MAM/VPR-Backend
3
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: MAM:named-native-querries
Branches Tags
MAM:master MAM:merge MAM:named-native-querries MAM:refactor MAM:validate-params MAM:1300-TermineLoeschen MAM:0000-Tooltests
...
compare: MAM:8f04ac7ae884e4a195f67d246c209fd914e9e5b0
Branches Tags
MAM:master MAM:merge MAM:named-native-querries MAM:refactor MAM:validate-params MAM:1300-TermineLoeschen MAM:0000-Tooltests

3 Commits
named-nati ... 8f04ac7ae8

Author SHA1 Message Date
Marc Beyer
8f04ac7ae8 Added userDAO 2022-01-25 19:17:41 +01:00
Marc Beyer
56919ab412 Cleanup 2022-01-25 19:16:58 +01:00
Marc Beyer
e3408d1566 Fixed auth 2022-01-23 21:23:30 +01:00
10 changed files with 143 additions and 43 deletions
Expand all files Collapse all files

10
server/build.gradle
View File

@@ -18,18 +18,12 @@ dependencies {
runtimeOnly 'mysql:mysql-connector-java' runtimeOnly 'mysql:mysql-connector-java'
testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation 'org.springframework.boot:spring-boot-starter-test'
// Spring security
//implementation 'org.springframework.boot:spring-boot-starter-security'
//implementation 'org.springframework.security:spring-security-test'
// JSON web token // JSON web token
implementation 'io.jsonwebtoken:jjwt-api:0.11.2' implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2', runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2',
// Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms: 'io.jsonwebtoken:jjwt-jackson:0.11.2'
//'org.bouncycastle:bcprov-jdk15on:1.60',
'io.jsonwebtoken:jjwt-jackson:0.11.2' // or 'io.jsonwebtoken:jjwt-gson:0.11.2' for gson
} }
test { test {
useJUnitPlatform() useJUnitPlatform()
} }

18
server/src/main/java/com/vpr/server/controller/AuthController.java Normal file
View File

@@ -0,0 +1,18 @@
package com.vpr.server.controller;
import com.vpr.server.data.User;
import com.vpr.server.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
public class AuthController {
public User getAuthUserFromHeader(String authorizationHeader, UserRepository userRepository){
String[] splitAuthHeader = authorizationHeader.split("\\s");
if(splitAuthHeader.length == 2){
return userRepository.findByToken(splitAuthHeader[1]);
}
return null;
}
}

4
server/src/main/java/com/vpr/server/controller/EventController.java
View File

@@ -15,8 +15,6 @@ import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.sql.Time;
import java.text.SimpleDateFormat;
import java.util.List; import java.util.List;
@Controller @Controller
@@ -96,7 +94,7 @@ public class EventController {
List<Event> eventList = eventDAO.getAllEventsInTimespan(authUser.getId(), startDate, endDate); List<Event> eventList = eventDAO.getAllEventsInTimespan(authUser.getId(), startDate, endDate);
return new ResponseEntity<>(JSONMapper.ToJSON(eventList), HttpStatus.OK); return new ResponseEntity<>(JSONMapper.eventListToJSON(eventList), HttpStatus.OK);
} }

