Skip to content
Snippets Groups Projects
Commit fe34479e authored by Kovács Balázs's avatar Kovács Balázs
Browse files

request validations for dogs and users

parent e6dc6822
Branches
Tags
No related merge requests found
...@@ -7,6 +7,7 @@ import hu.pazmany.dto.UserDTO; ...@@ -7,6 +7,7 @@ import hu.pazmany.dto.UserDTO;
import hu.pazmany.security.JwtTokenProvider; import hu.pazmany.security.JwtTokenProvider;
import hu.pazmany.service.DogService; import hu.pazmany.service.DogService;
import hu.pazmany.service.UserService; import hu.pazmany.service.UserService;
import io.micrometer.common.lang.Nullable;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
...@@ -17,211 +18,193 @@ import org.springframework.web.multipart.MultipartFile; ...@@ -17,211 +18,193 @@ import org.springframework.web.multipart.MultipartFile;
import java.io.IOException; import java.io.IOException;
import java.util.List; import java.util.List;
import java.util.Objects;
import java.util.Optional; import java.util.Optional;
import java.util.regex.Pattern; import java.util.regex.Pattern;
@RestController @RestController
@RequestMapping("/api") @RequestMapping("/api")
public class Controller { public class Controller {
private final DogService dogService; private final DogService dogService;
private final UserService userService; private final UserService userService;
private final JwtTokenProvider jwtTokenProvider = JwtTokenProvider.getInstance(); private final JwtTokenProvider jwtTokenProvider = JwtTokenProvider.getInstance();
@Autowired @Autowired
public Controller(DogService dogService, UserService userService) { public Controller(DogService dogService, UserService userService) {
this.dogService = dogService; this.dogService = dogService;
this.userService = userService; this.userService = userService;
} }
@GetMapping("/dogs") @GetMapping("/dogs")
public List<DogDTO> getAllDogs() { public List<DogDTO> getAllDogs() {
return dogService.getAllDogs(); return dogService.getAllDogs();
} }
@GetMapping("/dogs/{id}") @GetMapping("/dogs/{id}")
public ResponseEntity<?> getDogById(@PathVariable Integer id) { public ResponseEntity<?> getDogById(@PathVariable Integer id) {
return dogService.get(id) return dogService.get(id)
.map(dogEntity -> ResponseEntity.ok(new DetailedDogDTO( .map(dogEntity -> ResponseEntity.ok(new DetailedDogDTO(
dogEntity.getId(), dogEntity.getId(),
dogEntity.getName(), dogEntity.getName(),
dogEntity.getPicture(), dogEntity.getPicture(),
dogEntity.getAge(), dogEntity.getAge(),
dogEntity.getBreed()))) dogEntity.getBreed())))
.orElse(ResponseEntity.notFound().build()); .orElse(ResponseEntity.notFound().build());
} }
@PostMapping(value = "/newdog") @PostMapping(value = "/newdog")
public ResponseEntity<?> addNewDog(@RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam(value = "picture", required = false) MultipartFile mpf) { public ResponseEntity<?> addNewDog(@RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam(value = "picture", required = false) MultipartFile mpf) {
if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); if (inValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
ObjectMapper objectMapper = new ObjectMapper(); ObjectMapper objectMapper = new ObjectMapper();
DetailedDogDTO dogDTO; DetailedDogDTO dogDTO;
try { try {
dogDTO = objectMapper.readValue(stringDogDTO, DetailedDogDTO.class); dogDTO = objectMapper.readValue(stringDogDTO, DetailedDogDTO.class);
} catch (IOException e) { ResponseEntity<?> response = validateDogData(dogDTO);
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Hibás JSON formátum"); if (Objects.nonNull(response)) return response;
} } catch (IOException e) {
// Save the dog and picture return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Hibás JSON formátum");
try { }
if (mpf != null && !mpf.isEmpty()) { // Save the dog and picture
dogService.addNewDog(dogDTO, mpf); try {
} else { if (mpf != null && !mpf.isEmpty()) {
dogService.addNewDog(dogDTO, null); dogService.addNewDog(dogDTO, mpf);
} } else {
} catch (IOException e) { dogService.addNewDog(dogDTO, null);
return ResponseEntity.status(HttpStatus.NO_CONTENT).body("Hibás képformátum"); }
} } catch (IOException e) {
return ResponseEntity.status(HttpStatus.CREATED).body("Kutya sikeresen hozzáadva"); return ResponseEntity.status(HttpStatus.NO_CONTENT).body("Hibás képformátum");
} }
