CodeURJC-DAW-2021-22
diff --git a/‎backend/webandtech/pom.xml‎
Lines changed: 39 additions & 12 deletions b/‎backend/webandtech/pom.xml‎
Lines changed: 39 additions & 12 deletions
diff --git a/‎backend/webandtech/src/main/java/webapp8/webandtech/controller/api/auth/LoginApiController.java‎
Lines changed: 38 additions & 1 deletion b/‎backend/webandtech/src/main/java/webapp8/webandtech/controller/api/auth/LoginApiController.java‎
Lines changed: 38 additions & 1 deletion
diff --git a/‎backend/webandtech/src/main/java/webapp8/webandtech/security/SecurityConfiguration.java‎
Lines changed: 7 additions & 1 deletion b/‎backend/webandtech/src/main/java/webapp8/webandtech/security/SecurityConfiguration.java‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎backend/webandtech/src/main/java/webapp8/webandtech/security/jwt/AuthResponse.java‎
Lines changed: 56 additions & 0 deletions b/‎backend/webandtech/src/main/java/webapp8/webandtech/security/jwt/AuthResponse.java‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎backend/webandtech/src/main/java/webapp8/webandtech/security/jwt/JwtCookieManager.java‎
Lines changed: 27 additions & 0 deletions b/‎backend/webandtech/src/main/java/webapp8/webandtech/security/jwt/JwtCookieManager.java‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎backend/webandtech/src/main/java/webapp8/webandtech/security/jwt/JwtRequestFilter.java‎
Lines changed: 106 additions & 0 deletions b/‎backend/webandtech/src/main/java/webapp8/webandtech/security/jwt/JwtRequestFilter.java‎
Lines changed: 106 additions & 0 deletions
@@ -3,29 +3,22 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
-
-  <groupId>webapp8</groupId>
-  <artifactId>webandtech</artifactId>
-  <version>0.0.1-SNAPSHOT</version>
-  <name>webandtech</name>
-  
-  <parent>
+	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
 		<version>2.6.3</version>
 	</parent>
+  <groupId>webapp8</groupId>
+  <artifactId>webandtech</artifactId>
+  <version>0.0.1-SNAPSHOT</version>
+  <name>webandtech</name>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>17</java.version>
 	</properties>
 
   <dependencies>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <scope>test</scope>
-    </dependency>
     <dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-thymeleaf</artifactId>
@@ -113,5 +106,39 @@
 			<artifactId>openpdf</artifactId>
 			<version>1.3.8</version>
 		</dependency>
+
+
+
+		<dependency>
+			<groupId>org.springdoc</groupId>
+			<artifactId>springdoc-openapi-ui</artifactId>
+			<version>1.6.6</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt</artifactId>
+			<version>0.7.0</version>
+		</dependency>
   </dependencies>
+  
+  <build>
+		<plugins>
+
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+
+
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<testFailureIgnore>true</testFailureIgnore>
+				</configuration>
+			</plugin>
+
+		</plugins>
+	</build>
+
 </project>
@@ -1,5 +1,42 @@
 package webapp8.webandtech.controller.api.auth;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CookieValue;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import webapp8.webandtech.security.jwt.AuthResponse;
+import webapp8.webandtech.security.jwt.LoginRequest;
+import webapp8.webandtech.security.jwt.UserLoginService;
+import webapp8.webandtech.security.jwt.AuthResponse.Status;
+
+@RestController
+@RequestMapping("/api/auth")
 public class LoginApiController {
+	@Autowired
+	private UserLoginService userService;
+	@PostMapping("/login")
 
-}
+	public ResponseEntity<AuthResponse> login(
+			@CookieValue(name = "accessToken", required = false) String accessToken,
+			@CookieValue(name = "refreshToken", required = false) String refreshToken,
+			@RequestBody LoginRequest loginRequest) {
+		return userService.login(loginRequest, accessToken, refreshToken);
+	}
+	
+	@PostMapping("/refresh")
+	public ResponseEntity<AuthResponse> refreshToken(
+			@CookieValue(name = "refreshToken", required = false) String refreshToken) {
+		return userService.refresh(refreshToken);
+	}
+	@PostMapping("/logout")
+	public ResponseEntity<AuthResponse> logOut(HttpServletRequest request, HttpServletResponse response) {
+		return ResponseEntity.ok(new AuthResponse(Status.SUCCESS, userService.logout(request, response)));
+	}
+}
@@ -57,15 +57,21 @@ protected void configure(HttpSecurity http) throws Exception {
           http.authorizeRequests().antMatchers("/forgotPassword").permitAll();
           http.authorizeRequests().antMatchers("/getMoreProductsPage").permitAll();
           http.authorizeRequests().antMatchers("/moreProducts").permitAll();
+          http.authorizeRequests().antMatchers("/api/**").permitAll();
           http.authorizeRequests().antMatchers("/error").permitAll();
           http.authorizeRequests().antMatchers("httpss://cdnjs.cloudflare.com/ajax/libs/sockjs-client/1.4.0/sockjs.js").permitAll();
+          http.authorizeRequests().antMatchers("/swagger-ui.html").permitAll();
+		http.authorizeRequests().antMatchers("/v3/**").permitAll();
+		http.authorizeRequests().antMatchers("/swagger-ui/**").permitAll();
+		http.csrf().ignoringAntMatchers("/swagger-ui/**");
+		http.csrf().ignoringAntMatchers("/v3/**");
           http.authorizeRequests().antMatchers("/carShop").permitAll();
           http.authorizeRequests().antMatchers("/checkout/**").hasAnyRole("USER");
           http.authorizeRequests().antMatchers("/users/**").hasAnyRole("USER");
           http.authorizeRequests().antMatchers("/admin/**").hasAnyRole("ADMIN");
 