48
server/src/main/java/com/vpr/server/controller/UserController.java
View File

@@ -1,6 +1,9 @@
package com.vpr.server.controller; package com.vpr.server.controller;
import com.vpr.server.dao.interfaces.UserDAO;
import com.vpr.server.data.Event;
import com.vpr.server.data.User; import com.vpr.server.data.User;
import com.vpr.server.json.JSONMapper;
import com.vpr.server.repository.UserRepository; import com.vpr.server.repository.UserRepository;
import com.vpr.server.security.Hasher; import com.vpr.server.security.Hasher;
import com.vpr.server.security.Token; import com.vpr.server.security.Token;
@@ -9,17 +12,25 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.util.Arrays; import java.util.Arrays;
import java.util.List;
@Controller @Controller
@RequestMapping(path = "/user") @RequestMapping(path = "/user")
public class UserController { public class UserController {
@Autowired @Autowired
private UserRepository userRepository; private UserRepository userRepository;
@Autowired
private UserDAO userDAO;
private final AuthController authController;
public UserController() {
this.authController = new AuthController();
}
/****************** /******************
* POST-ENDPOINTS * * POST-ENDPOINTS *
@@ -35,9 +46,9 @@ public class UserController {
@RequestParam String password, @RequestParam String password,
@RequestParam Boolean isAdmin @RequestParam Boolean isAdmin
) { ) {
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]); User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if(authUser == null || authUser.isAdmin()){ if(authUser == null || !authUser.isAdmin()){
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED); return new ResponseEntity<>( "Du hast keine Rechte um einen User an zu legen", HttpStatus.UNAUTHORIZED);
} }
if(userRepository.findByLogin(login) != null){ if(userRepository.findByLogin(login) != null){
@@ -106,16 +117,31 @@ public class UserController {
return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED); return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED);
} }
@PostMapping(path = "/login-with-token")
public @ResponseBody ResponseEntity<String> loginWithToken(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId
){
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if(authUser == null || authUser.getId() != userId){
return new ResponseEntity<>( "Falscher auth-token", HttpStatus.UNAUTHORIZED);
}
return new ResponseEntity<>("", HttpStatus.OK);
}
@PostMapping(path = "/del") @PostMapping(path = "/del")
public @ResponseBody ResponseEntity<String> deleteUser( public @ResponseBody ResponseEntity<String> deleteUser(
@RequestHeader("Authorization") String authorizationHeader, @RequestHeader("Authorization") String authorizationHeader,
@RequestParam Integer userId @RequestParam long userId
) { ) {
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]); User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if(authUser == null || authUser.isAdmin()){ if(authUser == null || !authUser.isAdmin()){
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED); return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
} }
userRepository.deleteById(Long.valueOf(userId)); User user = userRepository.findById(userId);
if(user == null){
return new ResponseEntity<>( "User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
}
return new ResponseEntity<>( "", HttpStatus.OK); return new ResponseEntity<>( "", HttpStatus.OK);
} }
@@ -125,7 +151,9 @@ public class UserController {
@GetMapping(path = "/all") @GetMapping(path = "/all")
public @ResponseBody public @ResponseBody
Object[] getAllUsers() { ResponseEntity<String> getAllUser() {
return userRepository.findAllUsernames(); List<User> userList = userDAO.getAllUser();
return new ResponseEntity<>(JSONMapper.userListToJSON(userList), HttpStatus.OK);
} }
} }

24
server/src/main/java/com/vpr/server/dao/implementation/UserDAOImplementation.java Normal file
View File

@@ -0,0 +1,24 @@
package com.vpr.server.dao.implementation;
import com.vpr.server.dao.interfaces.UserDAO;
import com.vpr.server.data.Event;
import com.vpr.server.data.User;
import org.springframework.stereotype.Repository;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.transaction.Transactional;
import java.util.List;
@Repository
@Transactional
public class UserDAOImplementation implements UserDAO {
@PersistenceContext
private EntityManager manager;
@Override
public List<User> getAllUser() {
return manager.createNamedQuery("getAllUser", User.class).getResultList();
}
}

9
server/src/main/java/com/vpr/server/dao/interfaces/UserDAO.java Normal file
View File

@@ -0,0 +1,9 @@
package com.vpr.server.dao.interfaces;
import com.vpr.server.data.User;
import java.util.List;
public interface UserDAO {
List<User> getAllUser();
}

2
server/src/main/java/com/vpr/server/data/Event.java
View File

@@ -20,7 +20,7 @@ import java.util.List;
"INNER JOIN user_event ue " + "INNER JOIN user_event ue " +
"ON e.id = ue.event_id " + "ON e.id = ue.event_id " +
"WHERE (ue.user_id = :userId OR e.is_private = 0) " + "WHERE (ue.user_id = :userId OR e.is_private = 0) " +
"AND ue.date > :startDate " + "AND ue.date >= :startDate " +
"AND ue.date < :endDate " + "AND ue.date < :endDate " +
"ORDER BY ue.date, e.priority DESC, e.start", "ORDER BY ue.date, e.priority DESC, e.start",
resultClass = Event.class resultClass = Event.class

10
server/src/main/java/com/vpr/server/data/User.java
View File

@@ -4,7 +4,15 @@ import javax.persistence.*;
import java.util.List; import java.util.List;
// @Entity creates a table out of this class with Hibernate // @Entity creates a table out of this class with Hibernate
@Entity @Entity(name = "User")
@Table(name = "user")
@NamedNativeQueries({
@NamedNativeQuery(
name = "getAllUser",
query = "SELECT * FROM user",
resultClass = User.class
)
})
public class User { public class User {
// Generate the primary key // Generate the primary key
@Id @Id

