aleyckin/IP_Aleikin_PIbd-22
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LabWork06 VUE vrode work

Browse Source
This commit is contained in:
Артём Алейкин 2023-06-13 16:21:39 +04:00
parent 1187149b02
commit 0c5ae531f6
25 changed files with 1060 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
build.gradle
View File

@ -6,18 +6,24 @@ plugins {
group = 'ru.ulstu.is'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '17'
sourceCompatibility = '19'
repositories {
mavenCentral()
}
dependencies {
annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'com.h2database:h2:2.1.210'
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'com.h2database:h2:2.1.210'
implementation 'com.auth0:java-jwt:4.4.0'
implementation 'org.springframework.boot:spring-boot-devtools'
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
implementation 'nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect'
implementation 'jakarta.validation:jakarta.validation-api:3.0.0'
implementation 'org.webjars:bootstrap:5.1.3'
implementation 'org.webjars:jquery:3.6.0'
implementation 'org.webjars:font-awesome:6.1.0'

11
frontend/spa-vue/src/components/Header.vue
View File

@ -7,6 +7,8 @@
<router-link to="/manufacturer" class="nav-link">Производители</router-link>
<router-link to="/category" class="nav-link">Категории</router-link>
<router-link to="/product" class="nav-link">Продукты</router-link>
<router-link to="/users" class="nav-link">Users</router-link>
<button type="button" class="btn btn-secondary" @click="logout()">Разлогиниться</button>
</li>
</ul>
</div>
@ -36,6 +38,15 @@
<script>
export default {
methods:
{
logout(){
localStorage.removeItem("token");
localStorage.removeItem("user");
localStorage.removeItem("role");
this.$router.push('/login');
},
}
}
</script>

35
frontend/spa-vue/src/pages/categories.vue
View File

@ -104,11 +104,38 @@ export default {
category: new Category(),
editedCategory: new Category(),
products: [],
postParams: {
method:"POST",
headers:{
"Content-Type":"application/json",
"Authorization": "Bearer " + localStorage.getItem("token"),
}
},
putParams: {
method:"PUT",
headers:{
"Content-Type":"application/json",
"Authorization": "Bearer " + localStorage.getItem("token"),
},
},
delParams: {
method:"DELETE",
headers:{
"Content-Type":"application/json",
"Authorization": "Bearer " + localStorage.getItem("token"),
}
},
getParams: {
method:"GET",
headers:{
"Authorization": "Bearer " + localStorage.getItem("token"),
}
},
}
},
methods: {
getCategories(){
axios.get(this.URL + "category")
axios.get(this.URL + "category", this.getParams)
.then(response => {
this.categories = response.data;
console.log(response.data);
@ -120,7 +147,7 @@ export default {
addCategory(category) {
console.log(category);
axios
.post(this.URL + "category", category)
.post(this.URL + "category", category, this.postParams)
.then(() => {
this.getCategories();
this.closeModal();
@ -130,7 +157,7 @@ export default {
});
},
deleteCategory(id){
axios.delete(this.URL + `category/${id}`)
axios.delete(this.URL + `category/${id}`, this.delParams)
.then(() =>{
this.getCategories();
})
@ -150,7 +177,7 @@ export default {
document.getElementById("editModal").style.display = "none";
},
editCategory(category) {
axios.put(this.URL + `category/${category.id}`, category)
axios.put(this.URL + `category/${category.id}`, category, this.putParams)
.then(() => {
const index = this.categories.findIndex((s) => s.id === category.id);
if (index !== -1) {

9
frontend/spa-vue/src/pages/error.vue Normal file
View File

@ -0,0 +1,9 @@
<template>
<div>
<a>Ошибка доступа</a>
</div>
</template>
<script>
</script>
<style>
</style>

