feat: technical upgrades

Jelu now requires Java 17. The docker image has been updated.
rluetzner · Nov 16, 2023 · 6e9b768 · 6e9b768
1 parent 93404b9
commit 6e9b768
Show file tree

Hide file tree

Showing 25 changed files with 102 additions and 73 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        java: [ 11, 17, 18 ]
+        java: [ 17, 18, 21 ]
     name: Test JDK ${{ matrix.java }}
     steps:
       - uses: actions/checkout@v3
@@ -56,7 +56,7 @@ jobs:
             src/jelu-ui/package-lock.json
       - uses: actions/setup-java@v3
         with:
-          java-version: '11'
+          java-version: '17'
           java-package: 'jdk'
           distribution: 'temurin'
           cache: 'gradle'

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM eclipse-temurin:11.0.17_8-jre-focal
+FROM eclipse-temurin:17-jre
 
 WORKDIR app
 
@@ -19,27 +19,32 @@ ENV LC_ALL=en_US.UTF-8
 
 RUN if [ "$TARGETPLATFORM" = "linux/amd64" ] ; then \
       apt-get update && apt-get install --no-install-recommends --yes wget xz-utils \
-      xdg-utils \
       libxcb-xinerama0 \
       libxcb-icccm4 \
       libxcb-image0 \
       libxcb-keysyms1 \
       libxcb-render-util0 \
       libxcb-randr0 \
-      qt5-default \
       libopengl0 \
+      libegl1 \
+      libglx0 \
+      libxkbcommon-x11-0 \
       python3 \
+      python3-xdg \
       binutils \
+      poppler-utils \
+      libqpdf28 \
+      libnss3 \
       && apt-get clean \
       && rm -rf /var/lib/apt/lists/* \
       && wget -nv -O- https://download.calibre-ebook.com/linux-installer.sh | sh /dev/stdin install_dir=/ isolated=y \
       && strip --remove-section=.note.ABI-tag /calibre/lib/libQt6Core.so.6 \
-      && curl -L -o goodreads.zip https://github.com/kiwidude68/calibre_plugins/releases/download/goodreads-v1.7.2/goodreads-v1.7.2.zip \
+      && curl -L -o goodreads.zip https://github.com/kiwidude68/calibre_plugins/releases/download/goodreads-v1.7.9/goodreads-v1.7.9.zip \
       && /calibre/calibre-customize --add-plugin goodreads.zip \
       && rm goodreads.zip; \
   else \
       apt-get update && apt-get install --no-install-recommends --yes calibre \
-      && curl -L -o goodreads.zip https://github.com/kiwidude68/calibre_plugins/releases/download/goodreads-v1.7.2/goodreads-v1.7.2.zip \
+      && curl -L -o goodreads.zip https://github.com/kiwidude68/calibre_plugins/releases/download/goodreads-v1.7.9/goodreads-v1.7.9.zip \
       && calibre-customize --add-plugin goodreads.zip \
       && rm goodreads.zip; \
   fi

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -3,18 +3,22 @@ import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
 import org.springframework.boot.gradle.tasks.bundling.BootJar
 
 plugins {
-    id("org.springframework.boot") version "2.7.6"
-    id("io.spring.dependency-management") version "1.0.11.RELEASE"
-    val kotlinVersion = "1.8.20"
+    id("org.springframework.boot") version "3.1.5"
+    id("io.spring.dependency-management") version "1.1.4"
+    val kotlinVersion = "1.8.22"
     kotlin("jvm") version kotlinVersion
     kotlin("plugin.spring") version kotlinVersion
     kotlin("plugin.jpa") version kotlinVersion
     kotlin("plugin.allopen") version kotlinVersion
     kotlin("kapt") version kotlinVersion
-    id("com.github.node-gradle.node") version "3.5.1"
+    id("com.github.node-gradle.node") version "6.0.0"
     id("org.jlleitschuh.gradle.ktlint") version "11.5.0"
 }
 
