Initial T06 security template

2026-05-12 06:49:39 +00:00
commit af0ff49f87
20 changed files with 529 additions and 0 deletions
--- a/services/orders-api/Dockerfile
+++ b/services/orders-api/Dockerfile
@@ -0,0 +1,7 @@
+FROM node:20-alpine
+WORKDIR /app
+COPY package*.json ./
+RUN npm install --omit=dev
+COPY . .
+EXPOSE 3002
+CMD ["npm", "start"]
--- a/services/orders-api/package.json
+++ b/services/orders-api/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "orders-api",
+  "version": "1.0.0",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js"
+  },
+  "dependencies": {
+    "express": "^4.21.2",
+    "jsonwebtoken": "^9.0.2"
+  }
+}
--- a/services/orders-api/server.js
+++ b/services/orders-api/server.js
@@ -0,0 +1,33 @@
+const express = require('express');
+const jwt = require('jsonwebtoken');
+
+const app = express();
+const JWT_SECRET = process.env.JWT_SECRET || 'dev-secret-ne-koristiti-u-produkciji';
+
+function authenticate(req, res, next) {
+  const authHeader = req.headers.authorization || '';
+  const token = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : null;
+
+  if (!token) {
+    return res.status(401).json({ error: 'Missing bearer token' });
+  }
+
+  try {
+    req.user = jwt.verify(token, JWT_SECRET);
+    return next();
+  } catch (error) {
+    return res.status(401).json({ error: 'Invalid token' });
+  }
+}
+
+app.get('/api/orders', authenticate, (req, res) => {
+  res.setHeader('X-Served-By', 'orders-api');
+  return res.json([
+    { id: 1, item: 'Knjiga: Mikroservisi', amount: 25 },
+    { id: 2, item: 'Knjiga: API Security', amount: 30 }
+  ]);
+});
+
+app.listen(3002, () => {
+  console.log('orders-api na portu 3002');
+});
--- a/services/users-api/Dockerfile
+++ b/services/users-api/Dockerfile
@@ -0,0 +1,7 @@
+FROM node:20-alpine
+WORKDIR /app
+COPY package*.json ./
+RUN npm install --omit=dev
+COPY . .
+EXPOSE 3001
+CMD ["npm", "start"]
--- a/services/users-api/package.json
+++ b/services/users-api/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "users-api",
+  "version": "1.0.0",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js"
+  },
+  "dependencies": {
+    "express": "^4.21.2",
+    "jsonwebtoken": "^9.0.2"
+  }
+}
--- a/services/users-api/server.js
+++ b/services/users-api/server.js
@@ -0,0 +1,57 @@
+const express = require('express');
+const jwt = require('jsonwebtoken');
+
+const app = express();
+app.use(express.json());
+
+const JWT_SECRET = process.env.JWT_SECRET || 'dev-secret-ne-koristiti-u-produkciji';
+
+const users = [
+  { id: 'u0', username: 'student', password: 'fpmoz2024', name: 'Demo Student', role: 'student' }
+];
+
+function authenticate(req, res, next) {
+  const authHeader = req.headers.authorization || '';
+  const token = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : null;
+
+  if (!token) {
+    return res.status(401).json({ error: 'Missing bearer token' });
+  }
+
+  try {
+    req.user = jwt.verify(token, JWT_SECRET);
+    return next();
+  } catch (error) {
+    return res.status(401).json({ error: 'Invalid token' });
+  }
+}
+
+app.post('/auth/login', (req, res) => {
+  const { username, password } = req.body;
+  const user = users.find((candidate) => candidate.username === username && candidate.password === password);
+
+  if (!user) {
+    return res.status(401).json({ error: 'Invalid username or password' });
+  }
+
+  const token = jwt.sign(
+    { sub: user.id, username: user.username, role: user.role },
+    JWT_SECRET,
+    { algorithm: 'HS256', expiresIn: '15m' }
+  );
+
+  return res.json({ token });
+});
+
+app.get('/api/users', authenticate, (req, res) => {
+  res.setHeader('X-Served-By', 'users-api');
+  return res.json([
+    { id: 'u0', username: 'student', name: 'Demo Student' },
+    { id: 'u1', username: 'student1', name: 'Student Jedan' },
+    { id: 'u2', username: 'student2', name: 'Student Dva' }
+  ]);
+});
+
+app.listen(3001, () => {
+  console.log('users-api na portu 3001');
+});