83
frontend/spa-vue/src/pages/login.vue Normal file
View File

@ -0,0 +1,83 @@
<template>
<div>
<div class="login">
<form @submit.prevent class="login__form" action="/">
<div class="form__login">
<input class="login-input form-control"
id="login" v-model="newUser.login"
validate="false"
placeholder="Логин"
type="text"
name="Логин">
</div>
<div class="form__password">
<input class="password-input form-control"
id="password" v-model="newUser.password"
validate="false"
placeholder="Пароль"
type="password"
name="Пароль">
</div>
<div class="login__buttons mt-5">
<button type="submit" class="login__confirm" id="login__confirm" @click="login">Войти</button>
<a class="login__registration" href="registration">Регистрация</a>
</div>
</form>
</div>
</div>
</template>
<script>
import axios from 'axios';
export default {
mounted(){
},
data(){
return{
newUser: new Object,
token: '',
user: '',
role: '',
}
},
methods: {
async login() {
await this.getRole()
try {
const response = await axios.post(`http://localhost:8080/jwt/login`, this.newUser);
if (response.status === 200) {
localStorage.setItem("token", response.data);
localStorage.setItem("user", this.newUser.login);
this.token = response.data;
this.user = this.newUser.login;
this.$emit('login', {
token: this.token,
user: this.newUser.login,
role: this.role,
});
this.$router.push("/authors")
} else {
localStorage.removeItem("token");
localStorage.removeItem("user");
localStorage.removeItem("role");
}
} catch (error) {
console.log(error);
}
},
async getRole(){
await axios.get(`http://localhost:8080/who_am_i?userLogin=${this.newUser.login}`)
.then((response) => {
localStorage.setItem("role", response.data)
this.role = response.data
})
.catch(error => {
console.log(error);
})
}
}
}
</script>
<style>
</style>

35
frontend/spa-vue/src/pages/manufacturers.vue
View File

@ -71,11 +71,38 @@ export default {
manufacturers: [],
URL: "http://localhost:8080/api/",
manufacturer: new Manufacturer(),
postParams: {
method:"POST",
headers:{
"Content-Type":"application/json",
"Authorization": "Bearer " + localStorage.getItem("token"),
}
},
putParams: {
method:"PUT",
headers:{
"Content-Type":"application/json",
"Authorization": "Bearer " + localStorage.getItem("token"),
},
},
delParams: {
method:"DELETE",
headers:{
"Content-Type":"application/json",
"Authorization": "Bearer " + localStorage.getItem("token"),
}
},
getParams: {
method:"GET",
headers:{
"Authorization": "Bearer " + localStorage.getItem("token"),
}
},
}
},
methods: {
getManufacturers(){
axios.get(this.URL + "manufacturer")
axios.get(this.URL + "manufacturer", this.getParams)
.then(response => {
this.manufacturers = response.data;
console.log(response.data);
@ -86,7 +113,7 @@ export default {
},
addManufacturer(manufacturer){
console.log(this.manufacturers);
axios.post(this.URL + "manufacturer", manufacturer)
axios.post(this.URL + "manufacturer", manufacturer, this.postParams)
.then(() => {
this.getManufacturers();
this.closeModal();
@ -96,13 +123,13 @@ export default {
});
},
deleteManufacturer(id){
axios.delete(this.URL + `manufacturer/${id}`)
axios.delete(this.URL + `manufacturer/${id}`, this.delParams)
.then(() =>{
this.getManufacturers();
})
},
editManufacturer(manufacturer){
axios.put(this.URL + `manufacturer/${manufacturer.id}`, manufacturer)
axios.put(this.URL + `manufacturer/${manufacturer.id}`, manufacturer, this.putParams)
.then(() =>{
const index = this.manufacturers.findIndex((m) => m.id === manufacturer.id);
if (index !== -1) {

