Compare commits

..

31 Commits

Author SHA1 Message Date
adc7b4be65 Merge branch 'merge' 2022-02-11 05:41:44 +01:00
095dd861c5 Removed unused objects 2022-02-11 05:41:10 +01:00
898d2e9cf1 Added comments 2022-02-10 09:31:05 +01:00
5cdab5b434 Merge branch 'master' into merge 2022-02-07 11:28:06 +01:00
43c967638b Added equals methods 2022-02-07 11:26:49 +01:00
24794e2085 Create user on first login 2022-02-05 23:31:22 +01:00
fcfeaf0979 Fixed equals 2022-02-01 15:44:03 +01:00
3b711b5d9f Added equals methods 2022-02-01 14:05:58 +01:00
5066afbb92 Fixed user/edit 2022-01-31 21:16:19 +01:00
609c0353d0 Check isFullDay 2022-01-31 20:52:30 +01:00
2918bc46b5 Fixed user/edit 2022-01-31 20:51:04 +01:00
bba0b6d5d2 Fixed user/del 2022-01-29 11:55:57 +01:00
710b661b0d Fixed user/del endpoint 2022-01-29 09:55:06 +01:00
f22bdf3040 Improved user endpoints 2022-01-28 05:52:48 +01:00
3575dccf94 Changed all endpoints to post 2022-01-26 14:26:47 +01:00
8f04ac7ae8 Added userDAO 2022-01-25 19:17:41 +01:00
56919ab412 Cleanup 2022-01-25 19:16:58 +01:00
e3408d1566 Fixed auth 2022-01-23 21:23:30 +01:00
eea38d578b Sort events at query 2022-01-19 09:40:29 +01:00
031c1cea2a Added refactored /event/ endpoints 2022-01-18 23:32:57 +01:00
154617ce88 Added refactored /event/ endpoints 2022-01-18 22:27:57 +01:00
35e7350962 Fixed named query 2022-01-18 15:04:13 +01:00
37d275d537 Added named native query 2022-01-18 08:18:58 +01:00
3796afb712 Added auth to the /event/del endpoint 2022-01-17 05:57:44 +01:00
e05faab31e Added auth to the /event/del endpoint 2022-01-14 19:59:16 +01:00
d5b6d6357e Added auth to a lot of the endpoints 2022-01-14 17:53:42 +01:00
0531f868d0 Save token in DB
Check for unique logins
2022-01-13 17:34:20 +01:00
de1dcf7673 Added edit-endpoint 2022-01-13 17:32:58 +01:00
e062d9254f Fixed isAdmin at addNewUser endpoint 2022-01-11 17:08:09 +01:00
eeef96ffb6 Fixed Spring security 2022-01-10 13:25:52 +01:00
68eb7e5863 Refactor 2022-01-10 12:11:52 +01:00
25 changed files with 1194 additions and 352 deletions

View File

@ -17,8 +17,13 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web'
runtimeOnly 'mysql:mysql-connector-java'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
// JSON web token
implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2',
'io.jsonwebtoken:jjwt-jackson:0.11.2'
}
test {
useJUnitPlatform()
}
}

View File

@ -1,117 +0,0 @@
package com.vpr.server;
import javax.persistence.*;
import java.sql.Time;
import java.util.List;
// @Entity creates a table out of this class with Hibernate
@Entity(name = "Event")
public class Event {
// Generate the primary key
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
private long id;
@Column(name="name", nullable=false)
private String name;
@Column(name="priority", nullable=false)
private Integer priority;
@Column(name="is_full_day", nullable=false)
private boolean isFullDay;
@Column(name="is_private", nullable=false)
private boolean isPrivate;
@Column(name="start")
private Time start;
@Column(name="end")
private Time end;
@OneToMany(mappedBy = "event")
private List<UserEvent> userEvent;
/*********************
* Getter and Setter *
*********************/
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public Integer getPriority() {
return priority;
}
public void setPriority(Integer priority) {
this.priority = priority;
}
public boolean isFullDay() {
return isFullDay;
}
public void setFullDay(boolean fullDay) {
isFullDay = fullDay;
}
public boolean isPrivate() {
return isPrivate;
}
public void setPrivate(boolean aPrivate) {
isPrivate = aPrivate;
}
public Time getStart() {
return start;
}
public void setStart(Time start) {
this.start = start;
}
public Time getEnd() {
return end;
}
public void setEnd(Time end) {
this.end = end;
}
public List<UserEvent> getUserEvent() {
return userEvent;
}
public void setUserEvent(List<UserEvent> userEvent) {
this.userEvent = userEvent;
}
// toString
@Override
public String toString() {
return "Event{" +
"id=" + id +
", name='" + name + '\'' +
", priority=" + priority +
", isFullDay=" + isFullDay +
", start=" + start +
", end=" + end +
", userEvent=" + userEvent +
'}';
}
}

