Refactor of the whole AuthController
This commit is contained in:
@@ -1,42 +1,34 @@
|
||||
package _11.asktpk.artisanconnectbackend.controller;
|
||||
|
||||
import _11.asktpk.artisanconnectbackend.customExceptions.ClientAlreadyExistsException;
|
||||
import _11.asktpk.artisanconnectbackend.customExceptions.WrongLoginPasswordException;
|
||||
import _11.asktpk.artisanconnectbackend.dto.*;
|
||||
import _11.asktpk.artisanconnectbackend.entities.Client;
|
||||
import _11.asktpk.artisanconnectbackend.security.JwtUtil;
|
||||
import _11.asktpk.artisanconnectbackend.service.AuthService;
|
||||
import _11.asktpk.artisanconnectbackend.service.ClientService;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.client.HttpClientErrorException;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
@Slf4j
|
||||
@RestController
|
||||
@RequestMapping("/api/v1/auth")
|
||||
public class AuthController {
|
||||
|
||||
private final ClientService clientService;
|
||||
private final AuthService authService;
|
||||
private final JwtUtil jwtUtil;
|
||||
|
||||
public AuthController(ClientService clientService, JwtUtil jwtUtil, AuthService authService) {
|
||||
this.clientService = clientService;
|
||||
public AuthController(AuthService authService) {
|
||||
this.authService = authService;
|
||||
this.jwtUtil = jwtUtil;
|
||||
}
|
||||
|
||||
@PostMapping("/login")
|
||||
public ResponseEntity<?> login(@RequestBody AuthRequestDTO authRequestDTO) {
|
||||
if (authRequestDTO.getEmail() == null || authRequestDTO.getPassword() == null) {
|
||||
if (authRequestDTO.getEmail() == null || authRequestDTO.getPassword() == null
|
||||
|| authRequestDTO.getEmail().isEmpty() || authRequestDTO.getPassword().isEmpty()) {
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new RequestResponseDTO("Przekazano puste login lub hasło"));
|
||||
}
|
||||
|
||||
authRequestDTO.setEmail(authRequestDTO.getEmail().toLowerCase());
|
||||
authRequestDTO.setPassword(authRequestDTO.getPassword());
|
||||
|
||||
try {
|
||||
AuthResponseDTO responseDTO = authService.login(authRequestDTO.getEmail(), authRequestDTO.getPassword());
|
||||
@@ -44,33 +36,33 @@ public class AuthController {
|
||||
return ResponseEntity.status(HttpStatus.OK)
|
||||
.body(responseDTO);
|
||||
|
||||
} catch (WrongLoginPasswordException e) {
|
||||
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(new RequestResponseDTO(e.getMessage()));
|
||||
} catch (Exception e) {
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new RequestResponseDTO(e.getMessage()));
|
||||
}
|
||||
}
|
||||
|
||||
@PostMapping("/register")
|
||||
public ResponseEntity<AuthResponseDTO> register(@RequestBody ClientRegistrationDTO clientDTO) {
|
||||
if (clientService.getClientByEmail(clientDTO.getEmail()) != null) {
|
||||
return ResponseEntity.status(HttpStatus.CONFLICT).build();
|
||||
public ResponseEntity<?> register(@RequestBody ClientRegistrationDTO clientRegistrationDTO) {
|
||||
if (clientRegistrationDTO.getEmail() == null || clientRegistrationDTO.getPassword() == null
|
||||
|| clientRegistrationDTO.getEmail().isEmpty() || clientRegistrationDTO.getPassword().isEmpty()) {
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new RequestResponseDTO("Przekazano puste login lub hasło"));
|
||||
}
|
||||
|
||||
ClientDTO savedClient = clientService.registerClient(clientDTO);
|
||||
clientRegistrationDTO.setEmail(clientRegistrationDTO.getEmail().toLowerCase());
|
||||
|
||||
String token = jwtUtil.generateToken(
|
||||
savedClient.getEmail(),
|
||||
savedClient.getRole(),
|
||||
savedClient.getId()
|
||||
);
|
||||
try {
|
||||