43
frontend/spa-vue/src/pages/products.vue
View File

@ -136,11 +136,38 @@ export default {
URL: "http://localhost:8080/api/",
product: new Product(),
editedProduct: new Product(),
postParams: {
method:"POST",
headers:{
"Content-Type":"application/json",
"Authorization": "Bearer " + localStorage.getItem("token"),
}
},
putParams: {
method:"PUT",
headers:{
"Content-Type":"application/json",
"Authorization": "Bearer " + localStorage.getItem("token"),
},
},
delParams: {
method:"DELETE",
headers:{
"Content-Type":"application/json",
"Authorization": "Bearer " + localStorage.getItem("token"),
}
},
getParams: {
method:"GET",
headers:{
"Authorization": "Bearer " + localStorage.getItem("token"),
}
},
}
},
methods: {
getProducts(){
axios.get(this.URL + "product")
axios.get(this.URL + "product", this.getParams)
.then(response => {
this.products = response.data;
console.log(response.data);
@ -150,7 +177,7 @@ export default {
});
},
getCategories(){
axios.get(this.URL + "category")
axios.get(this.URL + "category", this.getParams)
.then(response => {
this.categories = response.data;
console.log(response.data);
@ -163,7 +190,7 @@ export default {
await this.toBase64();
this.product.price = parseInt(this.product.price);
console.log(this.product);
axios.post(this.URL + "product", this.product)
axios.post(this.URL + "product", this.product, this.postParams)
.then(() => {
this.getProducts();
this.closeModal();
@ -173,7 +200,7 @@ export default {
});
},
deleteProduct(id){
axios.delete(this.URL + `product/${id}`)
axios.delete(this.URL + `product/${id}`, this.delParams)
.then(() =>{
this.getProducts();
})
@ -181,7 +208,7 @@ export default {
async editProduct(product){
if(product.photo === undefined) await this.toBase64();
console.log(product);
axios.put(this.URL + `product/${product.id}`, product)
axios.put(this.URL + `product/${product.id}`, product, this.putParams)
.then(() =>{
const index = this.products.findIndex((s) => s.id === product.id);
if (index !== -1) {
@ -242,7 +269,7 @@ export default {
});
},
getProductManufacturers(){
axios.get(this.URL + `product/${this.product.id}/manufacturers`)
axios.get(this.URL + `product/${this.product.id}/manufacturers`, this.getParams)
.then(response => {
this.productManufacturers = response.data;
console.log(response.data);
@ -252,7 +279,7 @@ export default {
});
},
addManufacturer(){
axios.post(this.URL + `product/${this.product.id}/Manufacturer/${this.manufacturerId}`)
axios.post(this.URL + `product/${this.product.id}/Manufacturer/${this.manufacturerId}`, this.postParams)
.then(() => {
this.getProductManufacturers();
})
@ -261,7 +288,7 @@ export default {
});
},
removeManufacturer(id){
axios.delete(this.URL + `product/${this.product.id}/Manufacturer/${id}`)
axios.delete(this.URL + `product/${this.product.id}/Manufacturer/${id}`, this.delParams)
.then(() =>{
this.getProductManufacturers();
})

46
frontend/spa-vue/src/pages/registration.vue Normal file
View File

@ -0,0 +1,46 @@
<template>
<div class="registration">
<form @submit.prevent="registration" class="registration__form" action="#">
<div class="form__login">
<input class="login-input form-control" v-model="login" id="login" required="" validate="false" placeholder="Логин" type="text" name="Логин">
</div>
<div class="form__password">
<input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль">
</div>
<div class="registration__buttons">
<button class="registration__confirm" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a>
</div>
</form>
</div>
</template>
<script>
import axios from 'axios';
export default {
data(){
return{
login: "",
password: "",
}
},
methods:{
registration(){
// Отправляем данные формы на сервер
let user = {
login: this.login,
password: this.password,
passwordConfirm: this.password
}
axios.post(`http://localhost:8080/sign_up`, user)
.then((response) => {
if (response.status === 200) {
alert(response.data);
}
})
.catch(error => {
console.log(error);
});
this.$router.push('/login');
}
}
}
</script>

52
frontend/spa-vue/src/pages/users.vue Normal file
View File

@ -0,0 +1,52 @@
<template >
<table class="table table-striped table-bordered table-hover">
<thead>
<tr>
<th scope="col">ID</th>
<th scope="col">Логин</th>
<th scope="col">Роль</th>
</tr>
</thead>
<tbody>
<tr v-for="(user, index) in users" :key="index">
<td>{{ user.id }}</td>
<td>{{ user.login }}</td>
<td>{{ user.role }}</td>
</tr>
</tbody>
</table>
</template>
<script>
import axios from 'axios'
export default {
data(){
return{
users: []
}
},
created(){
const getTokenForHeader = function () {
return "Bearer " + localStorage.getItem("token");
}
const requestParams = {
method: "GET",
headers: {
"Authorization": getTokenForHeader(),
}
};
axios.get(`http://localhost:8080`, requestParams)
.then(response => {
this.users = response.data;
})
.catch(error => {
console.log(error);
});
},
methods:{
}
}
</script>
<style >
</style>

26
frontend/spa-vue/src/routes.js
View File

@ -1,12 +1,20 @@
import manufacturers from './pages/manufacturers.vue'
import categories from './pages/categories.vue'
import products from './pages/products.vue'
import users from "./pages/users.vue";
import login from "./pages/login.vue";
import registration from "./pages/registration.vue";
import Error from "./pages/Error.vue";
import {createRouter, createWebHistory} from "vue-router"
const routes = [
{path: '/manufacturer', component: manufacturers},
{path: '/category', component: categories},
{path: '/product', component: products},
{path: "/users", component: users, meta: { requiresAuth: true, requiresAdmin: true }},
{path: "/login", component: login},
{path: "/registration", component: registration},
{path: "/error", component: Error, meta: { requiresAuth: true }},
]
const router = createRouter({
@ -15,4 +23,22 @@ const router = createRouter({
routes
})
router.beforeEach((to, from, next) => {
const isAuthenticated = localStorage.getItem("token");
if (to.matched.some((route) => route.meta.requiresAuth)) {
if (!isAuthenticated) {
next("/login");
return;
}
}
const isAdmin = localStorage.getItem("role") === "ADMIN";
if (to.matched.some((route) => route.meta.requiresAdmin)) {
if (!isAdmin) {
next("/error");
return;
}
}
next();
});
export default router;

64
src/main/java/ru/ulstu/is/sbapp/HardwareShop/controller/UserController.java Normal file
View File

@ -0,0 +1,64 @@
package ru.ulstu.is.sbapp.HardwareShop.controller;
import jakarta.validation.Valid;
import jakarta.validation.ValidationException;
import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.HardwareShop.models.User;
import ru.ulstu.is.sbapp.HardwareShop.models.UserRole;
import ru.ulstu.is.sbapp.HardwareShop.services.UserService;
import java.util.List;
@RestController
public class UserController {
public static final String URL_LOGIN = "/jwt/login";
public static final String URL_SIGN_UP = "/sign_up";
public static final String URL_WHO_AM_I = "/who_am_i";
private final UserService userService;
public UserController(UserService userService) {
this.userService = userService;
}
@PostMapping(URL_LOGIN)
public String login(@RequestBody @Valid UserDto userDto) {
return userService.loginAndGetToken(userDto);
}
@GetMapping(URL_WHO_AM_I)
public String role(@RequestParam("userLogin") String userLogin) {
return userService.findByLogin(userLogin).getRole().name();
}
@PostMapping(URL_SIGN_UP)
public String signUp(@RequestBody @Valid UserSignUpDTO userSignupDto) {
try {
final User user = userService.addUser(userSignupDto.getLogin(),
userSignupDto.getPassword(), userSignupDto.getPasswordConfirm(), UserRole.USER);
return "created " + user.getLogin();
} catch (ValidationException e) {
return e.getMessage();
}
}
@GetMapping("/{id}")
@Secured({UserRole.AsString.ADMIN})
public UserDto getUser(@PathVariable Long id) {
return new UserDto(userService.findUser(id));
}
@GetMapping("/")
@Secured({UserRole.AsString.ADMIN})
public List<UserDto> getUsers() {
return userService.findAllUsers().stream()
.map(UserDto::new)
.toList();
}
@PutMapping("/{id}")
public UserDto updateUser(@RequestBody @Valid UserDto userDto){
return new UserDto(userService.updateUser(userDto));
}
@DeleteMapping("/{id}")
public void deleteUser(@PathVariable Long id) {
userService.deleteUser(id);
}
}

50
src/main/java/ru/ulstu/is/sbapp/HardwareShop/controller/UserDto.java Normal file
View File

