Introduces koin dependency injection

.nais/app-dev.yml

@@ -33,6 +33,13 @@ spec:
     application:
       enabled: true
       allowAllUsers: true
+      claims:
+        extra:
+          - NAVident
+        groups:
+          - id: "8bb0ee13-49cd-4e75-8c3d-a13420c8b376"
+          - id: "12353679-aa80-4e59-bb47-95e727bfe85c"
+          - id: "b60d74dd-fcf7-4c53-a50b-7b20f51804a1"
   resources:
     limits:
       memory: 256Mi

app/build.gradle.kts

@@ -1,20 +1,22 @@
 import com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar
 
 plugins {
-    kotlin("jvm") version "1.9.24"
-    id("io.ktor.plugin") version "2.3.10"
+    kotlin("jvm") version "2.0.0"
+    id("io.ktor.plugin") version "2.3.11"
 }
 
 val aapLibVersion = "5.0.15"
 val ktorVersion = "2.3.11"
-val exposedVersion = "0.50.1"
+val exposedVersion = "0.51.1"
 
 application {
     mainClass.set("oppgavestyring.AppKt")
 }
 
 dependencies {
     implementation("com.github.navikt.aap-libs:ktor-auth:$aapLibVersion")
+    implementation("io.ktor:ktor-server-auth:$ktorVersion")
+    implementation("io.ktor:ktor-server-auth-jwt:$ktorVersion")
     implementation("io.ktor:ktor-server-core:$ktorVersion")
     implementation("io.ktor:ktor-server-netty:$ktorVersion")
     implementation("io.ktor:ktor-server-metrics-micrometer:$ktorVersion")
@@ -28,15 +30,16 @@ dependencies {
     implementation("io.ktor:ktor-client-core:$ktorVersion")
     implementation("io.ktor:ktor-client-logging:$ktorVersion")
 
-    implementation(kotlin("reflect"))
+    // Koin for Kotlin apps
+    implementation("io.insert-koin:koin-ktor:3.5.6")
 
     // persistence
     implementation("org.jetbrains.exposed:exposed-core:$exposedVersion")
     implementation("org.jetbrains.exposed:exposed-jdbc:$exposedVersion")
     implementation("org.jetbrains.exposed:exposed-dao:$exposedVersion")
     implementation("org.jetbrains.exposed:exposed-java-time:$exposedVersion")
-    implementation("org.flywaydb:flyway-core:10.13.0")
-    implementation("org.flywaydb:flyway-database-postgresql:10.13.0")
+    implementation("org.flywaydb:flyway-core:10.14.0")
+    implementation("org.flywaydb:flyway-database-postgresql:10.14.0")
     implementation("com.zaxxer:HikariCP:5.1.0")
     runtimeOnly("org.postgresql:postgresql:42.7.3")
     testImplementation("org.testcontainers:postgresql:1.19.8")
@@ -49,9 +52,9 @@ dependencies {
 
     testImplementation(kotlin("test"))
     testImplementation("io.ktor:ktor-server-test-host:$ktorVersion")
-    testImplementation("org.assertj:assertj-core:3.25.3")
+    testImplementation("org.assertj:assertj-core:3.26.0")
     testImplementation("io.mockk:mockk:1.13.10")
-    testImplementation("org.assertj:assertj-core:3.25.3")
+    testImplementation("org.assertj:assertj-core:3.26.0")
 }
 
 repositories {

app/src/main/kotlin/oppgavestyring/App.kt

@@ -7,6 +7,7 @@ import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule
 import io.ktor.http.*
 import io.ktor.serialization.jackson.*
 import io.ktor.server.application.*
+import io.ktor.server.auth.*
 import io.ktor.server.engine.*
 import io.ktor.server.metrics.micrometer.*
 import io.ktor.server.netty.*
@@ -18,13 +19,13 @@ import io.micrometer.core.instrument.binder.logging.LogbackMetrics
 import io.micrometer.prometheus.PrometheusConfig
 import io.micrometer.prometheus.PrometheusMeterRegistry
 import oppgavestyring.actuators.api.actuators
-import oppgavestyring.behandlingsflyt.BehandlingsflytAdapter
-import oppgavestyring.behandlingsflyt.behandlingsflyt
-import oppgavestyring.config.db.DatabaseSingleton
-import oppgavestyring.config.db.DbConfig
-import oppgavestyring.oppgave.OppgaveService
-import oppgavestyring.oppgave.adapter.Token
-import oppgavestyring.oppgave.api.oppgaver
+import oppgavestyring.config.koinModule
+import oppgavestyring.config.security.AZURE
+import oppgavestyring.config.security.authentication
+import oppgavestyring.ekstern.behandlingsflyt.behandlingsflyt
+import oppgavestyring.intern.filter.filter
+import oppgavestyring.intern.oppgave.api.oppgaver
+import org.koin.ktor.plugin.Koin
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 
@@ -36,14 +37,10 @@ fun main() {
     embeddedServer(Netty, port = 8080, module = Application::server).start(wait = true)
 }
 