View File

@ -1,47 +0,0 @@
package com.vpr.server;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import javax.transaction.Transactional;
import java.util.List;
// This will be AUTO IMPLEMENTED by Spring into a Bean called eventRepository
// CRUD refers Create, Read, Update, Delete
public interface EventRepository extends CrudRepository<Event, Integer> {
@Query(value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " +
"ue.date, " +
"u.id AS uid, u.forename, u.name AS uname " +
"FROM event e " +
"INNER JOIN user_event ue " +
"ON e.id = ue.event_id " +
"INNER JOIN user u " +
"ON ue.user_id = u.id " +
"WHERE u.id = ?1 " +
"OR e.is_private = 0",
nativeQuery = true)
Object[] findAllVisibleByUserId(long id);
@Query(value = "SELECT * " +
"FROM event e " +
"INNER JOIN user_event ue " +
"ON e.id = ue.event_id " +
"WHERE ue.user_id = ?1",
nativeQuery = true)
Object[] findAllByUserId(long id);
@Modifying
@Transactional
@Query(value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1",
nativeQuery = true)
void deleteUserEventsById(long id);
@Modifying
@Transactional
@Query(value = "DELETE e FROM event e WHERE e.id = ?1",
nativeQuery = true)
void deleteById(long id);
}

View File

@ -1,167 +0,0 @@
package com.vpr.server;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException;
import java.sql.Date;
import java.sql.Time;
import java.text.SimpleDateFormat;
import java.util.Optional;
@Controller // This means that this class is a Controller
@RequestMapping(path = "/vpr") // This means URL's start with /demo (after Application path)
public class MainController {
// This means to get the bean called userRepository
// Which is auto-generated by Spring, we will use it to handle the data
@Autowired
private com.vpr.server.UserRepository userRepository;
@Autowired
private EventRepository eventRepository;
@Autowired
private UserEventRepository userEventRepository;
// POST-request at /add with request parameter
// @ResponseBody means the returned String is the response, not a view name
@PostMapping(path = "/add-user")
public @ResponseBody
String addNewUser(
@RequestParam String name,
@RequestParam String forename,
@RequestParam String password,
@RequestParam String isAdmin
) {
com.vpr.server.User user = new com.vpr.server.User();
// TODO set correct token and password
user.setName(name);
user.setForename(forename);
user.setPassword(password);
user.setToken("test");
user.setAdmin(isAdmin.equals("1"));
userRepository.save(user);
return "Saved";
}
@PostMapping(path = "/login")
public @ResponseBody
String login(
@RequestParam String login,
@RequestParam String password
) {
User user = userRepository.findByLoginAndPassword(login, password);
if(user != null){
return "" + user.getId();
}
return "-1";
}
@PostMapping(path = "/add-event")
public @ResponseBody
ResponseEntity addEvent(
@RequestParam Integer userId,
@RequestParam String date,
@RequestParam String name,
@RequestParam String start,
@RequestParam String end,
@RequestParam Integer prority,
@RequestParam Boolean isFullDay,
@RequestParam Boolean isPrivate
) {
String errorString = "";
com.vpr.server.Event event = new com.vpr.server.Event();
System.out.println(name.length() + ". name " + name);
if (name.length() > 3) {
event.setName(name);
} else {
System.out.println("NAME IST ZU KURZ");
return new ResponseEntity(HttpStatus.NOT_ACCEPTABLE);
}
try {
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("hh:mm");
long ms = simpleDateFormat.parse(start).getTime();
event.setStart(new Time(ms));
} catch (Exception e) {
event.setStart(null);
}
try {
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("hh:mm");
long ms = simpleDateFormat.parse(end).getTime();
event.setEnd(new Time(ms));
} catch (Exception e) {
event.setEnd(null);
}
event.setPriority(prority);
event.setFullDay(isFullDay);
event.setPrivate(isPrivate);
com.vpr.server.UserEvent userEvent = new com.vpr.server.UserEvent();
try {
System.out.println("date " + date);
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
userEvent.setDate(new java.sql.Date(simpleDateFormat.parse(date).getTime()));
} catch (Exception e) {
System.out.println("DATE FORMAT NOT CORRECT");
}
userEvent.setEvent(event);
long uId = Long.valueOf(userId);
User user = userRepository.findById(uId);
userEvent.setUser(user);
System.out.println(userEvent);
System.out.println(user);
eventRepository.save(event);
userEventRepository.save(userEvent);
return new ResponseEntity(HttpStatus.OK);
}
@PostMapping(path = "/del-event")
public @ResponseBody
String addEvent(@RequestParam Integer eventId) {
eventRepository.deleteUserEventsById(Long.valueOf(eventId));
eventRepository.deleteById(Long.valueOf(eventId));
return "Deleted";
}
// GET-request at /all-users
// returns JSON-data
@GetMapping(path = "/all-users")
public @ResponseBody
Object[] getAllUsers() {
return userRepository.findAllUsernames();
}
// POST-request at /all-events
// returns JSON-data
@PostMapping(path = "/all-events")
public @ResponseBody
Object[] getAllEvents(@RequestParam long userId) {
return eventRepository.findAllVisibleByUserId(userId);
}
@GetMapping(path = "/all-events-test")
public @ResponseBody
Iterable<com.vpr.server.Event> getAllEventsTest() {
return eventRepository.findAll();
}
}

View File

@ -1,4 +1,5 @@
package com.vpr.server;
//Marc Beyer//
package com.vpr.server;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

View File

@ -0,0 +1,16 @@
//Marco Kühn//
package com.vpr.server.controller;
import com.vpr.server.data.User;
import com.vpr.server.repository.UserRepository;
public class AuthController {
public User getAuthUserFromHeader(String authorizationHeader, UserRepository userRepository){
String[] splitAuthHeader = authorizationHeader.split("\\s");
if(splitAuthHeader.length == 2){
return userRepository.findByToken(splitAuthHeader[1]);
}
return null;
}
}