return ResponseEntity.status(HttpStatus.CREATED).body("Kutya sikeresen hozzáadva");
@PostMapping(value = "/dogs/{id}/edit", consumes = MediaType.MULTIPART_FORM_DATA_VALUE) }
public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam(value = "picture", required = false) MultipartFile mpf) {
if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); @PostMapping(value = "/dogs/{id}/edit", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public ResponseEntity<?> editDog(@PathVariable Integer id, @RequestHeader("Authorization") String token, @RequestParam("dog") String stringDogDTO, @RequestParam(value = "picture", required = false) MultipartFile mpf) {
// Retrieve the dog entity from the database if (inValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
Optional<DetailedDogDTO> optionalDog = dogService.get(id);
ObjectMapper objectMapper = new ObjectMapper(); // Retrieve the dog entity from the database
DetailedDogDTO dogDTO; Optional<DetailedDogDTO> optionalDog = dogService.get(id);
if (optionalDog.isPresent()) { ObjectMapper objectMapper = new ObjectMapper();
try { DetailedDogDTO dogDTO;
dogDTO = objectMapper.readValue(stringDogDTO, DetailedDogDTO.class); if (optionalDog.isPresent()) {
} catch (IOException e) { try {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Hibás JSON formátum"); dogDTO = objectMapper.readValue(stringDogDTO, DetailedDogDTO.class);
} ResponseEntity<?> response = validateDogData(dogDTO);
// Save the updated dog entity if (Objects.nonNull(response)) return response;
try { } catch (IOException e) {
if (mpf != null && !mpf.isEmpty()) { return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Hibás JSON formátum");
dogService.editDog(id, dogDTO, mpf); }
} else { // Save the updated dog entity
dogService.editDog(id, dogDTO, null); try {
} if (mpf != null && !mpf.isEmpty()) {
} catch (IOException e) { dogService.editDog(id, dogDTO, mpf);
return ResponseEntity.status(HttpStatus.NO_CONTENT).body("Hibás képformátum"); } else {
} dogService.editDog(id, dogDTO, null);
}
return ResponseEntity.ok("Kutya sikeresen módosítva"); } catch (IOException e) {
} else { return ResponseEntity.status(HttpStatus.NO_CONTENT).body("Hibás képformátum");
return ResponseEntity.notFound().build(); }
}
} return ResponseEntity.ok("Kutya sikeresen módosítva");
} else {
@DeleteMapping("/dogs/{id}") return ResponseEntity.notFound().build();
public ResponseEntity<?> deleteDog(@PathVariable Integer id, @RequestHeader("Authorization") String token) { }
if (!isValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); }
dogService.deleteDog(id); @DeleteMapping("/dogs/{id}")
return ResponseEntity.ok().build(); public ResponseEntity<?> deleteDog(@PathVariable Integer id, @RequestHeader("Authorization") String token) {
} if (inValidToken(token)) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
@PostMapping("/register") dogService.deleteDog(id);
public ResponseEntity<?> registerUser(@Valid @RequestBody UserDTO request) { return ResponseEntity.ok().build();
// Validate the registration request }
ValidationError validationError = validateRegisterRequest(request);
if (validationError != null) { @PostMapping("/register")
return ResponseEntity.badRequest().body(validationError.getMessage()); public ResponseEntity<?> registerUser(@Valid @RequestBody UserDTO request) {
} // Validating and registering user inside a single function
if (request == null || request.getUsername() == null || request.getPassword() == null)
// Check if the username is already taken return ResponseEntity.badRequest().body("Érvénytelen kérés");
if (userService.isUserExists(request.getUsername())) {
return ResponseEntity.badRequest().body("Felhasználónév foglalt"); ResponseEntity<?> response = validateRegister(request);
} if (Objects.nonNull(response)) return response;
// Save the user entity // Save the user entity
userService.registerUser(request); userService.registerUser(request);
return ResponseEntity.status(HttpStatus.CREATED).body("Felhasználó sikeresen regisztrálva");
return ResponseEntity.status(HttpStatus.CREATED).body("Felhasználó sikeresen létrehozva"); }
}
@PostMapping("/login")
@PostMapping("/login") public ResponseEntity<UserDTO> login(@Valid @RequestBody UserDTO request) {
public ResponseEntity<UserDTO> login(@Valid @RequestBody UserDTO request) { if (!isValidLoginRequest(request)) {
if (!isValidLoginRequest(request)) { return ResponseEntity.badRequest().body(null);