+kotlin {
+    jvmToolchain(17)
+}
+
 configure<org.jlleitschuh.gradle.ktlint.KtlintExtension> {
     version.set("0.50.0")
     outputToConsole.set(true)
@@ -29,7 +33,6 @@ allOpen {
 }
 
 group = "io.github.bayang"
-java.sourceCompatibility = JavaVersion.VERSION_11
 
 repositories {
     mavenCentral()
@@ -59,7 +62,7 @@ dependencies {
 
     implementation("org.xerial:sqlite-jdbc")
     implementation("org.liquibase:liquibase-core")
-    val exposedVersion = "0.43.0"
+    val exposedVersion = "0.44.1"
     implementation("org.jetbrains.exposed:exposed-spring-boot-starter:$exposedVersion")
     implementation("org.jetbrains.exposed:exposed-java-time:$exposedVersion")
 // 	implementation("org.nuvito.spring.data:sqlite-dialect:1.0-SNAPSHOT")
@@ -104,7 +107,7 @@ tasks.withType<KotlinCompile> {
             "-Xjsr305=strict",
             "-opt-in=kotlin.time.ExperimentalTime",
         )
-        jvmTarget = "11"
+        jvmTarget = "17"
     }
 }
 
@@ -127,9 +130,9 @@ tasks.register<JavaExec>("unpack") {
     dependsOn(tasks.bootJar)
     classpath = files(tasks.bootJar)
     jvmArgs = listOf("-Djarmode=layertools")
-    args = "extract --destination $buildDir/dependency".split(" ")
+    args = "extract --destination ${layout.buildDirectory.get()}/dependency".split(" ")
     doFirst {
-        delete("$buildDir/dependency")
+        delete("${layout.buildDirectory.get()}/dependency")
     }
 }
 
@@ -142,13 +145,13 @@ node {
 val buildTaskUsingNpm = tasks.register<NpmTask>("npmBuild") {
     dependsOn(tasks.npmInstall)
     npmCommand.set(listOf("run", "build"))
-    args.set(listOf("--", "--out-dir", "$buildDir/npm-output"))
+    args.set(listOf("--", "--out-dir", "${layout.buildDirectory.get()}/npm-output"))
     inputs.dir("src")
-    outputs.dir("$buildDir/npm-output")
+    outputs.dir("${layout.buildDirectory.get()}/npm-output")
 }
 
 tasks.register<Sync>("copyWebDist") {
     dependsOn("npmBuild")
-    from("$buildDir/npm-output")
+    from("${layout.buildDirectory.get()}/npm-output")
     into("$projectDir/src/main/resources/public/")
 }
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
+networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
@@ -55,7 +55,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,10 +80,10 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
 
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
@@ -143,12 +143,16 @@ fi
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045 
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045 
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -205,6 +209,12 @@ set -- \
         org.gradle.wrapper.GradleWrapperMain \
         "$@"
 
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
 # Use "xargs" to parse quoted args.
 #
 # With -n1 it outputs one arg per line, with the quotes and backslashes removed.

diff --git a/gradlew.bat b/gradlew.bat
@@ -14,7 +14,7 @@
 @rem limitations under the License.
 @rem
 
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
 @rem
 @rem  Gradle startup script for Windows
@@ -25,7 +25,8 @@
 if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
@@ -40,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
+if %ERRORLEVEL% equ 0 goto execute
 
 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 :end
 @rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
 
 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
 
 :mainEnd
 if "%OS%"=="Windows_NT" endlocal

diff --git a/src/jelu-ui/package-lock.json b/src/jelu-ui/package-lock.json
diff --git a/src/main/kotlin/io/github/bayang/jelu/config/AuthHeaderFilter.kt b/src/main/kotlin/io/github/bayang/jelu/config/AuthHeaderFilter.kt
@@ -4,16 +4,16 @@ import io.github.bayang.jelu.dao.Provider
 import io.github.bayang.jelu.dto.CreateUserDto
 import io.github.bayang.jelu.dto.JeluUser
 import io.github.bayang.jelu.service.UserService
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 import mu.KotlinLogging
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
 import org.springframework.stereotype.Component
 import org.springframework.web.filter.OncePerRequestFilter
-import javax.servlet.FilterChain
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
 
 private val LOGGER = KotlinLogging.logger {}
 

diff --git a/src/main/kotlin/io/github/bayang/jelu/config/GlobalConfig.kt b/src/main/kotlin/io/github/bayang/jelu/config/GlobalConfig.kt
@@ -41,7 +41,7 @@ class GlobalConfig {
                 "/**",
                 CorsConfiguration().applyPermitDefaultValues().apply {
                     allowedOriginPatterns = if (jeluProperties.cors.allowedOrigins.isNullOrEmpty()) listOf("*") else jeluProperties.cors.allowedOrigins
-                    allowedMethods = HttpMethod.values().map { it.name }
+                    allowedMethods = HttpMethod.values().map { it.name() }
                     allowCredentials = true
                     addExposedHeader(HttpHeaders.CONTENT_DISPOSITION)
                     addExposedHeader(sessionHeaderName)

diff --git a/src/main/kotlin/io/github/bayang/jelu/config/JeluProperties.kt b/src/main/kotlin/io/github/bayang/jelu/config/JeluProperties.kt
@@ -1,13 +1,11 @@
 package io.github.bayang.jelu.config
 
