Upgrade java and memory handlings (#237)

* Upgrade java and memory handlings

.github/workflows/pr-build.yml

@@ -181,7 +181,7 @@ jobs:
         uses: actions/setup-java@v4
         with:
           distribution: 'adopt'
-          java-version: '11'
+          java-version: '17'
 
       - name: Setup Go
         uses: actions/setup-go@v5
@@ -203,6 +203,16 @@ jobs:
           mkdir test-results
           go run gotest.tools/gotestsum@latest --format testname --junitfile test-results/unit-tests.xml
 
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # Require: The version of golangci-lint to use.
+          # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version.
+          # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit.
+          version: v1.54
+          working-directory: services/community
+
+
       - name: Run workshop tests
         run: |
           cd services/workshop

services/community/Dockerfile

@@ -41,4 +41,6 @@ RUN ls -al /app
 
 ARG SERVER_PORT
 EXPOSE ${SERVER_PORT}
+# Expose profiling port
+EXPOSE 6060
 CMD /app/main

services/community/api/auth/token.go

@@ -66,12 +66,12 @@ func ExtractTokenID(r *http.Request, db *gorm.DB) (uint32, error) {
 		return 0, err
 	}
 
-	resp, err := http.Post(tokenVerifyURL, "application/json",
-		bytes.NewBuffer(tokenJSON))
+	resp, err := http.Post(tokenVerifyURL, "application/json", bytes.NewBuffer(tokenJSON))
 	if err != nil {
 		log.Println(err)
 		return 0, err
 	}
+	defer resp.Body.Close()
 
 	tokenValid := resp.StatusCode == 200
 	token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})

services/community/api/controllers/coupon_controller.go

@@ -30,6 +30,7 @@ import (
 //Server have database connection
 func (s *Server) AddNewCoupon(w http.ResponseWriter, r *http.Request) {
 	body, err := io.ReadAll(r.Body)
+	defer r.Body.Close()
 	if err != nil {
 		responses.ERROR(w, http.StatusBadRequest, err)
 		return
@@ -61,6 +62,7 @@ func (s *Server) ValidateCoupon(w http.ResponseWriter, r *http.Request) {
 	var bsonMap bson.M
 
 	body, err := io.ReadAll(r.Body)
+	defer r.Body.Close()
 	if err != nil {
 		responses.ERROR(w, http.StatusBadRequest, err)
 		log.Println("No payload for ValidateCoupon", body, err)

services/community/api/controllers/post_controller.go

@@ -32,6 +32,7 @@ import (
 func (s *Server) AddNewPost(w http.ResponseWriter, r *http.Request) {
 
 	body, err := io.ReadAll(r.Body)
+	defer r.Body.Close()
 	if err != nil {
 		responses.ERROR(w, http.StatusBadRequest, err)
 		return
@@ -112,6 +113,7 @@ func (s *Server) Comment(w http.ResponseWriter, r *http.Request) {
 
 	vars := mux.Vars(r)
 	body, err := io.ReadAll(r.Body)
+	defer r.Body.Close()
 	if err != nil {
 		responses.ERROR(w, http.StatusBadRequest, err)
 		return

services/community/api/router/routes.go

@@ -17,6 +17,7 @@ package router
 import (
 	"log"
 	"net/http"
+	_ "net/http/pprof"
 	"os"
 	"time"
 
@@ -29,16 +30,19 @@ import (
 
 type Server config.Server
 
+var controller = controllers.Server{}
 
 // initializeRoutes initialize routes of url with Authentication or without Authentication
 func (server *Server) InitializeRoutes() *mux.Router {
-	var controller = controllers.Server{}
 
 	controller.DB = server.DB
 
 	controller.Client = server.Client
 
 	server.Router.Use(middlewares.AccessControlMiddleware)
+	if os.Getenv("DEBUG") == "1" {
+		server.Router.PathPrefix("/debug/pprof/").Handler(http.DefaultServeMux)
+	}
 	// Post Route
 	server.Router.HandleFunc("/community/api/v2/community/posts/recent", middlewares.SetMiddlewareJSON(middlewares.SetMiddlewareAuthentication(controller.GetPost, server.DB))).Methods("GET", "OPTIONS")
 