AuthResponseDTO registrationData = authService.register(clientRegistrationDTO.getEmail(), clientRegistrationDTO.getPassword(), clientRegistrationDTO.getFirstName(), clientRegistrationDTO.getLastName());
|
||||
|
||||
log.info("New user registered with {}", savedClient.getEmail());
|
||||
|
||||
return ResponseEntity.status(HttpStatus.CREATED)
|
||||
.body(new AuthResponseDTO(
|
||||
savedClient.getId(),
|
||||
savedClient.getRole(),
|
||||
token
|
||||
));
|
||||
return ResponseEntity.status(HttpStatus.CREATED)
|
||||
.body(registrationData);
|
||||
} catch (ClientAlreadyExistsException clientAlreadyExistsException) {
|
||||
return ResponseEntity.status(HttpStatus.CONFLICT)
|
||||
.body(new RequestResponseDTO(clientAlreadyExistsException.getMessage()));
|
||||
} catch (Exception e) {
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new RequestResponseDTO(e.getMessage()));
|
||||
}
|
||||
}
|
||||
|
||||
@PostMapping("/logout")
|
||||
@@ -79,7 +71,7 @@ public class AuthController {
|
||||
|
||||
if (authHeader != null && authHeader.startsWith("Bearer ")) {
|
||||
String token = authHeader.substring(7);
|
||||
jwtUtil.blacklistToken(token);
|
||||
authService.logout(token);
|
||||
return ResponseEntity.ok(new RequestResponseDTO("Successfully logged out"));
|
||||
}
|
||||
|
||||
@@ -88,43 +80,16 @@ public class AuthController {
|
||||
|
||||
@PostMapping("/google")
|
||||
public ResponseEntity<?> authenticateWithGoogle(@RequestBody GoogleAuthRequestDTO dto) {
|
||||
if(dto.getGoogleToken() == null){
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new RequestResponseDTO("Invalid or empty token"));
|
||||
}
|
||||
|
||||
try {
|
||||
String accessToken = dto.getGoogleToken();
|
||||
String googleUserInfoUrl = "https://www.googleapis.com/oauth2/v3/userinfo";
|
||||
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.setBearerAuth(accessToken);
|
||||
HttpEntity<String> entity = new HttpEntity<>(headers);
|
||||
|
||||
RestTemplate restTemplate = new RestTemplate();
|
||||
ResponseEntity<Map> response = restTemplate.exchange(
|
||||
googleUserInfoUrl, HttpMethod.GET, entity, Map.class);
|
||||
|
||||
Map<String, Object> userInfo = response.getBody();
|
||||
|
||||
// String googleId = (String) userInfo.get("sub"); Potencjalnie możemy używać googlowskiego ID, ale to ma konflikt z naszym generowanym
|
||||
assert userInfo != null;
|
||||
String email = (String) userInfo.get("email");
|
||||
String name = (String) userInfo.get("name");
|
||||
|
||||
Client client = clientService.getClientByEmail(email);
|
||||
if (client == null) {
|
||||
client = new Client();
|
||||
client.setEmail(email);
|
||||
client.setFirstName(name);
|
||||
client.setRole(clientService.getUserRole()); // to pobiera po prostu role "USER" z tabeli w bazie
|
||||
clientService.saveClientToDB(client);
|
||||
}
|
||||
|
||||
String jwt = jwtUtil.generateToken(client.getEmail(), client.getRole().getRole(), client.getId());
|
||||
|
||||
log.info("User authenticated with google: {}", email);
|
||||
return ResponseEntity.ok(new AuthResponseDTO(client.getId(), client.getRole().getRole(), jwt));
|
||||
AuthResponseDTO response = authService.googleLogin(dto.getGoogleToken());
|
||||
return ResponseEntity.status(HttpStatus.OK).body(response);
|
||||
} catch (HttpClientErrorException httpClientErrorException) {
|
||||
log.error("Token is invalid or expired");
|
||||
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(new RequestResponseDTO("Invalid access token"));
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new RequestResponseDTO("Google access token is invalid or expired"));
|
