Compare commits
3 Commits
named-nati
...
8f04ac7ae8
| Author | SHA1 | Date | |
|---|---|---|---|
| 8f04ac7ae8 | |||
| 56919ab412 | |||
| e3408d1566 |
@@ -18,16 +18,10 @@ dependencies {
|
||||
runtimeOnly 'mysql:mysql-connector-java'
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
|
||||
// Spring security
|
||||
//implementation 'org.springframework.boot:spring-boot-starter-security'
|
||||
//implementation 'org.springframework.security:spring-security-test'
|
||||
|
||||
// JSON web token
|
||||
implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
|
||||
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2',
|
||||
// Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
|
||||
//'org.bouncycastle:bcprov-jdk15on:1.60',
|
||||
'io.jsonwebtoken:jjwt-jackson:0.11.2' // or 'io.jsonwebtoken:jjwt-gson:0.11.2' for gson
|
||||
'io.jsonwebtoken:jjwt-jackson:0.11.2'
|
||||
}
|
||||
|
||||
test {
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
package com.vpr.server.controller;
|
||||
|
||||
import com.vpr.server.data.User;
|
||||
import com.vpr.server.repository.UserRepository;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
public class AuthController {
|
||||
|
||||
public User getAuthUserFromHeader(String authorizationHeader, UserRepository userRepository){
|
||||
String[] splitAuthHeader = authorizationHeader.split("\\s");
|
||||
if(splitAuthHeader.length == 2){
|
||||
return userRepository.findByToken(splitAuthHeader[1]);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
@@ -15,8 +15,6 @@ import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.sql.Time;
|
||||
import java.text.SimpleDateFormat;
|
||||
import java.util.List;
|
||||
|
||||
@Controller
|
||||
@@ -96,7 +94,7 @@ public class EventController {
|
||||
|
||||
List<Event> eventList = eventDAO.getAllEventsInTimespan(authUser.getId(), startDate, endDate);
|
||||
|
||||
return new ResponseEntity<>(JSONMapper.ToJSON(eventList), HttpStatus.OK);
|
||||
return new ResponseEntity<>(JSONMapper.eventListToJSON(eventList), HttpStatus.OK);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
package com.vpr.server.controller;
|
||||
|
||||
import com.vpr.server.dao.interfaces.UserDAO;
|
||||
import com.vpr.server.data.Event;
|
||||
import com.vpr.server.data.User;
|
||||
import com.vpr.server.json.JSONMapper;
|
||||
import com.vpr.server.repository.UserRepository;
|
||||
import com.vpr.server.security.Hasher;
|
||||
import com.vpr.server.security.Token;
|
||||
@@ -9,17 +12,25 @@ import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
@Controller
|
||||
@RequestMapping(path = "/user")
|
||||
public class UserController {
|
||||
@Autowired
|
||||
private UserRepository userRepository;
|
||||
@Autowired
|
||||
private UserDAO userDAO;
|
||||
|
||||
private final AuthController authController;
|
||||
|
||||
public UserController() {
|
||||
this.authController = new AuthController();
|
||||
}
|
||||
|
||||
/******************
|
||||
* POST-ENDPOINTS *
|
||||
@@ -35,9 +46,9 @@ public class UserController {
|
||||
@RequestParam String password,
|
||||
@RequestParam Boolean isAdmin
|
||||
) {
|
||||
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
|
||||
if(authUser == null || authUser.isAdmin()){
|
||||
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
|
||||
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
|
||||
if(authUser == null || !authUser.isAdmin()){
|
||||
return new ResponseEntity<>( "Du hast keine Rechte um einen User an zu legen", HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
|
||||
if(userRepository.findByLogin(login) != null){
|
||||
@@ -106,16 +117,31 @@ public class UserController {
|
||||
return new ResponseEntity<>( "Falscher login", HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
