Skip to content

Commit 99bff32

Browse files
deniswsrosadeniswsrosa
authored
Merge pull request #57 from couchbase-examples/api-update-and-sql-injection
Api Endpoint updates and Prevent SQL inject attacks
2 parents 6e407bc + 5fa31b9 commit 99bff32

File tree

9 files changed

+193
-95
lines changed

9 files changed

+193
-95
lines changed

README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,12 @@ We will walk through the different steps required to get the application running
3131
git clone https://github.com/couchbase-examples/java-springboot-quickstart.git
3232
```
3333

34+
### Navigate to the Project Directory
35+
36+
```shell
37+
cd java-springboot-quickstart
38+
```
39+
3440
### Install Dependencies
3541

3642
The dependencies for the application are specified in the `pom.xml` file in the root folder. Dependencies can be installed through `mvn` the default package manager for Java.

src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java

Lines changed: 60 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,8 @@
22

33
import java.util.List;
44

5-
import jakarta.validation.Valid;
6-
75
import org.couchbase.quickstart.springboot.models.Airline;
86
import org.couchbase.quickstart.springboot.services.AirlineService;
9-
import org.springframework.context.annotation.Description;
107
import org.springframework.http.HttpStatus;
118
import org.springframework.http.ResponseEntity;
129
import org.springframework.web.bind.annotation.DeleteMapping;
@@ -23,6 +20,10 @@
2320
import com.couchbase.client.core.error.DocumentNotFoundException;
2421

2522
import io.swagger.v3.oas.annotations.Operation;
23+
import io.swagger.v3.oas.annotations.Parameter;
24+
import io.swagger.v3.oas.annotations.responses.ApiResponse;
25+
import io.swagger.v3.oas.annotations.responses.ApiResponses;
26+
import jakarta.validation.Valid;
2627
import lombok.extern.slf4j.Slf4j;
2728

2829
@RestController
@@ -41,9 +42,15 @@ public AirlineController(AirlineService airlineService) {
4142
private static final String DOCUMENT_NOT_FOUND = "Document Not Found";
4243

4344
@GetMapping("/{id}")
44-
@Operation(summary = "Get an airline by ID")
45-
@Description(value = "Get Airline by specified ID.\n\nThis provides an example of using Key Value operations in Couchbase to retrieve a document with a specified ID. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/master/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `getAirline`")
46-
public ResponseEntity<Airline> getAirline(@PathVariable String id) {
45+
@Operation(summary = "Get an airline by ID", description = "Get Airline by specified ID.\n\nThis provides an example of using Key Value operations in Couchbase to retrieve a document with a specified ID. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/main/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `getAirline`", tags = {
46+
"Airline" })
47+
@ApiResponses(value = {
48+
@ApiResponse(responseCode = "200", description = "Airline found"),
49+
@ApiResponse(responseCode = "404", description = "Airline not found"),
50+
@ApiResponse(responseCode = "500", description = "Internal Server Error")
51+
})
52+
@Parameter(name = "id", description = "Airline ID", required = true, example = "airline_10")
53+
public ResponseEntity<Airline> getAirline(@PathVariable(required = true) String id) {
4754
try {
4855
Airline airline = airlineService.getAirlineById(id);
4956
if (airline != null) {
@@ -62,8 +69,14 @@ public ResponseEntity<Airline> getAirline(@PathVariable String id) {
6269
}
6370

6471
@PostMapping("/{id}")
65-
@Operation(summary = "Create an airline")
66-
@Description(value = "Create Airport with specified ID.\n\nThis provides an example of using Key Value operations in Couchbase to create a new document with a specified ID. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/master/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `createAirline`")
72+
@Operation(summary = "Create an airline", description = "Create Airport with specified ID.\n\nThis provides an example of using Key Value operations in Couchbase to create a new document with a specified ID. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/main/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `createAirline`", tags = {
73+
"Airline" })
74+
@ApiResponses(value = {
75+
@ApiResponse(responseCode = "201", description = "Airline created"),
76+
@ApiResponse(responseCode = "409", description = "Airline already exists"),
77+
@ApiResponse(responseCode = "500", description = "Internal Server Error")
78+
})
79+
@Parameter(name = "id", description = "Airline ID", required = true, example = "airline_10")
6780
public ResponseEntity<Airline> createAirline(@PathVariable String id, @Valid @RequestBody Airline airline) {
6881
try {
6982
Airline newAirline = airlineService.createAirline(airline);
@@ -79,8 +92,14 @@ public ResponseEntity<Airline> createAirline(@PathVariable String id, @Valid @Re
7992
}
8093

8194
@PutMapping("/{id}")
82-
@Operation(summary = "Update an airline")
83-
@Description(value = "Update Airport with specified ID.\n\nThis provides an example of using Key Value operations in Couchbase to update a document with a specified ID. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/master/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `updateAirline`")
95+
@Operation(summary = "Update an airline", description = "Update Airport with specified ID.\n\nThis provides an example of using Key Value operations in Couchbase to update a document with a specified ID. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/main/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `updateAirline`", tags = {
96+
"Airline" })
97+
@ApiResponses(value = {
98+
@ApiResponse(responseCode = "200", description = "Airline updated"),
99+
@ApiResponse(responseCode = "404", description = "Airline not found"),
100+
@ApiResponse(responseCode = "500", description = "Internal Server Error")
101+
})
102+
@Parameter(name = "id", description = "Airline ID", required = true, example = "airline_10")
84103