@ -0,0 +1,50 @@
package ru.ulstu.is.sbapp.HardwareShop.controller;
import ru.ulstu.is.sbapp.HardwareShop.models.User;
import ru.ulstu.is.sbapp.HardwareShop.models.UserRole;
public class UserDto {
private long id;
private String login;
private UserRole role;
private String password;
public UserDto(){}
public UserDto(User user) {
this.id = user.getId();
this.login = user.getLogin();
this.role = user.getRole();
this.password = user.getPassword();
}
public long getId() {
return id;
}
public String getLogin() {
return login;
}
public UserRole getRole() {
return role;
}
public String getPassword()
{
return password;
}
public void setId(Long id) {
this.id = id;
}
public void setLogin(String login)
{
this.login = login;
}
public void setPassword(String password)
{
this.password = password;
}
}

40
src/main/java/ru/ulstu/is/sbapp/HardwareShop/controller/UserSignUpDTO.java Normal file
View File

@ -0,0 +1,40 @@
package ru.ulstu.is.sbapp.HardwareShop.controller;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Size;
public class UserSignUpDTO {
@NotBlank
@Size(min = 3, max = 64)
private String login;
@NotBlank
@Size(min = 6, max = 64)
private String password;
@NotBlank
@Size(min = 6, max = 64)
private String passwordConfirm;
public String getLogin() {
return login;
}
public void setLogin(String login) {
this.login = login;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getPasswordConfirm() {
return passwordConfirm;
}
public void setPasswordConfirm(String passwordConfirm) {
this.passwordConfirm = passwordConfirm;
}
}

91
src/main/java/ru/ulstu/is/sbapp/HardwareShop/models/User.java Normal file
View File

@ -0,0 +1,91 @@
package ru.ulstu.is.sbapp.HardwareShop.models;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Size;
import ru.ulstu.is.sbapp.HardwareShop.controller.UserSignUpDTO;
import javax.persistence.*;
import java.util.Objects;
@Entity
@Table(name = "users")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@Column(nullable = false, unique = true, length = 64)
@NotBlank
@Size(min = 3, max = 64)
private String login;
@Column(nullable = false, length = 64)
@NotBlank
@Size(min = 6, max = 64)
private String password;
private UserRole role;
public User() {
}
public User(String login, String password) {
this(login, password, UserRole.USER);
}
public User(String login, String password, UserRole role) {
this.login = login;
this.password = password;
this.role = role;
}
public User(UserSignUpDTO userDto){
this.login = userDto.getLogin();
this.password = userDto.getPassword();
this.role = UserRole.USER;
}
public Long getId() {
return id;
}
public String getLogin() {
return login;
}
public void setLogin(String login) {
this.login = login;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public UserRole getRole() {
return role;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
User user = (User) o;
return Objects.equals(id, user.id) && Objects.equals(login, user.login);
}
@Override
public int hashCode() {
return Objects.hash(id, login);
}
@Override
public String toString() {
return "User{" +
"id=" + id +
", login='" + login + '\'' +
", password='" + password + '\'' +
", role='" + role + '\'' +
'}';
}
}

20
src/main/java/ru/ulstu/is/sbapp/HardwareShop/models/UserRole.java Normal file
View File

@ -0,0 +1,20 @@
package ru.ulstu.is.sbapp.HardwareShop.models;
import org.springframework.security.core.GrantedAuthority;
public enum UserRole implements GrantedAuthority {
ADMIN,
USER;
private static final String PREFIX = "ROLE_";
@Override
public String getAuthority() {
return PREFIX + this.name();
}
public static final class AsString {
public static final String ADMIN = PREFIX + "ADMIN";
public static final String USER = PREFIX + "USER";
}
}

8
src/main/java/ru/ulstu/is/sbapp/HardwareShop/repository/UserRepository.java Normal file
View File

@ -0,0 +1,8 @@
package ru.ulstu.is.sbapp.HardwareShop.repository;
import org.springframework.data.jpa.repository.JpaRepository;
import ru.ulstu.is.sbapp.HardwareShop.models.User;
public interface UserRepository extends JpaRepository<User, Long> {
User findOneByLoginIgnoreCase(String login);
}

7
src/main/java/ru/ulstu/is/sbapp/HardwareShop/services/UserNotFoundException.java Normal file
View File

@ -0,0 +1,7 @@
package ru.ulstu.is.sbapp.HardwareShop.services;
public class UserNotFoundException extends RuntimeException{
public UserNotFoundException(Long id) {
super(String.format("User with id [%s] is not found", id));
}
}

