diff --git a/src/main/java/com/example/demo/configuration/SecurityConfiguration.java b/src/main/java/com/example/demo/configuration/SecurityConfiguration.java index 80e6a43..15e5837 100644 --- a/src/main/java/com/example/demo/configuration/SecurityConfiguration.java +++ b/src/main/java/com/example/demo/configuration/SecurityConfiguration.java @@ -54,6 +54,7 @@ public class SecurityConfiguration { .and() .authorizeHttpRequests() .requestMatchers("/", SPA_URL_MASK).permitAll() + .requestMatchers(HttpMethod.GET, OpenAPI30Configuration.API_PREFIX + "/product/").permitAll() .requestMatchers(HttpMethod.POST, MasterController.URL_LOGIN).permitAll() .requestMatchers(HttpMethod.POST, MasterController.URL_SING_UP).permitAll() .requestMatchers(HttpMethod.POST, MasterController.URL_WHO_AM_I).permitAll() diff --git a/src/main/java/com/example/demo/master/Master.java b/src/main/java/com/example/demo/master/Master.java index db4192b..25dd6ac 100644 --- a/src/main/java/com/example/demo/master/Master.java +++ b/src/main/java/com/example/demo/master/Master.java @@ -86,12 +86,15 @@ public class Master { @Override public String toString() { - return "Master{" + - "id=" + id + - ", firstName='" + firstName + '\'' + - ", lastName='" + lastName + '\'' + - ", email='" + email + '\'' + - ", password='" + password + '\'' + + return "{" + + "\"id\":" + id + + ", \"firstName\":\"" + firstName + '\"' + + ", \"lastName\":\"" + lastName + '\"' + + ", \"email\":\"" + email + '\"' + + ", \"password\":\"" + password + '\"' + + ", \"role\":\"" + role + "\"" + '}'; } + + } \ No newline at end of file diff --git a/src/main/java/com/example/demo/master/MasterController.java b/src/main/java/com/example/demo/master/MasterController.java index 976dc7f..c31a4b8 100644 --- a/src/main/java/com/example/demo/master/MasterController.java +++ b/src/main/java/com/example/demo/master/MasterController.java @@ -8,6 +8,7 @@ import jakarta.validation.Valid; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.*; +import java.io.Console; import java.security.Principal; import java.util.List; @@ -26,7 +27,7 @@ public class MasterController { } @PostMapping(URL_LOGIN) - public String login(@RequestBody @Valid MasterDto userDto) { + public String login(@RequestBody @Valid MasterLoginDto userDto) { return masterService.loginAndGetToken(userDto); } @@ -35,7 +36,7 @@ public class MasterController { try { final Master master = masterService.addMaster(masterSignupDto.getFirstName(), masterSignupDto.getLastName(), masterSignupDto.getEmail(), masterSignupDto.getPassword(), MasterRole.USER); - final Order order = orderService.addOrder(master.getId()); + orderService.addOrder(master.getId()); return "created " + master.getEmail(); } catch (ValidationException e) { return e.getMessage(); @@ -46,12 +47,7 @@ public class MasterController { public String whoAmI(@RequestParam("token") String token) { UserDetails userDetails = masterService.loadUserByToken(token); Master master = masterService.findMaster(userDetails.getUsername()); - return master.getRole().toString(); - } - - @GetMapping(OpenAPI30Configuration.API_PREFIX + "/master") - public MasterDto getCurrentMaster(Principal principal) { - return new MasterDto(masterService.findMaster(principal.getName())); + return master.toString(); } @PatchMapping(OpenAPI30Configuration.API_PREFIX + "/master") @@ -59,8 +55,10 @@ public class MasterController { @RequestParam("lastName") String lastName, @RequestParam("email") String email, @RequestParam("password") String password, - Principal principal) { - return new MasterDto(masterService.updateMaster(masterService.findMaster(principal.getName()).getId(), + @RequestParam("token") String token) { + UserDetails userDetails = masterService.loadUserByToken(token); + Master master = masterService.findMaster(userDetails.getUsername()); + return new MasterDto(masterService.updateMaster(master.getId(), firstName, lastName, email, password)); } diff --git a/src/main/java/com/example/demo/master/MasterDto.java b/src/main/java/com/example/demo/master/MasterDto.java