||||
} catch (Exception e) {
|
||||
log.error("Error while checking Google access token", e);
|
||||
return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
|
||||
.body(new RequestResponseDTO("Authentication Error (Google): " + e.getMessage()));
|
||||
}
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
package _11.asktpk.artisanconnectbackend.customExceptions;
|
||||
|
||||
public class ClientAlreadyExistsException extends Exception {
|
||||
public ClientAlreadyExistsException(String message) {
|
||||
super(message);
|
||||
}
|
||||
}
|
||||
@@ -1,4 +1,7 @@
|
||||
package _11.asktpk.artisanconnectbackend.customExceptions;
|
||||
|
||||
public class WrongLoginPasswordException {
|
||||
public class WrongLoginPasswordException extends Exception {
|
||||
public WrongLoginPasswordException(String message) {
|
||||
super(message);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,12 +1,16 @@
|
||||
package _11.asktpk.artisanconnectbackend.dto;
|
||||
|
||||
import jakarta.validation.constraints.NotBlank;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
|
||||
import jakarta.validation.constraints.Email;
|
||||
|
||||
@Getter @Setter
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class ClientDTO {
|
||||
private Long id;
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@ package _11.asktpk.artisanconnectbackend.entities;
|
||||
|
||||
import jakarta.persistence.*;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import org.hibernate.annotations.CreationTimestamp;
|
||||
|
||||
@@ -11,7 +12,15 @@ import java.util.List;
|
||||
@Entity
|
||||
@Table(name = "clients")
|
||||
@Getter @Setter
|
||||
@NoArgsConstructor
|
||||
public class Client {
|
||||
public Client(String email, String password, String firstName, String lastName) {
|
||||
this.email = email;
|
||||
this.password = password;
|
||||
this.firstName = firstName;
|
||||
this.lastName = lastName;
|
||||
}
|
||||
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
private Long id;
|
||||
|
||||
@@ -1,12 +1,19 @@
|
||||
package _11.asktpk.artisanconnectbackend.service;
|
||||
|
||||
import _11.asktpk.artisanconnectbackend.customExceptions.ClientAlreadyExistsException;
|
||||
import _11.asktpk.artisanconnectbackend.customExceptions.WrongLoginPasswordException;
|
||||
import _11.asktpk.artisanconnectbackend.dto.AuthResponseDTO;
|
||||
import _11.asktpk.artisanconnectbackend.dto.ClientDTO;
|
||||
import _11.asktpk.artisanconnectbackend.entities.Client;
|
||||
import _11.asktpk.artisanconnectbackend.security.JwtUtil;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
@Slf4j
|
||||
@Service
|
||||
@@ -28,12 +35,83 @@ public class AuthService {
|
||||
throw new Exception("Klient o podanym adresie nie istnieje!");
|
||||
}
|
||||
|
||||
if(passwordEncoder.matches(password, client.getPassword())) {
|
||||
if (passwordEncoder.matches(password, client.getPassword())) {
|
||||
String token = jwtUtil.generateToken(client.getEmail(), client.getRole().getRole(), client.getId());
|
||||
log.info("User logged in with {}", client.getEmail());
|
||||
return new AuthResponseDTO(client.getId(), client.getRole().getRole(), token);
|
||||
}
|
||||
throw new Exception("Login lub hasło jest niepoprawny!");
|
||||
throw new WrongLoginPasswordException("Login lub hasło jest niepoprawny!");
|
||||
}
|
||||
|
||||
public AuthResponseDTO register(String email, String password, String firstName, String lastName) throws Exception {
|
||||
if (clientService.getClientByEmail(email) != null) {
|
||||
throw new ClientAlreadyExistsException("Klient o podanym adresie email już istnieje!");
|
||||
}
|