129
src/main/java/ru/ulstu/is/sbapp/HardwareShop/services/UserService.java Normal file
View File

@ -0,0 +1,129 @@
package ru.ulstu.is.sbapp.HardwareShop.services;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Sort;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;
import ru.ulstu.is.sbapp.HardwareShop.controller.UserDto;
import ru.ulstu.is.sbapp.HardwareShop.controller.UserSignUpDTO;
import ru.ulstu.is.sbapp.HardwareShop.models.User;
import ru.ulstu.is.sbapp.HardwareShop.models.UserRole;
import ru.ulstu.is.sbapp.HardwareShop.repository.UserRepository;
import jakarta.validation.ValidationException;
import ru.ulstu.is.sbapp.jwt.JwtException;
import ru.ulstu.is.sbapp.jwt.JwtProvider;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
@Service
public class UserService implements UserDetailsService {
private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder;
private final JwtProvider jwtProvider;
public UserService(UserRepository userRepository,
PasswordEncoder passwordEncoder,
JwtProvider jwtProvider){
this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder;
this.jwtProvider = jwtProvider;
}
public User findByLogin(String login) {
return userRepository.findOneByLoginIgnoreCase(login);
}
public Page<User> findAllPages(int page, int size) {
return userRepository.findAll(PageRequest.of(page - 1, size, Sort.by("id").ascending()));
}
@Transactional
public User addUser(UserSignUpDTO userDto){
final User user = new User(userDto);
userRepository.save(user);
return user;
}
@Transactional
public User addUser(String login, String password,
String passwordConfirm,
UserRole role){
if (findByLogin(login) != null) {
throw new ValidationException(String.format("User '%s' already exists", login));
}
if (!Objects.equals(password, passwordConfirm)) {
throw new ValidationException("Passwords not equals");
}
final User user = new User(login,passwordEncoder.encode(password),role);
return userRepository.save(user);
}
@Transactional(readOnly = true)
public User findUser(Long id) {
final Optional<User> user = userRepository.findById(id);
return user.orElseThrow(() -> new UserNotFoundException(id));
}
@Transactional(readOnly = true)
public List<User> findAllUsers() {
return userRepository.findAll();
}
@Transactional
public User updateUser(UserDto userDto) {
final User currentUser = findUser(userDto.getId());
currentUser.setLogin(userDto.getLogin());
currentUser.setPassword(userDto.getPassword());
return userRepository.save(currentUser);
}
@Transactional
public User updateUser(Long id,String login, String password) {
if (!StringUtils.hasText(login) || !StringUtils.hasText(password)) {
throw new IllegalArgumentException("User name, login or password is null or empty");
}
final User currentUser = findUser(id);
currentUser.setLogin(login);
currentUser.setPassword(password);
return userRepository.save(currentUser);
}
@Transactional
public void deleteUser(Long id) {
userRepository.deleteById(id);
}
@Transactional
public void deleteAllUsers() {
userRepository.deleteAll();
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
final User userEntity = findByLogin(username);
if (userEntity == null) {
throw new UsernameNotFoundException(username);
}
return new org.springframework.security.core.userdetails.User(
userEntity.getLogin(), userEntity.getPassword(), Collections.singleton(userEntity.getRole()));
}
public String loginAndGetToken(UserDto userDto) {
final User user = findByLogin(userDto.getLogin());
if (user == null) {
}
if (!passwordEncoder.matches(userDto.getPassword(), user.getPassword())) {
}
return jwtProvider.generateToken(user.getLogin());
}
public UserDetails loadUserByToken(String token) throws UsernameNotFoundException {
if (!jwtProvider.isTokenValid(token)) {
throw new JwtException("Bad token");
}
final String userLogin = jwtProvider.getLoginFromToken(token)
.orElseThrow(() -> new JwtException("Token is not contain Login"));
return loadUserByUsername(userLogin);
}
}

14
src/main/java/ru/ulstu/is/sbapp/PasswordEncoderConfiguration.java Normal file
View File