@@ -77,14 +81,8 @@ func (server *Server) Run(addr string) {
 		if !is_key || key == "" {
 			key = "certs/server.key"
 		}
-		err := srv.ListenAndServeTLS(certificate, key)
-		if err != nil {
-			log.Println(err)
-		}
+		log.Println(srv.ListenAndServeTLS(certificate, key))
 	} else {
-		err := srv.ListenAndServe()
-		if err != nil {
-			log.Println(err)
-		}
+		log.Println(srv.ListenAndServe())
 	}
 }

services/identity/.java-version

@@ -0,0 +1 @@
+17

services/identity/Dockerfile

@@ -12,9 +12,10 @@
 
 
 # Java Maven Build
-FROM gradle:7.3.3-jdk11 AS gradlebuild
+FROM gradle:8.1-jdk17-focal AS gradlebuild
 WORKDIR /app
 COPY *.gradle.kts ./
+COPY gradle.properties ./
 # Only download dependencies
 # Eat the expected build failure since no source code has been copied yet
 RUN gradle clean build --no-daemon > /dev/null 2>&1 || true
@@ -23,15 +24,19 @@ RUN gradle build
 RUN gradle bootJar
 
 # Main Image
-FROM openjdk:11.0.15-jre-slim-buster
-
-#Java
+FROM openjdk:17.0-jdk-slim
+# #Java
 RUN apt-get -y update && apt-get -y install curl && apt-get -y clean
+# RUN apt-get -y update && apt-get -y install wget curl unzip && apt-get -y clean
+# RUN wget https://www.yourkit.com/download/docker/YourKit-JavaProfiler-2023.9-docker.zip -P /tmp/ && \
+#   unzip /tmp/YourKit-JavaProfiler-2023.9-docker.zip -d /usr/local && \
+#   rm /tmp/YourKit-JavaProfiler-2023.9-docker.zip
 RUN mkdir /app
 COPY --from=gradlebuild /app/build/libs/identity-service-1.0-SNAPSHOT.jar /app/identity-service-1.0-SNAPSHOT.jar
 
-ARG SERVER_PORT 
+ARG SERVER_PORT
 EXPOSE ${SERVER_PORT}
+EXPOSE 10001
 
 ENV JAVA_TOOL_OPTIONS "-Xmx128m"
 

services/identity/build.gradle.kts

@@ -1,7 +1,7 @@
 plugins {
-  id("java")
   application
-  id("org.springframework.boot") version "2.6.1"
+  id("java")
+  id("org.springframework.boot") version "3.2.2"
   id("io.spring.dependency-management") version "1.0.11.RELEASE"
   id("com.diffplug.spotless") version "5.9.0"
 }
@@ -14,11 +14,13 @@ repositories {
 }
 
 application {
-    mainClassName = "com.crapi.CRAPIBootApplication"
+    mainClass.set("com.crapi.CRAPIBootApplication")
 }
 
