Added new requests

build.gradle

@@ -32,6 +32,9 @@ dependencies {
     annotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    testImplementation 'org.springframework.security:spring-security-test'
+    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.5'
 }
 
 tasks.named('test') {

src/main/java/com/indexzero/finals/config/SecurityConfig.java

@@ -0,0 +1,59 @@
+package com.indexzero.finals.config;
+
+import com.indexzero.finals.service.impl.UserDetailsServiceImpl;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+import static org.springframework.boot.autoconfigure.security.servlet.PathRequest.toH2Console;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Autowired
+    private UserDetailsServiceImpl userDetailsService;
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests((authorize) -> authorize
+                        .requestMatchers("/v3/api-docs/**").permitAll()
+                        .requestMatchers("/api/employee/login").authenticated()
+                        .requestMatchers("/api/employee/profile").authenticated()
+                        .anyRequest().authenticated()
+                )
+                .httpBasic(Customizer.withDefaults()).csrf(csrf -> csrf
+                        .ignoringRequestMatchers(toH2Console())
+                        .disable()).headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable));
+
+
+
+
+        return http.build();
+    }
+
+    @Bean
+    public AuthenticationProvider authenticationProvider(){
+        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+        provider.setUserDetailsService(userDetailsService);
+        provider.setPasswordEncoder(passwordEncoder());
+        return provider;
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+}

src/main/java/com/indexzero/finals/controller/EmployeeController.java

@@ -1,5 +1,6 @@
 package com.indexzero.finals.controller;
 
+import com.indexzero.finals.dto.EmployeeDTO;
 import com.indexzero.finals.entity.Code;
 import com.indexzero.finals.entity.Employee;
 import com.indexzero.finals.entity.Visit;
@@ -8,39 +9,34 @@ import com.indexzero.finals.repository.EmployeeRepository;
 import com.indexzero.finals.repository.VisitRepository;
 import com.indexzero.finals.service.EmployeeService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
 
 
 @RestController
-@RequestMapping("/api")
+@RequestMapping("/api/employee")
 public class EmployeeController {
-    @Autowired
-    EmployeeRepository employeeRepository;
-
-    @Autowired
-    CodeRepository codeRepository;
 
     @Autowired
     EmployeeService employeeService;
 
-    @Autowired
+    @PostMapping("/login")
-    VisitRepository visitRepository;
+    public ResponseEntity<Object> login() {
-
+        return new ResponseEntity(HttpStatus.OK);
-    @GetMapping("/{login}/auth")
-    public ResponseEntity<Object> Auth(@PathVariable String login) {
-        return employeeService.checkIfUserExists(login);
     }
 
-    @GetMapping("/{login}/info")
+    @PostMapping("/profile")
-    public ResponseEntity<Employee> getInfo(@PathVariable String login) {
+    public ResponseEntity<EmployeeDTO> getInfo() {
-        return employeeService.getUserInfo(login);
+        return employeeService.getUserInfo(SecurityContextHolder.getContext().getAuthentication());
     }
 
-    @PatchMapping("/{login}/open")
+    @PatchMapping("/open")
-    public ResponseEntity<Object> Open(@RequestParam Long code, @PathVariable String login) {
+    public ResponseEntity<Object> Open(@RequestParam Long code) {
-        return employeeService.openTheDoor(login, code);
+        return employeeService.openTheDoor(code, SecurityContextHolder.getContext().getAuthentication());
     }
+
 }

src/main/java/com/indexzero/finals/dto/EmployeeDTO.java

@@ -0,0 +1,13 @@
+package com.indexzero.finals.dto;
+
+import lombok.Data;
+
+@Data
+public class EmployeeDTO {
+    private long id;
+    private String login;
+    private String name;
+    private String authority;
+    private String position;
+    private String photoUrl;
+}

src/main/java/com/indexzero/finals/entity/Authority.java

@@ -2,11 +2,14 @@ package com.indexzero.finals.entity;
 
 import jakarta.persistence.*;
 import lombok.Data;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.io.Serializable;
 
 @Entity
 @Data
 @Table(name = "authority")
-public class Authority {
+public class Authority implements GrantedAuthority {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     @Column(name = "id", nullable = false)

src/main/java/com/indexzero/finals/entity/Employee.java

@@ -5,6 +5,9 @@ import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.io.Serializable;
 import java.time.LocalDateTime;
 import java.util.List;
 import java.util.Set;
@@ -14,7 +17,7 @@ import java.util.Set;
 @Builder
 @NoArgsConstructor
 @AllArgsConstructor
-public class Employee {
+public class Employee implements UserDetails {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     @Column(name = "id", nullable = false)
@@ -41,4 +44,8 @@ public class Employee {
     @OneToMany(mappedBy = "id")
     List<Visit> visits;
 
+    @Override
+    public String getUsername() {
+        return this.login;
+    }
 }

src/main/java/com/indexzero/finals/entity/Visit.java

@@ -4,6 +4,7 @@ import jakarta.persistence.*;
 import lombok.Data;
 import org.apache.catalina.User;
 
+import java.time.LocalDateTime;
 import java.util.Date;
 import java.util.List;
 
@@ -16,7 +17,7 @@ public class Visit {
     private long id;
 