View File

@ -0,0 +1,253 @@
//Marc Beyer//
package com.vpr.server.controller;
import com.vpr.server.dao.interfaces.EventDAO;
import com.vpr.server.data.Event;
import com.vpr.server.data.User;
import com.vpr.server.data.UserEvent;
import com.vpr.server.json.JSONMapper;
import com.vpr.server.json.Validator;
import com.vpr.server.repository.EventRepository;
import com.vpr.server.repository.UserEventRepository;
import com.vpr.server.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.util.Date;
import java.util.List;
@Controller
@RequestMapping(path = "/event")
public class EventController {
@Autowired
private UserRepository userRepository;
@Autowired
private EventRepository eventRepository;
@Autowired
private UserEventRepository userEventRepository;
@Autowired
private EventDAO eventDAO;
/******************
* POST-ENDPOINTS *
******************/
@PostMapping(path = "/add")
public @ResponseBody
ResponseEntity<String> addEvent(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId,
@RequestParam String date,
@RequestParam String name,
@RequestParam String start,
@RequestParam String end,
@RequestParam Integer priority,
@RequestParam Boolean isFullDay,
@RequestParam Boolean isPrivate
) {
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) {
return new ResponseEntity<>("Du hast keine Rechte um den Termin zu erstellen", HttpStatus.UNAUTHORIZED);
}
ResponseEntity<String> BAD_REQUEST = createEventAndUserEvent(userId, date, name, start, end, priority, isFullDay, isPrivate);
if (BAD_REQUEST != null) return BAD_REQUEST;
return new ResponseEntity<>("", HttpStatus.OK);
}
@PostMapping(path = "/del")
public @ResponseBody
ResponseEntity<String> delEvent(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long eventId,
@RequestParam long userId,
@RequestParam String date
) {
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) {
return new ResponseEntity<>("Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
}
eventRepository.deleteUserEventsById(userId, eventId, date);
if (eventDAO.getAllEventsWithId(eventId).size() == 0) {
eventRepository.deleteById(eventId);
}
return new ResponseEntity<>("", HttpStatus.OK);
}
@PostMapping(path = "/all")
public @ResponseBody
ResponseEntity<String> getAllEvents(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam String startDate,
@RequestParam String endDate
) {
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
if (authUser == null) {
return new ResponseEntity<>("Bitte erneut einloggen", HttpStatus.UNAUTHORIZED);
}
List<Event> eventList = eventDAO.getAllEventsInTimespan(authUser.getId(), startDate, endDate);
return new ResponseEntity<>(JSONMapper.eventListToJSON(eventList), HttpStatus.OK);
}
@PostMapping(path = "/edit")
public @ResponseBody
ResponseEntity<String> editEvent(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam Long eventId,
@RequestParam Long userId,
@RequestParam String date,
@RequestParam String newDate,
@RequestParam String newName,
@RequestParam String newStart,
@RequestParam String newEnd,
@RequestParam Integer newPriority,
@RequestParam Boolean newIsFullDay,
@RequestParam Boolean newIsPrivate
) {
User authUser = userRepository.findByToken(authorizationHeader.split("\\s")[1]);
if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) {
return new ResponseEntity<>(
"Du hast keine Rechte um den Termin zu bearbeiten",
HttpStatus.UNAUTHORIZED
);
}
List<Event> eventList = eventDAO.getAllEventsWithIdAndDate(userId, eventId, date);
if (eventList == null || eventList.size() == 0) {
return new ResponseEntity<>("Der Termin exestiert nicht in der Datenbank", HttpStatus.BAD_REQUEST);
}
if (eventList.size() > 1) {
return new ResponseEntity<>(
"Der Termin ist doppelt vorhanden. " +
"(Um das zu lösen versuche den Termin zu löschen und erneut zu erstellen)",
HttpStatus.BAD_REQUEST
);
}
ResponseEntity<String> error = createEventAndUserEvent(
userId,
newDate,
newName,
newStart,
newEnd,
newPriority,
newIsFullDay,
newIsPrivate,
eventId
);
if (error != null) return error;
eventRepository.deleteUserEventsById(userId, eventId, date);
if (eventDAO.getAllEventsWithId(eventId).size() == 0) {
eventRepository.deleteById(eventId);
}
return new ResponseEntity<>("", HttpStatus.OK);
}
private ResponseEntity<String> createEventAndUserEvent(
long userId,
String date,
String name,
String start,
String end,
Integer priority,
Boolean isFullDay,
Boolean isPrivate
) {
return createEventAndUserEvent(
userId,
date,
name,
start,
end,
priority,
isFullDay,
isPrivate,
-1
);
}
private ResponseEntity<String> createEventAndUserEvent(
long userId,
String date,
String name,
String start,
String end,
Integer priority,
Boolean isFullDay,
Boolean isPrivate,
long oldEventId
) {
User user = userRepository.findById(userId);
if (user == null) {
return new ResponseEntity<>("UserId nicht korrekt", HttpStatus.BAD_REQUEST);
}
try {
Event event = new Event();
event.setName(Validator.ValidateEventName(name));
event.setStart(Validator.ValidateEventTime(start));
event.setEnd(Validator.ValidateEventTime(end));
event.setPriority(priority);
event.setFullDay(isFullDay);
event.setPrivate(isPrivate);
UserEvent userEvent = new UserEvent();
userEvent.setDate(Validator.ValidateEventDate(date));
userEvent.setEvent(event);
userEvent.setUser(user);
List<UserEvent> userEvents = userEventRepository.findByUserIdAndDate(user.getId(), userEvent.getDate());
boolean isFullDayButDayHasEvents = event.isFullDay() && userEvents.size() > 0;
boolean userEventIsSelf = userEvents.size() == 1 &&
isSelf(userEvent.getDate(), userId, oldEventId, userEvents.get(0));
if (isFullDayButDayHasEvents && !userEventIsSelf) {
return new ResponseEntity<>(
"Es gibt bereits Termine am " + userEvent.getDate(),
HttpStatus.BAD_REQUEST
);
} else {
for (UserEvent ue : userEvents) {
if (ue.getEvent().isFullDay() && !isSelf(userEvent.getDate(), userId, oldEventId, ue)) {
return new ResponseEntity<>(
"Der Tag " + userEvent.getDate() + " ist schon mit '"
+ ue.getEvent().getName() + "' belegt",
HttpStatus.BAD_REQUEST
);
}
}
}
eventRepository.save(event);
userEventRepository.save(userEvent);
} catch (IllegalArgumentException exception) {
return new ResponseEntity<>(exception.getMessage(), HttpStatus.BAD_REQUEST);
}
return null;
}
private boolean isSelf(Date date, long userId, long eventId, UserEvent userEvent){
return date.equals(userEvent.getDate()) &&
userId == userEvent.getUser().getId() &&
eventId == userEvent.getEvent().getId();
}
}

