diff options
| author | sowgro <tpoke.ferrari@gmail.com> | 2025-03-17 17:17:06 -0400 |
|---|---|---|
| committer | sowgro <tpoke.ferrari@gmail.com> | 2025-03-17 17:17:06 -0400 |
| commit | baf4f2c0189d5c5f8ade40f0ceaed3ab7a7d4754 (patch) | |
| tree | e9213224b8f1b35b860f016a6a3d1318def8aae2 /ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java | |
| parent | bf33fa3ca9f29b1e75cc077ae2eaaf4f5725e4b3 (diff) | |
| parent | d737551fba5617843f3014be6994490dd4328183 (diff) | |
| download | JellySolutions-baf4f2c0189d5c5f8ade40f0ceaed3ab7a7d4754.tar.gz JellySolutions-baf4f2c0189d5c5f8ade40f0ceaed3ab7a7d4754.tar.bz2 JellySolutions-baf4f2c0189d5c5f8ade40f0ceaed3ab7a7d4754.zip | |
Merge remote-tracking branch 'origin/main' into cupboard-component
# Conflicts:
# ufund-api/data/cupboard.json
# ufund-ui/src/app/app.module.ts
Diffstat (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java')
| -rw-r--r-- | ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java new file mode 100644 index 0000000..5a1a492 --- /dev/null +++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java @@ -0,0 +1,70 @@ +package com.ufund.api.ufundapi.service; + +import com.ufund.api.ufundapi.model.User; +import com.ufund.api.ufundapi.model.UserAuth; +import com.ufund.api.ufundapi.persistence.UserAuthDAO; +import org.springframework.stereotype.Component; + +import java.io.IOException; + +@Component +public class AuthService { + + private final UserAuthDAO userAuthDAO; + private final UserService userService; + + public AuthService(UserAuthDAO userAuthDAO, UserService userService) { + this.userAuthDAO = userAuthDAO; + this.userService = userService; + } + + /** + * Check if the provided key has access to the provided user. + * + * @param targetUsername The targetUsername of the user trying to be accessed. + * @param key The api key obtained by the client from logging in. + * @throws IllegalAccessException Thrown if access was denied to the user. + */ + public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException { + var userAuth = userAuthDAO.getUserAuth(key); + if (userAuth == null) { + throw new IllegalAccessException("Unauthenticated"); + } + + var username = userAuth.getUsername(); + var userType = userService.getUser(username).getType(); + if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) { + throw new IllegalAccessException("Unauthorized"); + } + } + + /** + * Attempt to log in with the provided credentials + * + * @param username The username of the user + * @param password The password of the user + * @return An API key if the authentication was successful. + * @throws IllegalAccessException Thrown if the username or password was incorrect + * @throws IOException If there was an issue saving the authentication + */ + public String login(String username, String password) throws IllegalAccessException, IOException { + var usr = userService.getUser(username); + if (usr == null || !usr.verifyPassword(password)) { + throw new IllegalAccessException("Unauthorized"); + } + var userAuth = UserAuth.generate(username); + userAuthDAO.addUserAuth(userAuth); + return userAuth.getKey(); + } + + /** + * Logs out the current user + * + * @param key The API key to of the client + * @throws IOException Thrown if there was an error saving the authentication + */ + public void logout(String key) throws IOException { + userAuthDAO.removeUserAuth(key); + } + +} |