testnav.libs:servlet-insecure-security"
     implementation "no.nav.testnav.libs:vault"
 
-    implementation "org.springframework.boot:spring-boot-starter-oauth2-client"
-    implementation "org.springframework.boot:spring-boot-starter-data-jpa"
+    implementation "org.springframework.boot:spring-boot-starter-data-r2dbc"
+    implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server"
+    implementation "org.springframework.boot:spring-boot-starter-security"
 
-    implementation "org.springframework.cloud:spring-cloud-starter-vault-config"
+    implementation "org.flywaydb:flyway-core"
+    implementation "org.flywaydb:flyway-database-postgresql"
 
-    implementation "org.postgresql:postgresql:42.7.3"
+    runtimeOnly "org.postgresql:postgresql"
+    runtimeOnly "org.postgresql:r2dbc-postgresql"
 
     implementation "io.micrometer:micrometer-registry-prometheus"
-    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0"
-    implementation "io.swagger.core.v3:swagger-annotations-jakarta:2.2.21"
-
-    implementation "org.hibernate.validator:hibernate-validator"
-
-    testImplementation "org.springframework.boot:spring-boot-starter-test"
-    testImplementation "org.springframework.cloud:spring-cloud-contract-wiremock"
-
-    implementation "org.projectlombok:lombok"
-    annotationProcessor "org.projectlombok:lombok"
-    testAnnotationProcessor "org.projectlombok:lombok"
-
-    implementation "com.zaxxer:HikariCP"
-    implementation "com.h2database:h2"
+    implementation "org.springdoc:springdoc-openapi-starter-webflux-ui:$versions.springdoc"
+    implementation "io.swagger.core.v3:swagger-annotations-jakarta:$versions.swagger"
+
+    testRuntimeOnly "io.r2dbc:r2dbc-h2"
 }
 
diff --git a/apps/levende-arbeidsforhold-ansettelse/config.yml b/apps/levende-arbeidsforhold-ansettelse/config.yml
@@ -28,23 +28,19 @@ spec:
       allowAllUsers: true
       enabled: true
       tenant: nav.no
-  liveness:
-    path: /internal/isAlive
-    initialDelay: 4
-    periodSeconds: 5
-    failureThreshold: 500
   observability:
     logging:
       destinations:
         - id: elastic
     autoInstrumentation:
       enabled: true
       runtime: java
+  liveness:
+    initialDelay: 45
+    path: /internal/health/liveness
   readiness:
-    path: /internal/isReady
-    initialDelay: 4
-    periodSeconds: 5
-    failureThreshold: 500
+    initialDelay: 45
+    path: /internal/health/readiness
   prometheus:
     enabled: true
     path: /internal/metrics

diff --git a/apps/levende-arbeidsforhold-ansettelse/settings.gradle b/apps/levende-arbeidsforhold-ansettelse/settings.gradle
@@ -4,13 +4,12 @@ plugins {
 
 rootProject.name = 'levende-arbeidsforhold-ansettelse'
 
-includeBuild '../../libs/security-core'
-includeBuild '../../libs/servlet-core'
+includeBuild '../../libs/reactive-security'
 includeBuild '../../libs/reactive-core'
+includeBuild '../../libs/security-core'
 includeBuild '../../libs/servlet-insecure-security'
 includeBuild '../../libs/data-transfer-objects'
 includeBuild '../../libs/data-transfer-search-objects'
-includeBuild '../../libs/database'
 includeBuild '../../libs/vault'
 
 develocity {

diff --git a/...v/testnav/levendearbeidsforholdansettelse/LevendeArbeidsforholdAnsettelseApplication.java b/...v/testnav/levendearbeidsforholdansettelse/LevendeArbeidsforholdAnsettelseApplication.java
@@ -1,12 +1,30 @@
 package no.nav.testnav.levendearbeidsforholdansettelse;
 
+import no.nav.testnav.libs.reactivecore.config.CoreConfig;
+import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
+import no.nav.testnav.libs.standalone.servletsecurity.config.InsecureJwtServerToServerConfiguration;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Import;
+import org.springframework.data.r2dbc.config.EnableR2dbcAuditing;
+import org.springframework.data.r2dbc.repository.config.EnableR2dbcRepositories;
+import org.springframework.scheduling.annotation.EnableAsync;
+import org.springframework.web.reactive.config.EnableWebFlux;
 