@ -0,0 +1,14 @@
package ru.ulstu.is.sbapp;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class PasswordEncoderConfiguration {
@Bean
public PasswordEncoder createPasswordEncoder() {
return new BCryptPasswordEncoder();
}
}

83
src/main/java/ru/ulstu/is/sbapp/SecurityConfiguration.java Normal file
View File

@ -0,0 +1,83 @@
package ru.ulstu.is.sbapp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import ru.ulstu.is.sbapp.HardwareShop.controller.UserController;
import ru.ulstu.is.sbapp.HardwareShop.models.UserRole;
import ru.ulstu.is.sbapp.HardwareShop.services.UserService;
import ru.ulstu.is.sbapp.jwt.JwtFilter;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(
securedEnabled = true
)
public class SecurityConfiguration {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
private static final String LOGIN_URL = "/login";
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
private final UserService userService;
private final JwtFilter jwtFilter;
public SecurityConfiguration(UserService userService)
{
this.userService = userService;
this.jwtFilter = new JwtFilter(userService);
createAdminOnStartup();
}
private void createAdminOnStartup() {
final String admin = "admin";
if (userService.findByLogin(admin) == null) {
log.info("Admin user successfully created");
userService.addUser(admin, admin, admin, UserRole.ADMIN);
}
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeHttpRequests()
.antMatchers("/", SPA_URL_MASK).permitAll()
.antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
.antMatchers(HttpMethod.POST, UserController.URL_SIGN_UP).permitAll()
.antMatchers(HttpMethod.POST, UserController.URL_WHO_AM_I).permitAll()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.anonymous();
return http.userDetailsService(userService).build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/*.js")
.antMatchers("/*.html")
.antMatchers("/*.css")
.antMatchers("/assets/**")
.antMatchers("/favicon.ico")
.antMatchers("/.js", "/.css")
.antMatchers("/swagger-ui/index.html")
.antMatchers("/webjars/**")
.antMatchers("/swagger-resources/**")
.antMatchers("/v3/api-docs/**")
.antMatchers("/h2-console/**");
}
}

11
src/main/java/ru/ulstu/is/sbapp/jwt/JwtException.java Normal file
View File

@ -0,0 +1,11 @@
package ru.ulstu.is.sbapp.jwt;
public class JwtException extends RuntimeException {
public JwtException(Throwable throwable) {
super(throwable);
}
public JwtException(String message) {
super(message);
}
}

72
src/main/java/ru/ulstu/is/sbapp/jwt/JwtFilter.java Normal file
View File

@ -0,0 +1,72 @@
package ru.ulstu.is.sbapp.jwt;
import com.fasterxml.jackson.databind.ObjectMapper;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
import ru.ulstu.is.sbapp.HardwareShop.services.UserService;
import java.io.IOException;
public class JwtFilter extends GenericFilterBean {
private static final String AUTHORIZATION = "Authorization";
public static final String TOKEN_BEGIN_STR = "Bearer ";
private final UserService userService;
public JwtFilter(UserService userService) {
this.userService = userService;
}
private String getTokenFromRequest(HttpServletRequest request) {
String bearer = request.getHeader(AUTHORIZATION);
if (StringUtils.hasText(bearer) && bearer.startsWith(TOKEN_BEGIN_STR)) {
return bearer.substring(TOKEN_BEGIN_STR.length());
}
return null;
}
private void raiseException(ServletResponse response, int status, String message) throws IOException {
if (response instanceof final HttpServletResponse httpResponse) {
httpResponse.setContentType(MediaType.APPLICATION_JSON_VALUE);
httpResponse.setStatus(status);
final byte[] body = new ObjectMapper().writeValueAsBytes(message);
response.getOutputStream().write(body);
}
}
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof final HttpServletRequest httpRequest) {
final String token = getTokenFromRequest(httpRequest);
if (StringUtils.hasText(token)) {
try {
final UserDetails user = userService.loadUserByToken(token);
final UsernamePasswordAuthenticationToken auth =
new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
} catch (JwtException e) {
raiseException(response, HttpServletResponse.SC_UNAUTHORIZED, e.getMessage());
return;
} catch (Exception e) {
e.printStackTrace();
raiseException(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
String.format("Internal error: %s", e.getMessage()));
return;
}
}
}
chain.doFilter(request, response);
}
}