-fun Application.server(
-    config: Config = Config(),
-) {
-    val prometheus = PrometheusMeterRegistry(PrometheusConfig.DEFAULT)
+fun Application.oppgavestyring(config: Config) {
 
-    install(MicrometerMetrics) {
-        registry = prometheus
-        meterBinders += LogbackMetrics()
+    install(Koin) {
+        modules(koinModule)
     }
 
     install(ContentNegotiation) {
@@ -67,22 +64,31 @@ fun Application.server(
         }
     }
 
-    DatabaseSingleton.init(DbConfig())
-    DatabaseSingleton.migrate()
-
-    val oppgaveService = OppgaveService()
-    val behandlingsflytAdapter = BehandlingsflytAdapter(oppgaveService)
+    authentication(config.azure)
 
     routing {
-        actuators(prometheus)
-        oppgaver(oppgaveService)
-        behandlingsflyt(behandlingsflytAdapter)
+        authenticate(AZURE) {
+            oppgaver()
+            filter()
+        }
+        behandlingsflyt()
+
     }
 }
 
-internal fun ApplicationCall.authToken(): Token? {
-    return request.headers["Authorization"]
-        ?.split(" ")
-        ?.get(1)
-        ?.let { Token(it) }
+fun Application.server(
+    config: Config = Config(),
+) {
+    val prometheus = PrometheusMeterRegistry(PrometheusConfig.DEFAULT)
+
+    install(MicrometerMetrics) {
+        registry = prometheus
+        meterBinders += LogbackMetrics()
+    }
+
+    oppgavestyring(config)
+
+    routing {
+        actuators()
+    }
 }

app/src/main/kotlin/oppgavestyring/actuators/api/ActuatorsRoute.kt

@@ -5,8 +5,11 @@ import io.ktor.server.application.*
 import io.ktor.server.response.*
 import io.ktor.server.routing.*
 import io.micrometer.prometheus.PrometheusMeterRegistry
+import org.koin.ktor.ext.inject
 
-fun Route.actuators(prometheus: PrometheusMeterRegistry) {
+fun Route.actuators() {
+
+    val prometheus: PrometheusMeterRegistry by inject()
 
     route("/actuator") {
         get("/live") {

app/src/main/kotlin/oppgavestyring/config/Koin.kt

@@ -0,0 +1,18 @@
+package oppgavestyring.config
+
+import io.micrometer.prometheus.PrometheusConfig
+import io.micrometer.prometheus.PrometheusMeterRegistry
+import oppgavestyring.config.db.DatabaseConfiguration
+import oppgavestyring.config.db.DatabaseManager
+import oppgavestyring.ekstern.behandlingsflyt.BehandlingsflytAdapter
+import oppgavestyring.intern.oppgave.OppgaveService
+import org.koin.dsl.module
+
+val koinModule = module {
+
+    single { OppgaveService() }
+    single { BehandlingsflytAdapter(get()) }
+    single { PrometheusMeterRegistry(PrometheusConfig.DEFAULT) }
+    single(createdAtStart = true) { DatabaseManager(DatabaseConfiguration()) }
+
+}

app/src/main/kotlin/oppgavestyring/config/db/DbConfig.kt → app/src/main/kotlin/oppgavestyring/config/db/DatabaseConfiguration.kt

@@ -2,7 +2,7 @@ package oppgavestyring.config.db
 
 val DB_CONFIG_PREFIX = "DB_OPPGAVESTYRING"
 