View File

@ -0,0 +1,31 @@
//Marc Beyer//
package com.vpr.server.controller;
import com.vpr.server.repository.EventRepository;
import com.vpr.server.repository.UserEventRepository;
import com.vpr.server.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.server.ResponseStatusException;
@Controller // This means that this class is a Controller
@RequestMapping(path = "/vpr") // This means URL's start with /demo (after Application path)
public class MainController {
@GetMapping(path = "/status-test")
public String statusTest(){
throw new ResponseStatusException(HttpStatus.I_AM_A_TEAPOT, "TestTestTest");
}
@PostMapping(path = "/header-test")
public ResponseEntity<String> headerTest(@RequestHeader("Authorization") String authorizationHeader){
System.out.println("authorizationHeader: " + authorizationHeader);
return new ResponseEntity<>(authorizationHeader, HttpStatus.OK);
}
}

View File

@ -0,0 +1,232 @@
//Marc Beyer//
package com.vpr.server.controller;
import com.vpr.server.dao.interfaces.UserDAO;
import com.vpr.server.data.User;
import com.vpr.server.json.JSONMapper;
import com.vpr.server.repository.UserRepository;
import com.vpr.server.security.Hasher;
import com.vpr.server.security.Token;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.List;
@Controller
@RequestMapping(path = "/user")
public class UserController {
@Autowired
private UserRepository userRepository;
@Autowired
private UserDAO userDAO;
private final AuthController authController;
public UserController() {
this.authController = new AuthController();
}
/******************
* POST-ENDPOINTS *
******************/
@PostMapping(path = "/add")
public @ResponseBody
ResponseEntity<String> addNewUser(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam String name,
@RequestParam String forename,
@RequestParam String login,
@RequestParam String password,
@RequestParam Boolean isAdmin
) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || !authUser.isAdmin()) {
return new ResponseEntity<>("Du hast keine Rechte um einen User an zu legen", HttpStatus.UNAUTHORIZED);
}
if (userRepository.findByLogin(login) != null) {
return new ResponseEntity<>("Login exestiert bereits", HttpStatus.BAD_REQUEST);
}
byte[] salt = Hasher.GenerateSalt();
byte[] hash;
try {
hash = Hasher.HashPassword(password, salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
}
User user = new User();
user.setName(name);
user.setForename(forename);
user.setLogin(login);
user.setPassword(hash);
user.setSalt(salt);
user.setToken("");
user.setAdmin(isAdmin);
userRepository.save(user);
return new ResponseEntity<>("" + user.getId(), HttpStatus.OK);
}
@PostMapping(path = "/login")
public @ResponseBody
ResponseEntity<String> login(
@RequestParam String login,
@RequestParam String password
) {
if(userRepository.findAllUsernames().length == 0){
byte[] salt = Hasher.GenerateSalt();
byte[] hash;
try {
hash = Hasher.HashPassword(password, salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
}
User user = new User();
user.setName("Admin");
user.setForename(login);
user.setLogin(login);
user.setPassword(hash);
user.setSalt(salt);
user.setToken("");
user.setAdmin(true);
userRepository.save(user);
}
System.out.println(login + " tries to login.");
User user = userRepository.findByLogin(login);
if (user == null) {
System.out.println("Login for " + login + " failed.");
return new ResponseEntity<>("Falscher login", HttpStatus.UNAUTHORIZED);
}
byte[] salt = user.getSalt();
byte[] hash;
try {
hash = Hasher.HashPassword(password, salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
}
if (Arrays.equals(user.getPassword(), hash)) {
String token = Token.Generate(user.getLogin());
user.setToken(token);
userRepository.save(user);
System.out.println(user.getLogin() + " is now logged in.");
System.out.println(Token.Verify(Token.Generate(user.getLogin()), user.getLogin()));
return new ResponseEntity<>(token + " " + user.getId(), HttpStatus.OK);
}
System.out.println(user.getLogin() + " failed to logged in.");
System.out.println("entered : " + javax.xml.bind.DatatypeConverter.printHexBinary(hash));
System.out.println("required: " + javax.xml.bind.DatatypeConverter.printHexBinary(user.getPassword()));
return new ResponseEntity<>("Falscher login", HttpStatus.UNAUTHORIZED);
}
@PostMapping(path = "/login-with-token")
public @ResponseBody
ResponseEntity<String> loginWithToken(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId
) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || authUser.getId() != userId) {