|
||||
@PostMapping(path = "/login-with-token")
|
||||
public @ResponseBody ResponseEntity<String> loginWithToken(
|
||||
@RequestHeader("Authorization") String authorizationHeader,
|
||||
@RequestParam long userId
|
||||
){
|
||||
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
|
||||
if(authUser == null || authUser.getId() != userId){
|
||||
return new ResponseEntity<>( "Falscher auth-token", HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
return new ResponseEntity<>("", HttpStatus.OK);
|
||||
}
|
||||
|
||||
@PostMapping(path = "/del")
|
||||
public @ResponseBody ResponseEntity<String> deleteUser(
|
||||
@RequestHeader("Authorization") String authorizationHeader,
|
||||
@RequestParam Integer userId
|
||||
@RequestParam long userId
|
||||
) {
|
||||
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
|
||||
if(authUser == null || authUser.isAdmin()){
|
||||
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
|
||||
if(authUser == null || !authUser.isAdmin()){
|
||||
return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
userRepository.deleteById(Long.valueOf(userId));
|
||||
User user = userRepository.findById(userId);
|
||||
if(user == null){
|
||||
return new ResponseEntity<>( "User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
|
||||
}
|
||||
return new ResponseEntity<>( "", HttpStatus.OK);
|
||||
}
|
||||
|
||||
@@ -125,7 +151,9 @@ public class UserController {
|
||||
|
||||
@GetMapping(path = "/all")
|
||||
public @ResponseBody
|
||||
Object[] getAllUsers() {
|
||||
return userRepository.findAllUsernames();
|
||||
ResponseEntity<String> getAllUser() {
|
||||
List<User> userList = userDAO.getAllUser();
|
||||
|
||||
return new ResponseEntity<>(JSONMapper.userListToJSON(userList), HttpStatus.OK);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,24 @@
|
||||
package com.vpr.server.dao.implementation;
|
||||
|
||||
import com.vpr.server.dao.interfaces.UserDAO;
|
||||
import com.vpr.server.data.Event;
|
||||
import com.vpr.server.data.User;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
import javax.persistence.PersistenceContext;
|
||||
import javax.transaction.Transactional;
|
||||
import java.util.List;
|
||||
|
||||
@Repository
|
||||
@Transactional
|
||||
public class UserDAOImplementation implements UserDAO {
|
||||
|
||||
@PersistenceContext
|
||||
private EntityManager manager;
|
||||
|
||||
@Override
|
||||
public List<User> getAllUser() {
|
||||
return manager.createNamedQuery("getAllUser", User.class).getResultList();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
package com.vpr.server.dao.interfaces;
|
||||
|
||||
import com.vpr.server.data.User;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
public interface UserDAO {
|
||||
List<User> getAllUser();
|
||||
}
|
||||
@@ -20,7 +20,7 @@ import java.util.List;
|
||||
"INNER JOIN user_event ue " +
|
||||
"ON e.id = ue.event_id " +
|
||||
"WHERE (ue.user_id = :userId OR e.is_private = 0) " +
|
||||
"AND ue.date > :startDate " +
|
||||
"AND ue.date >= :startDate " +
|
||||
"AND ue.date < :endDate " +
|
||||
"ORDER BY ue.date, e.priority DESC, e.start",
|
||||
resultClass = Event.class
|
||||
|
||||
@@ -4,7 +4,15 @@ import javax.persistence.*;
|
||||
import java.util.List;
|
||||
|
||||
// @Entity creates a table out of this class with Hibernate
|
||||
@Entity
|
||||
@Entity(name = "User")
|
||||
@Table(name = "user")
|
||||
@NamedNativeQueries({
|
||||
@NamedNativeQuery(
|
||||
name = "getAllUser",
|
||||
query = "SELECT * FROM user",
|
||||
resultClass = User.class
|
||||
)
|
||||
})
|
||||
public class User {
|
||||
// Generate the primary key
|
||||
@Id
|
||||
|
||||
@@ -1,29 +1,53 @@
|
||||
package com.vpr.server.json;
