Lab 6 Jwt
This commit is contained in:
parent
fed78e90b7
commit
53ad7be331
@ -54,6 +54,7 @@ public class SecurityConfiguration {
|
||||
.and()
|
||||
.authorizeHttpRequests()
|
||||
.requestMatchers("/", SPA_URL_MASK).permitAll()
|
||||
.requestMatchers(HttpMethod.GET, OpenAPI30Configuration.API_PREFIX + "/product/").permitAll()
|
||||
.requestMatchers(HttpMethod.POST, MasterController.URL_LOGIN).permitAll()
|
||||
.requestMatchers(HttpMethod.POST, MasterController.URL_SING_UP).permitAll()
|
||||
.requestMatchers(HttpMethod.POST, MasterController.URL_WHO_AM_I).permitAll()
|
||||
|
||||
@ -86,12 +86,15 @@ public class Master {
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "Master{" +
|
||||
"id=" + id +
|
||||
", firstName='" + firstName + '\'' +
|
||||
", lastName='" + lastName + '\'' +
|
||||
", email='" + email + '\'' +
|
||||
", password='" + password + '\'' +
|
||||
return "{" +
|
||||
"\"id\":" + id +
|
||||
", \"firstName\":\"" + firstName + '\"' +
|
||||
", \"lastName\":\"" + lastName + '\"' +
|
||||
", \"email\":\"" + email + '\"' +
|
||||
", \"password\":\"" + password + '\"' +
|
||||
", \"role\":\"" + role + "\"" +
|
||||
'}';
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@ -8,6 +8,7 @@ import jakarta.validation.Valid;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.io.Console;
|
||||
import java.security.Principal;
|
||||
import java.util.List;
|
||||
|
||||
@ -26,7 +27,7 @@ public class MasterController {
|
||||
}
|
||||
|
||||
@PostMapping(URL_LOGIN)
|
||||
public String login(@RequestBody @Valid MasterDto userDto) {
|
||||
public String login(@RequestBody @Valid MasterLoginDto userDto) {
|
||||
return masterService.loginAndGetToken(userDto);
|
||||
}
|
||||
|
||||
@ -35,7 +36,7 @@ public class MasterController {
|
||||
try {
|
||||
final Master master = masterService.addMaster(masterSignupDto.getFirstName(), masterSignupDto.getLastName(),
|
||||
masterSignupDto.getEmail(), masterSignupDto.getPassword(), MasterRole.USER);
|
||||
final Order order = orderService.addOrder(master.getId());
|
||||
orderService.addOrder(master.getId());
|
||||
return "created " + master.getEmail();
|
||||
} catch (ValidationException e) {
|
||||
return e.getMessage();
|
||||
@ -46,12 +47,7 @@ public class MasterController {
|
||||
public String whoAmI(@RequestParam("token") String token) {
|
||||
UserDetails userDetails = masterService.loadUserByToken(token);
|
||||
Master master = masterService.findMaster(userDetails.getUsername());
|
||||
return master.getRole().toString();
|
||||
}
|
||||
|
||||
@GetMapping(OpenAPI30Configuration.API_PREFIX + "/master")
|
||||
public MasterDto getCurrentMaster(Principal principal) {
|
||||
return new MasterDto(masterService.findMaster(principal.getName()));
|
||||
return master.toString();
|
||||
}
|
||||
|
||||
@PatchMapping(OpenAPI30Configuration.API_PREFIX + "/master")
|
||||
@ -59,8 +55,10 @@ public class MasterController {
|
||||
@RequestParam("lastName") String lastName,
|
||||
@RequestParam("email") String email,
|
||||
@RequestParam("password") String password,
|
||||
Principal principal) {
|
||||
return new MasterDto(masterService.updateMaster(masterService.findMaster(principal.getName()).getId(),
|
||||
@RequestParam("token") String token) {
|
||||
UserDetails userDetails = masterService.loadUserByToken(token);
|
||||
Master master = masterService.findMaster(userDetails.getUsername());
|
||||
return new MasterDto(masterService.updateMaster(master.getId(),
|
||||
firstName, lastName, email, password));
|
||||
}
|
||||
|
||||
|
||||
@ -7,9 +7,9 @@ import java.util.List;
|
||||
|
||||
public class MasterDto {
|
||||
private final Long id;
|
||||
@NotBlank
|
||||
|
||||
private final String firstName;
|
||||