index 9e888ab..d5c81bc 100644 --- a/src/main/java/com/example/demo/master/MasterDto.java +++ b/src/main/java/com/example/demo/master/MasterDto.java @@ -7,9 +7,9 @@ import java.util.List; public class MasterDto { private final Long id; - @NotBlank + private final String firstName; - @NotBlank + private final String lastName; @NotBlank diff --git a/src/main/java/com/example/demo/master/MasterLoginDto.java b/src/main/java/com/example/demo/master/MasterLoginDto.java new file mode 100644 index 0000000..7450663 --- /dev/null +++ b/src/main/java/com/example/demo/master/MasterLoginDto.java @@ -0,0 +1,23 @@ +package com.example.demo.master; + +import jakarta.validation.constraints.NotBlank; + +public class MasterLoginDto { + @NotBlank + private String email; + @NotBlank + private String password; + + + public String getEmail() {return email; } + + public String getPassword() { return password; } + + public void setEmail(String email) { + this.email = email; + } + + public void setPassword(String password) { + this.password = password; + } +} diff --git a/src/main/java/com/example/demo/master/MasterService.java b/src/main/java/com/example/demo/master/MasterService.java index 0c2f789..b3151c3 100644 --- a/src/main/java/com/example/demo/master/MasterService.java +++ b/src/main/java/com/example/demo/master/MasterService.java @@ -100,7 +100,7 @@ public class MasterService implements UserDetailsService { masterRepository.deleteAll(); } - public String loginAndGetToken(MasterDto userDto) { + public String loginAndGetToken(MasterLoginDto userDto) { final Master master = findMaster(userDto.getEmail()); if (master == null) { throw new MasterNotFoundException(userDto.getEmail()); diff --git a/src/main/java/com/example/demo/order/OrderController.java b/src/main/java/com/example/demo/order/OrderController.java index f4a0617..9045f33 100644 --- a/src/main/java/com/example/demo/order/OrderController.java +++ b/src/main/java/com/example/demo/order/OrderController.java @@ -2,9 +2,14 @@ package com.example.demo.order; import com.example.demo.configuration.OpenAPI30Configuration; import com.example.demo.configuration.WebConfiguration; +import com.example.demo.master.Master; +import com.example.demo.master.MasterRole; import com.example.demo.master.MasterService; +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.*; +import java.net.http.HttpHeaders; import java.security.Principal; import java.util.List; @@ -19,38 +24,43 @@ public class OrderController { this.masterService = masterService; } - @GetMapping("/{id}") - public OrderDto getOrder(@PathVariable Long id) { - return new OrderDto(orderService.findOrder(id)); + @GetMapping("/") + public OrderDto getOrder(@RequestHeader("Authorization") String token) { + UserDetails userDetails = masterService.loadUserByToken(token.substring(7)); + Master master = masterService.findMaster(userDetails.getUsername()); + return new OrderDto(orderService.findOrder(master.getId())); } @DeleteMapping("/") - public void buyProducts(Principal principal) { - orderService.buyProducts(masterService.findMaster(principal.getName()).getId()); + public void buyProducts(@RequestHeader("Authorization") String token) { + UserDetails userDetails = masterService.loadUserByToken(token.substring(7)); + Master master = masterService.findMaster(userDetails.getUsername()); + orderService.buyProducts(master.getId()); } - @GetMapping("/") + @GetMapping("/all") public List getOrder() { return orderService.findAllOrders().stream().map(OrderDto::new).toList(); } - @PostMapping("/") - public OrderDto createOrder(@RequestParam("master") Long masterId) { - return new OrderDto(orderService.addOrder(masterId)); - } @PostMapping("/{product}") - public void addProduct(@PathVariable("product") Long productId, Principal principal) { - orderService.addProduct(masterService.findMaster(principal.getName()).getId(), productId); + public void addProduct(@PathVariable("product") Long productId, @RequestHeader("Authorization") String token) { + UserDetails userDetails = masterService.loadUserByToken(token.substring(7)); + Master master = masterService.findMaster(userDetails.getUsername()); + orderService.addProduct(master.getId(), productId); } @DeleteMapping("/{product}") - public void deleteProduct(@PathVariable("product") Long productId, Principal principal) { - orderService.deleteProduct(masterService.findMaster(principal.getName()).getId(), productId); + public void deleteProduct(@PathVariable("product") Long productId, @RequestHeader("Authorization") String token) { + UserDetails userDetails = masterService.loadUserByToken(token.substring(7)); + Master master = masterService.findMaster(userDetails.getUsername()); + orderService.deleteProduct(master.getId(), productId); } - @GetMapping("/findOrders/{masterId}") - public List findOrders(@PathVariable("masterId") Long masterId) { - return orderService.findMastersOrders(masterId).stream().map(OrderDto::new).toList(); + @GetMapping("/findOrders/{id}") + @Secured(MasterRole.AsString.ADMIN) + public List findOrders(@PathVariable("id") Long id) { + return orderService.findMastersOrders(id).stream().map(OrderDto::new).toList(); } } diff --git a/src/main/java/com/example/demo/product/ProductController.java b/src/main/java/com/example/demo/product/ProductController.java index 64e6650..ffec8d0 100644 --- a/src/main/java/com/example/demo/product/ProductController.java +++ b/src/main/java/com/example/demo/product/ProductController.java @@ -2,24 +2,21 @@ package com.example.demo.product; import com.example.demo.configuration.OpenAPI30Configuration; import com.example.demo.configuration.WebConfiguration; -import org.springframework.web.bind.annotation.DeleteMapping; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PatchMapping; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; +import com.example.demo.master.Master; +import com.example.demo.master.MasterService; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.web.bind.annotation.*; import java.util.List; @RestController @RequestMapping(OpenAPI30Configuration.API_PREFIX + "/product") public class ProductController { private final ProductService productService; + private final MasterService masterService; - - public ProductController(ProductService productService) { + public ProductController(ProductService productService, MasterService masterService) { this.productService = productService; + this.masterService = masterService; } @GetMapping("/{id}") @@ -32,16 +29,20 @@ public class ProductController { return productService.findAllProducts().stream().map(ProductDto::new).toList(); } - @GetMapping("/master/{id}") - public List getMasterProduct(@PathVariable("id") Long id) { - return productService.findProducts(id).stream().map(ProductDto::new).toList(); + @GetMapping("/master") + public List getMasterProduct(@RequestHeader("Authorization") String token) { + UserDetails userDetails = masterService.loadUserByToken(token.substring(7)); + Master master = masterService.findMaster(userDetails.getUsername()); + return productService.findProducts(master.getId()).stream().map(ProductDto::new).toList(); } - @PostMapping("/{name}/{cost}/{masterId}") + @PostMapping("/{name}/{cost}") public ProductDto createProduct(@PathVariable("name") String name, @PathVariable("cost") Integer cost, - @PathVariable("masterId") Long masterId) { - return new ProductDto(productService.addProduct(name, cost, masterId)); + @RequestHeader("Authorization") String token) { + UserDetails userDetails = masterService.loadUserByToken(token.substring(7)); + Master master = masterService.findMaster(userDetails.getUsername()); + return new ProductDto(productService.addProduct(name, cost, master.getId())); } @PatchMapping("/{id}") diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index d626bbd..4a2ed44 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -9,3 +9,5 @@ spring.jpa.hibernate.ddl-auto=update spring.h2.console.enabled=true spring.h2.console.settings.trace=false spring.h2.console.settings.web-allow-others=false +jwt.dev-token=my-secret-jwt +jwt.dev=true