     @Column(name = "visit_time")
-    private Date visitTime;
+    private LocalDateTime visitTime;
 
     @Column(name = "type")
     private String type;

src/main/java/com/indexzero/finals/repository/CodeRepository.java

@@ -5,4 +5,5 @@ import org.springframework.data.jpa.repository.JpaRepository;
 
 public interface CodeRepository extends JpaRepository<Code, Long> {
     boolean existsByValue(Long value);
+    Code findByValue(Long code);
 }

src/main/java/com/indexzero/finals/service/EmployeeService.java

@@ -1,10 +1,13 @@
 package com.indexzero.finals.service;
 
+import com.indexzero.finals.dto.EmployeeDTO;
 import com.indexzero.finals.entity.Employee;
+import org.apache.catalina.User;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
 
 public interface EmployeeService {
     ResponseEntity<Object> checkIfUserExists(String login);
-    ResponseEntity<Employee> getUserInfo(String login);
+    ResponseEntity<EmployeeDTO> getUserInfo(Authentication auth);
-    ResponseEntity<Object> openTheDoor(String login, Long code);
+    ResponseEntity<Object> openTheDoor(Long code, Authentication auth);
 }

src/main/java/com/indexzero/finals/service/impl/EmployeeServiceImpl.java

@@ -1,16 +1,21 @@
 package com.indexzero.finals.service.impl;
 
+import com.indexzero.finals.dto.EmployeeDTO;
 import com.indexzero.finals.entity.Employee;
+import com.indexzero.finals.entity.Visit;
 import com.indexzero.finals.repository.CodeRepository;
 import com.indexzero.finals.repository.EmployeeRepository;
 import com.indexzero.finals.service.EmployeeService;
+import com.indexzero.finals.util.EmployeeMapper;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Service;
 
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
+import java.util.List;
 
 @Service
 public class EmployeeServiceImpl implements EmployeeService {
@@ -33,29 +38,28 @@ public class EmployeeServiceImpl implements EmployeeService {
             return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
         }
     }
-    public ResponseEntity<Employee> getUserInfo(String login) {
+
+    @Override
+    public ResponseEntity<EmployeeDTO> getUserInfo(Authentication auth) {
+        return new ResponseEntity<>(EmployeeMapper.convertToDTO(employeeRepository.findByLogin(auth.getName())), HttpStatus.OK);
+    }
+
+    public ResponseEntity<Object> openTheDoor(Long code, Authentication auth) {
         try {
-            if (employeeRepository.existsByLogin(login)) {
+            if(codeRepository.findByValue(code).isActive()) {
-                return new ResponseEntity<>(employeeRepository.findByLogin(login), HttpStatus.OK);
-            }
-            else {
-                return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
-            }
-        }
-        catch(Exception e) {
-            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
-        }
-    }
-    public ResponseEntity<Object> openTheDoor(String login, Long code) {
-        try {
-            if(employeeRepository.existsByLogin(login)) {
                 if (codeRepository.existsByValue(Long.valueOf(code))) {
-                    Employee employee = employeeRepository.findByLogin(login);
+                    Employee employee = employeeRepository.findByLogin(auth.getName());
+
+                    Visit visit = new Visit();
 
                     LocalDateTime time = LocalDateTime.now();
-                    String formatted = time.format(DateTimeFormatter.ISO_LOCAL_DATE_TIME);
+                    visit.setVisitTime(LocalDateTime.now());
-                    formatted = formatted.split("\\.")[0];
+                    visit.setType("smartphone");
-                    // employee.setLastVisit(LocalDateTime.parse(formatted));
+
+                    List<Visit> v = employee.getVisits();
+                    v.add(visit);
+
+                    employee.setVisits(v);
 
                     employeeRepository.save(employee);
                     return new ResponseEntity<>(HttpStatus.OK);

src/main/java/com/indexzero/finals/service/impl/UserDetailsServiceImpl.java

@@ -0,0 +1,20 @@
+package com.indexzero.finals.service.impl;
+
+import com.indexzero.finals.repository.EmployeeRepository;
+import com.indexzero.finals.service.EmployeeService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service
+public class UserDetailsServiceImpl implements UserDetailsService {
+    @Autowired
+    private EmployeeRepository employeeRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        return employeeRepository.findByLogin(username);
+    }
+}

src/main/java/com/indexzero/finals/util/EmployeeMapper.java

@@ -0,0 +1,19 @@
+package com.indexzero.finals.util;
+
+import com.indexzero.finals.dto.EmployeeDTO;
+import com.indexzero.finals.entity.Employee;
+import lombok.experimental.UtilityClass;
+
+@UtilityClass
+public class EmployeeMapper {
+    public static EmployeeDTO convertToDTO(Employee user) {
+        EmployeeDTO employeeDTO = new EmployeeDTO();
+        employeeDTO.setId(user.getId());
+        employeeDTO.setLogin(user.getLogin());
+        employeeDTO.setAuthority(user.getAuthorities().iterator().next().getAuthority());
+        employeeDTO.setName(user.getName());
+        employeeDTO.setPosition(user.getPosition());
+        employeeDTO.setPhotoUrl(user.getPhotoUrl());
+        return employeeDTO;
+    }
+}