ЛР6(MVC) похоже готово

2023-05-28 20:24:04 +04:00 · 2023-05-28 20:24:04 +04:00 · dd1fdae060
commit dd1fdae060
parent 157ba0f38b
18 changed files with 508 additions and 2 deletions
--- a/build.gradle
+++ b/build.gradle
@ -24,6 +24,10 @@ dependencies {

 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	implementation 'com.h2database:h2:2.1.210'
+
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
+
 	implementation 'org.hibernate.validator:hibernate-validator'
 	implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.6.5'

--- a/data.mv.db
+++ b/data.mv.db
--- a/src/main/java/ru/ulstu/is/lab1/DataBase/Repository/IUserRepository.java
+++ b/src/main/java/ru/ulstu/is/lab1/DataBase/Repository/IUserRepository.java
@ -0,0 +1,8 @@
+package ru.ulstu.is.lab1.DataBase.Repository;
+
+import ru.ulstu.is.lab1.DataBase.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface IUserRepository extends JpaRepository<User, Long> {
+    User findOneByLoginIgnoreCase(String login);
+}
--- a/src/main/java/ru/ulstu/is/lab1/DataBase/controller/UserDTO.java
+++ b/src/main/java/ru/ulstu/is/lab1/DataBase/controller/UserDTO.java
@ -0,0 +1,24 @@
+package ru.ulstu.is.lab1.DataBase.controller;
+
+import ru.ulstu.is.lab1.DataBase.model.User;
+import ru.ulstu.is.lab1.DataBase.model.UserRole;
+
+public class UserDTO {
+    private final long id;
+    private final String login;
+    private final UserRole role;
+    public UserDTO(User user) {
+        this.id = user.getId();
+        this.login = user.getLogin();
+        this.role = user.getRole();
+    }
+    public long getId() {
+        return id;
+    }
+    public String getLogin() {
+        return login;
+    }
+    public UserRole getRole() {
+        return role;
+    }
+}
--- a/src/main/java/ru/ulstu/is/lab1/DataBase/controller/UserMvcController.java
+++ b/src/main/java/ru/ulstu/is/lab1/DataBase/controller/UserMvcController.java
@ -0,0 +1,39 @@
+package ru.ulstu.is.lab1.DataBase.controller;
+
+import ru.ulstu.is.lab1.DataBase.model.UserRole;
+import ru.ulstu.is.lab1.DataBase.service.UserService;
+import org.springframework.data.domain.Page;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import java.util.List;
+import java.util.stream.IntStream;
+
+@Controller
+@RequestMapping("/users")
+public class UserMvcController {
+    private final UserService userService;
+    public UserMvcController(UserService userService) {
+        this.userService = userService;
+    }
+    @GetMapping
+    @Secured({UserRole.AsString.ADMIN})
+    public String getUsers(@RequestParam(defaultValue = "1") int page,
+                           @RequestParam(defaultValue = "5") int size,
+                           Model model) {
+        final Page<UserDTO> users = userService.findAllPages(page, size)
+                .map(UserDTO::new);
+        model.addAttribute("users", users);
+        final int totalPages = users.getTotalPages();
+        final List<Integer> pageNumbers = IntStream.rangeClosed(1, totalPages)
+                .boxed()
+                .toList();
+        model.addAttribute("pages", pageNumbers);
+        model.addAttribute("totalPages", totalPages);
+        return "users";
+    }
+}
--- a/src/main/java/ru/ulstu/is/lab1/DataBase/controller/UserSignupDTO.java
+++ b/src/main/java/ru/ulstu/is/lab1/DataBase/controller/UserSignupDTO.java
@ -0,0 +1,34 @@
+package ru.ulstu.is.lab1.DataBase.controller;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Size;
+
+public class UserSignupDTO {
+    @NotBlank
+    @Size(min = 3, max = 64)
+    private String login;
+    @NotBlank
+    @Size(min = 6, max = 64)
+    private String password;
+    @NotBlank
+    @Size(min = 6, max = 64)
+    private String passwordConfirm;
+    public String getLogin() {
+        return login;
+    }
+    public void setLogin(String login) {
+        this.login = login;
+    }
+    public String getPassword() {
+        return password;
+    }
+    public void setPassword(String password) {
+        this.password = password;
+    }
+    public String getPasswordConfirm() {
+        return passwordConfirm;
+    }
+    public void setPasswordConfirm(String passwordConfirm) {
+        this.passwordConfirm = passwordConfirm;
+    }
+}
--- a/src/main/java/ru/ulstu/is/lab1/DataBase/controller/UserSignupMvcController.java
+++ b/src/main/java/ru/ulstu/is/lab1/DataBase/controller/UserSignupMvcController.java
@ -0,0 +1,46 @@
+package ru.ulstu.is.lab1.DataBase.controller;
+
+import ru.ulstu.is.lab1.DataBase.model.User;
+import ru.ulstu.is.lab1.DataBase.service.UserService;
+import ru.ulstu.is.lab1.util.validation.ValidationException;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import javax.validation.Valid;
+
+@Controller
+@RequestMapping(UserSignupMvcController.SIGNUP_URL)
+public class UserSignupMvcController {
+    public static final String SIGNUP_URL = "/signup";