return new ResponseEntity<>("Falscher auth-token", HttpStatus.UNAUTHORIZED);
}
return new ResponseEntity<>("", HttpStatus.OK);
}
@PostMapping(path = "/del")
public @ResponseBody
ResponseEntity<String> deleteUser(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId
) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || !authUser.isAdmin()) {
return new ResponseEntity<>("Du hast keine Rechte um den User zu löschen", HttpStatus.UNAUTHORIZED);
}
User user = userRepository.findById(userId);
if (user == null) {
return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
}
if(!userDAO.deleteAllUserEvents(user.getId())){
return new ResponseEntity<>("User konnte nicht gelöscht werden", HttpStatus.INTERNAL_SERVER_ERROR);
}
userRepository.delete(user);
return new ResponseEntity<>("", HttpStatus.OK);
}
@PostMapping(path = "/edit")
public @ResponseBody ResponseEntity<String> editUser(
@RequestHeader("Authorization") String authorizationHeader,
@RequestParam long userId,
@RequestParam String name,
@RequestParam String forename,
@RequestParam String login,
@RequestParam(required = false) String password,
@RequestParam Boolean isAdmin
) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) {
return new ResponseEntity<>("Du hast keine Rechte um den User zu editieren", HttpStatus.UNAUTHORIZED);
}
if(isAdmin && !authUser.isAdmin()){
return new ResponseEntity<>("Du hast keine Rechte um dich zum Admin zu machen", HttpStatus.UNAUTHORIZED);
}
User user = userRepository.findById(userId);
if (user == null) {
return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
}
User userWithLogin = userRepository.findByLogin(login);
if (userWithLogin != null && userWithLogin.getId() != userId) {
return new ResponseEntity<>("Login exestiert bereits", HttpStatus.BAD_REQUEST);
}
if(password != null){
byte[] salt = Hasher.GenerateSalt();
byte[] hash;
try {
hash = Hasher.HashPassword(password, salt);
user.setPassword(hash);
user.setSalt(salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
}
}
user.setName(name);
user.setForename(forename);
user.setLogin(login);
user.setToken("");
user.setAdmin(isAdmin);
userRepository.save(user);
return new ResponseEntity<>("", HttpStatus.OK);
}
@PostMapping(path = "/all")
public @ResponseBody
ResponseEntity<String> getAllUser() {
List<User> userList = userDAO.getAllUser();
return new ResponseEntity<>(JSONMapper.userListToJSON(userList), HttpStatus.OK);
}
}

View File

@ -0,0 +1,49 @@
//Marc Beyer//
package com.vpr.server.dao.implementation;
import com.vpr.server.dao.interfaces.EventDAO;
import com.vpr.server.data.Event;
import org.springframework.stereotype.Repository;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.transaction.Transactional;
import java.util.List;
@Repository
@Transactional
public class EventDAOImplementation implements EventDAO {
@PersistenceContext
private EntityManager manager;
@Override
public List<Event> getAllEvents() {
return manager.createNamedQuery("getAllEvents", Event.class).getResultList();
}
@Override
public List<Event> getAllEventsWithId(long eventId) {
return manager.createNamedQuery("getAllEventsWithId", Event.class)
.setParameter("eventId", eventId)
.getResultList();
}
@Override
public List<Event> getAllEventsInTimespan(long userId, String startDate, String endDate) {
return manager.createNamedQuery("getAllEventsInTimespan", Event.class)
.setParameter("userId", userId)
.setParameter("startDate", startDate)
.setParameter("endDate", endDate)
.getResultList();
}
@Override
public List<Event> getAllEventsWithIdAndDate(long userId, long eventId, String date) {
return manager.createNamedQuery("getAllEventsWithIdAndDate", Event.class)
.setParameter("userId", userId)
.setParameter("eventId", eventId)
.setParameter("date", date)
.getResultList();
}
}

View File

@ -0,0 +1,37 @@
//Marc Beyer//
package com.vpr.server.dao.implementation;
import com.vpr.server.dao.interfaces.UserDAO;
import com.vpr.server.data.User;
import org.springframework.stereotype.Repository;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.transaction.Transactional;
import java.util.List;
@Repository
@Transactional
public class UserDAOImplementation implements UserDAO {
@PersistenceContext
private EntityManager manager;
@Override
public List<User> getAllUser() {
return manager.createNamedQuery("getAllUser", User.class).getResultList();
}
@Override
public boolean deleteAllUserEvents(long userId) {
try {
manager.createNamedQuery("deleteAllUserEvents", User.class)
.setParameter("userId", userId)
.executeUpdate();
return true;
}catch (Exception e){
return false;
}
}
}

