1 files changed, 51 insertions, 30 deletions

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
index 4e5f156..adf17a1 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
@@ -1,6 +1,8 @@
 package com.ufund.api.ufundapi.controller;
 
 import java.io.IOException;
+import java.security.InvalidParameterException;
+import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -12,43 +14,47 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.ufund.api.ufundapi.DuplicateKeyException;
 import com.ufund.api.ufundapi.model.User;
-import com.ufund.api.ufundapi.persistence.UserDAO;
+import com.ufund.api.ufundapi.service.AuthService;
+import com.ufund.api.ufundapi.service.UserService;
 
 @RestController
 @RequestMapping("users")
 public class UserController {
-    private static final Logger LOG = Logger.getLogger(CupboardController.class.getName());
-    private final UserDAO UserDAO;
+    private static final Logger LOG = Logger.getLogger(UserController.class.getName());
+    private final UserService userService;
+    private final AuthService authService;    
 
-    /**
-     * Create a user controller to receive REST signals
-     *
-     * @param userDAO The Data Access Object
-     */
-    public UserController(UserDAO userDAO) {
-        this.UserDAO = userDAO;
+    public UserController(UserService userService, AuthService authService) {
+        this.userService = userService;
+        this.authService = authService;
     }
 
     /**
      * Creates a User with the provided object
-     *
-     * @param user The user to create
+     * @param params A map consisting of the parameters for a user
      * @return OK response and the user if it was successful, INTERNAL_SERVER_ERROR
      *         otherwise
      */
     @PostMapping("")
-    public ResponseEntity<User> createUser(@RequestBody User user) {
+    public ResponseEntity<User> createUser(@RequestBody Map<String, String> params) {
+        String username = params.get("username");
+        String password = params.get("password");
+
         try {
-            if (UserDAO.createUser(user) != null) {
+            User user = userService.createUser(username, password);
+            if (user != null) {
                 return new ResponseEntity<>(user, HttpStatus.CREATED);
             } else {
                 return new ResponseEntity<>(HttpStatus.CONFLICT);
             }
-
+        } catch (DuplicateKeyException ex) {
+            return new ResponseEntity<>(HttpStatus.CONFLICT);
         } catch (IOException ex) {
             return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
         }
@@ -57,23 +63,27 @@ public class UserController {
     /**
      * Responds to the GET request for a {@linkplain User user} for the given id
      * 
+     * @param username The name of the user
+     * @param key      The authentication key of the user
      * @return ResponseEntity with {@link User user} object and HTTP status of OK if
      *         found<br>
      *         ResponseEntity with HTTP status of NOT_FOUND if not found<br>
      *         ResponseEntity with HTTP status of INTERNAL_SERVER_ERROR otherwise
      */
-    @GetMapping("/{name}")
-    public ResponseEntity<User> getUser(@PathVariable String name) {
-        LOG.log(Level.INFO, "GET /user/{0}", name);
+    @GetMapping("/{username}")
+    public ResponseEntity<User> getUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) {
+        LOG.log(Level.INFO, "GET /user/{0}", username);
 
         try {
-            User user = UserDAO.getUser(name);
+            authService.authenticate(username, key);
+            User user = userService.getUser(username);
             if (user != null) {
-                return new ResponseEntity<>(user, HttpStatus.OK);
+                return new ResponseEntity<>(user.withoutPasswordHash(), HttpStatus.OK);
             } else {
                 return new ResponseEntity<>(HttpStatus.NOT_FOUND);
             }
-
+        } catch (IllegalAccessException ex) {
+            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
         } catch (IOException e) {
             LOG.log(Level.SEVERE, e.getLocalizedMessage());
             return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
@@ -84,42 +94,53 @@ public class UserController {
     /**
      * Updates a User with the provided one
      * 
-     * @param user The user to update
+     * @param user     The user to update
+     * @param username The name of the user
+     * @param key      The authentication key of the user
      * @return OK response and the user if it was successful, or
      *         INTERNAL_SERVER_ERROR if there was an issue
      */
-    @PutMapping("/{name}")
-    public ResponseEntity<User> updateUser(@RequestBody User user, @PathVariable String name) {
+    @PutMapping("/{username}")
+    public ResponseEntity<User> updateUser(@RequestBody User user, @PathVariable String username, @RequestHeader("jelly-api-key") String key) {
         try {
-            user = UserDAO.updateUser(user, name);
+            authService.authenticate(username, key);
+            user = userService.updateUser(user, username);
             if (user != null) {
                 return new ResponseEntity<>(user, HttpStatus.OK);
             } else {
                 return new ResponseEntity<>(HttpStatus.NOT_FOUND);
             }
-
+        } catch (InvalidParameterException ex) {
+            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
         } catch (IOException e) {
             return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+        } catch (IllegalAccessException e) {
+            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
         }
     }
 
     /**
      * Deletes a user with the desired name
      * 
-     * @param name The name of the user
+     * @param username The name of the user
+     * @param key      The authentication key of the user
      * @return OK if the user was deleted, NOT_FOUND if the user was not found, or
      *         INTERNAL_SERVER_ERROR if an error occurred
      */
-    @DeleteMapping("/{name}")
-    public ResponseEntity<User> deleteUser(@PathVariable String name) {
+    @DeleteMapping("/{username}")
+    public ResponseEntity<Boolean> deleteUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) {
+
         try {
-            if (UserDAO.deleteUser(name)) {
+            authService.authenticate(username, key);
+            if (userService.deleteUser(username)) {
                 return new ResponseEntity<>(HttpStatus.OK);
             } else {
                 return new ResponseEntity<>(HttpStatus.NOT_FOUND);
             }
         } catch (IOException e) {
             return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+        } catch (IllegalAccessException e) {
+            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
         }
     }