add security

2026-02-28 14:11:43 +01:00
parent 58e5a2b67a
commit 5246ed5560
4 changed files with 37 additions and 1 deletions
--- a/pom.xml
+++ b/pom.xml
@ -48,6 +48,10 @@
            <artifactId>dotenv-java</artifactId>
            <version>3.0.0</version>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
    </dependencies>

    <build>
--- a/src/main/java/fr/tetelie/crawler/SecurityConfig.java
+++ b/src/main/java/fr/tetelie/crawler/SecurityConfig.java
@ -0,0 +1,29 @@
+package fr.tetelie.crawler;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests((requests) -> requests
+                        .requestMatchers("/", "/api/**", "/css/**", "/js/**").permitAll() // Tout le monde voit le dashboard
+                        .requestMatchers("/add", "/delete/**").authenticated()           // Seul l'admin ajoute/supprime
+                        .anyRequest().authenticated()
+                )
+                .formLogin((form) -> form
+                        .defaultSuccessUrl("/", true)
+                        .permitAll()
+                )
+                .logout((logout) -> logout.permitAll());
+
+        return http.build();
+    }
+}
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -3,3 +3,5 @@ spring.datasource.username=${DB_USER}
 spring.datasource.password=${DB_PASS}
 spring.jpa.hibernate.ddl-auto=validate
 server.port=8083
+spring.security.user.name=admin
+spring.security.user.password=${ADMIN_PASS}
--- a/src/main/resources/templates/index.html
+++ b/src/main/resources/templates/index.html
@ -28,6 +28,7 @@

    <section class="bg-gray-900 p-1 rounded-3xl border border-gray-800 shadow-2xl mb-12">
        <form th:action="@{/add}" method="POST" class="flex flex-col md:flex-row gap-2 p-2">
+            <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />
            <input type="text" name="name" required placeholder="Nom de l'objet..."
                   class="flex-1 p-4 rounded-2xl bg-gray-800 border-none text-white placeholder-gray-500 focus:ring-2 focus:ring-blue-600 outline-none transition-all">
            <input type="url" name="link" required placeholder="Lien Amazon..."