|
||||
|
||||
import com.vpr.server.data.Event;
|
||||
import com.vpr.server.data.User;
|
||||
import com.vpr.server.data.UserEvent;
|
||||
|
||||
import java.sql.Time;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
public class JSONMapper {
|
||||
public static List<String> ToJSON(Event event){
|
||||
|
||||
public static String userToJSON(User user) {
|
||||
return "{" +
|
||||
"\"userId\": " + user.getId() + ", " +
|
||||
"\"forename\": \"" + user.getForename() + "\", " +
|
||||
"\"name\": \"" + user.getName() + "\", " +
|
||||
"\"login\": \"" + user.getLogin() + "\"," +
|
||||
"\"isAdmin\": " + user.isAdmin() +
|
||||
"}";
|
||||
}
|
||||
|
||||
public static String userListToJSON(List<User> userList) {
|
||||
StringBuilder userListJSON = new StringBuilder();
|
||||
for (User user : userList) {
|
||||
userListJSON.append(", ");
|
||||
userListJSON.append(userToJSON(user));
|
||||
}
|
||||
userListJSON.delete(0, 2);
|
||||
|
||||
return "[" + userListJSON + "]";
|
||||
}
|
||||
|
||||
public static List<String> eventToJSON(Event event) {
|
||||
List<String> eventListJSON = new ArrayList<>();
|
||||
|
||||
for (UserEvent userEvent : event.getUserEvent()) {
|
||||
|
||||
String eventJSON = "{" +
|
||||
"\"ownerId\": " + userEvent.getUser().getId() + ", " +
|
||||
"\"ownerName\": \"" + userEvent.getUser().getForename() + " " + userEvent.getUser().getName() + "\", " +
|
||||
"\"date\": \"" + userEvent.getDate() + "\", " +
|
||||
"\"id\": " + event.getId() + "," +
|
||||
"\"name\": \"" + event.getName() + "\"," +
|
||||
"\"priority\": " + event.getPriority() + "," +
|
||||
"\"fullDay\": " + event.isFullDay() + "," +
|
||||
"\"private\": " + event.isPrivate() + "," +
|
||||
"\"start\": " + ToJSON(event.getStart()) + "," +
|
||||
"\"end\": " + ToJSON(event.getEnd()) +
|
||||
"\"ownerId\": " + userEvent.getUser().getId() + ", " +
|
||||
"\"ownerName\": \"" + userEvent.getUser().getForename() + " " + userEvent.getUser().getName() + "\", " +
|
||||
"\"date\": \"" + userEvent.getDate() + "\", " +
|
||||
"\"id\": " + event.getId() + "," +
|
||||
"\"name\": \"" + event.getName() + "\"," +
|
||||
"\"priority\": " + event.getPriority() + "," +
|
||||
"\"fullDay\": " + event.isFullDay() + "," +
|
||||
"\"private\": " + event.isPrivate() + "," +
|
||||
"\"start\": " + timeToJSON(event.getStart()) + "," +
|
||||
"\"end\": " + timeToJSON(event.getEnd()) +
|
||||
"}";
|
||||
|
||||
eventListJSON.add(eventJSON);
|
||||
@@ -32,11 +56,11 @@ public class JSONMapper {
|
||||
return eventListJSON;
|
||||
}
|
||||
|
||||
public static String ToJSON(List<Event> eventList){
|
||||
public static String eventListToJSON(List<Event> eventList) {
|
||||
StringBuilder eventListJSON = new StringBuilder();
|
||||
for(Event event : eventList){
|
||||
List<String> eventsJSON = ToJSON(event);
|
||||
for(String eventJSON : eventsJSON){
|
||||
for (Event event : eventList) {
|
||||
List<String> eventsJSON = eventToJSON(event);
|
||||
for (String eventJSON : eventsJSON) {
|
||||
eventListJSON.append(", ");
|
||||
eventListJSON.append(eventJSON);
|
||||
}
|
||||
@@ -46,8 +70,8 @@ public class JSONMapper {
|
||||
return "[" + eventListJSON + "]";
|
||||
}
|
||||
|
||||
public static String ToJSON(Time time){
|
||||
if(time == null){
|
||||
public static String timeToJSON(Time time) {
|
||||
if (time == null) {
|
||||
return "null";
|
||||
}
|
||||
|
||||
|
||||
@@ -78,7 +78,4 @@ public interface EventRepository extends CrudRepository<Event, Integer> {
|
||||
nativeQuery = true
|
||||
)
|
||||
void deleteById(long id);
|
||||
|
||||
//@Query(nativeQuery = true)
|
||||
//List<Event> findEventsInDateRange(Long userId, String startDate, String endDate);
|
||||
}
|
||||
Reference in New Issue
Block a user