-data class DbConfig(
+data class DatabaseConfiguration(
     val connectionURL: String = System.getenv("${DB_CONFIG_PREFIX}_JDBC_URL") ?:
         System.getProperty("${DB_CONFIG_PREFIX}_JDBC_URL"),
     val username: String = System.getenv("${DB_CONFIG_PREFIX}_USERNAME") ?:

app/src/main/kotlin/oppgavestyring/config/db/DatabaseSingleton.kt → app/src/main/kotlin/oppgavestyring/config/db/DatabaseManager.kt

@@ -6,27 +6,25 @@ import oppgavestyring.LOG
 import org.jetbrains.exposed.sql.Database
 import javax.sql.DataSource
 
-object DatabaseSingleton {
+class DatabaseManager(databaseConfig: DatabaseConfiguration) {
 
-    var connection: DataSource? = null
+    val connection: DataSource
 
-    fun init(config: DbConfig) {
+    init {
         LOG.info("Setting up database connection")
-        if (connection != null) return
-
-        connection = createHikariDataSource(config)
-        Database.connect(connection!!)
+        connection = createHikariDataSource(databaseConfig)
+        Database.connect(connection)
         LOG.info("Database connection established")
+        migrate()
     }
 
     fun migrate() {
         LOG.info("Migrating database")
-        require(connection != null) {"Database connection is required"}
-        connection?.let { Flyway.migrate(it) }
+        Flyway.migrate(connection)
         LOG.info("Database connection completed")
     }
 
-    private fun createHikariDataSource(dbConfig: DbConfig) = HikariDataSource(HikariConfig().apply {
+    private fun createHikariDataSource(dbConfig: DatabaseConfiguration) = HikariDataSource(HikariConfig().apply {
         driverClassName = dbConfig.driver
         jdbcUrl = dbConfig.connectionURL
         username = dbConfig.username

app/src/main/kotlin/oppgavestyring/config/security/AdGruppe.kt

@@ -0,0 +1,14 @@
+package oppgavestyring.config.security
+
+import java.util.*
+
+enum class AdGruppe(private val gruppeId: UUID) {
+
+    SAKSBEHANDLER(UUID.fromString("8bb0ee13-49cd-4e75-8c3d-a13420c8b376")),
+    VEILEDER(UUID.fromString("12353679-aa80-4e59-bb47-95e727bfe85c")),
+    AVDELINGSLEDER(UUID.fromString("f0f6cad5-e3c0-4308-99a2-3630ac60174a"));
+
+    companion object {
+        fun valueOf(gruppeId: UUID) = entries.find { gruppeId == it.gruppeId }
+    }
+}

app/src/main/kotlin/oppgavestyring/config/security/AzureADAuthentication.kt

@@ -0,0 +1,56 @@
+package oppgavestyring.config.security
+
+import com.auth0.jwk.JwkProviderBuilder
+import io.ktor.http.*
+import io.ktor.server.application.*
+import io.ktor.server.auth.*
+import io.ktor.server.auth.jwt.*
+import io.ktor.server.response.*
+import no.nav.aap.ktor.client.auth.azure.AzureConfig
+import oppgavestyring.SECURE_LOG
+import java.net.URI
+import java.util.*
+import java.util.concurrent.TimeUnit
+
+val NAV_IDENT_CLAIM_NAME = "NAVident"
+
+const val AZURE = "azure"
+fun Application.authentication(config: AzureConfig) {
+
+    val jwkProvider = JwkProviderBuilder(URI.create(config.jwksUri).toURL()).cached(10, 24, TimeUnit.HOURS)
+        .rateLimited(10, 1, TimeUnit.MINUTES).build()
+
+    authentication {
+        jwt(AZURE) {
+            verifier(jwkProvider, config.issuer)
+            challenge { _, _ ->
+                call.respond(HttpStatusCode.Unauthorized, "AzureAD validering feilet") }
+            validate { cred ->
+                val now = Date()
+                SECURE_LOG.info("Ident of requester: ${cred.getClaim(NAV_IDENT_CLAIM_NAME, String::class)}")
+                SECURE_LOG.info("Groups of requester: ${cred.getListClaim("groups", String::class)}")
+                if (config.clientId !in cred.audience) {
+                    SECURE_LOG.warn("AzureAD validering feilet (clientId var ikke i audience: ${cred.audience}")
+                    return@validate null
+                }
+
+                if (cred.expiresAt?.before(now) == true) {
+                    SECURE_LOG.warn("AzureAD validering feilet (expired at: ${cred.expiresAt})")
+                    return@validate null
+                }
+
+                if (cred.notBefore?.after(now) == true) {
+                    SECURE_LOG.warn("AzureAD validering feilet (not valid yet, valid from: ${cred.notBefore})")
+                    return@validate null
+                }
+
+                if (cred.issuedAt?.after(cred.expiresAt ?: return@validate null) == true) {
+                    SECURE_LOG.warn("AzureAD validering feilet (issued after expiration: ${cred.issuedAt} )")
+                    return@validate null
+                }
+
+                OppgavePrincipal.fromJwt(cred)
+            }
+        }
+    }
+}

