diff --git a/server/src/main/java/com/vpr/server/controller/AuthController.java b/server/src/main/java/com/vpr/server/controller/AuthController.java new file mode 100644 index 0000000..31bbe08 --- /dev/null +++ b/server/src/main/java/com/vpr/server/controller/AuthController.java @@ -0,0 +1,18 @@ +package com.vpr.server.controller; + +import com.vpr.server.data.User; +import com.vpr.server.repository.UserRepository; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; + +public class AuthController { + + public User getAuthUserFromHeader(String authorizationHeader, UserRepository userRepository){ + String[] splitAuthHeader = authorizationHeader.split("\\s"); + if(splitAuthHeader.length == 2){ + return userRepository.findByToken(splitAuthHeader[1]); + } + return null; + } +} diff --git a/server/src/main/java/com/vpr/server/controller/UserController.java b/server/src/main/java/com/vpr/server/controller/UserController.java index f48ed43..2698b35 100644 --- a/server/src/main/java/com/vpr/server/controller/UserController.java +++ b/server/src/main/java/com/vpr/server/controller/UserController.java @@ -21,6 +21,12 @@ public class UserController { @Autowired private UserRepository userRepository; + private AuthController authController; + + public UserController() { + this.authController = new AuthController(); + } + /****************** * POST-ENDPOINTS * ******************/ @@ -35,9 +41,9 @@ public class UserController { @RequestParam String password, @RequestParam Boolean isAdmin ) { - User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]); - if(authUser == null || authUser.isAdmin()){ - return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED); + User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository); + if(authUser == null || !authUser.isAdmin()){ + return new ResponseEntity<>( "Du hast keine Rechte um einen User an zu legen", HttpStatus.UNAUTHORIZED); } if(userRepository.findByLogin(login) != null){ @@ -106,16 +112,31 @@ public class UserController { return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED); } + @PostMapping(path = "/login-with-token") + public @ResponseBody ResponseEntity loginWithToken( + @RequestHeader("Authorization") String authorizationHeader, + @RequestParam long userId + ){ + User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository); + if(authUser == null || authUser.getId() != userId){ + return new ResponseEntity<>( "Falscher auth-token", HttpStatus.UNAUTHORIZED); + } + return new ResponseEntity<>("", HttpStatus.OK); + } + @PostMapping(path = "/del") public @ResponseBody ResponseEntity deleteUser( @RequestHeader("Authorization") String authorizationHeader, - @RequestParam Integer userId + @RequestParam long userId ) { - User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]); - if(authUser == null || authUser.isAdmin()){ + User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository); + if(authUser == null || !authUser.isAdmin()){ return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED); } - userRepository.deleteById(Long.valueOf(userId)); + User user = userRepository.findById(userId); + if(user == null){ + return new ResponseEntity<>( "User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST); + } return new ResponseEntity<>( "", HttpStatus.OK); } diff --git a/server/src/main/java/com/vpr/server/data/Event.java b/server/src/main/java/com/vpr/server/data/Event.java index 91b1e5e..b9eaea3 100644 --- a/server/src/main/java/com/vpr/server/data/Event.java +++ b/server/src/main/java/com/vpr/server/data/Event.java @@ -20,7 +20,7 @@ import java.util.List; "INNER JOIN user_event ue " + "ON e.id = ue.event_id " + "WHERE (ue.user_id = :userId OR e.is_private = 0) " + - "AND ue.date > :startDate " + + "AND ue.date >= :startDate " + "AND ue.date < :endDate " + "ORDER BY ue.date, e.priority DESC, e.start", resultClass = Event.class