View File

@ -0,0 +1,17 @@
//Marc Beyer//
package com.vpr.server.dao.interfaces;
import com.vpr.server.data.Event;
import java.util.List;
public interface EventDAO {
List<Event> getAllEvents();
List<Event> getAllEventsInTimespan(long userId, String startDate, String endDate);
List<Event> getAllEventsWithIdAndDate(long userId, long eventId, String date);
List<Event> getAllEventsWithId(long eventId);
}

View File

@ -0,0 +1,12 @@
//Marc Beyer//
package com.vpr.server.dao.interfaces;
import com.vpr.server.data.User;
import java.util.List;
public interface UserDAO {
List<User> getAllUser();
boolean deleteAllUserEvents(long userId);
}

View File

@ -1,4 +1,5 @@
package com.vpr.server;
//Marc Beyer//
package com.vpr.server.data;
import java.sql.Date;
import java.sql.Time;

View File

@ -0,0 +1,174 @@
//Marc Beyer//
package com.vpr.server.data;
import javax.persistence.*;
import java.io.Serializable;
import java.sql.Time;
import java.util.List;
@Entity(name = "Event") // @Entity creates a table out of this class with Hibernate
@Table(name = "event")
@NamedNativeQueries({
@NamedNativeQuery(
name = "getAllEvents",
query = "SELECT * FROM event",
resultClass = Event.class
),
@NamedNativeQuery(
name = "getAllEventsInTimespan",
query = "SELECT * " +
"FROM event e " +
"INNER JOIN user_event ue " +
"ON e.id = ue.event_id " +
"WHERE (ue.user_id = :userId OR e.is_private = 0) " +
"AND ue.date >= :startDate " +
"AND ue.date < :endDate " +
"ORDER BY ue.date, e.priority DESC, e.start",
resultClass = Event.class
),
@NamedNativeQuery(
name = "getAllEventsWithIdAndDate",
query = "SELECT * " +
"FROM event e " +
"INNER JOIN user_event ue " +
"ON e.id = ue.event_id " +
"WHERE ue.user_id = :userId " +
"AND ue.event_id = :eventId " +
"AND ue.date = :date",
resultClass = Event.class
),
@NamedNativeQuery(
name = "getAllEventsWithId",
query = "SELECT * " +
"FROM event e " +
"INNER JOIN user_event ue " +
"ON e.id = ue.event_id " +
"WHERE ue.event_id = :eventId",
resultClass = Event.class
)
})
public class Event implements Serializable {
// Generate the primary key
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private long id;
@Column(name = "name", nullable = false)
private String name;
@Column(name = "priority", nullable = false)
private Integer priority;
@Column(name = "is_full_day", nullable = false)
private boolean isFullDay;
@Column(name = "is_private", nullable = false)
private boolean isPrivate;
@Column(name = "start")
private Time start;
@Column(name = "end")
private Time end;
@OneToMany(mappedBy = "event")
private List<UserEvent> userEvent;
/*********************
* Getter and Setter *
*********************/
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public Integer getPriority() {
return priority;
}
public void setPriority(Integer priority) {
this.priority = priority;
}
public boolean isFullDay() {
return isFullDay;
}
public void setFullDay(boolean fullDay) {
isFullDay = fullDay;
}
public boolean isPrivate() {
return isPrivate;
}
public void setPrivate(boolean aPrivate) {
isPrivate = aPrivate;
}
public Time getStart() {
return start;
}
public void setStart(Time start) {
this.start = start;
}
public Time getEnd() {
return end;
}
public void setEnd(Time end) {
this.end = end;
}
public List<UserEvent> getUserEvent() {
return userEvent;
}
public void setUserEvent(List<UserEvent> userEvent) {
this.userEvent = userEvent;
}
// toString
@Override
public String toString() {
return "Event{" +
"id=" + id +
", name='" + name + '\'' +
", priority=" + priority +
", isFullDay=" + isFullDay +
", start=" + start +
", end=" + end +
", userEvent=" + userEvent +
'}';
}
@Override
public boolean equals(Object obj){
if(!(obj instanceof Event)){
return false;
}
Event event = (Event) obj;
System.out.println(event.getId() + " " + getId());
return event.getId() == getId();
}
@Override
public int hashCode(){
return (int)getId();
}
}