 
-          http.authorizeRequests().anyRequest().authenticated();
+		http.authorizeRequests().anyRequest().authenticated();
 
           http.formLogin().loginPage("/login");
           http.formLogin().usernameParameter("username");
 
@@ -0,0 +1,56 @@
+	package webapp8.webandtech.security.jwt;
+
+public class AuthResponse {
+
+	private Status status;
+	private String message;
+	private String error;
+
+	public enum Status {
+		SUCCESS, FAILURE
+	}
+
+	public AuthResponse() {
+	}
+
+	public AuthResponse(Status status, String message) {
+		this.status = status;
+		this.message = message;
+	}
+
+	public AuthResponse(Status status, String message, String error) {
+		this.status = status;
+		this.message = message;
+		this.error = error;
+	}
+
+	public Status getStatus() {
+		return status;
+	}
+
+	public void setStatus(Status status) {
+		this.status = status;
+	}
+
+	public String getMessage() {
+		return message;
+	}
+
+	public void setMessage(String message) {
+		this.message = message;
+	}
+
+	public String getError() {
+		return error;
+	}
+
+	public void setError(String error) {
+		this.error = error;
+	}
+
+	@Override
+	public String toString() {
+		return "LoginResponse [status=" + status + ", message=" + message + ", error=" + error + "]";
+	}
+
+}
@@ -0,0 +1,27 @@
+package webapp8.webandtech.security.jwt;
+
+import org.springframework.http.HttpCookie;
+import org.springframework.http.ResponseCookie;
+import org.springframework.stereotype.Component;
+
+@Component
+public class JwtCookieManager {
+
+	public static final String ACCESS_TOKEN_COOKIE_NAME = "AuthToken";
+	public static final String REFRESH_TOKEN_COOKIE_NAME = "RefreshToken";
+
+	public HttpCookie createAccessTokenCookie(String token, Long duration) {
+		String encryptedToken = SecurityCipher.encrypt(token);
+		return ResponseCookie.from(ACCESS_TOKEN_COOKIE_NAME, encryptedToken).maxAge(-1).httpOnly(true).path("/").build();
+	}
+
+	public HttpCookie createRefreshTokenCookie(String token, Long duration) {
+		String encryptedToken = SecurityCipher.encrypt(token);
+		return ResponseCookie.from(REFRESH_TOKEN_COOKIE_NAME, encryptedToken).maxAge(-1).httpOnly(true).path("/").build();
+	}
+
+	public HttpCookie deleteAccessTokenCookie() {
+		return ResponseCookie.from(ACCESS_TOKEN_COOKIE_NAME, "").maxAge(0).httpOnly(true).path("/").build();
+	}
+
+}
@@ -0,0 +1,106 @@
+package webapp8.webandtech.security.jwt;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Component
+public class JwtRequestFilter extends OncePerRequestFilter {
+	
+	private static final Logger LOG = LoggerFactory.getLogger(JwtRequestFilter.class);
+
+	@Autowired
+	private UserDetailsService userDetailsService;
+
+	@Autowired
+	private JwtTokenProvider jwtTokenProvider;
+
+	@Override
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+			FilterChain filterChain) throws ServletException, IOException {
+
+		try {
+			String token = getJwtToken(request, true);
+			
+			if (StringUtils.hasText(token) && jwtTokenProvider.validateToken(token)) {
+				
+				String username = jwtTokenProvider.getUsername(token);
+				
+				UserDetails userDetails = userDetailsService.loadUserByUsername(username);
+				
+				UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
+						userDetails, null, userDetails.getAuthorities());
+				
+				authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+				
+				SecurityContextHolder.getContext().setAuthentication(authentication);
+			}
+		} catch (Exception ex) {
+			LOG.error("Exception processing JWT Token",ex);
+		}
+
+		filterChain.doFilter(request, response);
+	}	
+
+	private String getJwtToken(HttpServletRequest request, boolean fromCookie) {
+		
+		if (fromCookie) {
+			return getJwtFromCookie(request);
+		} else {
+			return getJwtFromRequest(request);
+		}
+	}
+
+	private String getJwtFromRequest(HttpServletRequest request) {
+		
+		String bearerToken = request.getHeader("Authorization");
+		
+		if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
+		
+			String accessToken = bearerToken.substring(7);
+			if (accessToken == null) {
+				return null;
+			}
+
+			return SecurityCipher.decrypt(accessToken);
+		}
+		return null;
+	}
+
+	private String getJwtFromCookie(HttpServletRequest request) {
+		
+		Cookie[] cookies = request.getCookies();
+		
+		if (cookies == null) {
+			return "";
+		}
+		
+		for (Cookie cookie : cookies) {
+			if (JwtCookieManager.ACCESS_TOKEN_COOKIE_NAME.equals(cookie.getName())) {
+				String accessToken = cookie.getValue();
+				if (accessToken == null) {
+					return null;
+				}
+
+				return SecurityCipher.decrypt(accessToken);
+			}
+		}
+		return null;
+	}
+}