Compare commits

..

No commits in common. "master" and "named-native-querries" have entirely different histories.

22 changed files with 100 additions and 444 deletions

View File

@ -18,10 +18,16 @@ dependencies {
runtimeOnly 'mysql:mysql-connector-java'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
// Spring security
//implementation 'org.springframework.boot:spring-boot-starter-security'
//implementation 'org.springframework.security:spring-security-test'
// JSON web token
implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2',
'io.jsonwebtoken:jjwt-jackson:0.11.2'
// Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
//'org.bouncycastle:bcprov-jdk15on:1.60',
'io.jsonwebtoken:jjwt-jackson:0.11.2' // or 'io.jsonwebtoken:jjwt-gson:0.11.2' for gson
}
test {

View File

@ -1,4 +1,3 @@
//Marc Beyer//
package com.vpr.server;
import org.springframework.boot.SpringApplication;

View File

@ -1,16 +0,0 @@
//Marco Kühn//
package com.vpr.server.controller;
import com.vpr.server.data.User;
import com.vpr.server.repository.UserRepository;
public class AuthController {
public User getAuthUserFromHeader(String authorizationHeader, UserRepository userRepository){
String[] splitAuthHeader = authorizationHeader.split("\\s");
if(splitAuthHeader.length == 2){
return userRepository.findByToken(splitAuthHeader[1]);
}
return null;
}
}

View File

@ -1,10 +1,9 @@
//Marc Beyer//
package com.vpr.server.controller;
import com.vpr.server.dao.interfaces.EventDAO;
import com.vpr.server.data.Event;
import com.vpr.server.data.User;
import com.vpr.server.data.UserEvent;
import com.vpr.server.dao.interfaces.EventDAO;
import com.vpr.server.json.JSONMapper;
import com.vpr.server.json.Validator;
import com.vpr.server.repository.EventRepository;
@ -16,7 +15,8 @@ import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.util.Date;
import java.sql.Time;
import java.text.SimpleDateFormat;
import java.util.List;
@Controller
@ -96,7 +96,7 @@ public class EventController {
List<Event> eventList = eventDAO.getAllEventsInTimespan(authUser.getId(), startDate, endDate);
return new ResponseEntity<>(JSONMapper.eventListToJSON(eventList), HttpStatus.OK);
return new ResponseEntity<>(JSONMapper.ToJSON(eventList), HttpStatus.OK);
}
@ -117,10 +117,7 @@ public class EventController {
) {
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) {
return new ResponseEntity<>(
"Du hast keine Rechte um den Termin zu bearbeiten",
HttpStatus.UNAUTHORIZED
);
return new ResponseEntity<>("Du hast keine Rechte um den Termin zu bearbeiten", HttpStatus.UNAUTHORIZED);
}
List<Event> eventList = eventDAO.getAllEventsWithIdAndDate(userId, eventId, date);
@ -129,70 +126,21 @@ public class EventController {
return new ResponseEntity<>("Der Termin exestiert nicht in der Datenbank", HttpStatus.BAD_REQUEST);
}
if (eventList.size() > 1) {
return new ResponseEntity<>(
"Der Termin ist doppelt vorhanden. " +
"(Um das zu lösen versuche den Termin zu löschen und erneut zu erstellen)",
HttpStatus.BAD_REQUEST
);
return new ResponseEntity<>("Drr Termin ist doppelt vorhanden. (Um das zu lösen versuche den Termin zu löschen und erneut zu erstellen)", HttpStatus.BAD_REQUEST);
}
ResponseEntity<String> error = createEventAndUserEvent(
userId,
newDate,
newName,
newStart,
newEnd,
newPriority,
newIsFullDay,
newIsPrivate,
eventId
);
if (error != null) return error;
eventRepository.deleteUserEventsById(userId, eventId, date);
if(eventDAO.getAllEventsWithId(eventId).size() == 0){
eventRepository.deleteById(eventId);
}
ResponseEntity<String> BAD_REQUEST = createEventAndUserEvent(userId, newDate, newName, newStart, newEnd, newPriority, newIsFullDay, newIsPrivate);
if (BAD_REQUEST != null) return BAD_REQUEST;
return new ResponseEntity<>("", HttpStatus.OK);
}
private ResponseEntity<String> createEventAndUserEvent(
long userId,
String date,
String name,
String start,
String end,
Integer priority,
Boolean isFullDay,
Boolean isPrivate
) {
return createEventAndUserEvent(
userId,
date,
name,
start,
end,
priority,
isFullDay,
isPrivate,
-1
);
}
private ResponseEntity<String> createEventAndUserEvent(
long userId,
String date,
String name,
String start,
String end,
Integer priority,
Boolean isFullDay,
Boolean isPrivate,
long oldEventId
) {
private ResponseEntity<String> createEventAndUserEvent(long userId, String date, String name, String start, String end, Integer priority, Boolean isFullDay, Boolean isPrivate) {
User user = userRepository.findById(userId);
if(user == null){
return new ResponseEntity<>("UserId nicht korrekt", HttpStatus.BAD_REQUEST);
@ -214,29 +162,6 @@ public class EventController {
userEvent.setEvent(event);
userEvent.setUser(user);
List<UserEvent> userEvents = userEventRepository.findByUserIdAndDate(user.getId(), userEvent.getDate());
boolean isFullDayButDayHasEvents = event.isFullDay() && userEvents.size() > 0;
boolean userEventIsSelf = userEvents.size() == 1 &&
isSelf(userEvent.getDate(), userId, oldEventId, userEvents.get(0));
if (isFullDayButDayHasEvents && !userEventIsSelf) {
return new ResponseEntity<>(
"Es gibt bereits Termine am " + userEvent.getDate(),
HttpStatus.BAD_REQUEST
);
} else {
for (UserEvent ue : userEvents) {
if (ue.getEvent().isFullDay() && !isSelf(userEvent.getDate(), userId, oldEventId, ue)) {
return new ResponseEntity<>(
"Der Tag " + userEvent.getDate() + " ist schon mit '"
+ ue.getEvent().getName() + "' belegt",
HttpStatus.BAD_REQUEST
);
}
}
}
eventRepository.save(event);
userEventRepository.save(userEvent);
}catch (IllegalArgumentException exception){
@ -244,10 +169,4 @@ public class EventController {
}
return null;
}
private boolean isSelf(Date date, long userId, long eventId, UserEvent userEvent){
return date.equals(userEvent.getDate()) &&
userId == userEvent.getUser().getId() &&
eventId == userEvent.getEvent().getId();
}
}