+    private final UserService userService;
+    public UserSignupMvcController(UserService userService) {
+        this.userService = userService;
+    }
+    @GetMapping
+    public String showSignupForm(Model model) {
+        model.addAttribute("UserDTO", new UserSignupDTO());
+        return "signup";
+    }
+    @PostMapping
+    public String signup(@ModelAttribute("UserDTO") @Valid UserSignupDTO userSignupDTO,
+                         BindingResult bindingResult,
+                         Model model) {
+        if (bindingResult.hasErrors()) {
+            model.addAttribute("errors", bindingResult.getAllErrors());
+            return "signup";
+        }
+        try {
+            final User user = userService.createUser(
+                    userSignupDTO.getLogin(), userSignupDTO.getPassword(), userSignupDTO.getPasswordConfirm());
+            return "redirect:/login?created=" + user.getLogin();
+        } catch (ValidationException e) {
+            model.addAttribute("errors", e.getMessage());
+            return "signup";
+        }
+    }
+}
--- a/src/main/java/ru/ulstu/is/lab1/DataBase/model/User.java
+++ b/src/main/java/ru/ulstu/is/lab1/DataBase/model/User.java
@ -0,0 +1,83 @@
+package ru.ulstu.is.lab1.DataBase.model;
+
+import javax.persistence.*;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Size;
+import java.util.Objects;
+
+@Entity
+@Table(name = "users")
+public class User
+{
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long id;
+    @Column(nullable = false, unique = true, length = 64)
+    @NotBlank
+    @Size(min = 3, max = 64)
+    private String login;
+    @Column(nullable = false, length = 64)
+    @NotBlank
+    @Size(min = 6, max = 64)
+    private String password;
+    private UserRole role;
+
+    public User() {
+    }
+
+    public User(String login, String password) {
+        this(login, password, UserRole.USER);
+    }
+
+    public User(String login, String password, UserRole role) {
+        this.login = login;
+        this.password = password;
+        this.role = role;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public String getLogin() {
+        return login;
+    }
+
+    public void setLogin(String login) {
+        this.login = login;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public UserRole getRole() {
+        return role;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        User user = (User) o;
+        return Objects.equals(id, user.id) && Objects.equals(login, user.login);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(id, login);
+    }
+    @Override
+    public String toString() {
+        return "User{" +
+                "id=" + id +
+                ", login='" + login + '\'' +
+                ", password='" + password + '\'' +
+                ", role='" + role + '\'' +
+                '}';
+    }
+}
--- a/src/main/java/ru/ulstu/is/lab1/DataBase/model/UserRole.java
+++ b/src/main/java/ru/ulstu/is/lab1/DataBase/model/UserRole.java
@ -0,0 +1,17 @@
+package ru.ulstu.is.lab1.DataBase.model;
+
+import org.springframework.security.core.GrantedAuthority;
+
+public enum UserRole implements GrantedAuthority {
+    ADMIN,
+    USER;
+    private static final String PREFIX = "ROLE_";
+    @Override
+    public String getAuthority() {
+        return PREFIX + this.name();
+    }
+    public static final class AsString {
+        public static final String ADMIN = PREFIX + "ADMIN";
+        public static final String USER = PREFIX + "USER";
+    }
+}
--- a/src/main/java/ru/ulstu/is/lab1/DataBase/service/UserService.java
+++ b/src/main/java/ru/ulstu/is/lab1/DataBase/service/UserService.java
@ -0,0 +1,61 @@
+package ru.ulstu.is.lab1.DataBase.service;
+
+import ru.ulstu.is.lab1.DataBase.model.User;
+import ru.ulstu.is.lab1.DataBase.model.UserRole;
+import ru.ulstu.is.lab1.DataBase.Repository.IUserRepository;
+import ru.ulstu.is.lab1.util.validation.ValidationException;
+import ru.ulstu.is.lab1.util.validation.ValidatorUtil;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.PageRequest;
+import org.springframework.data.domain.Sort;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.Objects;
+
+@Service
+public class UserService implements UserDetailsService {
+    private final IUserRepository userRepository;
+    private final PasswordEncoder passwordEncoder;
+    private final ValidatorUtil validatorUtil;
+    public UserService(IUserRepository userRepository,
+                       PasswordEncoder passwordEncoder,
+                       ValidatorUtil validatorUtil) {
+        this.userRepository = userRepository;
+        this.passwordEncoder = passwordEncoder;
+        this.validatorUtil = validatorUtil;
+    }
+    public Page<User> findAllPages(int page, int size) {
+        return userRepository.findAll(PageRequest.of(page - 1, size, Sort.by("id").ascending()));
+    }
