Add import/export functionality for apps, including client-side file handling and backend encryption/decryption logic

2025-12-17 16:06:59 +01:00 · 2025-12-17 16:06:59 +01:00 · 6add528c02
commit 6add528c02
parent 1788a7ef1c
7 changed files with 287 additions and 14 deletions
--- a/src/frontend/src/components/UI/AppListItem.vue
+++ b/src/frontend/src/components/UI/AppListItem.vue
@ -1,10 +1,20 @@
 <template>
  <div>
    <div class="app-list-item">
-      <div class="app-name-container"><div class="app-name-name">{{ app.name }}</div><div class="app-name-id">{{ app.client_id}}</div></div>
+      <div class="app-name-container">
+        <div class="app-name-name">{{ app.name }}</div>
+        <div class="app-name-id">{{ app.client_id }}</div>
+      </div>
+
+      <div class="badge-list">
+        <basic-badge variant="secondary" icon="lock" v-for="group in groups" :key="group">{{ group }}</basic-badge>
+      </div>
+
+      <div class="action-container">
+        <icon-button icon="download" @click="exportClick"></icon-button>
+        <icon-button icon="trash" @click="deleteClick"></icon-button>
+      </div>

-      <div class="badge-list"> <basic-badge variant="secondary" icon="lock" v-for="group in groups" :key="group">{{group}}</basic-badge></div>
-      <div class="action-container"> <icon-button icon="trash" @click="deleteClick"></icon-button></div>
    </div>
  </div>

@ -18,7 +28,7 @@ import BasicBadge from "@/components/UI/BasicBadge.vue";
 export default {
  name: "AppListItem",
  components: {BasicBadge, IconButton, Box},
-  emits: ["deleteApp"],
+  emits: ["deleteApp", "exportApp"],
  props: {
    app: {
      type: Object,
@ -33,6 +43,9 @@ export default {
  methods: {
    deleteClick() {
      this.$emit("deleteApp", this.app.id);
+    },
+    exportClick() {
+      this.$emit("exportApp", this.app.id);
    }
  }
 }
@ -76,7 +89,10 @@ export default {
  color: #6b7280;
 }

-.action-container{
+.action-container {
+  display: flex;
+  flex-direction: row;
+  gap: 1.2rem;
  align-self: center;
 }

--- a/src/frontend/src/components/layout/config/Apps.vue
+++ b/src/frontend/src/components/layout/config/Apps.vue
@ -1,6 +1,8 @@
 <template>
  <div class="apps-container">
+    <div class="app-list-actions">

+    </div>
    <div class="app-list-header">
      <div>App</div>
      <div>Groups</div>
@ -8,13 +10,20 @@
    </div>
    <div class="app-list">

-      <app-list-item v-for="app in apps" :app="app" @delete-app="deleteApp"></app-list-item>
+      <app-list-item v-for="app in apps" :app="app" @delete-app="deleteApp" @export-app="exportApp"></app-list-item>
+
    </div>

    <modal :state="modalState">
      <add-app @close="closeModal"></add-app>
    </modal>
-    <basic-button icon="Plus" @click="modalState = true">New App</basic-button>
+
+
+    <div class="app-list-actions">
+
+      <basic-button icon="Upload" @click="importApp">Import</basic-button>
+      <basic-button icon="Plus" @click="modalState = true">New App</basic-button>
+    </div>
  </div>


@ -27,6 +36,8 @@ import {mapStores} from "pinia";
 import {useAppsStore} from "@/store/apps.js";
 import Modal from "@/components/UI/Modal.vue";
 import AddApp from "@/components/layout/config/AddApp.vue";
+import Dropdown from "@/components/UI/Dropdown.vue";
+import IconButton from "@/components/UI/IconButton.vue";