View File

@ -1,6 +1,8 @@
//Marc Beyer//
package com.vpr.server.controller;
import com.vpr.server.data.Event;
import com.vpr.server.data.User;
import com.vpr.server.data.UserEvent;
import com.vpr.server.repository.EventRepository;
import com.vpr.server.repository.UserEventRepository;
import com.vpr.server.repository.UserRepository;
@ -8,16 +10,25 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException;
import java.sql.Time;
import java.text.SimpleDateFormat;
@Controller // This means that this class is a Controller
@RequestMapping(path = "/vpr") // This means URL's start with /demo (after Application path)
public class MainController {
// This means to get the bean called userRepository
// Which is auto-generated by Spring, we will use it to handle the data
@Autowired
private UserRepository userRepository;
@Autowired
private EventRepository eventRepository;
@Autowired
private UserEventRepository userEventRepository;
@GetMapping(path = "/status-test")
public String statusTest(){
throw new ResponseStatusException(HttpStatus.I_AM_A_TEAPOT, "TestTestTest");

View File

@ -1,9 +1,6 @@
//Marc Beyer//
package com.vpr.server.controller;
import com.vpr.server.dao.interfaces.UserDAO;
import com.vpr.server.data.User;
import com.vpr.server.json.JSONMapper;
import com.vpr.server.repository.UserRepository;
import com.vpr.server.security.Hasher;
import com.vpr.server.security.Token;
@ -12,25 +9,17 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.List;
@Controller
@RequestMapping(path = "/user")
public class UserController {
@Autowired
private UserRepository userRepository;
@Autowired
private UserDAO userDAO;
private final AuthController authController;
public UserController() {
this.authController = new AuthController();
}
/******************
* POST-ENDPOINTS *
@ -46,9 +35,9 @@ public class UserController {
@RequestParam String password,
@RequestParam Boolean isAdmin
) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || !authUser.isAdmin()) {
return new ResponseEntity<>("Du hast keine Rechte um einen User an zu legen", HttpStatus.UNAUTHORIZED);
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
if(authUser == null || authUser.isAdmin()){
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
}
if(userRepository.findByLogin(login) != null){
@ -84,27 +73,6 @@ public class UserController {
@RequestParam String login,
@RequestParam String password
) {
if(userRepository.findAllUsernames().length == 0){
byte[] salt = Hasher.GenerateSalt();
byte[] hash;
try {
hash = Hasher.HashPassword(password, salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
}
User user = new User();
user.setName("Admin");
user.setForename(login);
user.setLogin(login);
user.setPassword(hash);
user.setSalt(salt);
user.setToken("");
user.setAdmin(true);
userRepository.save(user);
}
System.out.println(login + " tries to login.");
User user = userRepository.findByLogin(login);
if (user == null) {
@ -138,95 +106,26 @@ public class UserController {
return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED);
}
@PostMapping(path = "/login-with-token")
public @ResponseBody
ResponseEntity<String> loginWithToken(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId
) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || authUser.getId() != userId) {
return new ResponseEntity<>("Falscher auth-token", HttpStatus.UNAUTHORIZED);
}
return new ResponseEntity<>("", HttpStatus.OK);
}
@PostMapping(path = "/del")
public @ResponseBody
ResponseEntity<String> deleteUser(
