diff options
| author | Hayden Hartman <haydenhartman10@gmail.com> | 2025-03-15 23:59:47 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-15 23:59:47 -0400 |
| commit | 9baaa0590fbc38c06d530786a1de804ee9edd7db (patch) | |
| tree | 7c94dc98f9b1978f8ccf3c38bb3777237bf0788a /ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java | |
| parent | e4e6ae9a3d142fc78f31ee19464ec5e54bfb516f (diff) | |
| parent | a3150b8a8e17c8a71f617745bb8588b397a75f47 (diff) | |
| download | JellySolutions-9baaa0590fbc38c06d530786a1de804ee9edd7db.tar.gz JellySolutions-9baaa0590fbc38c06d530786a1de804ee9edd7db.tar.bz2 JellySolutions-9baaa0590fbc38c06d530786a1de804ee9edd7db.zip | |
Merge pull request #8 from RIT-SWEN-261-02/api-auth
First attempt at an authentication system.
Diffstat (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java')
| -rw-r--r-- | ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java | 81 |
1 files changed, 51 insertions, 30 deletions
diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java index 4e5f156..adf17a1 100644 --- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java @@ -1,6 +1,8 @@ package com.ufund.api.ufundapi.controller; import java.io.IOException; +import java.security.InvalidParameterException; +import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; @@ -12,43 +14,47 @@ import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import com.ufund.api.ufundapi.DuplicateKeyException; import com.ufund.api.ufundapi.model.User; -import com.ufund.api.ufundapi.persistence.UserDAO; +import com.ufund.api.ufundapi.service.AuthService; +import com.ufund.api.ufundapi.service.UserService; @RestController @RequestMapping("users") public class UserController { - private static final Logger LOG = Logger.getLogger(CupboardController.class.getName()); - private final UserDAO UserDAO; + private static final Logger LOG = Logger.getLogger(UserController.class.getName()); + private final UserService userService; + private final AuthService authService; - /** - * Create a user controller to receive REST signals - * - * @param userDAO The Data Access Object - */ - public UserController(UserDAO userDAO) { - this.UserDAO = userDAO; + public UserController(UserService userService, AuthService authService) { + this.userService = userService; + this.authService = authService; } /** * Creates a User with the provided object - * - * @param user The user to create + * @param params A map consisting of the parameters for a user * @return OK response and the user if it was successful, INTERNAL_SERVER_ERROR * otherwise */ @PostMapping("") - public ResponseEntity<User> createUser(@RequestBody User user) { + public ResponseEntity<User> createUser(@RequestBody Map<String, String> params) { + String username = params.get("username"); + String password = params.get("password"); + try { - if (UserDAO.createUser(user) != null) { + User user = userService.createUser(username, password); + if (user != null) { return new ResponseEntity<>(user, HttpStatus.CREATED); } else { return new ResponseEntity<>(HttpStatus.CONFLICT); } - + } catch (DuplicateKeyException ex) { + return new ResponseEntity<>(HttpStatus.CONFLICT); } catch (IOException ex) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); } @@ -57,23 +63,27 @@ public class UserController { /** * Responds to the GET request for a {@linkplain User user} for the given id * + * @param username The name of the user + * @param key The authentication key of the user * @return ResponseEntity with {@link User user} object and HTTP status of OK if * found<br> * ResponseEntity with HTTP status of NOT_FOUND if not found<br> * ResponseEntity with HTTP status of INTERNAL_SERVER_ERROR otherwise */ - @GetMapping("/{name}") - public ResponseEntity<User> getUser(@PathVariable String name) { - LOG.log(Level.INFO, "GET /user/{0}", name); + @GetMapping("/{username}") + public ResponseEntity<User> getUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) { + LOG.log(Level.INFO, "GET /user/{0}", username); try { - User user = UserDAO.getUser(name); + authService.authenticate(username, key); + User user = userService.getUser(username); if (user != null) { - return new ResponseEntity<>(user, HttpStatus.OK); + return new ResponseEntity<>(user.withoutPasswordHash(), HttpStatus.OK); } else { return new ResponseEntity<>(HttpStatus.NOT_FOUND); } - + } catch (IllegalAccessException ex) { + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } catch (IOException e) { LOG.log(Level.SEVERE, e.getLocalizedMessage()); return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); @@ -84,42 +94,53 @@ public class UserController { /** * Updates a User with the provided one * - * @param user The user to update + * @param user The user to update + * @param username The name of the user + * @param key The authentication key of the user * @return OK response and the user if it was successful, or * INTERNAL_SERVER_ERROR if there was an issue */ - @PutMapping("/{name}") - public ResponseEntity<User> updateUser(@RequestBody User user, @PathVariable String name) { + @PutMapping("/{username}") + public ResponseEntity<User> updateUser(@RequestBody User user, @PathVariable String username, @RequestHeader("jelly-api-key") String key) { try { - user = UserDAO.updateUser(user, name); + authService.authenticate(username, key); + user = userService.updateUser(user, username); if (user != null) { return new ResponseEntity<>(user, HttpStatus.OK); } else { return new ResponseEntity<>(HttpStatus.NOT_FOUND); } - + } catch (InvalidParameterException ex) { + return new ResponseEntity<>(HttpStatus.BAD_REQUEST); } catch (IOException e) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); + } catch (IllegalAccessException e) { + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } } /** * Deletes a user with the desired name * - * @param name The name of the user + * @param username The name of the user + * @param key The authentication key of the user * @return OK if the user was deleted, NOT_FOUND if the user was not found, or * INTERNAL_SERVER_ERROR if an error occurred */ - @DeleteMapping("/{name}") - public ResponseEntity<User> deleteUser(@PathVariable String name) { + @DeleteMapping("/{username}") + public ResponseEntity<Boolean> deleteUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) { + try { - if (UserDAO.deleteUser(name)) { + authService.authenticate(username, key); + if (userService.deleteUser(username)) { return new ResponseEntity<>(HttpStatus.OK); } else { return new ResponseEntity<>(HttpStatus.NOT_FOUND); } } catch (IOException e) { return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); + } catch (IllegalAccessException e) { + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } } |