MAM/VPR-Backend
3
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor

Browse Source
This commit is contained in:
Marc Beyer
2022-01-10 12:11:52 +01:00
parent 8d6a850d30
commit 68eb7e5863
15 changed files with 300 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
server/build.gradle
View File

@@ -17,6 +17,17 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-web'
runtimeOnly 'mysql:mysql-connector-java' runtimeOnly 'mysql:mysql-connector-java'
testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation 'org.springframework.boot:spring-boot-starter-test'
// Spring security
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.security:spring-security-test'
// JSON web token
implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2',
// Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
//'org.bouncycastle:bcprov-jdk15on:1.60',
'io.jsonwebtoken:jjwt-jackson:0.11.2' // or 'io.jsonwebtoken:jjwt-gson:0.11.2' for gson
} }
test { test {

106
server/src/main/java/com/vpr/server/MainController.java → server/src/main/java/com/vpr/server/controller/EventController.java
View File

@@ -1,72 +1,40 @@
package com.vpr.server; package com.vpr.server.controller;
import com.vpr.server.data.Event;
import com.vpr.server.data.User;
import com.vpr.server.data.UserEvent;
import com.vpr.server.repository.EventRepository;
import com.vpr.server.repository.UserEventRepository;
import com.vpr.server.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.server.ResponseStatusException; import org.springframework.web.server.ResponseStatusException;
import java.sql.Date;
import java.sql.Time; import java.sql.Time;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Optional;
@Controller // This means that this class is a Controller @Controller
@RequestMapping(path = "/vpr") // This means URL's start with /demo (after Application path) @RequestMapping(path = "/event")
public class MainController { public class EventController {
// This means to get the bean called userRepository
// Which is auto-generated by Spring, we will use it to handle the data
@Autowired @Autowired
private com.vpr.server.UserRepository userRepository; private UserRepository userRepository;
@Autowired @Autowired
private EventRepository eventRepository; private EventRepository eventRepository;
@Autowired @Autowired
private UserEventRepository userEventRepository; private UserEventRepository userEventRepository;
// POST-request at /add with request parameter /******************
// @ResponseBody means the returned String is the response, not a view name * POST-ENDPOINTS *
@PostMapping(path = "/add-user") ******************/
@PostMapping(path = "/add")
public @ResponseBody public @ResponseBody
String addNewUser( String addEvent(
@RequestParam String name,
@RequestParam String forename,
@RequestParam String password,
@RequestParam String isAdmin
) {
com.vpr.server.User user = new com.vpr.server.User();
// TODO set correct token and password
user.setName(name);
user.setForename(forename);
user.setPassword(password);
user.setToken("test");
user.setAdmin(isAdmin.equals("1"));
userRepository.save(user);
return "Saved";
}
@PostMapping(path = "/login")
public @ResponseBody
String login(
@RequestParam String login,