58
server/src/main/java/com/vpr/server/json/JSONMapper.java
View File

@@ -1,29 +1,53 @@
package com.vpr.server.json; package com.vpr.server.json;
import com.vpr.server.data.Event; import com.vpr.server.data.Event;
import com.vpr.server.data.User;
import com.vpr.server.data.UserEvent; import com.vpr.server.data.UserEvent;
import java.sql.Time; import java.sql.Time;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
public class JSONMapper { public class JSONMapper {
public static List<String> ToJSON(Event event){
public static String userToJSON(User user) {
return "{" +
"\"userId\": " + user.getId() + ", " +
"\"forename\": \"" + user.getForename() + "\", " +
"\"name\": \"" + user.getName() + "\", " +
"\"login\": \"" + user.getLogin() + "\"," +
"\"isAdmin\": " + user.isAdmin() +
"}";
}
public static String userListToJSON(List<User> userList) {
StringBuilder userListJSON = new StringBuilder();
for (User user : userList) {
userListJSON.append(", ");
userListJSON.append(userToJSON(user));
}
userListJSON.delete(0, 2);
return "[" + userListJSON + "]";
}
public static List<String> eventToJSON(Event event) {
List<String> eventListJSON = new ArrayList<>(); List<String> eventListJSON = new ArrayList<>();
for (UserEvent userEvent : event.getUserEvent()) { for (UserEvent userEvent : event.getUserEvent()) {
String eventJSON = "{" + String eventJSON = "{" +
"\"ownerId\": " + userEvent.getUser().getId() + ", " + "\"ownerId\": " + userEvent.getUser().getId() + ", " +
"\"ownerName\": \"" + userEvent.getUser().getForename() + " " + userEvent.getUser().getName() + "\", " + "\"ownerName\": \"" + userEvent.getUser().getForename() + " " + userEvent.getUser().getName() + "\", " +
"\"date\": \"" + userEvent.getDate() + "\", " + "\"date\": \"" + userEvent.getDate() + "\", " +
"\"id\": " + event.getId() + "," + "\"id\": " + event.getId() + "," +
"\"name\": \"" + event.getName() + "\"," + "\"name\": \"" + event.getName() + "\"," +
"\"priority\": " + event.getPriority() + "," + "\"priority\": " + event.getPriority() + "," +
"\"fullDay\": " + event.isFullDay() + "," + "\"fullDay\": " + event.isFullDay() + "," +
"\"private\": " + event.isPrivate() + "," + "\"private\": " + event.isPrivate() + "," +
"\"start\": " + ToJSON(event.getStart()) + "," + "\"start\": " + timeToJSON(event.getStart()) + "," +
"\"end\": " + ToJSON(event.getEnd()) + "\"end\": " + timeToJSON(event.getEnd()) +
"}"; "}";
eventListJSON.add(eventJSON); eventListJSON.add(eventJSON);
@@ -32,11 +56,11 @@ public class JSONMapper {
return eventListJSON; return eventListJSON;
} }
public static String ToJSON(List<Event> eventList){ public static String eventListToJSON(List<Event> eventList) {
StringBuilder eventListJSON = new StringBuilder(); StringBuilder eventListJSON = new StringBuilder();
for(Event event : eventList){ for (Event event : eventList) {
List<String> eventsJSON = ToJSON(event); List<String> eventsJSON = eventToJSON(event);
for(String eventJSON : eventsJSON){ for (String eventJSON : eventsJSON) {
eventListJSON.append(", "); eventListJSON.append(", ");
eventListJSON.append(eventJSON); eventListJSON.append(eventJSON);
} }
@@ -46,8 +70,8 @@ public class JSONMapper {
return "[" + eventListJSON + "]"; return "[" + eventListJSON + "]";
} }
public static String ToJSON(Time time){ public static String timeToJSON(Time time) {
if(time == null){ if (time == null) {
return "null"; return "null";
} }

3
server/src/main/java/com/vpr/server/repository/EventRepository.java
View File

@@ -78,7 +78,4 @@ public interface EventRepository extends CrudRepository<Event, Integer> {
nativeQuery = true nativeQuery = true
) )
void deleteById(long id); void deleteById(long id);
//@Query(nativeQuery = true)
//List<Event> findEventsInDateRange(Long userId, String startDate, String endDate);
} }