aboutsummaryrefslogtreecommitdiff
path: root/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
diff options
context:
space:
mode:
Diffstat (limited to 'ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java')
-rw-r--r--ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java64
1 files changed, 40 insertions, 24 deletions
diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
index 4e5f156..aa9598d 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
@@ -1,19 +1,14 @@
package com.ufund.api.ufundapi.controller;
import java.io.IOException;
+import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
+import com.ufund.api.ufundapi.persistence.UserAuthDAO;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.PutMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
import com.ufund.api.ufundapi.model.User;
import com.ufund.api.ufundapi.persistence.UserDAO;
@@ -21,30 +16,34 @@ import com.ufund.api.ufundapi.persistence.UserDAO;
@RestController
@RequestMapping("users")
public class UserController {
- private static final Logger LOG = Logger.getLogger(CupboardController.class.getName());
+ private static final Logger LOG = Logger.getLogger(UserController.class.getName());
private final UserDAO UserDAO;
+ private final UserAuthDAO userAuthDAO;
/**
* Create a user controller to receive REST signals
*
* @param userDAO The Data Access Object
*/
- public UserController(UserDAO userDAO) {
+ public UserController(UserDAO userDAO, UserAuthDAO userAuthDAO) {
this.UserDAO = userDAO;
+ this.userAuthDAO = userAuthDAO;
}
/**
* Creates a User with the provided object
*
- * @param user The user to create
* @return OK response and the user if it was successful, INTERNAL_SERVER_ERROR
* otherwise
*/
@PostMapping("")
- public ResponseEntity<User> createUser(@RequestBody User user) {
+ public ResponseEntity<Boolean> createUser(@RequestBody Map<String, String> params) {
+ String username = params.get("username");
+ String password = params.get("password");
+
try {
- if (UserDAO.createUser(user) != null) {
- return new ResponseEntity<>(user, HttpStatus.CREATED);
+ if (UserDAO.addUser(User.create(username, password)) != null) {
+ return new ResponseEntity<>(true, HttpStatus.CREATED);
} else {
return new ResponseEntity<>(HttpStatus.CONFLICT);
}
@@ -62,14 +61,19 @@ public class UserController {
* ResponseEntity with HTTP status of NOT_FOUND if not found<br>
* ResponseEntity with HTTP status of INTERNAL_SERVER_ERROR otherwise
*/
- @GetMapping("/{name}")
- public ResponseEntity<User> getUser(@PathVariable String name) {
- LOG.log(Level.INFO, "GET /user/{0}", name);
+ @GetMapping("/{username}")
+ public ResponseEntity<User> getUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) {
+ LOG.log(Level.INFO, "GET /user/{0}", username);
+
+ var userAuth = userAuthDAO.getUserAuth(key);
+ if (userAuth == null || !userAuth.getUsername().equals(username)) {
+ return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
+ }
try {
- User user = UserDAO.getUser(name);
+ User user = UserDAO.getUser(username);
if (user != null) {
- return new ResponseEntity<>(user, HttpStatus.OK);
+ return new ResponseEntity<>(user.withoutPasswordHash(), HttpStatus.OK);
} else {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
}
@@ -89,7 +93,13 @@ public class UserController {
* INTERNAL_SERVER_ERROR if there was an issue
*/
@PutMapping("/{name}")
- public ResponseEntity<User> updateUser(@RequestBody User user, @PathVariable String name) {
+ public ResponseEntity<User> updateUser(@RequestBody User user, @PathVariable String name, @RequestHeader("jelly-api-key") String key) {
+
+ var userAuth = userAuthDAO.getUserAuth(key);
+ if (userAuth == null || !userAuth.getUsername().equals(user.getUsername())) {
+ return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
+ }
+
try {
user = UserDAO.updateUser(user, name);
if (user != null) {
@@ -106,14 +116,20 @@ public class UserController {
/**
* Deletes a user with the desired name
*
- * @param name The name of the user
+ * @param username The name of the user
* @return OK if the user was deleted, NOT_FOUND if the user was not found, or
* INTERNAL_SERVER_ERROR if an error occurred
*/
- @DeleteMapping("/{name}")
- public ResponseEntity<User> deleteUser(@PathVariable String name) {
+ @DeleteMapping("/{username}")
+ public ResponseEntity<User> deleteUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) {
+
+ var userAuth = userAuthDAO.getUserAuth(key);
+ if (userAuth == null || !userAuth.getUsername().equals(username)) {
+ return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
+ }
+
try {
- if (UserDAO.deleteUser(name)) {
+ if (UserDAO.deleteUser(username)) {
return new ResponseEntity<>(HttpStatus.OK);
} else {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 09:12:17 +0000