@RequestParam String password
) {
User user = userRepository.findByLoginAndPassword(login, password);
if(user != null){
return "" + user.getId();
}
return "-1";
}
@PostMapping(path = "/add-event")
public @ResponseBody
ResponseEntity addEvent(
@RequestParam Integer userId, @RequestParam Integer userId,
@RequestParam String date, @RequestParam String date,
@RequestParam String name, @RequestParam String name,
@@ -78,14 +46,14 @@ public class MainController {
) { ) {
String errorString = ""; String errorString = "";
com.vpr.server.Event event = new com.vpr.server.Event(); Event event = new Event();
System.out.println(name.length() + ". name " + name); System.out.println(name.length() + ". name " + name);
if (name.length() > 3) { if (name.length() > 3) {
event.setName(name); event.setName(name);
} else { } else {
System.out.println("NAME IST ZU KURZ"); System.out.println("NAME IST ZU KURZ");
return new ResponseEntity(HttpStatus.NOT_ACCEPTABLE); throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Format nicht korrekt");
} }
try { try {
@@ -108,7 +76,7 @@ public class MainController {
event.setFullDay(isFullDay); event.setFullDay(isFullDay);
event.setPrivate(isPrivate); event.setPrivate(isPrivate);
com.vpr.server.UserEvent userEvent = new com.vpr.server.UserEvent(); UserEvent userEvent = new UserEvent();
try { try {
System.out.println("date " + date); System.out.println("date " + date);
@@ -116,6 +84,7 @@ public class MainController {
userEvent.setDate(new java.sql.Date(simpleDateFormat.parse(date).getTime())); userEvent.setDate(new java.sql.Date(simpleDateFormat.parse(date).getTime()));
} catch (Exception e) { } catch (Exception e) {
System.out.println("DATE FORMAT NOT CORRECT"); System.out.println("DATE FORMAT NOT CORRECT");
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Format nicht korrekt");
} }
userEvent.setEvent(event); userEvent.setEvent(event);
@@ -128,11 +97,10 @@ public class MainController {
eventRepository.save(event); eventRepository.save(event);
userEventRepository.save(userEvent); userEventRepository.save(userEvent);
return "";
return new ResponseEntity(HttpStatus.OK);
} }
@PostMapping(path = "/del-event") @PostMapping(path = "/del")
public @ResponseBody public @ResponseBody
String addEvent(@RequestParam Integer eventId) { String addEvent(@RequestParam Integer eventId) {
eventRepository.deleteUserEventsById(Long.valueOf(eventId)); eventRepository.deleteUserEventsById(Long.valueOf(eventId));
@@ -140,28 +108,10 @@ public class MainController {
return "Deleted"; return "Deleted";
} }
// GET-request at /all-users @PostMapping(path = "/all")
// returns JSON-data
@GetMapping(path = "/all-users")
public @ResponseBody
Object[] getAllUsers() {
return userRepository.findAllUsernames();
}
// POST-request at /all-events
// returns JSON-data
@PostMapping(path = "/all-events")
public @ResponseBody public @ResponseBody
Object[] getAllEvents(@RequestParam long userId) { Object[] getAllEvents(@RequestParam long userId) {
return eventRepository.findAllVisibleByUserId(userId); return eventRepository.findAllVisibleByUserId(userId);
} }
@GetMapping(path = "/all-events-test")
public @ResponseBody
Iterable<com.vpr.server.Event> getAllEventsTest() {
return eventRepository.findAll();
}
} }

36
server/src/main/java/com/vpr/server/controller/MainController.java Normal file
View File

@@ -0,0 +1,36 @@
package com.vpr.server.controller;
import com.vpr.server.data.Event;
import com.vpr.server.data.User;
import com.vpr.server.data.UserEvent;
import com.vpr.server.repository.EventRepository;
import com.vpr.server.repository.UserEventRepository;
import com.vpr.server.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException;
import java.sql.Time;
import java.text.SimpleDateFormat;
@Controller // This means that this class is a Controller
@RequestMapping(path = "/vpr") // This means URL's start with /demo (after Application path)
public class MainController {
// This means to get the bean called userRepository
// Which is auto-generated by Spring, we will use it to handle the data
@Autowired
private UserRepository userRepository;
@Autowired
private EventRepository eventRepository;
@Autowired
private UserEventRepository userEventRepository;
@GetMapping(path = "/status-test")
public String statusTest(){
throw new ResponseStatusException(HttpStatus.I_AM_A_TEAPOT, "TestTestTest");
}
}

108
server/src/main/java/com/vpr/server/controller/UserController.java Normal file
View File

@@ -0,0 +1,108 @@
package com.vpr.server.controller;
import com.vpr.server.data.User;
import com.vpr.server.repository.UserRepository;
import com.vpr.server.security.Hasher;
import com.vpr.server.security.Token;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
@Controller
@RequestMapping(path = "/user")
public class UserController {
@Autowired
private UserRepository userRepository;
/******************
* POST-ENDPOINTS *
******************/
@PostMapping(path = "/add")
public @ResponseBody
String addNewUser(
@RequestParam String name,
@RequestParam String forename,
@RequestParam String login,
@RequestParam String password,
@RequestParam String isAdmin
) {
byte[] salt = Hasher.GenerateSalt();
byte[] hash;
try {
hash = Hasher.HashPassword(password, salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Fehler beim hashen");
}
User user = new User();
// TODO set correct token and password
user.setName(name);
user.setForename(forename);
user.setLogin(login);
user.setPassword(hash);
user.setSalt(salt);
user.setToken("test");
user.setAdmin(isAdmin.equals("1"));
userRepository.save(user);
return "" + user.getId();
}
@PostMapping(path = "/login")
public @ResponseBody
String login(
@RequestParam String login,
@RequestParam String password
) {
User user = userRepository.findByLogin(login);
if (user == null) {
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Falscher login");
}
byte[] salt = user.getSalt();
byte[] hash;
try {
hash = Hasher.HashPassword(password, salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Fehler beim hashen");
}
if (Arrays.equals(user.getPassword(), hash)) {
System.out.println(user.getLogin() + " is now logged in.");
System.out.println(Token.Generate(user.getLogin()));
System.out.println(Token.Verify(Token.Generate(user.getLogin()), user.getLogin()));
return "" + user.getId();
}
System.out.println(user.getLogin() + " failed to logged in.");
System.out.println("entered : " + javax.xml.bind.DatatypeConverter.printHexBinary(hash));
System.out.println("required: " + javax.xml.bind.DatatypeConverter.printHexBinary(user.getPassword()));
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Falscher login");
}
@PostMapping(path = "/del")
public @ResponseBody String deleteUser(@RequestParam Integer userId) {
userRepository.deleteById(Long.valueOf(userId));
return "Deleted";
}
/*****************
* GET-ENDPOINTS *
*****************/
@GetMapping(path = "/all")
public @ResponseBody
Object[] getAllUsers() {
return userRepository.findAllUsernames();
}
}

2
server/src/main/java/com/vpr/server/DateEvent.java → server/src/main/java/com/vpr/server/data/DateEvent.java
View File

@@ -1,4 +1,4 @@
package com.vpr.server; package com.vpr.server.data;
import java.sql.Date; import java.sql.Date;
import java.sql.Time; import java.sql.Time;

2
server/src/main/java/com/vpr/server/Event.java → server/src/main/java/com/vpr/server/data/Event.java
View File

@@ -1,4 +1,4 @@
package com.vpr.server; package com.vpr.server.data;
import javax.persistence.*; import javax.persistence.*;
import java.sql.Time; import java.sql.Time;

19
server/src/main/java/com/vpr/server/User.java → server/src/main/java/com/vpr/server/data/User.java
View File

@@ -1,4 +1,4 @@
package com.vpr.server; package com.vpr.server.data;
import javax.persistence.*; import javax.persistence.*;
import java.util.List; import java.util.List;
@@ -21,7 +21,10 @@ public class User {
private String login; private String login;
@Column(name="password", nullable=false) @Column(name="password", nullable=false)
private String password; private byte[] password;
@Column(name="salt", nullable=false)
private byte[] salt;
@Column(name="token") @Column(name="token")
private String token; private String token;
@@ -68,14 +71,22 @@ public class User {
this.login = login; this.login = login;
} }
public String getPassword() { public byte[] getPassword() {
return password; return password;
} }
public void setPassword(String password) { public void setPassword(byte[] password) {
this.password = password; this.password = password;
} }
public byte[] getSalt() {
return salt;
}
public void setSalt(byte[] salt) {
this.salt = salt;
}
public String getToken() { public String getToken() {
return token; return token;
} }

3
server/src/main/java/com/vpr/server/UserEvent.java → server/src/main/java/com/vpr/server/data/UserEvent.java
View File

@@ -1,8 +1,7 @@
package com.vpr.server; package com.vpr.server.data;
import javax.persistence.*; import javax.persistence.*;
import java.sql.Date; import java.sql.Date;
import java.util.List;
// @Entity creates a table out of this class with Hibernate // @Entity creates a table out of this class with Hibernate
// @Table defines the table-name // @Table defines the table-name

2
server/src/main/java/com/vpr/server/UserEventId.java → server/src/main/java/com/vpr/server/data/UserEventId.java
View File

@@ -1,4 +1,4 @@
package com.vpr.server; package com.vpr.server.data;
import java.io.Serializable; import java.io.Serializable;
import java.sql.Date; import java.sql.Date;