||||
|
||||
Client newClient = new Client();
|
||||
newClient.setEmail(email);
|
||||
newClient.setPassword(passwordEncoder.encode(password));
|
||||
newClient.setFirstName(firstName);
|
||||
newClient.setLastName(lastName);
|
||||
|
||||
ClientDTO savedClient = clientService.registerClient(newClient);
|
||||
if (savedClient != null) {
|
||||
log.info("New user registered with {}", savedClient.getEmail());
|
||||
String token = jwtUtil.generateToken(
|
||||
savedClient.getEmail(),
|
||||
savedClient.getRole(),
|
||||
savedClient.getId()
|
||||
);
|
||||
|
||||
return new AuthResponseDTO(savedClient.getId(), savedClient.getRole(), token);
|
||||
} else {
|
||||
throw new Exception("Rejestracja nie powiodła się!");
|
||||
}
|
||||
}
|
||||
|
||||
public void logout(String token) {
|
||||
jwtUtil.blacklistToken(token);
|
||||
}
|
||||
|
||||
public AuthResponseDTO googleLogin(String googleAccessToken) throws Exception {
|
||||
String googleUserInfoUrl = "https://www.googleapis.com/oauth2/v3/userinfo";
|
||||
|
||||
ResponseEntity<Map> response;
|
||||
|
||||
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.setBearerAuth(googleAccessToken);
|
||||
RestTemplate restTemplate = new RestTemplate();
|
||||
response = restTemplate.exchange(
|
||||
googleUserInfoUrl, HttpMethod.GET, new HttpEntity<>(headers), Map.class);
|
||||
|
||||
|
||||
Map<String, Object> userInfo = response.getBody();
|
||||
|
||||
// String googleId = (String) userInfo.get("sub"); Potencjalnie możemy używać googlowskiego ID, ale to ma konflikt z naszym generowanym
|
||||
if (userInfo == null) {
|
||||
throw new Exception("Pobrany użytkownik jest pusty! Może to być spowodowane niepoprawnym tokenem lub brakiem dostępu do Google API.");
|
||||
}
|
||||
String email = (String) userInfo.get("email");
|
||||
String name = (String) userInfo.get("name");
|
||||
|
||||
Client client = clientService.getClientByEmail(email);
|
||||
if (client == null) {
|
||||
client = new Client();
|
||||
client.setEmail(email);
|
||||
client.setFirstName(name);
|
||||
client.setRole(clientService.getUserRole()); // to pobiera po prostu role "USER" z tabeli w bazie
|
||||
clientService.saveClientToDB(client);
|
||||
}
|
||||
|
||||
String jwt = jwtUtil.generateToken(client.getEmail(), client.getRole().getRole(), client.getId());
|
||||
log.info("User authenticated with google: {}", client.getEmail());
|
||||
return new AuthResponseDTO(
|
||||
client.getId(),
|
||||
client.getRole().getRole(),
|
||||
jwt
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@ public class ClientService {
|
||||
this.rolesRepository = rolesRepository;
|
||||
}
|
||||
|
||||
private ClientDTO toDto(Client client) {
|
||||
public ClientDTO toDto(Client client) {
|
||||
if(client == null) {
|
||||
return null;
|
||||
}
|
||||
@@ -41,7 +41,7 @@ public class ClientService {
|
||||
return dto;
|
||||
}
|
||||
|
||||
private Client fromDto(ClientDTO dto) {
|
||||
public Client fromDto(ClientDTO dto) {
|
||||
Client client = new Client();
|
||||
Role rola;
|
||||
|
||||
@@ -124,9 +124,8 @@ public class ClientService {
|
||||
clientRepository.deleteById(id);
|
||||
}
|
||||
|
||||
public ClientDTO registerClient(ClientRegistrationDTO clientDTO) {
|
||||
Client client = fromDto(clientDTO);
|
||||
client.setRole(rolesRepository.findRoleById(1L));
|
||||
public ClientDTO registerClient(Client client) {
|
||||
client.setRole(getUserRole()); // ID 1 - USER role
|
||||
client.setPassword(passwordEncoder.encode(client.getPassword()));
|
||||
return toDto(clientRepository.save(client));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user