diff --git a/pom.xml b/pom.xml index ee2a1cb..e0ef644 100644 --- a/pom.xml +++ b/pom.xml @@ -44,6 +44,11 @@ runtime true + + org.springframework.boot + spring-boot-starter-oauth2-resource-server + 2.4.12 + org.postgresql postgresql diff --git a/src/main/java/_11/asktpk/artisanconnectbackend/controller/AuthController.java b/src/main/java/_11/asktpk/artisanconnectbackend/controller/AuthController.java index 2a7f5e2..231f1df 100644 --- a/src/main/java/_11/asktpk/artisanconnectbackend/controller/AuthController.java +++ b/src/main/java/_11/asktpk/artisanconnectbackend/controller/AuthController.java @@ -6,12 +6,12 @@ import _11.asktpk.artisanconnectbackend.security.JwtUtil; import _11.asktpk.artisanconnectbackend.service.ClientService; import jakarta.servlet.http.HttpServletRequest; import lombok.extern.slf4j.Slf4j; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.http.*; +import org.springframework.web.bind.annotation.*; +import org.springframework.web.client.HttpClientErrorException; +import org.springframework.web.client.RestTemplate; + +import java.util.Map; @Slf4j @RestController @@ -35,7 +35,7 @@ public class AuthController { String token = jwtUtil.generateToken(client.getEmail(), userRole, userId); - log.info("Logged in as " + client.getEmail()); + log.info("User logged in with {}", client.getEmail()); return ResponseEntity.status(HttpStatus.OK) .body(new AuthResponseDTO(userId, userRole, token)); } else { @@ -57,7 +57,7 @@ public class AuthController { savedClient.getId() ); - log.info("Registered as " + savedClient.getEmail()); + log.info("New user registered with {}", savedClient.getEmail()); return ResponseEntity.status(HttpStatus.CREATED) .body(new AuthResponseDTO( @@ -79,4 +79,48 @@ public class AuthController { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new RequestResponseDTO("Invalid token")); } + + @PostMapping("/google") + public ResponseEntity authenticateWithGoogle(@RequestBody GoogleAuthRequestDTO dto) { + try { + String accessToken = dto.getGoogleToken(); + String googleUserInfoUrl = "https://www.googleapis.com/oauth2/v3/userinfo"; + + HttpHeaders headers = new HttpHeaders(); + headers.setBearerAuth(accessToken); + HttpEntity entity = new HttpEntity<>(headers); + + RestTemplate restTemplate = new RestTemplate(); + ResponseEntity response = restTemplate.exchange( + googleUserInfoUrl, HttpMethod.GET, entity, Map.class); + + Map userInfo = response.getBody(); + +// String googleId = (String) userInfo.get("sub"); Potencjalnie możemy używać googlowskiego ID, ale to ma konflikt z naszym generowanym + assert userInfo != null; + String email = (String) userInfo.get("email"); + String name = (String) userInfo.get("name"); + + Client client = clientService.getClientByEmail(email); + if (client == null) { + client = new Client(); + client.setEmail(email); + client.setFirstName(name); + client.setRole(clientService.getUserRole()); // to pobiera po prostu role "USER" z tabeli w bazie + clientService.saveClientToDB(client); + } + + String jwt = jwtUtil.generateToken(client.getEmail(), client.getRole().getRole(), client.getId()); + + log.info("User authenticated with google: {}", email); + return ResponseEntity.ok(new AuthResponseDTO(client.getId(), client.getRole().getRole(), jwt)); + } catch (HttpClientErrorException httpClientErrorException) { + log.error("Token is invalid or expired"); + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(new RequestResponseDTO("Invalid access token")); + } catch (Exception e) { + log.error("Error while checking Google access token", e); + return ResponseEntity.status(HttpStatus.UNAUTHORIZED) + .body(new RequestResponseDTO("Authentication Error (Google): " + e.getMessage())); + } + } } \ No newline at end of file diff --git a/src/main/java/_11/asktpk/artisanconnectbackend/dto/GoogleAuthRequestDTO.java b/src/main/java/_11/asktpk/artisanconnectbackend/dto/GoogleAuthRequestDTO.java new file mode 100644 index 0000000..df94256 --- /dev/null +++ b/src/main/java/_11/asktpk/artisanconnectbackend/dto/GoogleAuthRequestDTO.java @@ -0,0 +1,9 @@ +package _11.asktpk.artisanconnectbackend.dto; + +import lombok.Getter; +import lombok.Setter; + +@Getter @Setter +public class GoogleAuthRequestDTO { + private String googleToken; +} diff --git a/src/main/java/_11/asktpk/artisanconnectbackend/service/ClientService.java b/src/main/java/_11/asktpk/artisanconnectbackend/service/ClientService.java index 94ab65c..36af97b 100644 --- a/src/main/java/_11/asktpk/artisanconnectbackend/service/ClientService.java +++ b/src/main/java/_11/asktpk/artisanconnectbackend/service/ClientService.java @@ -94,6 +94,10 @@ public class ClientService { return toDto(clientRepository.save(fromDto(clientDTO))); } + public Client saveClientToDB(Client client) { + return clientRepository.save(client); + } + public ClientDTO updateClient(long id, ClientDTO clientDTO) { Client existingClient = clientRepository.findById(id) .orElseThrow(() -> new EntityNotFoundException("Nie znaleziono ogłoszenia o ID: " + id)); @@ -134,4 +138,8 @@ public class ClientService { public Client getClientByEmail(String email) { return clientRepository.findByEmail(email); } + + public Role getUserRole() { + return rolesRepository.findRoleByRole("USER"); + } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index e4e02c7..8f83fb5 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -29,4 +29,4 @@ jwt.secret=DIXLsOs3FKmCAQwISd0SKsHMXJrPl3IKIRkVlkOvYW7kEcdUTbxh8zFe1B3eZWkY jwt.expiration=300000 logging.file.name=logs/payment-notifications.log -logging.level.TpayLogger=INFO +logging.level.TpayLogger=INFO \ No newline at end of file