4
server/src/main/java/com/vpr/server/EventRepository.java → server/src/main/java/com/vpr/server/repository/EventRepository.java
View File

@@ -1,11 +1,11 @@
package com.vpr.server; package com.vpr.server.repository;
import com.vpr.server.data.Event;
import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query; import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.CrudRepository;
import javax.transaction.Transactional; import javax.transaction.Transactional;
import java.util.List;
// This will be AUTO IMPLEMENTED by Spring into a Bean called eventRepository // This will be AUTO IMPLEMENTED by Spring into a Bean called eventRepository
// CRUD refers Create, Read, Update, Delete // CRUD refers Create, Read, Update, Delete

7
server/src/main/java/com/vpr/server/UserEventRepository.java → server/src/main/java/com/vpr/server/repository/UserEventRepository.java
View File

@@ -1,11 +1,8 @@
package com.vpr.server; package com.vpr.server.repository;
import org.springframework.data.jpa.repository.Query; import com.vpr.server.data.UserEvent;
import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.CrudRepository;
import java.sql.Date;
import java.util.List;
// This will be AUTO IMPLEMENTED by Spring into a Bean called eventListRepository // This will be AUTO IMPLEMENTED by Spring into a Bean called eventListRepository
// CRUD refers Create, Read, Update, Delete // CRUD refers Create, Read, Update, Delete

14
server/src/main/java/com/vpr/server/UserRepository.java → server/src/main/java/com/vpr/server/repository/UserRepository.java
View File

@@ -1,13 +1,11 @@
package com.vpr.server; package com.vpr.server.repository;
import com.vpr.server.data.User;
import org.springframework.data.jpa.repository.Query; import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.CrudRepository;
import java.util.List;
// This will be AUTO IMPLEMENTED by Spring into a Bean called userRepository // This will be AUTO IMPLEMENTED by Spring into a Bean called userRepository
// CRUD refers Create, Read, Update, Delete // CRUD refers Create, Read, Update, Delete
public interface UserRepository extends CrudRepository<User, Integer> { public interface UserRepository extends CrudRepository<User, Integer> {
@Query(value = "SELECT u.id, u.name, u.forename " + @Query(value = "SELECT u.id, u.name, u.forename " +
@@ -15,7 +13,11 @@ public interface UserRepository extends CrudRepository<User, Integer> {
nativeQuery = true) nativeQuery = true)
Object[] findAllUsernames(); Object[] findAllUsernames();
com.vpr.server.User findById(long id); User findById(long id);
com.vpr.server.User findByLoginAndPassword(String login, String password); User findByLogin(String login);
User findByLoginAndPassword(String login, byte[] password);
void deleteById(long id);
} }

28
server/src/main/java/com/vpr/server/security/Hasher.java Normal file
View File

@@ -0,0 +1,28 @@
package com.vpr.server.security;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
public class Hasher {
public static byte[] HashPassword(String password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException {
// Credit: https://www.baeldung.com/java-password-hashing
// Generate hash with PBKDF2
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return factory.generateSecret(spec).getEncoded();
}
public static byte[] GenerateSalt(){
// Credit: https://www.baeldung.com/java-password-hashing
// Create a salt
SecureRandom random = new SecureRandom();
byte[] salt = new byte[16];
random.nextBytes(salt);
return salt;
}
}

26
server/src/main/java/com/vpr/server/security/Token.java Normal file
View File

@@ -0,0 +1,26 @@
package com.vpr.server.security;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.security.Key;
public class Token {
private static Key KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256);
public static String Generate(String subject){
return Jwts.builder().setSubject(subject).signWith(KEY).compact();
}
public static boolean Verify(String jws, String subject){
try {
assert Jwts.parserBuilder().setSigningKey(KEY).build().parseClaimsJws(jws)
.getBody().getSubject().equals(subject);
return true;
} catch (JwtException e) {
return false;
}
}
}

31
server/src/main/java/com/vpr/server/security/WebSecurityConfig.java Normal file
View File

@@ -0,0 +1,31 @@
package com.vpr.server.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
}