 export default {
  name: "Apps",
@ -36,7 +47,7 @@ export default {
      default: false
    }
  },
-  components: {AddApp, Modal, AppListItem, BasicButton},
+  components: {IconButton, Dropdown, AddApp, Modal, AppListItem, BasicButton},
  computed: {
    ...mapStores(useAppsStore),
    apps() {
@ -45,7 +56,8 @@ export default {
  },
  data() {
    return {
-      modalState: false
+      modalState: false,
+      exportedApp: null
    }
  },
  methods: {
@ -57,6 +69,62 @@ export default {
    },
    deleteApp(id) {
      this.appsStore.deleteApp(id);
+    },
+    async exportApp(id) {
+      const response = await this.appsStore.exportApp(id);
+      const app = this.appsStore.getById(id);
+
+      if(response?.data) {
+        const base64String = response.data;
+
+        const blob = new Blob([base64String], { type: 'text/plain' });
+        const url = window.URL.createObjectURL(blob);
+        const link = document.createElement('a');
+        link.href = url;
+        link.download = `${app.name}.app`;
+        document.body.appendChild(link);
+        link.click();
+        document.body.removeChild(link);
+        window.URL.revokeObjectURL(url);
+      }
+
+    },
+    async importApp() {
+
+      const input = document.createElement('input');
+      input.type = 'file';
+      input.accept = '.app';
+
+      input.onchange = async (event) => {
+        const file = event.target.files[0];
+        if (file) {
+          try {
+            const fileContent = await this.readFileContent(file);
+            await this.appsStore.importApp(fileContent);
+          } catch (error) {
+
+          }
+        }
+      };
+
+      // File Dialog öffnen
+      input.click();
+    },
+
+    readFileContent(file) {
+      return new Promise((resolve, reject) => {
+        const reader = new FileReader();
+
+        reader.onload = (e) => {
+          resolve(e.target.result);
+        };
+
+        reader.onerror = (error) => {
+          reject(error);
+        };
+
+        reader.readAsText(file);
+      });
    }
  },
  async created() {
@ -85,6 +153,13 @@ export default {
  border-bottom: 0.1rem solid #E3EDFF;
 }

+.app-list-actions {
+  display: flex;
+  justify-content: flex-end;
+  margin-top: 2rem;
+  gap: 1.6rem
+}
+
 .app-list {
  margin-bottom: 2.4rem;
 }
--- a/src/frontend/src/store/apps.js
+++ b/src/frontend/src/store/apps.js
@ -24,6 +24,18 @@ export const useAppsStore = defineStore('apps', {
            this.apps = resp.data;
            this.loading = false;
        },
+        async exportApp(id) {
+            const url = `${config.backendUrl}/apps/export/${id}`;
+            const resp = await performRequest(this, 'GET', url, null);
+            return resp.data;
+        },
+        async importApp(app) {
+            const url = `${config.backendUrl}/apps/import`;
+            const resp = await performRequest(this, 'POST', url, { data: app },true);
+
+            if(resp.data)
+                await this.loadApps();
+        },
        async addApp(appName, appGroups) {
            const url = `${config.backendUrl}/apps`;

--- a/src/main/java/de/avatic/lcc/controller/configuration/AppsController.java
+++ b/src/main/java/de/avatic/lcc/controller/configuration/AppsController.java
@ -2,6 +2,7 @@ package de.avatic.lcc.controller.configuration;

 import com.azure.core.annotation.BodyParam;
 import de.avatic.lcc.dto.configuration.apps.AppDTO;
+import de.avatic.lcc.dto.configuration.apps.AppExchangeDTO;
 import de.avatic.lcc.service.apps.AppsService;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
@ -32,6 +33,18 @@ public class AppsController {
        return ResponseEntity.ok(appsService.updateApp(dto));
    }

+    @GetMapping({"/export/{id}", "/export/{id}/"})
+    @PreAuthorize("hasRole('SERVICE')")
+    public ResponseEntity<AppExchangeDTO> exportApp(@PathVariable Integer id) {
+        return ResponseEntity.ok(appsService.exportApp(id));
+    }
+
+    @PostMapping({"/import/", "/import"})
+    @PreAuthorize("hasRole('SERVICE')")
+    public ResponseEntity<Boolean> importApp(@RequestBody AppExchangeDTO dto) {
+        return ResponseEntity.ok(appsService.importApp(dto));
+    }
+
    @DeleteMapping({"/{id}", "/{id}/"})
    @PreAuthorize("hasRole('SERVICE')")
    public ResponseEntity<Void> deleteApp(@PathVariable Integer id) {
--- a/src/main/java/de/avatic/lcc/dto/configuration/apps/AppExchangeDTO.java
+++ b/src/main/java/de/avatic/lcc/dto/configuration/apps/AppExchangeDTO.java
@ -1,4 +1,14 @@
 package de.avatic.lcc.dto.configuration.apps;

 public class AppExchangeDTO {
+
+    private String data;
+
+    public void setData(String data) {
+        this.data = data;
+    }
+
+    public String getData() {
+        return data;
+    }
 }
--- a/src/main/java/de/avatic/lcc/service/apps/AppsService.java
+++ b/src/main/java/de/avatic/lcc/service/apps/AppsService.java
@ -1,13 +1,23 @@
 package de.avatic.lcc.service.apps;