View File

@ -1,10 +1,29 @@
package com.vpr.server;
//Marc Beyer//
package com.vpr.server.data;
import javax.persistence.*;
import java.util.List;
// @Entity creates a table out of this class with Hibernate
@Entity
@Entity(name = "User")
@Table(name = "user")
@SqlResultSetMapping(name="deleteResult", columns = {
@ColumnResult(name = "count")
})
@NamedNativeQueries({
@NamedNativeQuery(
name = "getAllUser",
query = "SELECT * FROM user",
resultClass = User.class
),
@NamedNativeQuery(
name = "deleteAllUserEvents",
query = "DELETE FROM user_event WHERE user_id = :userId",
resultSetMapping = "deleteResult"
)
})
public class User {
// Generate the primary key
@Id
@ -21,7 +40,10 @@ public class User {
private String login;
@Column(name="password", nullable=false)
private String password;
private byte[] password;
@Column(name="salt", nullable=false)
private byte[] salt;
@Column(name="token")
private String token;
@ -68,14 +90,22 @@ public class User {
this.login = login;
}
public String getPassword() {
public byte[] getPassword() {
return password;
}
public void setPassword(String password) {
public void setPassword(byte[] password) {
this.password = password;
}
public byte[] getSalt() {
return salt;
}
public void setSalt(byte[] salt) {
this.salt = salt;
}
public String getToken() {
return token;
}
@ -99,4 +129,19 @@ public class User {
public void setEventList(List<UserEvent> userEvent) {
this.userEvent = userEvent;
}
@Override
public boolean equals(Object obj){
if(!(obj instanceof User)){
return false;
}
User user = (User) obj;
return user.getId() == getId();
}
@Override
public int hashCode(){
return (int)getId();
}
}

View File

@ -1,8 +1,8 @@
package com.vpr.server;
//Marc Beyer//
package com.vpr.server.data;
import javax.persistence.*;
import java.sql.Date;
import java.util.List;
// @Entity creates a table out of this class with Hibernate
// @Table defines the table-name
@ -61,4 +61,41 @@ public class UserEvent {
", date=" + date +
'}';
}
}
@Override
public boolean equals(Object obj){
System.out.println("equals");
if(!(obj instanceof UserEvent)){
System.out.println("not an userevent");
return false;
}
UserEvent userEvent = (UserEvent) obj;
System.out.println("date " + userEvent.getDate().equals(getDate()));
System.out.println("user " + userEvent.getUser().equals(getUser()));
System.out.println("event " + userEvent.getEvent().equals(getEvent()));
return userEvent.getDate().equals(getDate()) &&
userEvent.getUser().equals(getUser()) &&
userEvent.getEvent().equals(getEvent());
}
@Override
public int hashCode(){
long hash = getUser().hashCode() +
getEvent().hashCode() +
getDate().hashCode();
return (int)hash;
}
}

View File

@ -1,4 +1,5 @@
package com.vpr.server;
//Marc Beyer//
package com.vpr.server.data;
import java.io.Serializable;
import java.sql.Date;

View File

@ -0,0 +1,80 @@
//Marco Kühn//
package com.vpr.server.json;
import com.vpr.server.data.Event;
import com.vpr.server.data.User;
import com.vpr.server.data.UserEvent;
import java.sql.Time;
import java.util.ArrayList;
import java.util.List;
public class JSONMapper {
public static String userToJSON(User user) {
return "{" +
"\"userId\": " + user.getId() + ", " +
"\"forename\": \"" + user.getForename() + "\", " +
"\"name\": \"" + user.getName() + "\", " +
"\"login\": \"" + user.getLogin() + "\"," +
"\"admin\": " + user.isAdmin() +
"}";
}
public static String userListToJSON(List<User> userList) {
StringBuilder userListJSON = new StringBuilder();
for (User user : userList) {
userListJSON.append(", ");
userListJSON.append(userToJSON(user));
}
userListJSON.delete(0, 2);
return "[" + userListJSON + "]";
}
public static List<String> eventToJSON(Event event) {
List<String> eventListJSON = new ArrayList<>();
for (UserEvent userEvent : event.getUserEvent()) {
String eventJSON = "{" +
"\"ownerId\": " + userEvent.getUser().getId() + ", " +
"\"ownerName\": \"" + userEvent.getUser().getForename() + " " + userEvent.getUser().getName() + "\", " +
"\"date\": \"" + userEvent.getDate() + "\", " +
"\"id\": " + event.getId() + "," +
"\"name\": \"" + event.getName() + "\"," +
"\"priority\": " + event.getPriority() + "," +
"\"fullDay\": " + event.isFullDay() + "," +
"\"private\": " + event.isPrivate() + "," +
"\"start\": " + timeToJSON(event.getStart()) + "," +
"\"end\": " + timeToJSON(event.getEnd()) +
"}";
eventListJSON.add(eventJSON);
}
return eventListJSON;
}
public static String eventListToJSON(List<Event> eventList) {
StringBuilder eventListJSON = new StringBuilder();
for (Event event : eventList) {
List<String> eventsJSON = eventToJSON(event);
for (String eventJSON : eventsJSON) {
eventListJSON.append(", ");
eventListJSON.append(eventJSON);
}
}
eventListJSON.delete(0, 2);
return "[" + eventListJSON + "]";
}
public static String timeToJSON(Time time) {
if (time == null) {
return "null";
}
return "\"" + time + "\"";
}
}