public ResponseEntity<Airline> updateAirline(@PathVariable String id, @Valid @RequestBody Airline airline) {
85104
try {
86105
Airline updatedAirline = airlineService.updateAirline(id, airline);
@@ -99,8 +118,14 @@ public ResponseEntity<Airline> updateAirline(@PathVariable String id, @Valid @Re
99118
}
100119

101120
@DeleteMapping("/{id}")
102-
@Operation(summary = "Delete an airline")
103-
@Description(value = "Delete Airport with specified ID.\n\nThis provides an example of using Key Value operations in Couchbase to delete a document with a specified ID. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/master/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `deleteAirline`")
121+
@Operation(summary = "Delete an airline", description = "Delete Airport with specified ID.\n\nThis provides an example of using Key Value operations in Couchbase to delete a document with a specified ID. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/main/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `deleteAirline`", tags = {
122+
"Airline" })
123+
@ApiResponses(value = {
124+
@ApiResponse(responseCode = "204", description = "Airline deleted"),
125+
@ApiResponse(responseCode = "404", description = "Airline not found"),
126+
@ApiResponse(responseCode = "500", description = "Internal Server Error")
127+
})
128+
@Parameter(name = "id", description = "Airline ID", required = true, example = "airline_10")
104129
public ResponseEntity<Void> deleteAirline(@PathVariable String id) {
105130
try {
106131
airlineService.deleteAirline(id);
@@ -115,40 +140,40 @@ public ResponseEntity<Void> deleteAirline(@PathVariable String id) {
115140
}
116141

117142
@GetMapping("/list")
118-
@Operation(summary = "List all airlines")
119-
@Description(value = "List all Airports.\n\nThis provides an example of using N1QL to query all documents of a specific type. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/master/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `listAirlines`")
120-
public ResponseEntity<List<Airline>> listAirlines(
143+
@Operation(summary = "List all airlines by country", description = "List all Airports by country.\n\nThis provides an example of using N1QL to query all documents of a specific type by a specific field. \n\n Code: `controllers/AirlineController.java` \n File: `AirlineController.java` \n Method: `listAirlinesByCountry`", tags = {
144+
"Airline" })
145+
@ApiResponses(value = {
146+
@ApiResponse(responseCode = "200", description = "Airlines found"),
147+
@ApiResponse(responseCode = "500", description = "Internal Server Error")
148+
})
149+
@Parameter(name = "country", description = "Country", required = false, example = "United States")
150+
public ResponseEntity<List<Airline>> listAirlinesByCountry(@RequestParam(required = false) String country,
121151
@RequestParam(defaultValue = "10") int limit,
122152
@RequestParam(defaultValue = "0") int offset) {
123153
try {
124-
List<Airline> airlines = airlineService.listAirlines(limit, offset);
125-
return new ResponseEntity<>(airlines, HttpStatus.OK);
126-
} catch (Exception e) {
127-
log.error(INTERNAL_SERVER_ERROR + ": " + e.getMessage());
128-
return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
129-
}
130-
}
131-
132-
@Operation(summary = "List all airlines by country")
133-
@GetMapping("/country/{country}")
134-
@Description(value = "List all Airports by country.\n\nThis provides an example of using N1QL to query all documents of a specific type by a specific field. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/master/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `listAirlinesByCountry`")
135-
public ResponseEntity<List<Airline>> listAirlinesByCountry(@PathVariable String country,
136-
@RequestParam(defaultValue = "10") int limit,
137-
@RequestParam(defaultValue = "0") int offset) {
138-
try {
139-
List<Airline> airlines = airlineService.listAirlinesByCountry(country, limit, offset);
154+
List<Airline> airlines;
155+
if (country == null || country.isEmpty()) {
156+
airlines = airlineService.listAirlines(limit, offset);
157+
} else {
158+
airlines = airlineService.listAirlinesByCountry(country, limit, offset);
159+
}
140160
return new ResponseEntity<>(airlines, HttpStatus.OK);
141161
} catch (Exception e) {
142162
log.error(INTERNAL_SERVER_ERROR + ": " + e.getMessage());
143163
return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
144164
}
145165
}
146166

147-
@Operation(summary = "List all airlines by destination airport")
148-
@GetMapping("/destination/{destinationAirport}")
149-
@Description(value = "List all Airports by destination airport.\n\nThis provides an example of using N1QL to query all documents of a specific type by a specific field. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/master/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `listAirlinesByDestinationAirport`")
167+
@GetMapping("/to-airport")
168+
@Operation(summary = "List all airlines by destination airport", description = "List all Airports by destination airport.\n\nThis provides an example of using N1QL to query all documents of a specific type by a specific field. \n\n Code: [`controllers/AirlineController.java`](https://github.com/couchbase-examples/java-springboot-quickstart/blob/main/src/main/java/org/couchbase/quickstart/springboot/controllers/AirlineController.java) \n File: `AirlineController.java` \n Method: `listAirlinesByDestinationAirport`", tags = {
169+
"Airline" })
170+
@ApiResponses(value = {
171+
@ApiResponse(responseCode = "200", description = "Airlines found"),
172+
@ApiResponse(responseCode = "500", description = "Internal Server Error")
173+
})
174+
@Parameter(name = "destinationAirport", description = "Destination Airport", required = true, example = "SFO")
150175
public ResponseEntity<List<Airline>> listAirlinesByDestinationAirport(
151-
@PathVariable String destinationAirport,
176+
@RequestParam(required = true) String destinationAirport,
152177
@RequestParam(defaultValue = "10") int limit,
153178
@RequestParam(defaultValue = "0") int offset) {
154179
try {

0 commit comments

Comments
 (0)