app/src/main/kotlin/oppgavestyring/config/security/OppgavePrincipal.kt

@@ -0,0 +1,22 @@
+package oppgavestyring.config.security
+
+import io.ktor.server.auth.*
+import io.ktor.server.auth.jwt.*
+import oppgavestyring.intern.oppgave.NavIdent
+import java.util.*
+
+data class OppgavePrincipal(
+    val ident: NavIdent,
+    val grupper: List<AdGruppe>
+): Principal {
+    companion object {
+        fun fromJwt(jwt: JWTCredential) = OppgavePrincipal(
+            NavIdent(jwt.getClaim(NAV_IDENT_CLAIM_NAME, String::class) ?: throw IllegalArgumentException("JWT mangler Ident")),
+            jwt.getListClaim("groups", UUID::class).map { AdGruppe.valueOf(it) }.filterNotNull()
+        )
+    }
+
+    fun isVeileder() = AdGruppe.VEILEDER in grupper || AdGruppe.AVDELINGSLEDER in grupper
+    fun isSaksbehandler() = AdGruppe.SAKSBEHANDLER in grupper || AdGruppe.AVDELINGSLEDER in grupper
+    fun isAvdelingsleder() = AdGruppe.AVDELINGSLEDER in grupper
+}

app/src/main/kotlin/oppgavestyring/behandlingsflyt/BehandlingsflytAdapter.kt → app/src/main/kotlin/oppgavestyring/ekstern/behandlingsflyt/BehandlingsflytAdapter.kt

@@ -1,8 +1,8 @@
-package oppgavestyring.behandlingsflyt
+package oppgavestyring.ekstern.behandlingsflyt
 
-import oppgavestyring.behandlingsflyt.dto.Avklaringsbehovtype
-import oppgavestyring.behandlingsflyt.dto.BehandlingshistorikkRequest
-import oppgavestyring.oppgave.OppgaveService
+import oppgavestyring.ekstern.behandlingsflyt.dto.Avklaringsbehovtype
+import oppgavestyring.ekstern.behandlingsflyt.dto.BehandlingshistorikkRequest
+import oppgavestyring.intern.oppgave.OppgaveService
 
 
 class BehandlingsflytAdapter(
@@ -11,7 +11,8 @@ class BehandlingsflytAdapter(
 
 
     fun mapBehnadlingshistorikkTilOppgaveHendelser(
-        behanlding: BehandlingshistorikkRequest) {
+        behanlding: BehandlingshistorikkRequest
+    ) {
 
         oppgaveService.lukkOppgaverPåBehandling(behanlding.referanse)
 

app/src/main/kotlin/oppgavestyring/behandlingsflyt/BehandlingsflytRoutes.kt → app/src/main/kotlin/oppgavestyring/ekstern/behandlingsflyt/BehandlingsflytRoutes.kt

@@ -1,15 +1,19 @@
-package oppgavestyring.behandlingsflyt
+package oppgavestyring.ekstern.behandlingsflyt
 
 import io.ktor.http.*
 import io.ktor.server.application.*
 import io.ktor.server.request.*
 import io.ktor.server.response.*
 import io.ktor.server.routing.*
 import oppgavestyring.LOG
-import oppgavestyring.behandlingsflyt.dto.BehandlingshistorikkRequest
+import oppgavestyring.ekstern.behandlingsflyt.dto.BehandlingshistorikkRequest
 import org.jetbrains.exposed.sql.transactions.transaction
+import org.koin.ktor.ext.inject
+
+fun Route.behandlingsflyt() {
+
+    val behandlingsflytAdapter: BehandlingsflytAdapter by inject()
 
-fun Route.behandlingsflyt(behandlingsflytAdapter: BehandlingsflytAdapter) {
     route("/behandling") {
         post {
             LOG.info("Mottok saksendring på behandling")