+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import de.avatic.lcc.dto.configuration.apps.AppDTO;
+import de.avatic.lcc.dto.configuration.apps.AppExchangeDTO;
 import de.avatic.lcc.model.db.users.App;
 import de.avatic.lcc.repositories.users.AppRepository;
 import de.avatic.lcc.service.transformer.apps.AppTransformer;
+import de.avatic.lcc.util.exception.base.InternalErrorException;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;

-import java.security.SecureRandom;
+import javax.crypto.*;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.security.*;
 import java.util.Base64;
 import java.util.List;
 import java.util.Optional;
@ -16,14 +26,31 @@ import java.util.UUID;
@Service
 public class AppsService {

+
+    private static final String HMAC_ALGORITHM = "HmacSHA256";
+    private static final String ENCRYPTION_ALGORITHM = "AES/GCM/NoPadding";
+    private static final int GCM_TAG_LENGTH = 128;
+    private static final int GCM_IV_LENGTH = 12;
    private final AppRepository appRepository;
    private final AppTransformer appTransformer;
    private final PasswordEncoder passwordEncoder;
+    private final ObjectMapper objectMapper;
+    private final Key signingKey;
+    private final SecretKeySpec encryptionKey;

-    public AppsService(AppRepository appRepository, AppTransformer appTransformer, PasswordEncoder passwordEncoder) {
+
+    public AppsService(@Value("${jwt.secret}") String secret, AppRepository appRepository, AppTransformer appTransformer, PasswordEncoder passwordEncoder, ObjectMapper objectMapper) {
        this.appRepository = appRepository;
        this.appTransformer = appTransformer;
        this.passwordEncoder = passwordEncoder;
+        this.signingKey = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
+        this.objectMapper = objectMapper;
+
+        // AES-256 Key aus JWT Secret ableiten
+        byte[] keyBytes = secret.getBytes(StandardCharsets.UTF_8);
+        byte[] aesKey = new byte[32]; // 256 bit
+        System.arraycopy(keyBytes, 0, aesKey, 0, Math.min(keyBytes.length, 32));
+        this.encryptionKey = new SecretKeySpec(aesKey, "AES");
    }

    public List<AppDTO> listApps() {
@ -35,7 +62,7 @@ public class AppsService {
        var newApp = dto.getId() == null;
        String appSecret = null;

-        if(newApp) {
+        if (newApp) {
            dto.setClientId(generateAppId());
            appSecret = generateAppSecret();
            dto.setClientSecret(passwordEncoder.encode(appSecret));
@ -43,7 +70,7 @@ public class AppsService {

        var id = appRepository.update(appTransformer.toAppEntity(dto));

-        if(newApp) {
+        if (newApp) {
            dto.setId(id);
            dto.setClientSecret(appSecret);
        }
@ -79,4 +106,103 @@ public class AppsService {