public @ResponseBody ResponseEntity<String> deleteUser(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId
@RequestParam Integer userId
) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || !authUser.isAdmin()) {
return new ResponseEntity<>("Du hast keine Rechte um den User zu löschen", HttpStatus.UNAUTHORIZED);
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
if(authUser == null || authUser.isAdmin()){
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
}
User user = userRepository.findById(userId);
if (user == null) {
return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
}
if(!userDAO.deleteAllUserEvents(user.getId())){
return new ResponseEntity<>("User konnte nicht gelöscht werden", HttpStatus.INTERNAL_SERVER_ERROR);
}
userRepository.delete(user);
userRepository.deleteById(Long.valueOf(userId));
return new ResponseEntity<>( "", HttpStatus.OK);
}
@PostMapping(path = "/edit")
public @ResponseBody ResponseEntity<String> editUser(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId,
@RequestParam String name,
@RequestParam String forename,
@RequestParam String login,
@RequestParam(required = false) String password,
@RequestParam Boolean isAdmin
) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) {
return new ResponseEntity<>("Du hast keine Rechte um den User zu editieren", HttpStatus.UNAUTHORIZED);
}
if(isAdmin && !authUser.isAdmin()){
return new ResponseEntity<>("Du hast keine Rechte um dich zum Admin zu machen", HttpStatus.UNAUTHORIZED);
}
User user = userRepository.findById(userId);
if (user == null) {
return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
}
/*****************
* GET-ENDPOINTS *
*****************/
User userWithLogin = userRepository.findByLogin(login);
if (userWithLogin != null && userWithLogin.getId() != userId) {
return new ResponseEntity<>("Login exestiert bereits", HttpStatus.BAD_REQUEST);
}
if(password != null){
byte[] salt = Hasher.GenerateSalt();
byte[] hash;
try {
hash = Hasher.HashPassword(password, salt);
user.setPassword(hash);
user.setSalt(salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
}
}
user.setName(name);
user.setForename(forename);
user.setLogin(login);
user.setToken("");
user.setAdmin(isAdmin);
userRepository.save(user);
return new ResponseEntity<>("", HttpStatus.OK);
}
@PostMapping(path = "/all")
@GetMapping(path = "/all")
public @ResponseBody
ResponseEntity<String> getAllUser() {
List<User> userList = userDAO.getAllUser();
return new ResponseEntity<>(JSONMapper.userListToJSON(userList), HttpStatus.OK);
Object[] getAllUsers() {
return userRepository.findAllUsernames();
}
}

View File

@ -1,4 +1,3 @@
//Marc Beyer//
package com.vpr.server.dao.implementation;
import com.vpr.server.dao.interfaces.EventDAO;

View File

@ -1,37 +0,0 @@
//Marc Beyer//
package com.vpr.server.dao.implementation;
import com.vpr.server.dao.interfaces.UserDAO;
import com.vpr.server.data.User;
import org.springframework.stereotype.Repository;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.transaction.Transactional;
import java.util.List;
@Repository
@Transactional
public class UserDAOImplementation implements UserDAO {
@PersistenceContext
private EntityManager manager;
@Override
public List<User> getAllUser() {
return manager.createNamedQuery("getAllUser", User.class).getResultList();
}
@Override
public boolean deleteAllUserEvents(long userId) {
try {
manager.createNamedQuery("deleteAllUserEvents", User.class)
.setParameter("userId", userId)
.executeUpdate();
return true;
}catch (Exception e){
return false;
}
}
}