-java.sourceCompatibility = JavaVersion.VERSION_11
-
+java {
+    sourceCompatibility = JavaVersion.VERSION_17
+    targetCompatibility = JavaVersion.VERSION_17
+}
 pluginManager.withPlugin("java") {
     apply(plugin = "com.diffplug.spotless")
     configure<com.diffplug.gradle.spotless.SpotlessExtension> {
@@ -32,39 +34,44 @@ pluginManager.withPlugin("java") {
     }
 }
 dependencies {
-    val lombokVersion = "1.18.12"
-    val mockito = "3.7.7"
-    val springBootVersion = "2.6.1"
+    val lombokVersion = "1.18.30"
+    val mockito = "5.2.0"
+    val springBootVersion = "3.2.2"
+    val springSecurityVersion = "6.0.3"
     val log4jVersion = "2.14.0"
     compileOnly("org.projectlombok:lombok:${lombokVersion}")
     testCompileOnly("org.projectlombok:lombok:${lombokVersion}")
     annotationProcessor("org.projectlombok:lombok:${lombokVersion}")
-    annotationProcessor("javax.annotation:javax.annotation-api:1.3.2")
+    annotationProcessor("jakarta.annotation:jakarta.annotation-api:2.1.1")
     annotationProcessor("org.springframework.boot:spring-boot-configuration-processor")
-    testImplementation("org.projectlombok:lombok:${lombokVersion}")
+    annotationProcessor("jakarta.xml.bind:jakarta.xml.bind-api:4.0.1")
     testAnnotationProcessor("org.projectlombok:lombok-mapstruct-binding:0.2.0")
-    implementation("org.springframework.boot:spring-boot-starter:${springBootVersion}") 
-    implementation("org.springframework.boot:spring-boot-starter-web:${springBootVersion}") 
-    implementation("org.springframework.boot:spring-boot-starter-security:${springBootVersion}") 
-    implementation("org.springframework.boot:spring-boot-starter-data-jpa:${springBootVersion}") 
+    implementation("jakarta.xml.bind:jakarta.xml.bind-api:4.0.1")
+    implementation("org.springframework.boot:spring-boot-starter:${springBootVersion}")
+    implementation("org.springframework.boot:spring-boot-starter-web:${springBootVersion}")
+    implementation("org.springframework.boot:spring-boot-starter-security:${springBootVersion}")
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa:${springBootVersion}")
     implementation("org.springframework.boot:spring-boot-starter-mail:${springBootVersion}")
-    implementation("org.springframework.boot:spring-boot-starter-validation:${springBootVersion}") 
-    testImplementation("org.springframework.boot:spring-boot-starter-test:${springBootVersion}")
-    implementation("io.jsonwebtoken:jjwt:0.9.1")
-    implementation("com.nimbusds:nimbus-jose-jwt:9.25.6")
-    implementation("javax.validation:validation-api:2.0.1.Final")
+    implementation("org.springframework.boot:spring-boot-starter-validation:${springBootVersion}")
+    implementation("org.springframework.security:spring-security-config:${springSecurityVersion}")
+    implementation("io.jsonwebtoken:jjwt:0.12.5")
+    implementation("com.nimbusds:nimbus-jose-jwt:9.37.3")
+    implementation("jakarta.validation:jakarta.validation-api:3.0.2")
     implementation("org.postgresql:postgresql:runtime")
     implementation("org.postgresql:postgresql:42.4.0")
     implementation("com.google.cloud:google-cloud-storage:2.10.0")
     implementation("org.apache.logging.log4j:log4j-api:${log4jVersion}")
     implementation("org.apache.logging.log4j:log4j-core:${log4jVersion}")
     implementation("org.apache.logging.log4j:log4j-web:${log4jVersion}")
-    implementation("com.google.cloud:libraries-bom:25.4.0")
+    implementation("com.google.cloud:libraries-bom:26.32.0")
     implementation("org.apache.httpcomponents:httpclient:4.5.13")
     implementation("com.google.cloud:google-cloud-storage:2.10.0")
+    implementation("org.apache.httpcomponents.client5:httpclient5:5.3")
+    testImplementation("org.springframework.boot:spring-boot-starter-test:${springBootVersion}")
+    testImplementation("org.projectlombok:lombok:${lombokVersion}")
     testImplementation("org.mockito:mockito-junit-jupiter:${mockito}")
     testImplementation("org.mockito:mockito-core:${mockito}")
     testImplementation("org.mockito:mockito-inline:${mockito}")
-    testImplementation("junit:junit:4.13.1")
+    testImplementation("junit:junit:4.13.2")
     //implementation("org.apache.logging.log4j:log4j-slf4j-impl:${log4jVersion}")
 }

services/identity/entrypoint.sh

@@ -7,7 +7,6 @@ else
   echo "Loading default JWKS file."
   JWKS=$(openssl base64 -in /default_jwks.json -A)
 fi
-
 java -jar /app/identity-service-1.0-SNAPSHOT.jar --app.jwksJson=$JWKS
 
 exec "$@"

services/identity/gradle.properties

@@ -0,0 +1,6 @@
+org.gradle.jvmargs= \
+  --add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED \
+  --add-exports jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED \
+  --add-exports jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED \
+  --add-exports jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED \
+  --add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED

services/identity/gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.3-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

services/identity/src/main/java/com/crapi/config/JwtAuthEntryPoint.java

@@ -14,10 +14,10 @@
 
 package com.crapi.config;
 