    }

+    public AppExchangeDTO exportApp(Integer id) {
+        var app = appRepository.getById(id).map(appTransformer::toAppDTOWithHashedSecret);
+
+        if (app.isEmpty()) {
+            throw new IllegalArgumentException("App mit ID " + id + " nicht gefunden");
+        }
+        AppExchangeDTO exchangeDTO = new AppExchangeDTO();
+        try {
+
+            String json = objectMapper.writeValueAsString(app);
+            byte[] jsonBytes = json.getBytes(StandardCharsets.UTF_8);
+
+            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
+            byte[] iv = new byte[GCM_IV_LENGTH];
+            new SecureRandom().nextBytes(iv);
+            GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_LENGTH, iv);
+            cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, gcmSpec);
+            byte[] encryptedData = cipher.doFinal(jsonBytes);
+
+            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
+            mac.init(new SecretKeySpec(signingKey.getEncoded(), HMAC_ALGORITHM));
+            mac.update(iv);
+            mac.update(encryptedData);
+            byte[] signature = mac.doFinal();
+
+            byte[] bundle = new byte[iv.length + encryptedData.length + signature.length];
+            System.arraycopy(iv, 0, bundle, 0, iv.length);
+            System.arraycopy(encryptedData, 0, bundle, iv.length, encryptedData.length);
+            System.arraycopy(signature, 0, bundle, iv.length + encryptedData.length, signature.length);
+
+
+            exchangeDTO.setData(Base64.getEncoder().encodeToString(bundle));
+        } catch (JsonProcessingException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException |
+                 InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException _) {
+            throw new InternalErrorException("Fehler beim Exportieren der App");
+        }
+
+
+        return exchangeDTO;
+    }
+
+    public boolean importApp(AppExchangeDTO exchangeDTO)  {
+
+        try {
+
+            byte[] bundle = Base64.getDecoder().decode(exchangeDTO.getData());
+
+            // 2. Bundle aufteilen
+            if (bundle.length < GCM_IV_LENGTH + 32) {
+                throw new IllegalArgumentException("Ungültiges Export-Bundle");
+            }
+
+            byte[] iv = new byte[GCM_IV_LENGTH];
+            byte[] signature = new byte[32];
+            byte[] encryptedData = new byte[bundle.length - GCM_IV_LENGTH - 32];
+
+            System.arraycopy(bundle, 0, iv, 0, GCM_IV_LENGTH);
+            System.arraycopy(bundle, GCM_IV_LENGTH, encryptedData, 0, encryptedData.length);
+            System.arraycopy(bundle, GCM_IV_LENGTH + encryptedData.length, signature, 0, 32);
+
+            // 3. Signatur verifizieren
+            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
+            mac.init(new SecretKeySpec(signingKey.getEncoded(), HMAC_ALGORITHM));
+            mac.update(iv);
+            mac.update(encryptedData);
+            byte[] expectedSignature = mac.doFinal();
+
+            if (!java.security.MessageDigest.isEqual(signature, expectedSignature)) {
+                throw new SecurityException("Ungültige Signatur - Daten wurden manipuliert oder stammen nicht von dieser Instanz");
+            }
+
+            // 4. Entschlüsseln
+            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
+            GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_LENGTH, iv);
+            cipher.init(Cipher.DECRYPT_MODE, encryptionKey, gcmSpec);
+            byte[] decryptedData = cipher.doFinal(encryptedData);
+
+            // 5. JSON deserialisieren
+            String json = new String(decryptedData, StandardCharsets.UTF_8);
+            AppDTO dto = objectMapper.readValue(json, AppDTO.class);
+
+            // 6. Prüfen ob App mit dieser Client-ID bereits existiert
+            var existingApp = appRepository.getByClientId(dto.getClientId());
+            if (existingApp.isPresent()) {
+                throw new IllegalStateException(
+                        "App mit Client-ID '" + dto.getClientId() + "' existiert bereits"
+                );
+            }
+
+            App app = appTransformer.toAppEntityWithHashedSecret(dto);
+            appRepository.update(app);
+        } catch (JsonProcessingException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException |
+                 InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException _) {
+           return false;
+        }
+
+
+        return true;
+    }
 }
--- a/src/main/java/de/avatic/lcc/service/transformer/apps/AppTransformer.java
+++ b/src/main/java/de/avatic/lcc/service/transformer/apps/AppTransformer.java
@ -14,7 +14,6 @@ public class AppTransformer {

        dto.setId(entity.getId());
        dto.setName(entity.getName());
-        dto.setClientSecret(entity.getClientSecret());
        dto.setClientId(entity.getClientId());
        dto.setGroups(entity.getGroups().stream().map(Group::getName).toList());

@ -38,4 +37,26 @@ public class AppTransformer {
        group.setName(name);
        return group;
    }
+
+    public AppDTO toAppDTOWithHashedSecret(App entity) {
+        AppDTO dto = new AppDTO();
+
+        dto.setName(entity.getName());
+        dto.setClientSecret(entity.getClientSecret());
+        dto.setClientId(entity.getClientId());
+        dto.setGroups(entity.getGroups().stream().map(Group::getName).toList());
+
+        return dto;
+    }
+
+    public App toAppEntityWithHashedSecret(AppDTO dto) {
+        App entity = new App();
+
+        entity.setName(dto.getName());
+        entity.setClientSecret(dto.getClientSecret());
+        entity.setClientId(dto.getClientId());
+        entity.setGroups(dto.getGroups().stream().map(this::fromGroupDTO).toList());
+
+        return entity;
+    }
 }