auth gateway

2026-03-08 01:00:58 +01:00
parent 507f92d983
commit 1c1965a082
17 changed files with 718 additions and 78 deletions
--- a/gateway-service/src/main/resources/application.yml
+++ b/gateway-service/src/main/resources/application.yml
@@ -6,6 +6,16 @@ spring:
  application:
    name: gateway-service

+  # ---- R2DBC (reactive DB) ----
+  r2dbc:
+    url: r2dbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/${DB_NAME:appdb}
+    username: ${DB_USERNAME:app}
+    password: ${DB_PASSWORD:}
+    pool:
+      initial-size: 2
+      max-size: 10
+      max-idle-time: 30m
+
  cloud:
    consul:
      host: ${CONSUL_HOST:localhost}
@@ -18,27 +28,21 @@ spring:
        prefer-ip-address: true
        instance-id: ${spring.application.name}:${random.value}

-    # Spring Cloud Gateway 2025.0 — new prefix: spring.cloud.gateway.server.webflux
    gateway:
      server:
        webflux:
-          # Trust Nginx reverse proxy for forwarded headers
          trusted-proxies: 127\.0\.0\.1|10\.0\.0\..*|172\.1[6-9]\..*|172\.2[0-9]\..*|172\.3[0-1]\..*|192\.168\..*
-
          discovery:
            locator:
              enabled: true
              lower-case-service-id: true
-
          httpclient:
            connect-timeout: 5000
            response-timeout: 60s
-
          default-filters:
            - DedupeResponseHeader=Access-Control-Allow-Origin Access-Control-Allow-Credentials, RETAIN_FIRST
-
          routes:
-            # RAG Service - actuator (health, info)
+            # RAG Service - actuator
            - id: rag-service-actuator
              uri: lb://rag-service
              predicates:
@@ -57,19 +61,29 @@ spring:
                - RewritePath=/api/rag(?<segment>/?.*), ${segment}
                - AddRequestHeader=X-Forwarded-Prefix, /api/rag

-            # Analytics Service (will be added later)
-            # - id: analytics-service-api
-            #   uri: lb://analytics-service
-            #   predicates:
-            #     - Path=/api/analytics/**
-            #     - Method=GET,POST
-            #   filters:
-            #     - RewritePath=/api/analytics(?<segment>/?.*), ${segment}
+# ---- JWT ----
+jwt:
+  secret: ${JWT_SECRET:}
+  expiration: ${JWT_EXPIRATION:103600000}

+# ---- Auth path config ----
+auth:
+  public-paths:
+    - /api/auth/login
+    - /api/auth/register
+    - /api/auth/refresh/token
+    - /actuator/**
+    - /api/*/v3/api-docs/**
+    - /api/*/swagger-ui/**
+  admin-paths:
+    - /api/*/admin/**
+
+# ---- CORS ----
 gateway:
  cors:
    allowed-origins: ${CORS_ORIGINS:*}

+# ---- Actuator ----
 management:
  endpoints:
    web:
@@ -81,8 +95,10 @@ management:
    gateway:
      enabled: true

+# ---- Logging ----
 logging:
  level:
    root: INFO
    com.posthub.gateway: DEBUG
    org.springframework.cloud.gateway: INFO
+    org.springframework.r2dbc: INFO