feat(config): add AppPropertiesValidator to validate required environment variables at startup

.env.example

@@ -1,6 +1,7 @@
 SPRING_PROFILES_ACTIVE=dev
 
 APP_ENCRYPTION_SECRET=123456789
+APP_ALLOWED_ORIGINS=http://localhost:8080
 
 DB_NAME=EXAMPLE_DB
 DB_USER=EXAMPLE

bootstrap/src/main/resources/application.yml

@@ -5,6 +5,8 @@ info:
 app:
   encryption:
     secret:  ${APP_ENCRYPTION_SECRET}
+  cors:
+    allowed-origins: ${APP_ALLOWED_ORIGINS:http://localhost:8080}
 
 server:
   port: 8080

docker-compose.yml

@@ -14,6 +14,7 @@ services:
       DB_USER: ${DB_USER}
       DB_PASSWORD: ${DB_PASSWORD}
       APP_ENCRYPTION_SECRET: ${APP_ENCRYPTION_SECRET}
+      APP_ALLOWED_ORIGINS: ${APP_ALLOWED_ORIGINS}
       GMAIL_OAUTH_CLIENT_ID: ${GMAIL_OAUTH_CLIENT_ID}
       GMAIL_OAUTH_CLIENT_SECRET: ${GMAIL_OAUTH_CLIENT_SECRET}
     networks:

infrastructure/pom.xml

@@ -49,6 +49,11 @@
             <artifactId>spring-boot-starter-validation</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        
         <dependency>
             <groupId>org.reflections</groupId>
             <artifactId>reflections</artifactId>

infrastructure/src/main/java/com/pablotj/restemailbridge/infrastructure/config/AppPropertiesValidator.java

@@ -0,0 +1,55 @@
+package com.pablotj.restemailbridge.infrastructure.config;
+
+import jakarta.annotation.PostConstruct;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AppPropertiesValidator {
+
+    private static final Logger log = LoggerFactory.getLogger(AppPropertiesValidator.class);
+
+    @Value("${app.encryption.secret:}")
+    private String encryptionSecret;
+
+    @Value("${app.cors.allowed-origins:}")
+    private String allowedOrigins;
+
+    @Value("${spring.datasource.url:}")
+    private String datasourceUrl;
+
+    @Value("${spring.datasource.username:}")
+    private String datasourceUser;
+
+    @Value("${spring.datasource.password:}")
+    private String datasourcePassword;
+
+    @Value("${gmail.oauth2.clientId:}")
+    private String gmailClientId;
+
+    @Value("${gmail.oauth2.clientSecret:}")
+    private String gmailClientSecret;
+
+    @PostConstruct
+    public void validate() {
+        check("APP_ENCRYPTION_SECRET", encryptionSecret, false);
+        check("APP_ALLOWED_ORIGINS", allowedOrigins, true);
+        check("DB_URL", datasourceUrl, true);
+        check("DB_USER", datasourceUser, true);
+        check("DB_PASSWORD", datasourcePassword, false);
+        check("GMAIL_OAUTH_CLIENT_ID", gmailClientId, true);
+        check("GMAIL_OAUTH_CLIENT_SECRET", gmailClientSecret, false);
+    }
+
+    private void check(String name, String value, boolean logValue) {
+        if (value == null || value.isEmpty()) {
+            throw new IllegalStateException("ERROR: Property '" + name + "' is not defined or empty");
+        } else if (logValue) {
+            log.info("Property '{}' is defined with value: {}", name, value);
+        } else {
+            log.info("Property '{}' is defined", name);
+        }
+    }
+}

infrastructure/src/main/java/com/pablotj/restemailbridge/infrastructure/config/CorsConfig.java

@@ -0,0 +1,35 @@
+package com.pablotj.restemailbridge.infrastructure.config;
+
+import java.util.Arrays;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.List;
+
+@Configuration
+public class CorsConfig {
+
+    @Value("${app.cors.allowed-origins}")
+    private String allowedOriginsString;
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+
+        List<String> allowedOrigins = Arrays.asList(allowedOriginsString.split(","));
+        config.setAllowedOriginPatterns(allowedOrigins);
+
+        config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+        config.setAllowedHeaders(List.of("*"));
+        config.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+
+        return source;
+    }
+}

infrastructure/src/main/java/com/pablotj/restemailbridge/infrastructure/config/SecurityConfig.java

@@ -0,0 +1,31 @@
+package com.pablotj.restemailbridge.infrastructure.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfigurationSource;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    private final CorsConfigurationSource corsConfigurationSource;
+
+    public SecurityConfig(CorsConfigurationSource corsConfigurationSource) {
+        this.corsConfigurationSource = corsConfigurationSource;
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(AbstractHttpConfigurer::disable)
+                .cors(cors -> cors.configurationSource(corsConfigurationSource))
+                .authorizeHttpRequests(auth -> auth
+                        .anyRequest().permitAll()
+                );
+        return http.build();
+    }
+}