From aa504dd88185e11ff8569ad00c3e5f474f190466 Mon Sep 17 00:00:00 2001
From: LucasX Ubuntu <lucas.deletang.legravier@gmail.com>
Date: Mon, 16 Mar 2026 11:51:46 +0100
Subject: [PATCH] feat: use oauth

---
 .gitignore                                    |  1 +
 pom.xml                                       |  4 +++
 .../fr/tetelie/crawler/SecurityConfig.java    | 10 +++---
 .../crawler/web/ProductController.java        |  5 ++-
 src/main/resources/application.properties     | 10 +++++-
 src/main/resources/templates/index.html       | 31 +++++++++++++++----
 6 files changed, 49 insertions(+), 12 deletions(-)

diff --git a/.gitignore b/.gitignore
index 480bdf5..7aa7802 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@ target/
 !**/src/main/**/target/
 !**/src/test/**/target/
 .kotlin
+.env
 
 ### IntelliJ IDEA ###
 .idea/modules.xml
diff --git a/pom.xml b/pom.xml
index 357f949..6526ee4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -52,6 +52,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/src/main/java/fr/tetelie/crawler/SecurityConfig.java b/src/main/java/fr/tetelie/crawler/SecurityConfig.java
index 7f73f6c..0ac7f57 100644
--- a/src/main/java/fr/tetelie/crawler/SecurityConfig.java
+++ b/src/main/java/fr/tetelie/crawler/SecurityConfig.java
@@ -18,11 +18,13 @@ public class SecurityConfig {
                         .requestMatchers("/add", "/delete/**").authenticated()           // Seul l'admin ajoute/supprime
                         .anyRequest().authenticated()
                 )
-                .formLogin((form) -> form
-                        .defaultSuccessUrl("/", true)
-                        .permitAll()
+                .oauth2Login((oauth2) -> oauth2
+                .defaultSuccessUrl("/", true)
                 )
-                .logout((logout) -> logout.permitAll());
+                .logout((logout) -> logout
+                        .logoutSuccessUrl("/")
+                        .permitAll()
+                );
 
         return http.build();
     }
diff --git a/src/main/java/fr/tetelie/crawler/web/ProductController.java b/src/main/java/fr/tetelie/crawler/web/ProductController.java
index a4e7dda..01af1e8 100644
--- a/src/main/java/fr/tetelie/crawler/web/ProductController.java
+++ b/src/main/java/fr/tetelie/crawler/web/ProductController.java
@@ -6,6 +6,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 
 import java.util.List;
 
@@ -16,8 +18,9 @@ public class ProductController {
     private ProductRepository productRepository; // Spring gère SQL tout seul !
 
     @GetMapping("/")
-    public String listProducts(Model model) {
+    public String listProducts(Model model, @AuthenticationPrincipal OidcUser user) {
         model.addAttribute("products", productRepository.findAll());
+        model.addAttribute("username", user != null ? user.getPreferredUsername() : null);
         return "index"; // Ça va chercher src/main/resources/templates/index.html
     }
 
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index aebef8d..7fbf495 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -4,4 +4,12 @@ spring.datasource.password=${DB_PASS}
 spring.jpa.hibernate.ddl-auto=validate
 server.port=8083
 spring.security.user.name=admin
-spring.security.user.password=${ADMIN_PASS}
\ No newline at end of file
+spring.security.user.password=${ADMIN_PASS}
+
+spring.security.oauth2.client.registration.keycloak.client-id=${KEYCLOAK_CLIENT_ID}
+spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET}
+spring.security.oauth2.client.provider.keycloak.issuer-uri=${KEYCLOAK_ISSUER_URI}
+spring.security.oauth2.client.registration.keycloak.scope=openid,profile
+spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
+spring.security.oauth2.client.registration.keycloak.redirect-uri={baseUrl}/login/oauth2/code/keycloak
+spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
\ No newline at end of file
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
index bff94e7..8857819 100644
--- a/src/main/resources/templates/index.html
+++ b/src/main/resources/templates/index.html
@@ -17,12 +17,31 @@
             </h1>
             <p class="text-gray-500 text-sm">Surveillance des prix en temps réel</p>
         </div>
-        <div class="flex items-center gap-3 bg-gray-900 border border-gray-800 p-2 rounded-2xl shadow-inner">
-            <span class="relative flex h-3 w-3">
-                <span class="animate-ping absolute inline-flex h-full w-full rounded-full bg-green-400 opacity-75"></span>
-                <span class="relative inline-flex rounded-full h-3 w-3 bg-green-500"></span>
-            </span>
-            <span class="text-xs font-mono text-gray-400 uppercase tracking-widest">System Active</span>
+        <div class="flex items-center gap-3">
+            <div class="flex items-center gap-3 bg-gray-900 border border-gray-800 p-2 rounded-2xl shadow-inner">
+                <span class="relative flex h-3 w-3">
+                    <span class="animate-ping absolute inline-flex h-full w-full rounded-full bg-green-400 opacity-75"></span>
+                    <span class="relative inline-flex rounded-full h-3 w-3 bg-green-500"></span>
+                </span>
+                <span class="text-xs font-mono text-gray-400 uppercase tracking-widest">System Active</span>
+            </div>
+
+            <!-- Not logged in -->
+            <a th:if="${username == null}" href="/oauth2/authorization/keycloak"
+            class="bg-blue-600 hover:bg-blue-500 text-white font-bold py-2 px-4 rounded-2xl shadow-lg text-xs uppercase tracking-widest transition-colors">
+                Login
+            </a>
+
+            <!-- Logged in -->
+            <div th:if="${username != null}" class="flex items-center gap-2">
+                <span class="bg-gray-900 border border-gray-800 text-gray-300 font-bold py-2 px-4 rounded-2xl text-xs uppercase tracking-widest"
+                    th:text="${username}">
+                </span>
+                <a href="/logout"
+                class="bg-red-600 hover:bg-red-500 text-white font-bold py-2 px-4 rounded-2xl shadow-lg text-xs uppercase tracking-widest transition-colors">
+                    Logout
+                </a>
+            </div>
         </div>
     </header>