1 files changed, 63 insertions, 0 deletions

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
new file mode 100644
index 0000000..591d891
--- /dev/null
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
@@ -0,0 +1,63 @@
+package com.ufund.api.ufundapi.service;
+
+import com.ufund.api.ufundapi.model.UserAuth;
+import com.ufund.api.ufundapi.persistence.UserAuthDAO;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class AuthService {
+
+    private final UserAuthDAO userAuthDAO;
+    private final UserService userService;
+
+    public AuthService(UserAuthDAO userAuthDAO, UserService userService) {
+        this.userAuthDAO = userAuthDAO;
+        this.userService = userService;
+    }
+
+    /**
+     * Check if the provided key has access to the provided user.
+     *
+     * @param username The username of the user trying to be accessed.
+     * @param key The api key obtained by the client from logging in.
+     * @throws IllegalAccessException Thrown if access was denied to the user.
+     */
+    public void authenticate(String username, String key) throws IllegalAccessException, IOException {
+        var userAuth = userAuthDAO.getUserAuth(key);
+        if (userAuth == null || !userAuth.getUsername().equals(username)) {
+            throw new IllegalAccessException("Unauthorized");
+        }
+    }
+
+    /**
+     * Attempt to log in with the provided credentials
+     *
+     * @param username The username of the user
+     * @param password The password of the user
+     * @return An API key if the authentication was successful.
+     * @throws IllegalAccessException Thrown if the username or password was incorrect
+     * @throws IOException If there was an issue saving the authentication
+     */
+    public String login(String username, String password) throws IllegalAccessException, IOException {
+        var usr = userService.getUser(username);
+        if (usr == null || !usr.verifyPassword(password)) {
+            throw new IllegalAccessException("Unauthorized");
+        }
+        var userAuth = UserAuth.generate(username);
+        userAuthDAO.addUserAuth(userAuth);
+        return userAuth.getKey();
+    }
+
+    /**
+     * Logs out the current user
+     *
+     * @param key The API key to of the client
+     * @throws IOException Thrown if there was an error saving the authentication
+     */
+    public void logout(String key) throws IOException {
+        userAuthDAO.removeUserAuth(key);
+    }
+
+}