View File

@ -1,4 +1,3 @@
//Marc Beyer//
package com.vpr.server.dao.interfaces;
import com.vpr.server.data.Event;

View File

@ -1,12 +0,0 @@
//Marc Beyer//
package com.vpr.server.dao.interfaces;
import com.vpr.server.data.User;
import java.util.List;
public interface UserDAO {
List<User> getAllUser();
boolean deleteAllUserEvents(long userId);
}

View File

@ -1,4 +1,3 @@
//Marc Beyer//
package com.vpr.server.data;
import java.sql.Date;

View File

@ -1,4 +1,3 @@
//Marc Beyer//
package com.vpr.server.data;
import javax.persistence.*;
@ -21,7 +20,7 @@ import java.util.List;
"INNER JOIN user_event ue " +
"ON e.id = ue.event_id " +
"WHERE (ue.user_id = :userId OR e.is_private = 0) " +
"AND ue.date >= :startDate " +
"AND ue.date > :startDate " +
"AND ue.date < :endDate " +
"ORDER BY ue.date, e.priority DESC, e.start",
resultClass = Event.class
@ -155,20 +154,4 @@ public class Event implements Serializable {
", userEvent=" + userEvent +
'}';
}
@Override
public boolean equals(Object obj){
if(!(obj instanceof Event)){
return false;
}
Event event = (Event) obj;
System.out.println(event.getId() + " " + getId());
return event.getId() == getId();
}
@Override
public int hashCode(){
return (int)getId();
}
}

View File

@ -1,29 +1,10 @@
//Marc Beyer//
package com.vpr.server.data;
import javax.persistence.*;
import java.util.List;
// @Entity creates a table out of this class with Hibernate
@Entity(name = "User")
@Table(name = "user")
@SqlResultSetMapping(name="deleteResult", columns = {
@ColumnResult(name = "count")
})
@NamedNativeQueries({
@NamedNativeQuery(
name = "getAllUser",
query = "SELECT * FROM user",
resultClass = User.class
),
@NamedNativeQuery(
name = "deleteAllUserEvents",
query = "DELETE FROM user_event WHERE user_id = :userId",
resultSetMapping = "deleteResult"
)
})
@Entity
public class User {
// Generate the primary key
@Id
@ -129,19 +110,4 @@ public class User {
public void setEventList(List<UserEvent> userEvent) {
this.userEvent = userEvent;
}
@Override
public boolean equals(Object obj){
if(!(obj instanceof User)){
return false;
}
User user = (User) obj;
return user.getId() == getId();
}
@Override
public int hashCode(){
return (int)getId();
}
}

View File

@ -1,4 +1,3 @@
//Marc Beyer//
package com.vpr.server.data;
import javax.persistence.*;
@ -61,41 +60,4 @@ public class UserEvent {
", date=" + date +
'}';
}
@Override
public boolean equals(Object obj){
System.out.println("equals");
if(!(obj instanceof UserEvent)){
System.out.println("not an userevent");
return false;
}
UserEvent userEvent = (UserEvent) obj;
System.out.println("date " + userEvent.getDate().equals(getDate()));
System.out.println("user " + userEvent.getUser().equals(getUser()));
System.out.println("event " + userEvent.getEvent().equals(getEvent()));
return userEvent.getDate().equals(getDate()) &&
userEvent.getUser().equals(getUser()) &&
userEvent.getEvent().equals(getEvent());
}
@Override
public int hashCode(){
long hash = getUser().hashCode() +
getEvent().hashCode() +
getDate().hashCode();
return (int)hash;
}
}

View File

@ -1,4 +1,3 @@
//Marc Beyer//
package com.vpr.server.data;
import java.io.Serializable;

View File

@ -1,38 +1,14 @@
//Marco Kühn//
package com.vpr.server.json;
import com.vpr.server.data.Event;
import com.vpr.server.data.User;
import com.vpr.server.data.UserEvent;
import java.sql.Time;
import java.util.ArrayList;
import java.util.List;
public class JSONMapper {
public static String userToJSON(User user) {
return "{" +
"\"userId\": " + user.getId() + ", " +
"\"forename\": \"" + user.getForename() + "\", " +
"\"name\": \"" + user.getName() + "\", " +
"\"login\": \"" + user.getLogin() + "\"," +
"\"admin\": " + user.isAdmin() +
"}";
}
public static String userListToJSON(List<User> userList) {
StringBuilder userListJSON = new StringBuilder();
for (User user : userList) {
userListJSON.append(", ");
userListJSON.append(userToJSON(user));
}
userListJSON.delete(0, 2);
return "[" + userListJSON + "]";
}
public static List<String> eventToJSON(Event event) {
public static List<String> ToJSON(Event event){
List<String> eventListJSON = new ArrayList<>();
for (UserEvent userEvent : event.getUserEvent()) {
@ -46,8 +22,8 @@ public class JSONMapper {
"\"priority\": " + event.getPriority() + "," +
"\"fullDay\": " + event.isFullDay() + "," +
"\"private\": " + event.isPrivate() + "," +
"\"start\": " + timeToJSON(event.getStart()) + "," +
"\"end\": " + timeToJSON(event.getEnd()) +
"\"start\": " + ToJSON(event.getStart()) + "," +
"\"end\": " + ToJSON(event.getEnd()) +
"}";
eventListJSON.add(eventJSON);
@ -56,10 +32,10 @@ public class JSONMapper {
return eventListJSON;
}
public static String eventListToJSON(List<Event> eventList) {
public static String ToJSON(List<Event> eventList){
StringBuilder eventListJSON = new StringBuilder();
for(Event event : eventList){
List<String> eventsJSON = eventToJSON(event);
List<String> eventsJSON = ToJSON(event);
for(String eventJSON : eventsJSON){
eventListJSON.append(", ");
eventListJSON.append(eventJSON);
@ -70,7 +46,7 @@ public class JSONMapper {
return "[" + eventListJSON + "]";
}
public static String timeToJSON(Time time) {
public static String ToJSON(Time time){
if(time == null){
return "null";
}

View File

@ -1,6 +1,9 @@
//Marc Beyer//
package com.vpr.server.json;
import com.vpr.server.data.UserEvent;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import java.sql.Date;
import java.sql.Time;
import java.text.SimpleDateFormat;

View File

@ -1,12 +1,18 @@
//Marc Beyer//
package com.vpr.server.repository;
import com.vpr.server.data.Event;
import com.vpr.server.data.UserEvent;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import javax.persistence.ColumnResult;
import javax.persistence.ConstructorResult;
import javax.persistence.NamedNativeQuery;
import javax.persistence.SqlResultSetMapping;
import javax.transaction.Transactional;
import java.util.List;
import java.util.Optional;
// This will be AUTO IMPLEMENTED by Spring into a Bean called eventRepository
// CRUD refers Create, Read, Update, Delete
@ -72,4 +78,7 @@ public interface EventRepository extends CrudRepository<Event, Integer> {
nativeQuery = true
)
void deleteById(long id);
//@Query(nativeQuery = true)
//List<Event> findEventsInDateRange(Long userId, String startDate, String endDate);
}

View File

@ -1,15 +1,11 @@
//Marc Beyer//
package com.vpr.server.repository;
import com.vpr.server.data.UserEvent;
import org.springframework.data.repository.CrudRepository;
import java.sql.Date;
import java.util.List;
// This will be AUTO IMPLEMENTED by Spring into a Bean called eventListRepository
// CRUD refers Create, Read, Update, Delete
public interface UserEventRepository extends CrudRepository<UserEvent, Integer> {
List<UserEvent> findByUserIdAndDate(long userId, Date date);
}

View File

@ -1,4 +1,3 @@
//Marc Beyer//
package com.vpr.server.repository;
import com.vpr.server.data.User;

View File

@ -1,4 +1,3 @@
//Marc Beyer//
package com.vpr.server.security;
import javax.crypto.SecretKeyFactory;

View File

@ -1,16 +1,14 @@
//Marc Beyer//
package com.vpr.server.security;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.security.Key;
public class Token {
private static final Key KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256);
private static Key KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256);
public static String Generate(String subject){
return Jwts.builder().setSubject(subject).signWith(KEY).compact();