+import jakarta.validation.constraints.NotBlank
+import jakarta.validation.constraints.Positive
 import org.springframework.boot.context.properties.ConfigurationProperties
-import org.springframework.boot.context.properties.ConstructorBinding
 import org.springframework.validation.annotation.Validated
-import javax.validation.constraints.NotBlank
-import javax.validation.constraints.Positive
 
 @ConfigurationProperties(prefix = "jelu")
-@ConstructorBinding
 @Validated
 data class JeluProperties(
     val database: Database,

diff --git a/src/main/kotlin/io/github/bayang/jelu/config/SecurityConfig.kt b/src/main/kotlin/io/github/bayang/jelu/config/SecurityConfig.kt
@@ -1,6 +1,7 @@
 package io.github.bayang.jelu.config
 
 import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpMethod
 import org.springframework.security.authentication.AuthenticationProvider
 import org.springframework.security.authentication.ProviderManager
@@ -13,6 +14,7 @@ import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
+@Configuration
 @EnableWebSecurity
 class SecurityConfig(
     private val authenticationProvider: AuthenticationProvider?,
@@ -28,44 +30,50 @@ class SecurityConfig(
         http
             .cors { }
             .csrf { it.disable() }
-            .logout { it ->
+            .logout {
                 it.logoutUrl("/api/v1/logout")
                     .invalidateHttpSession(true)
             }
-            .authorizeRequests {
-                it.antMatchers(
+            .securityMatchers {
+                // only apply security to those endpoints
+                it.requestMatchers(
+                    "/api/**",
+                )
+            }
+            .authorizeHttpRequests {
+                it.requestMatchers(
                     "/api/v1/token",
                     "/api/v1/setup/status",
                     "/api/v1/server-settings",
                     "/api/v1/reviews/**",
                 ).permitAll()
-                it.mvcMatchers(HttpMethod.GET, "/api/v1/reviews/**").permitAll()
-                it.mvcMatchers(HttpMethod.GET, "/api/v1/books/**").permitAll()
-                it.regexMatchers(HttpMethod.GET, "/api\\/v1\\/users\\/([a-zA-Z0-9-]*)\\/name$").permitAll()
-                it.mvcMatchers(HttpMethod.POST, "/api/v1/users").hasAnyRole("ADMIN", "INITIAL_SETUP")
-                it.mvcMatchers(HttpMethod.PUT, "/api/v1/users/**").hasAnyRole("USER")
-                it.mvcMatchers(
+                it.requestMatchers(HttpMethod.GET, "/api/v1/reviews/**").permitAll()
+                it.requestMatchers(HttpMethod.GET, "/api/v1/books/**").permitAll()
+                it.requestMatchers(HttpMethod.GET, "/api\\/v1\\/users\\/([a-zA-Z0-9-]*)\\/name$").permitAll()
+                it.requestMatchers(HttpMethod.POST, "/api/v1/users").hasAnyRole("ADMIN", "INITIAL_SETUP")
+                it.requestMatchers(HttpMethod.PUT, "/api/v1/users/**").hasAnyRole("USER")
+                it.requestMatchers(
                     HttpMethod.GET,
                     "/api/v1/users/me",
                 ).hasRole("USER")
-                it.antMatchers(
+                it.requestMatchers(
                     "/api/v1/users/**",
                 ).hasRole("USER")
-                it.antMatchers(
+                it.requestMatchers(
                     "/api/v1/users",
                 ).hasRole("USER")
-                it.mvcMatchers(
+                it.requestMatchers(
                     HttpMethod.POST,
                     "/api/v1/user-messages",
                 ).hasRole("ADMIN")
-                it.antMatchers(
+                it.requestMatchers(
                     "/api/**",
                 ).hasRole("USER")
             }
-            .httpBasic()
-            .and()
-            .sessionManagement()
-            .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+            .httpBasic { }
+            .sessionManagement {
+                it.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+            }
         if (properties.auth.ldap.enabled) {
             val dao = DaoAuthenticationProvider()
             dao.setUserDetailsService(userDetailsService)