@NotBlank
|
||||
|
||||
private final String lastName;
|
||||
|
||||
@NotBlank
|
||||
|
||||
23
src/main/java/com/example/demo/master/MasterLoginDto.java
Normal file
23
src/main/java/com/example/demo/master/MasterLoginDto.java
Normal file
@ -0,0 +1,23 @@
|
||||
package com.example.demo.master;
|
||||
|
||||
import jakarta.validation.constraints.NotBlank;
|
||||
|
||||
public class MasterLoginDto {
|
||||
@NotBlank
|
||||
private String email;
|
||||
@NotBlank
|
||||
private String password;
|
||||
|
||||
|
||||
public String getEmail() {return email; }
|
||||
|
||||
public String getPassword() { return password; }
|
||||
|
||||
public void setEmail(String email) {
|
||||
this.email = email;
|
||||
}
|
||||
|
||||
public void setPassword(String password) {
|
||||
this.password = password;
|
||||
}
|
||||
}
|
||||
@ -100,7 +100,7 @@ public class MasterService implements UserDetailsService {
|
||||
masterRepository.deleteAll();
|
||||
}
|
||||
|
||||
public String loginAndGetToken(MasterDto userDto) {
|
||||
public String loginAndGetToken(MasterLoginDto userDto) {
|
||||
final Master master = findMaster(userDto.getEmail());
|
||||
if (master == null) {
|
||||
throw new MasterNotFoundException(userDto.getEmail());
|
||||
|
||||
@ -2,9 +2,14 @@ package com.example.demo.order;
|
||||
|
||||
import com.example.demo.configuration.OpenAPI30Configuration;
|
||||
import com.example.demo.configuration.WebConfiguration;
|
||||
import com.example.demo.master.Master;
|
||||
import com.example.demo.master.MasterRole;
|
||||
import com.example.demo.master.MasterService;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.net.http.HttpHeaders;
|
||||
import java.security.Principal;
|
||||
import java.util.List;
|
||||
|
||||
@ -19,38 +24,43 @@ public class OrderController {
|
||||
this.masterService = masterService;
|
||||
}
|
||||
|
||||
@GetMapping("/{id}")
|
||||
public OrderDto getOrder(@PathVariable Long id) {
|
||||
return new OrderDto(orderService.findOrder(id));
|
||||
@GetMapping("/")
|
||||
public OrderDto getOrder(@RequestHeader("Authorization") String token) {
|
||||
UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
|
||||
Master master = masterService.findMaster(userDetails.getUsername());
|
||||
return new OrderDto(orderService.findOrder(master.getId()));
|
||||
}
|
||||
|
||||
@DeleteMapping("/")
|
||||
public void buyProducts(Principal principal) {
|
||||
orderService.buyProducts(masterService.findMaster(principal.getName()).getId());
|
||||
public void buyProducts(@RequestHeader("Authorization") String token) {
|
||||
UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
|
||||
Master master = masterService.findMaster(userDetails.getUsername());
|
||||
orderService.buyProducts(master.getId());
|
||||
}
|
||||
|
||||
@GetMapping("/")
|
||||
@GetMapping("/all")
|
||||
public List<OrderDto> getOrder() {
|
||||
return orderService.findAllOrders().stream().map(OrderDto::new).toList();
|
||||
}
|
||||
|
||||
@PostMapping("/")
|
||||
public OrderDto createOrder(@RequestParam("master") Long masterId) {
|
||||
return new OrderDto(orderService.addOrder(masterId));
|
||||
}
|
||||
|
||||
@PostMapping("/{product}")
|
||||
public void addProduct(@PathVariable("product") Long productId, Principal principal) {
|
||||
orderService.addProduct(masterService.findMaster(principal.getName()).getId(), productId);
|
||||
public void addProduct(@PathVariable("product") Long productId, @RequestHeader("Authorization") String token) {
|
||||
UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
|
||||
Master master = masterService.findMaster(userDetails.getUsername());
|
||||
orderService.addProduct(master.getId(), productId);
|
||||
}
|
||||
|
||||
@DeleteMapping("/{product}")
|
||||