View File

@ -0,0 +1,44 @@
//Marc Beyer//
package com.vpr.server.json;
import java.sql.Date;
import java.sql.Time;
import java.text.SimpleDateFormat;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Validator {
public static String ValidateEventName(String name) throws IllegalArgumentException {
if (name.length() < 3) {
System.out.println("NAME TO SHORT");
throw new IllegalArgumentException("Der Name ist zu kurz");
}
Pattern pattern = Pattern.compile("[A-Za-z\u00e4\u00f6\u00fc\u00c4\u00d6\u00dc\u00df0-9 =!?+*/$.:,;_<>()-]*");
Matcher matcher = pattern.matcher(name);
if(!matcher.matches()){
System.out.println("NAME HAS ILLEGALCHARS");
throw new IllegalArgumentException("Der Name enthält nicht erlaubte Zeichen");
}
return name;
}
public static Time ValidateEventTime(String time) throws IllegalArgumentException {
try {
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("hh:mm");
long ms = simpleDateFormat.parse(time).getTime();
return new Time(ms);
} catch (Exception e) {
return null;
}
}
public static Date ValidateEventDate(String date) throws IllegalArgumentException {
try {
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
return new Date(simpleDateFormat.parse(date).getTime());
} catch (Exception e) {
System.out.println("DATE FORMAT NOT CORRECT");
throw new IllegalArgumentException("Datumformat nicht korrekt");
}
}
}

View File

@ -0,0 +1,75 @@
//Marc Beyer//
package com.vpr.server.repository;
import com.vpr.server.data.Event;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import javax.transaction.Transactional;
// This will be AUTO IMPLEMENTED by Spring into a Bean called eventRepository
// CRUD refers Create, Read, Update, Delete
public interface EventRepository extends CrudRepository<Event, Integer> {
@Query(
value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " +
"ue.date, " +
"u.id AS uid, u.forename, u.name AS uname " +
"FROM event e " +
"INNER JOIN user_event ue " +
"ON e.id = ue.event_id " +
"INNER JOIN user u " +
"ON ue.user_id = u.id " +
"WHERE u.id = ?1 " +
"OR e.is_private = 0",
nativeQuery = true
)
Object[] findAllVisibleByUserId(long id);
@Query(
value = "SELECT * " +
"FROM event e " +
"INNER JOIN user_event ue " +
"ON e.id = ue.event_id " +
"WHERE ue.user_id = ?1",
nativeQuery = true
)
Object[] findAllByUserId(long id);
@Query(
value = "SELECT ue.user_id as userId, ue.event_id as eventId, ue.date as date " +
"FROM event e " +
"INNER JOIN user_event ue " +
"ON e.id = ue.event_id " +
"WHERE ue.event_id = ?1 " +
"AND ue.user_id = ?2 " +
"AND ue.date = ?3",
nativeQuery = true
)
UserEventInterface findUserEventByEventIdUserIdAndDate(long eventId, long userId, String date);
interface UserEventInterface{
long getEventId();
long getUserId();
long getDate();
}
@Modifying
@Transactional
@Query(
value = "DELETE ue FROM user_event ue WHERE ue.event_id = :eventId AND ue.user_id = :userId AND ue.date = :date",
nativeQuery = true
)
void deleteUserEventsById(long userId, long eventId, String date);
@Modifying
@Transactional
@Query(
value = "DELETE e FROM event e WHERE e.id = ?1",
nativeQuery = true
)
void deleteById(long id);
}

View File

@ -1,6 +1,7 @@
package com.vpr.server;
//Marc Beyer//
package com.vpr.server.repository;
import org.springframework.data.jpa.repository.Query;
import com.vpr.server.data.UserEvent;
import org.springframework.data.repository.CrudRepository;
import java.sql.Date;
@ -10,5 +11,5 @@ import java.util.List;
// CRUD refers Create, Read, Update, Delete
public interface UserEventRepository extends CrudRepository<UserEvent, Integer> {
List<UserEvent> findByUserIdAndDate(long userId, Date date);
}

View File

@ -1,13 +1,12 @@
package com.vpr.server;
//Marc Beyer//
package com.vpr.server.repository;
import com.vpr.server.data.User;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import java.util.List;
// This will be AUTO IMPLEMENTED by Spring into a Bean called userRepository
// CRUD refers Create, Read, Update, Delete
public interface UserRepository extends CrudRepository<User, Integer> {
@Query(value = "SELECT u.id, u.name, u.forename " +
@ -15,7 +14,13 @@ public interface UserRepository extends CrudRepository<User, Integer> {
nativeQuery = true)
Object[] findAllUsernames();
com.vpr.server.User findById(long id);
User findById(long id);
com.vpr.server.User findByLoginAndPassword(String login, String password);
User findByLogin(String login);
User findByLoginAndPassword(String login, byte[] password);
void deleteById(long id);
User findByToken(String token);
}

View File

@ -0,0 +1,29 @@
//Marc Beyer//
package com.vpr.server.security;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
public class Hasher {
public static byte[] HashPassword(String password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException {
// Credit: https://www.baeldung.com/java-password-hashing
// Generate hash with PBKDF2
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return factory.generateSecret(spec).getEncoded();
}
public static byte[] GenerateSalt(){
// Credit: https://www.baeldung.com/java-password-hashing
// Create a salt
SecureRandom random = new SecureRandom();
byte[] salt = new byte[16];
random.nextBytes(salt);
return salt;
}
}

View File

@ -0,0 +1,28 @@
//Marc Beyer//
package com.vpr.server.security;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.security.Key;
public class Token {
private static final Key KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256);
public static String Generate(String subject){
return Jwts.builder().setSubject(subject).signWith(KEY).compact();
}
public static boolean Verify(String jws, String subject){
try {
assert Jwts.parserBuilder().setSigningKey(KEY).build().parseClaimsJws(jws)
.getBody().getSubject().equals(subject);
return true;
} catch (JwtException e) {
return false;
}
}
}