27
src/main/java/ru/ulstu/is/sbapp/jwt/JwtProperties.java Normal file
View File

@ -0,0 +1,27 @@
package ru.ulstu.is.sbapp.jwt;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
@Configuration
@ConfigurationProperties(prefix = "jwt", ignoreInvalidFields = true)
public class JwtProperties {
private String devToken = "";
private Boolean isDev = true;
public String getDevToken() {
return devToken;
}
public void setDevToken(String devToken) {
this.devToken = devToken;
}
public Boolean isDev() {
return isDev;
}
public void setDev(Boolean dev) {
isDev = dev;
}
}

108
src/main/java/ru/ulstu/is/sbapp/jwt/JwtProvider.java Normal file
View File

@ -0,0 +1,108 @@
package ru.ulstu.is.sbapp.jwt;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.LocalDate;
import java.time.ZoneId;
import java.util.Date;
import java.util.Optional;
import java.util.UUID;
@Component
public class JwtProvider {
private final static Logger LOG = LoggerFactory.getLogger(JwtProvider.class);
private final static byte[] HEX_ARRAY = "0123456789ABCDEF".getBytes(StandardCharsets.US_ASCII);
private final static String ISSUER = "auth0";
private final Algorithm algorithm;
private final JWTVerifier verifier;
public JwtProvider(JwtProperties jwtProperties) {
if (!jwtProperties.isDev()) {
LOG.info("Generate new JWT key for prod");
try {
final MessageDigest salt = MessageDigest.getInstance("SHA-256");
salt.update(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8));
LOG.info("Use generated JWT key for prod \n{}", bytesToHex(salt.digest()));
algorithm = Algorithm.HMAC256(bytesToHex(salt.digest()));
} catch (NoSuchAlgorithmException e) {
throw new JwtException(e);
}
} else {
LOG.info("Use default JWT key for dev \n{}", jwtProperties.getDevToken());
algorithm = Algorithm.HMAC256(jwtProperties.getDevToken());
}
verifier = JWT.require(algorithm)
.withIssuer(ISSUER)
.build();
}
private static String bytesToHex(byte[] bytes) {
byte[] hexChars = new byte[bytes.length * 2];
for (int j = 0; j < bytes.length; j++) {
int v = bytes[j] & 0xFF;
hexChars[j * 2] = HEX_ARRAY[v >>> 4];
hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
}
return new String(hexChars, StandardCharsets.UTF_8);
}
public String generateToken(String login) {
final Date issueDate = Date.from(LocalDate.now()
.atStartOfDay(ZoneId.systemDefault())
.toInstant());
final Date expireDate = Date.from(LocalDate.now()
.plusDays(15)
.atStartOfDay(ZoneId.systemDefault())
.toInstant());
var temp = JWT.create();
var temp2 = temp.withIssuer(ISSUER);
var temp3 = temp2.withIssuedAt(issueDate);
var temp4 = temp3.withExpiresAt(expireDate);
var temp5 = temp4.withSubject(login);
var temp6 = temp5.sign(algorithm);
return temp6;
}
private DecodedJWT validateToken(String token) {
try {
return verifier.verify(token);
} catch (JWTVerificationException e) {
throw new JwtException(String.format("Token verification error: %s", e.getMessage()));
}
}
public boolean isTokenValid(String token) {
if (!StringUtils.hasText(token)) {
return false;
}
try {
validateToken(token);
return true;
} catch (JwtException e) {
LOG.error(e.getMessage());
return false;
}
}
public Optional<String> getLoginFromToken(String token) {
try {
return Optional.ofNullable(validateToken(token).getSubject());
} catch (JwtException e) {
LOG.error(e.getMessage());
return Optional.empty();
}
}
}

5
src/main/resources/application.properties
View File

@ -8,4 +8,7 @@ spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
spring.jpa.hibernate.ddl-auto=update
spring.h2.console.enabled=true
spring.h2.console.settings.trace=false
spring.h2.console.settings.web-allow-others=false
spring.h2.console.settings.web-allow-others=false
jwt.dev-token=my-secret-jwt
jwt.dev=true
jwt.secret = my-secret-jwt