Merge pull request kaakaww#18 from kaakaww/feature/SCAN-251-add-hidden-routes

SCAN-252 - added in some hidden routes for seed paths

Author: d-co-white

db/vulny.mv.db

@@ -4,15 +4,15 @@
 import java.util.stream.Stream;
 
 import hawk.entity.Item;
+import hawk.entity.User;
 import hawk.repos.ItemRepo;
-import hawk.repos.ItemsRepo;
+import hawk.repos.UserRepo;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
-import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 
 @SpringBootApplication
 public class Application {
@@ -25,7 +25,7 @@ public static void main(String[] args) {
     private String dbUrl;
 
     @Bean
-    public CommandLineRunner commandLineRunner(ApplicationContext ctx, ItemRepo repo) {
+    public CommandLineRunner commandLineRunner(ApplicationContext ctx, ItemRepo repo, UserRepo userRepo) {
 
 
         return args -> {
@@ -55,6 +55,20 @@ public CommandLineRunner commandLineRunner(ApplicationContext ctx, ItemRepo repo
                 repo.findAll().forEach(item -> System.out.println(String.format("item: %s", item.getName())));
             }
 
+            System.out.println(String.format("Users in DB %d", userRepo.count()));
+
+            if (userRepo.count() == 0) {
+                userRepo.findAll().forEach(item -> System.out.println(String.format("item: %s", item.getName())));
+
+                Stream.of(1, 2, 3).forEach(i -> {
+                    System.out.println(String.format("Adding item%d", i));
+                    userRepo.save(new User(String.format("user%d", i), String.format("we have the best users, users%d", i)));
+                });
+
+                System.out.println(String.format("Items in DB %d", userRepo.count()));
+                userRepo.findAll().forEach(item -> System.out.println(String.format("item: %s", item.getName())));
+            }
+
         };
     }
 

src/main/java/hawk/Application.java

@@ -1,6 +1,7 @@
 package hawk;
 
 import hawk.service.SearchService;
+import hawk.service.UserService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
@@ -14,5 +15,7 @@ public class Config implements WebMvcConfigurer {
     public SearchService searchService(){
         return new SearchService();
     }
+    @Bean
+    public UserService userService() { return new UserService(); }
 
 }

src/main/java/hawk/Config.java

@@ -134,7 +134,9 @@ protected void configure(HttpSecurity http) throws Exception {
                                 "/openapi.yaml",
                                 "/swagger-ui/**",
                                 "/swagger-ui.html",
-                                "/log4j"
+                                "/log4j",
+                                "/hidden",
+                                "/hidden/*"
                         ).permitAll()
                         .anyRequest().authenticated()
                     .and()

src/main/java/hawk/MultiHttpSecurityConfig.java

@@ -0,0 +1,35 @@
+package hawk.api.jwt;
+
+import hawk.form.Search;
+import hawk.service.SearchService;
+import hawk.service.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/jwt/users")
+public class JwtUserController {
+
+    private final UserService userService;
+
+    @Autowired
+    public JwtUserController(UserService userService) {
+        this.userService = userService;
+    }
+
+    @GetMapping("/search/")
+    public ResponseEntity searchAll() {
+        Search search = new Search("");
+        return ResponseEntity.ok(userService.search(search));
+    }
+
+    @GetMapping("/search/{text}")
+    public ResponseEntity search(@PathVariable("text") String text) {
+        Search search = new Search(text);
+        return ResponseEntity.ok(userService.search(search));
+    }
+}

src/main/java/hawk/api/jwt/JwtUserController.java

@@ -0,0 +1,54 @@
+package hawk.controller;
+
+import hawk.entity.Item;
+import hawk.form.Search;
+import hawk.service.SearchService;
+import hawk.service.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import java.util.List;
+
+@Controller
+public class AdminController {
+    @Autowired
+    UserService userService;
+
+    @GetMapping("/admin")
+    public String index(Model model) {
+        model.addAttribute("title", "Admin");
+        return "admin";
+    }
+
+    @GetMapping("/admin/users")
+    public String users(Model model) {
+        model.addAttribute("title", "Users");
+        return "users";
+    }
+
+    @GetMapping("/admin/companies")
+    public String companies(Model model) {
+        model.addAttribute("title", "Companies");
+        return "companies";
+    }
+
+    @GetMapping( "/admin/search")
+    public String searchForm(Model model) {
+        model.addAttribute("search", new Search());
+        model.addAttribute("title", "User Search");
+        return "user-search";
+    }
+
+    @PostMapping( "/admin/search")
+    public String searchSubmit(@ModelAttribute Search search, Model model) {
+        List<Item> users = userService.search(search);
+        model.addAttribute("users", users);
+        model.addAttribute("search", search);
+        model.addAttribute("title", "User Search");
+        return "user-search";
+    }
+}

src/main/java/hawk/controller/AdminController.java

@@ -0,0 +1,21 @@
+package hawk.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+public class HiddenController {
+
+    @GetMapping("/hidden")
+    public String index(Model model) {
+        model.addAttribute("title", "Hidden Page");
+        return "hidden";
+    }
+
+    @GetMapping("/hidden/hidden2")
+    public String jwtAuth(Model model) {
+        model.addAttribute("title", "Rando hidden page");
+        return "hidden2";
+    }
+}

src/main/java/hawk/controller/HiddenController.java

@@ -27,7 +27,7 @@ public class PayloadController {
     @Value("${payload.count:10}")
     private int payloadCount = 20;
 
-    @GetMapping("/payload/{size}")
+    @GetMapping(value={"/payload/{size}","/admin/payload/{size}"})
     public String getPayload(Model model,
                              @PathVariable("size") Integer size) {
 
@@ -42,7 +42,7 @@ public String getPayload(Model model,
         return "payload-view";
     }
 
-    @GetMapping("/payloads")
+    @GetMapping(value={"/payloads", "/admin/payloads"})
     public String getPayloadsList(Model model){
         Integer[] payloadSizes = new Integer[payloadCount];
 
@@ -54,7 +54,7 @@ public String getPayloadsList(Model model){
         return "payloads";
     }
 
-    @GetMapping("/payload/stream/{size}")
+    @GetMapping(value={"/payload/stream/{size}", "/admin/payload/stream/{size}"})
     public StreamingResponseBody getPayloadStream(@PathVariable("size") Integer size) {
         String tmpData = "mobile: 555-678-5343 ";
 

src/main/java/hawk/controller/PayloadController.java

@@ -0,0 +1,40 @@
+package hawk.entity;
+
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+
+@Entity
+public class User {
+    @Id
+    @GeneratedValue(strategy= GenerationType.AUTO)
+    private Long id;
+    private String name;
+    private String description;
+
+    protected User() {}
+
+    public User(Long id, String name, String description) {
+        this(name, description);
+        this.id = id;
+    }
+
+    public User(String name, String description) {
+        this.name = name;
+        this.description = description;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+}

src/main/java/hawk/entity/User.java

@@ -0,0 +1,7 @@
+package hawk.repos;
+
+import hawk.entity.User;
+import org.springframework.data.repository.CrudRepository;
+
+public interface UserRepo extends CrudRepository<User, Long> {
+}