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;

services/identity/src/main/java/com/crapi/config/JwtAuthTokenFilter.java

@@ -16,12 +16,12 @@
 
 import com.crapi.enums.EStatus;
 import com.crapi.service.Impl.UserDetailsServiceImpl;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.text.ParseException;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;

services/identity/src/main/java/com/crapi/config/JwtProvider.java

@@ -18,6 +18,7 @@
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import com.nimbusds.jose.*;
+import com.nimbusds.jose.crypto.MACVerifier;
 import com.nimbusds.jose.crypto.RSASSAVerifier;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.JWKSet;
@@ -35,11 +36,13 @@
 import java.security.KeyPair;
 import java.text.ParseException;
 import java.util.*;
+import lombok.extern.slf4j.Slf4j;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
+@Slf4j
 @Component
 public class JwtProvider {
 
@@ -59,6 +62,7 @@ public JwtProvider(@Value("${app.jwksJson}") String jwksJson) {
       Base64.Decoder decoder = Base64.getDecoder();
       InputStream jwksStream = new ByteArrayInputStream(decoder.decode(jwksJson));
       JWKSet jwkSet = JWKSet.load(jwksStream);
+      jwksStream.close();
       List<JWK> keys = jwkSet.getKeys();
       if (keys.size() != 1 || !Objects.equals(keys.get(0).getAlgorithm().getName(), "RS256")) {
         throw new RuntimeException("Invalid JWKS key passed!!!");
@@ -86,13 +90,15 @@ public String generateJwtToken(User user) {
     int jwtExpirationInt;
     if (jwtExpiration.contains("e+")) jwtExpirationInt = new BigDecimal(jwtExpiration).intValue();
     else jwtExpirationInt = Integer.parseInt(jwtExpiration);
-    return Jwts.builder()
-        .setSubject((user.getEmail()))
-        .claim("role", user.getRole().getName())
-        .setIssuedAt(new Date())
-        .setExpiration(new Date((new Date()).getTime() + jwtExpirationInt))
-        .signWith(SignatureAlgorithm.RS256, this.keyPair.getPrivate())
-        .compact();
+    JwtBuilder builder =
+        Jwts.builder()
+            .subject(user.getEmail())
+            .issuedAt(new Date())
+            .expiration(new Date((new Date()).getTime() + jwtExpirationInt))
+            .claim("role", user.getRole().getName())
+            .signWith(this.keyPair.getPrivate());
+    String jwt = builder.compact();
+    return jwt;
   }
 
   /**
@@ -111,6 +117,7 @@ private RSAKey getKeyFromJkuHeader(JWSHeader header) {
       if (jku != null) {
         URLConnection connection = jku.toURL().openConnection();
         JWKSet jwkSet = JWKSet.load(connection.getInputStream());
+        connection.getInputStream().close();
         logger.info("JWKSet from URL : " + jwkSet.toString(false));
         JWK key = jwkSet.getKeyByKeyId(header.getKeyID());
         if (key != null && Objects.equals(key.getAlgorithm().getName(), "RS256")) {
@@ -155,10 +162,8 @@ public boolean validateJwtToken(String authToken) {
       if (Objects.equals(alg.getName(), "HS256")) {
         String secret = getJwtSecret(header);
         logger.info("JWT Secret: " + secret);
-        Jwts.parser()
-            .setSigningKey(secret.getBytes(StandardCharsets.UTF_8))
-            .parseClaimsJws(authToken);
-        return true;
+        JWSVerifier verifier = new MACVerifier(secret.getBytes(StandardCharsets.UTF_8));
+        return signedJWT.verify(verifier);
       } else {
         RSAKey verificationKey = getKeyFromJkuHeader(header);
         JWSVerifier verifier;