MAM/VPR-Backend
3
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added auth to a lot of the endpoints

Browse Source
This commit is contained in:
Marc Beyer 2022-01-14 17:53:42 +01:00
parent 0531f868d0
commit d5b6d6357e
4 changed files with 40 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
server/src/main/java/com/vpr/server/controller/EventController.java
View File

@ -8,6 +8,7 @@ import com.vpr.server.repository.UserEventRepository;
import com.vpr.server.repository.UserRepository; import com.vpr.server.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
@ -34,7 +35,7 @@ public class EventController {
@PostMapping(path = "/add") @PostMapping(path = "/add")
public @ResponseBody public @ResponseBody
String addEvent( ResponseEntity<String> addEvent(
@RequestParam Integer userId, @RequestParam Integer userId,
@RequestParam String date, @RequestParam String date,
@RequestParam String name, @RequestParam String name,
@ -53,7 +54,7 @@ public class EventController {
event.setName(name); event.setName(name);
} else { } else {
System.out.println("NAME IST ZU KURZ"); System.out.println("NAME IST ZU KURZ");
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Format nicht korrekt"); return new ResponseEntity<>("Der Name ist zu kurz", HttpStatus.BAD_REQUEST);
} }
try { try {
@ -84,7 +85,7 @@ public class EventController {
userEvent.setDate(new java.sql.Date(simpleDateFormat.parse(date).getTime())); userEvent.setDate(new java.sql.Date(simpleDateFormat.parse(date).getTime()));
} catch (Exception e) { } catch (Exception e) {
System.out.println("DATE FORMAT NOT CORRECT"); System.out.println("DATE FORMAT NOT CORRECT");
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Format nicht korrekt"); return new ResponseEntity<>("Datumformat nicht korrekt", HttpStatus.BAD_REQUEST);
} }
userEvent.setEvent(event); userEvent.setEvent(event);
@ -97,15 +98,15 @@ public class EventController {
eventRepository.save(event); eventRepository.save(event);
userEventRepository.save(userEvent); userEventRepository.save(userEvent);
return ""; return new ResponseEntity<>("", HttpStatus.OK);
} }
@PostMapping(path = "/del") @PostMapping(path = "/del")
public @ResponseBody public @ResponseBody
String delEvent(@RequestParam Integer eventId) { ResponseEntity<String> delEvent(@RequestParam Integer eventId) {
eventRepository.deleteUserEventsById(Long.valueOf(eventId)); eventRepository.deleteUserEventsById(Long.valueOf(eventId));
eventRepository.deleteById(Long.valueOf(eventId)); eventRepository.deleteById(Long.valueOf(eventId));
return "Deleted"; return new ResponseEntity<>("", HttpStatus.OK);
} }
@PostMapping(path = "/all") @PostMapping(path = "/all")

6
server/src/main/java/com/vpr/server/controller/MainController.java
View File

@ -33,4 +33,10 @@ public class MainController {
public String statusTest(){ public String statusTest(){
throw new ResponseStatusException(HttpStatus.I_AM_A_TEAPOT, "TestTestTest"); throw new ResponseStatusException(HttpStatus.I_AM_A_TEAPOT, "TestTestTest");
} }
@PostMapping(path = "/header-test")
public ResponseEntity<String> headerTest(@RequestHeader("Authorization") String authorizationHeader){
System.out.println("authorizationHeader: " + authorizationHeader);
return new ResponseEntity<>(authorizationHeader, HttpStatus.OK);
}
} }

36
server/src/main/java/com/vpr/server/controller/UserController.java
View File

@ -6,6 +6,7 @@ import com.vpr.server.security.Hasher;
import com.vpr.server.security.Token; import com.vpr.server.security.Token;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException; import org.springframework.web.server.ResponseStatusException;
@ -26,15 +27,21 @@ public class UserController {
@PostMapping(path = "/add") @PostMapping(path = "/add")
public @ResponseBody public @ResponseBody
String addNewUser( ResponseEntity<String> addNewUser(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam String name, @RequestParam String name,
@RequestParam String forename, @RequestParam String forename,
@RequestParam String login, @RequestParam String login,
@RequestParam String password, @RequestParam String password,
@RequestParam Boolean isAdmin @RequestParam Boolean isAdmin
) { ) {
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
if(authUser == null || authUser.isAdmin()){
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
}
if(userRepository.findByLogin(login) != null){ if(userRepository.findByLogin(login) != null){
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Login exestiert bereits!"); return new ResponseEntity<>( "Login exestiert bereits", HttpStatus.BAD_REQUEST);
} }
byte[] salt = Hasher.GenerateSalt(); byte[] salt = Hasher.GenerateSalt();
@ -43,7 +50,7 @@ public class UserController {
hash = Hasher.HashPassword(password, salt); hash = Hasher.HashPassword(password, salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace(); e.printStackTrace();
throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Fehler beim hashen"); return new ResponseEntity<>( "Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
} }
User user = new User(); User user = new User();
@ -57,12 +64,12 @@ public class UserController {
user.setAdmin(isAdmin); user.setAdmin(isAdmin);
userRepository.save(user); userRepository.save(user);
return "" + user.getId(); return new ResponseEntity<>( "" + user.getId(), HttpStatus.OK);
} }
@PostMapping(path = "/login") @PostMapping(path = "/login")
public @ResponseBody public @ResponseBody
String login( ResponseEntity<String> login(
@RequestParam String login, @RequestParam String login,
@RequestParam String password @RequestParam String password
) { ) {
@ -70,7 +77,7 @@ public class UserController {
User user = userRepository.findByLogin(login); User user = userRepository.findByLogin(login);
if (user == null) { if (user == null) {
System.out.println("Login for " + login + " failed."); System.out.println("Login for " + login + " failed.");
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Falscher login"); return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED);
} }
byte[] salt = user.getSalt(); byte[] salt = user.getSalt();
@ -79,7 +86,7 @@ public class UserController {
hash = Hasher.HashPassword(password, salt); hash = Hasher.HashPassword(password, salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace(); e.printStackTrace();
throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Fehler beim hashen"); return new ResponseEntity<>( "Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
} }
if (Arrays.equals(user.getPassword(), hash)) { if (Arrays.equals(user.getPassword(), hash)) {
@ -90,19 +97,26 @@ public class UserController {
System.out.println(user.getLogin() + " is now logged in."); System.out.println(user.getLogin() + " is now logged in.");
System.out.println(Token.Verify(Token.Generate(user.getLogin()), user.getLogin())); System.out.println(Token.Verify(Token.Generate(user.getLogin()), user.getLogin()));
return token + " " + user.getId(); return new ResponseEntity<>( token + " " + user.getId(), HttpStatus.OK);
} }
System.out.println(user.getLogin() + " failed to logged in."); System.out.println(user.getLogin() + " failed to logged in.");
System.out.println("entered : " + javax.xml.bind.DatatypeConverter.printHexBinary(hash)); System.out.println("entered : " + javax.xml.bind.DatatypeConverter.printHexBinary(hash));
System.out.println("required: " + javax.xml.bind.DatatypeConverter.printHexBinary(user.getPassword())); System.out.println("required: " + javax.xml.bind.DatatypeConverter.printHexBinary(user.getPassword()));
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Falscher login"); return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED);
} }
@PostMapping(path = "/del") @PostMapping(path = "/del")
public @ResponseBody String deleteUser(@RequestParam Integer userId) { public @ResponseBody ResponseEntity<String> deleteUser(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam Integer userId
) {
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
if(authUser == null || authUser.isAdmin()){
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
}
userRepository.deleteById(Long.valueOf(userId)); userRepository.deleteById(Long.valueOf(userId));
return "Deleted"; return new ResponseEntity<>( "", HttpStatus.OK);
} }
/***************** /*****************

2
server/src/main/java/com/vpr/server/repository/UserRepository.java
View File

@ -20,4 +20,6 @@ public interface UserRepository extends CrudRepository<User, Integer> {
User findByLoginAndPassword(String login, byte[] password); User findByLoginAndPassword(String login, byte[] password);
void deleteById(long id); void deleteById(long id);
User findByToken(String token);
} }