return ResponseEntity.badRequest().body(null); }
}
UserDTO userDTO = userService.login(request, jwtTokenProvider);
UserDTO userDTO = userService.login(request, jwtTokenProvider);
if (userDTO == null) {
if (userDTO == null) { return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); }
}
return ResponseEntity.ok(userDTO);
return ResponseEntity.ok(userDTO); }
}
/*-------- Independent validation functions --------*/
/*-------- Validation functions --------*/
@Nullable
private boolean isValidLoginRequest(UserDTO request) { public ResponseEntity<?> validateDogData(@Valid @RequestBody DetailedDogDTO request) {
if (request == null) { if (request.getName().length() < 2 || request.getName().length() > 20)
return false; return ResponseEntity.badRequest().body("A kutyanév 2 és 20 karakter között legyen");
} if (!Pattern.matches("^[A-Z][a-z]*$",request.getName()))
return ResponseEntity.badRequest().body("A kutyanév kis- és nagybetűkből álljon");
String username = request.getUsername(); if (request.getAge() < 0)
String password = request.getPassword(); return ResponseEntity.badRequest().body("A kutya életkora nem lehet negatív");
return username != null && !username.isEmpty() && password != null && !password.isEmpty(); return null;
}
// If all checks pass, return true @Nullable
} private ResponseEntity<?> validateRegister(@Valid @RequestBody UserDTO request) {
// Check if the username is already taken
private ValidationError validateRegisterRequest(UserDTO request) { if (userService.isUserExists(request.getUsername()))
String username_regex = "^\\w{5,20}$"; return ResponseEntity.badRequest().body("Felhasználónév már létezik");
// username can contain numbers, upper and lowercase characters
String password_regex = "^(?=.*[A-Z])(?=.*\\d)[A-Za-z\\d]{8,20}$"; if(!Pattern.matches("^[a-zA-Z0-9]+$", request.getUsername()))
return ResponseEntity.badRequest().body("A felhasználónév csak betűket és számokat tartalmazhat");
if (request == null || request.getUsername() == null || request.getPassword() == null) {
return new RequestValidationError(); if(request.getUsername().length() < 5 || request.getUsername().length() > 20)
} return ResponseEntity.badRequest().body("A felhasználónév hossza 5 és 20 karakter között legyen");
if (!Pattern.matches(username_regex, request.getUsername())) {
return new UsernameValidationError(); if(request.getPassword().length() < 8 || request.getPassword().length() > 20)
} return ResponseEntity.badRequest().body("A jelszó hossza 5 és 20 karakter között legyen");
if (!Pattern.matches(password_regex, request.getPassword())) {
return new PasswordValidationError(); if(!Pattern.matches("^(?=.*[A-Z])(?=.*\\d)[A-Za-z\\d]+$", request.getPassword()))
} return ResponseEntity.badRequest().body("A jelszó tartalmazzon nagybetűt és számot");
return null;
return null; }
}
private boolean isValidLoginRequest(UserDTO request) {
private boolean isValidToken(String token) { if (request == null) {
return token != null && verifyTokenSignature(token); return false;
} }
private boolean verifyTokenSignature(String token) { String username = request.getUsername();
if (token.startsWith("Bearer ")) { String password = request.getPassword();
token = token.substring(7); return username != null && !username.isEmpty() && password != null && !password.isEmpty();
return jwtTokenProvider.validateToken(token);
} else { // If all checks pass, return true
return false; }
} private boolean inValidToken(String token) {
return token == null || !verifyTokenSignature(token);
} }
private abstract static class ValidationError { private boolean verifyTokenSignature(String token) {
private final String message; if (token.startsWith("Bearer ")) {
token = token.substring(7);
public String getMessage() { return jwtTokenProvider.validateToken(token);
return message; } else {
} return false;
}
ValidationError(String m) {
message = m; }
}
}
private static class RequestValidationError extends ValidationError {
RequestValidationError() {
super("Érvénytelen kérés");
}
}
private static class UsernameValidationError extends ValidationError {
UsernameValidationError() {
super("Érvénytelen felhasználónév");
}
}
private static class PasswordValidationError extends ValidationError {
PasswordValidationError() {
super("Érvénytelen jelszó");
}
}
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment