diff options
| author | Hayden Hartman <haydenhartman10@gmail.com> | 2025-03-15 23:59:47 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-15 23:59:47 -0400 |
| commit | 9baaa0590fbc38c06d530786a1de804ee9edd7db (patch) | |
| tree | 7c94dc98f9b1978f8ccf3c38bb3777237bf0788a /ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java | |
| parent | e4e6ae9a3d142fc78f31ee19464ec5e54bfb516f (diff) | |
| parent | a3150b8a8e17c8a71f617745bb8588b397a75f47 (diff) | |
| download | JellySolutions-9baaa0590fbc38c06d530786a1de804ee9edd7db.tar.gz JellySolutions-9baaa0590fbc38c06d530786a1de804ee9edd7db.tar.bz2 JellySolutions-9baaa0590fbc38c06d530786a1de804ee9edd7db.zip | |
Merge pull request #8 from RIT-SWEN-261-02/api-auth
First attempt at an authentication system.
Diffstat (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java')
| -rw-r--r-- | ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java new file mode 100644 index 0000000..591d891 --- /dev/null +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java @@ -0,0 +1,63 @@ +package com.ufund.api.ufundapi.service; + +import com.ufund.api.ufundapi.model.UserAuth; +import com.ufund.api.ufundapi.persistence.UserAuthDAO; +import org.springframework.stereotype.Component; + +import java.io.IOException; + +@Component +public class AuthService { + + private final UserAuthDAO userAuthDAO; + private final UserService userService; + + public AuthService(UserAuthDAO userAuthDAO, UserService userService) { + this.userAuthDAO = userAuthDAO; + this.userService = userService; + } + + /** + * Check if the provided key has access to the provided user. + * + * @param username The username of the user trying to be accessed. + * @param key The api key obtained by the client from logging in. + * @throws IllegalAccessException Thrown if access was denied to the user. + */ + public void authenticate(String username, String key) throws IllegalAccessException, IOException { + var userAuth = userAuthDAO.getUserAuth(key); + if (userAuth == null || !userAuth.getUsername().equals(username)) { + throw new IllegalAccessException("Unauthorized"); + } + } + + /** + * Attempt to log in with the provided credentials + * + * @param username The username of the user + * @param password The password of the user + * @return An API key if the authentication was successful. + * @throws IllegalAccessException Thrown if the username or password was incorrect + * @throws IOException If there was an issue saving the authentication + */ + public String login(String username, String password) throws IllegalAccessException, IOException { + var usr = userService.getUser(username); + if (usr == null || !usr.verifyPassword(password)) { + throw new IllegalAccessException("Unauthorized"); + } + var userAuth = UserAuth.generate(username); + userAuthDAO.addUserAuth(userAuth); + return userAuth.getKey(); + } + + /** + * Logs out the current user + * + * @param key The API key to of the client + * @throws IOException Thrown if there was an error saving the authentication + */ + public void logout(String key) throws IOException { + userAuthDAO.removeUserAuth(key); + } + +} |