+    public User findByLogin(String login) {
+        return userRepository.findOneByLoginIgnoreCase(login);
+    }
+    public User createUser(String login, String password, String passwordConfirm) {
+        return createUser(login, password, passwordConfirm, UserRole.USER);
+    }
+    public User createUser(String login, String password, String passwordConfirm, UserRole role) {
+        if (findByLogin(login) != null) {
+            throw new ValidationException(String.format("User '%s' already exists", login));
+        }
+        final User user = new User(login, passwordEncoder.encode(password), role);
+        validatorUtil.validate(user);
+        if (!Objects.equals(password, passwordConfirm)) {
+            throw new ValidationException("Passwords not equals");
+        }
+        return userRepository.save(user);
+    }
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        final User userEntity = findByLogin(username);
+        if (userEntity == null) {
+            throw new UsernameNotFoundException(username);
+        }
+        return new org.springframework.security.core.userdetails.User(
+                userEntity.getLogin(), userEntity.getPassword(), Collections.singleton(userEntity.getRole()));
+    }
+}
--- a/src/main/java/ru/ulstu/is/lab1/PasswordEncoderConfiguration.java
+++ b/src/main/java/ru/ulstu/is/lab1/PasswordEncoderConfiguration.java
@ -0,0 +1,14 @@
+package ru.ulstu.is.lab1;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class PasswordEncoderConfiguration {
+    @Bean
+    public PasswordEncoder createPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
--- a/src/main/java/ru/ulstu/is/lab1/SecurityConfiguration.java
+++ b/src/main/java/ru/ulstu/is/lab1/SecurityConfiguration.java
@ -0,0 +1,68 @@
+package ru.ulstu.is.lab1;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import ru.ulstu.is.lab1.DataBase.controller.UserSignupMvcController;
+import ru.ulstu.is.lab1.DataBase.model.UserRole;
+import ru.ulstu.is.lab1.DataBase.service.UserService;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true)
+public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+    private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
+    private static final String LOGIN_URL = "/login";
+    private final UserService userService;
+
+    public SecurityConfiguration(UserService userService) {
+        this.userService = userService;
+        createAdminOnStartup();
+    }
+
+    private void createAdminOnStartup() {
+        final String admin = "admin";
+        if (userService.findByLogin(admin) == null) {
+            log.info("Admin user successfully created");
+            userService.createUser(admin, admin, admin, UserRole.ADMIN);
+        }
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.headers().frameOptions().sameOrigin().and()
+                .cors().and()
+                .csrf().disable()
+                .authorizeRequests()
+                .antMatchers(UserSignupMvcController.SIGNUP_URL).permitAll()
+                .antMatchers(HttpMethod.GET, LOGIN_URL).permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .formLogin()
+                .loginPage(LOGIN_URL).permitAll()
+                .and()
+                .logout().permitAll();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userService);
+    }
+
+    @Override
+    public void configure(WebSecurity web) {
+        web.ignoring()
+                .antMatchers("/css/**")
+                .antMatchers("/images/**")
+                .antMatchers("/js/**")
+                .antMatchers("/templates/**")
+                .antMatchers("/webjars/**");
+    }
+}
--- a/src/main/java/ru/ulstu/is/lab1/WebConfiguration.java
+++ b/src/main/java/ru/ulstu/is/lab1/WebConfiguration.java
@ -11,7 +11,7 @@ public class WebConfiguration implements WebMvcConfigurer {
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        WebMvcConfigurer.super.addViewControllers(registry);
-        registry.addViewController("rest-test");
+        registry.addViewController("login");
    }
    @Override
    public void addCorsMappings(CorsRegistry registry){
--- a/src/main/java/ru/ulstu/is/lab1/util/validation/ValidationException.java
+++ b/src/main/java/ru/ulstu/is/lab1/util/validation/ValidationException.java
@ -6,4 +6,6 @@ public class ValidationException extends RuntimeException{
    public <T> ValidationException(Set<String> errors) {
        super(String.join("\n", errors));
    }
+
+    public <T> ValidationException(String error) { super(error); }
 }
--- a/src/main/resources/templates/default.html
+++ b/src/main/resources/templates/default.html
@ -13,7 +13,7 @@
 </head>
 <body>
 <header>
-<nav class="navbar navbar-dark navbar-expand-lg bg-black">
+<nav class="navbar navbar-dark navbar-expand-xl bg-black">
  <div class="container-fluid">
    <a class="navbar-brand" href="/"><img src="../static/images/name.png" th:src="@{/images/name.png}"></a>
