Нормализованы методы под basic авторизацию. Но все еще без ролей

2025-02-19 17:25:15 +03:00 · 2025-02-19 17:25:15 +03:00 · fd63fd182f
commit fd63fd182f
parent 99d6c53b90
8 changed files with 24 additions and 17 deletions
--- a/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java
+++ b/src/main/java/com/example/onomatopoeiaback/controller/EmployeeController.java
@ -5,12 +5,14 @@ import com.example.onomatopoeiaback.domain.employee.Employee;
 import com.example.onomatopoeiaback.domain.employee.EmployeeDTO;
 import com.example.onomatopoeiaback.domain.visit.Visit;
 import com.example.onomatopoeiaback.domain.visit.VisitDTO;
+import com.example.onomatopoeiaback.security.Auth;
 import com.example.onomatopoeiaback.service.EmployeeService;
 import com.example.onomatopoeiaback.service.VisitService;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;

 import java.util.List;
@ -28,27 +30,27 @@ public class EmployeeController {

    @PostMapping("/create")
    @SecurityRequirement(name = "basicAuth")
-    public ResponseEntity<Employee> createEmployee(@RequestBody EmployeeDTO employeeDTO) {
+    public ResponseEntity<Employee> createEmployee(Authentication authentication, @RequestBody EmployeeDTO employeeDTO) {
        return ResponseEntity.ok(employeeService.createEmployee(employeeDTO));
    }

-    @GetMapping("/{username}/info")
+    @GetMapping("/info")
    @SecurityRequirement(name = "basicAuth")
-    public ResponseEntity<Employee> info(@PathVariable String username) {
-        return ResponseEntity.ok(employeeService.info(username));
+    public ResponseEntity<Employee> info(Authentication authentication) {
+        return ResponseEntity.ok(employeeService.info(Auth.getEmployee(authentication).getLogin()));
    }

-    @GetMapping("/{username}/auth")
+    @GetMapping("/auth")
    @SecurityRequirement(name = "basicAuth")
-    public ResponseEntity<Visit> auth(@PathVariable String username) {
-        employeeService.auth(username);
+    public ResponseEntity<Visit> auth(Authentication authentication) {
+        employeeService.auth(Auth.getEmployee(authentication).getLogin());
        return new ResponseEntity<>(HttpStatus.OK);
    }

-    @PatchMapping("/{username}/open")
+    @PatchMapping("/open")
    @SecurityRequirement(name = "basicAuth")
-        public ResponseEntity<Visit> open(@PathVariable String username, @RequestBody VisitDTO visitDTO) {
-        visitService.register(username, visitDTO);
+        public ResponseEntity<Visit> open(Authentication authentication, @RequestBody VisitDTO visitDTO) {
+        visitService.register(Auth.getEmployee(authentication).getLogin(), visitDTO);
        return new ResponseEntity<>(HttpStatus.OK);
    }
 }
--- a/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java
+++ b/src/main/java/com/example/onomatopoeiaback/controller/QrCodeController.java
@ -24,7 +24,6 @@ public class QrCodeController {
    @PostMapping("/create")
    @SecurityRequirement(name = "basicAuth")
    public ResponseEntity<QrCode> createQrCode(Authentication authentication, @RequestParam String name) {
-        Auth.getEmployee(authentication);
        return ResponseEntity.ok(qrCodeService.createQrCode(name));
    }
 }
--- a/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java
+++ b/src/main/java/com/example/onomatopoeiaback/controller/VisitController.java
@ -6,6 +6,7 @@ import com.example.onomatopoeiaback.service.VisitService;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import org.springframework.data.domain.Page;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;

 import java.util.List;
@ -22,6 +23,7 @@ public class VisitController {
    @GetMapping("/{login}/visits")
    @SecurityRequirement(name = "basicAuth")
    public ResponseEntity<Page<Visit>> getVisits(
+            Authentication authentication,
            @PathVariable String login,
            @RequestParam(defaultValue = "0") int page,
            @RequestParam(defaultValue = "10") int size) {
--- a/src/main/java/com/example/onomatopoeiaback/security/CustomAuthenticationProvider.java
+++ b/src/main/java/com/example/onomatopoeiaback/security/CustomAuthenticationProvider.java
@ -2,7 +2,6 @@ package com.example.onomatopoeiaback.security;

 import com.example.onomatopoeiaback.exceptions.BadRequestException;
 import com.example.onomatopoeiaback.exceptions.ForbiddenException;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
--- a/src/main/java/com/example/onomatopoeiaback/security/NoPopupBasicAuthenticationEntryPoint.java
+++ b/src/main/java/com/example/onomatopoeiaback/security/NoPopupBasicAuthenticationEntryPoint.java
@ -9,11 +9,13 @@ import org.springframework.security.web.AuthenticationEntryPoint;
 import java.io.IOException;

 public class NoPopupBasicAuthenticationEntryPoint implements AuthenticationEntryPoint {
-
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
-                         AuthenticationException authException) throws IOException {
-        response.sendError(HttpServletResponse.SC_FORBIDDEN, authException.getMessage());
+                         AuthenticationException authException) throws IOException, ServletException {
+        int statusCode = response.getStatus();
+        if (statusCode == 200) {
+            statusCode = HttpServletResponse.SC_FORBIDDEN;
+        }
+        response.sendError(statusCode, authException.getMessage());
    }
-
 }
--- a/src/main/java/com/example/onomatopoeiaback/security/SecurityConfig.java
+++ b/src/main/java/com/example/onomatopoeiaback/security/SecurityConfig.java
@ -8,8 +8,11 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;

@Configuration
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -10,4 +10,4 @@ spring.datasource.password=MobileDev
 spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.PostgreSQLDialect
 spring.jpa.hibernate.ddl-auto=update
 # set up https
-server.forward-headers-strategy=framework
+server.forward-headers-strategy=framework
--- a/src/main/resources/default-admin.sql
+++ b/src/main/resources/default-admin.sql