 @SpringBootApplication
+@EnableAsync
+@EnableR2dbcAuditing
+@EnableR2dbcRepositories
+@EnableWebFlux
+@Import({
+        CoreConfig.class,
+        SecureOAuth2ServerToServerConfiguration.class,
+        InsecureJwtServerToServerConfiguration.class
+})
 public class LevendeArbeidsforholdAnsettelseApplication {
 
     public static void main(String[] args) {
         SpringApplication.run(LevendeArbeidsforholdAnsettelseApplication.class, args);
     }
+
 }
diff --git a/...rc/main/java/no/nav/testnav/levendearbeidsforholdansettelse/config/ApplicationConfig.java b/...rc/main/java/no/nav/testnav/levendearbeidsforholdansettelse/config/ApplicationConfig.java
diff --git a/...se/src/main/java/no/nav/testnav/levendearbeidsforholdansettelse/config/OpenApiConfig.java b/...se/src/main/java/no/nav/testnav/levendearbeidsforholdansettelse/config/OpenApiConfig.java
@@ -7,16 +7,19 @@
 import io.swagger.v3.oas.models.info.License;
 import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
-import no.nav.testnav.libs.servletcore.config.ApplicationProperties;
+import no.nav.testnav.libs.reactivecore.config.ApplicationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.http.HttpHeaders;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
 
 import java.util.Arrays;
 
 @Configuration
-public class OpenApiConfig implements WebMvcConfigurer {
+public class OpenApiConfig implements WebFilter {
 
     @Bean
     public OpenAPI openApi(ApplicationProperties applicationProperties) {
@@ -26,7 +29,7 @@ public OpenAPI openApi(ApplicationProperties applicationProperties) {
                         .scheme("bearer")
                         .bearerFormat("JWT")
                         .in(SecurityScheme.In.HEADER)
-                        .name("Authorization")
+                        .name(HttpHeaders.AUTHORIZATION)
                 ))
                 .addSecurityItem(
                         new SecurityRequirement().addList("bearer-jwt", Arrays.asList("read", "write")))
@@ -48,7 +51,15 @@ public OpenAPI openApi(ApplicationProperties applicationProperties) {
     }
 
     @Override
-    public void addViewControllers(ViewControllerRegistry registry) {
-        registry.addViewController("/swagger").setViewName("redirect:/swagger-ui.html");
+    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+        if (exchange.getRequest().getURI().getPath().equals("/swagger")) {
+            return chain
+                    .filter(exchange.mutate()
+                            .request(exchange.getRequest()
+                                    .mutate().path("/swagger-ui.html").build())
+                            .build());
+        }
+
+        return chain.filter(exchange);
     }
 }
diff --git a/...e/src/main/java/no/nav/testnav/levendearbeidsforholdansettelse/config/SecurityConfig.java b/...e/src/main/java/no/nav/testnav/levendearbeidsforholdansettelse/config/SecurityConfig.java
@@ -1,26 +1,28 @@
 package no.nav.testnav.levendearbeidsforholdansettelse.config;
 
+import lombok.RequiredArgsConstructor;
+import no.nav.testnav.libs.reactivesecurity.manager.JwtReactiveAuthenticationManager;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
 
-@EnableWebSecurity
 @Configuration
+@EnableWebFluxSecurity
+@EnableReactiveMethodSecurity
+@RequiredArgsConstructor
 public class SecurityConfig {
 
+    private final JwtReactiveAuthenticationManager jwtReactiveAuthenticationManager;
+
     @Bean
     @SuppressWarnings("java:S4502")
-    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
-
-        httpSecurity.sessionManagement(sessionConfig -> sessionConfig.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .csrf(AbstractHttpConfigurer::disable)
-                .authorizeHttpRequests(authorizeConfig -> authorizeConfig.requestMatchers(
+    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity httpSecurity) {
+        return httpSecurity
+                .csrf(ServerHttpSecurity.CsrfSpec::disable)
+                .authorizeExchange(authorizeConfig -> authorizeConfig.pathMatchers(
                                 "/internal/**",
                                 "/webjars/**",
                                 "/swagger-resources/**",
@@ -31,13 +33,8 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
                                 "/swagger-ui.html",
                                 "/h2/**",
                                 "/member/**")
-                        .permitAll()
-                        .requestMatchers("/api/**")
-                        .fullyAuthenticated())
-                .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
-                .oauth2ResourceServer(oauth2RSConfig -> oauth2RSConfig.jwt(Customizer.withDefaults()));
-
-        return httpSecurity.build();
+                .permitAll().anyExchange().authenticated())
+                .oauth2ResourceServer(oauth2RSConfig -> oauth2RSConfig.jwt(jwtSpec -> jwtSpec.authenticationManager(jwtReactiveAuthenticationManager)))
+                .build();
     }
-}
-
+}
diff --git a/...ttelse/src/main/java/no/nav/testnav/levendearbeidsforholdansettelse/config/WebConfig.java b/...ttelse/src/main/java/no/nav/testnav/levendearbeidsforholdansettelse/config/WebConfig.java
@@ -0,0 +1,15 @@
+package no.nav.testnav.levendearbeidsforholdansettelse.config;
+
+import no.nav.testnav.levendearbeidsforholdansettelse.utility.PageableHandlerMethodArgumentResolver;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.reactive.config.WebFluxConfigurer;
+import org.springframework.web.reactive.result.method.annotation.ArgumentResolverConfigurer;
+
+@Configuration
+public class WebConfig implements WebFluxConfigurer {
+
+    @Override
+    public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) {
+        configurer.addCustomResolver(new PageableHandlerMethodArgumentResolver());
+    }
+}