    <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Переключатель навигации">
@ -25,6 +25,8 @@
        <a class="nav-link" href="/genre" th:classappend="${#strings.equals(activeLink, '/genre')} ? 'active' : ''">Жанры</a>
        <a class="nav-link" href="/film" th:classappend="${#strings.equals(activeLink, '/film')} ? 'active' : ''">Фильмы</a>
        <a class="nav-link" href="/collection" th:classappend="${#strings.equals(activeLink, '/collection')} ? 'active' : ''">Коллекции</a>
+        <a class="nav-link" href="/users" th:classappend="${#strings.equals(activeLink, '/users')} ? 'active' : ''">Пользователи</a>
+        <a class="nav-link" href="/logout" th:classappend="${#strings.equals(activeLink, '/login')} ? 'active' : ''">Выход</a>
      </ul>
    </div>
  </div>
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="en"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      xmlns:th="http://www.w3.org/1999/xhtml"
+      layout:decorate="~{default}">
+<head>
+</head>
+<body>
+<div layout:fragment="content">
+    <div th:if="${param.error}" class="alert alert-danger margin-bottom">
+        Пользователь не найден или пароль указан не верно
+    </div>
+    <div th:if="${param.logout}" class="alert alert-success margin-bottom">
+        Выход успешно произведен
+    </div>
+    <div th:if="${param.created}" class="alert alert-success margin-bottom">
+        Пользователь '<span th:text="${param.created}"></span>' успешно создан
+    </div>
+    <form th:action="@{/login}" method="post" class="container-padding">
+        <div class="mb-3">
+            <input type="text" name="username" id="username" class="form-control"
+                   placeholder="Логин" required="true" autofocus="true"/>
+        </div>
+        <div class="mb-3">
+            <input type="password" name="password" id="password" class="form-control"
+                   placeholder="Пароль" required="true"/>
+        </div>
+        <button type="submit" class="btn btn-success button-fixed">Войти</button>
+        <a class="btn btn-primary button-fixed" href="/signup">Регистрация</a>
+    </form>
+</div>
+</body>
+</html>
--- a/src/main/resources/templates/signup.html
+++ b/src/main/resources/templates/signup.html
@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      xmlns:th="http://www.w3.org/1999/xhtml"
+      layout:decorate="~{default}">
+<head>
+</head>
+<body>
+<div class="container container-padding" layout:fragment="content">
+  <div th:if="${errors}" th:text="${errors}" class="margin-bottom alert alert-danger"></div>
+  <form action="#" th:action="@{/signup}" th:object="${UserDTO}" method="post">
+    <div class="mb-3">
+      <input type="text" class="form-control" th:field="${UserDTO.login}"
+             placeholder="Логин" required="true" autofocus="true" maxlength="64"/>
+    </div>
+    <div class="mb-3">
+      <input type="password" class="form-control" th:field="${UserDTO.password}"
+             placeholder="Пароль" required="true" minlength="6" maxlength="64"/>
+    </div>
+    <div class="mb-3">
+      <input type="password" class="form-control" th:field="${UserDTO.passwordConfirm}"
+             placeholder="Пароль (подтверждение)" required="true" minlength="6" maxlength="64"/>
+    </div>
+    <div class="mb-3">
+      <button type="submit" class="btn btn-success button-fixed">Создать</button>
+      <a class="btn btn-primary button-fixed" href="/login">Назад</a>
+    </div>
+  </form>
+</div>
+</body>
+</html>
--- a/src/main/resources/templates/users.html
+++ b/src/main/resources/templates/users.html
@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html lang="en"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      xmlns:th="http://www.w3.org/1999/xhtml"
+      layout:decorate="~{default}">
+<head>
+</head>
+<body>
+<div class="container" layout:fragment="content">
+  <div class="table-responsive">
+    <table class="table text-light">
+      <thead>
+      <tr>
+        <th scope="col">#</th>
+        <th scope="col">ID</th>
+        <th scope="col">Логин</th>
+        <th scope="col">Роль</th>
+      </tr>
+      </thead>
+      <tbody>
+      <tr th:each="user, iterator: ${users}">
+        <th scope="row" th:text="${iterator.index} + 1"></th>
+        <td th:text="${user.id}"></td>
+        <td th:text="${user.login}" style="width: 60%"></td>
+        <td th:text="${user.role}" style="width: 20%"></td>
+      </tr>
+      </tbody>
+    </table>
+  </div>
+  <div th:if="${totalPages > 0}" class="pagination text-light">
+    <span style="float: left; padding: 5px 5px;">Страницы:</span>
+    <a th:each="page : ${pages}"
+       th:href="@{/users(page=${page}, size=${users.size})}"
+       th:text="${page}"
+       th:class="${page == users.number + 1} ? active">
+    </a>
+  </div>
+</div>
+</body>
+</html>