public void deleteProduct(@PathVariable("product") Long productId, Principal principal) {
|
||||
orderService.deleteProduct(masterService.findMaster(principal.getName()).getId(), productId);
|
||||
public void deleteProduct(@PathVariable("product") Long productId, @RequestHeader("Authorization") String token) {
|
||||
UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
|
||||
Master master = masterService.findMaster(userDetails.getUsername());
|
||||
orderService.deleteProduct(master.getId(), productId);
|
||||
}
|
||||
|
||||
@GetMapping("/findOrders/{masterId}")
|
||||
public List<OrderDto> findOrders(@PathVariable("masterId") Long masterId) {
|
||||
return orderService.findMastersOrders(masterId).stream().map(OrderDto::new).toList();
|
||||
@GetMapping("/findOrders/{id}")
|
||||
@Secured(MasterRole.AsString.ADMIN)
|
||||
public List<OrderDto> findOrders(@PathVariable("id") Long id) {
|
||||
return orderService.findMastersOrders(id).stream().map(OrderDto::new).toList();
|
||||
}
|
||||
}
|
||||
|
||||
@ -2,24 +2,21 @@ package com.example.demo.product;
|
||||
|
||||
import com.example.demo.configuration.OpenAPI30Configuration;
|
||||
import com.example.demo.configuration.WebConfiguration;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PatchMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import com.example.demo.master.Master;
|
||||
import com.example.demo.master.MasterService;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.util.List;
|
||||
@RestController
|
||||
@RequestMapping(OpenAPI30Configuration.API_PREFIX + "/product")
|
||||
public class ProductController {
|
||||
private final ProductService productService;
|
||||
private final MasterService masterService;
|
||||
|
||||
|
||||
public ProductController(ProductService productService) {
|
||||
public ProductController(ProductService productService, MasterService masterService) {
|
||||
this.productService = productService;
|
||||
this.masterService = masterService;
|
||||
}
|
||||
|
||||
@GetMapping("/{id}")
|
||||
@ -32,16 +29,20 @@ public class ProductController {
|
||||
return productService.findAllProducts().stream().map(ProductDto::new).toList();
|
||||
}
|
||||
|
||||
@GetMapping("/master/{id}")
|
||||
public List<ProductDto> getMasterProduct(@PathVariable("id") Long id) {
|
||||
return productService.findProducts(id).stream().map(ProductDto::new).toList();
|
||||
@GetMapping("/master")
|
||||
public List<ProductDto> getMasterProduct(@RequestHeader("Authorization") String token) {
|
||||
UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
|
||||
Master master = masterService.findMaster(userDetails.getUsername());
|
||||
return productService.findProducts(master.getId()).stream().map(ProductDto::new).toList();
|
||||
}
|
||||
|
||||
@PostMapping("/{name}/{cost}/{masterId}")
|
||||
@PostMapping("/{name}/{cost}")
|
||||
public ProductDto createProduct(@PathVariable("name") String name,
|
||||
@PathVariable("cost") Integer cost,
|
||||
@PathVariable("masterId") Long masterId) {
|
||||
return new ProductDto(productService.addProduct(name, cost, masterId));
|
||||
@RequestHeader("Authorization") String token) {
|
||||
UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
|
||||
Master master = masterService.findMaster(userDetails.getUsername());
|
||||
return new ProductDto(productService.addProduct(name, cost, master.getId()));
|
||||
}
|
||||
|
||||
@PatchMapping("/{id}")
|
||||
|
||||
@ -9,3 +9,5 @@ spring.jpa.hibernate.ddl-auto=update
|
||||
spring.h2.console.enabled=true
|
||||
spring.h2.console.settings.trace=false
|
||||
spring.h2.console.settings.web-allow-others=false
|
||||
jwt.dev-token=my-secret-jwt
|
||||
jwt.dev=true
|
||||
|
||||
Loading…
Reference in New Issue
Block a user