change db and update security

2025-02-19 18:29:21 +03:00 · 2025-02-19 18:29:21 +03:00 · 168775e880
commit 168775e880
parent 22e2bbe932
8 changed files with 71 additions and 14 deletions
--- a/pom.xml
+++ b/pom.xml
@ -52,6 +52,10 @@
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
    </dependencies>

 </project>
--- a/src/main/java/com/example/nto/config/SecurityConfig.java
+++ b/src/main/java/com/example/nto/config/SecurityConfig.java
@ -0,0 +1,29 @@
+package com.example.nto.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+@EnableWebSecurity
+@Configuration
+public class SecurityConfig {
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder(13);
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+        .csrf().disable()
+        .authorizeRequests()
+                .antMatchers("/api/auth").permitAll()
+                .antMatchers("/api/info").hasRole("Admin")
+                .antMatchers("/api/open").authenticated()
+        .anyRequest().authenticated();
+        return http.build();
+    }
+}
--- a/src/main/java/com/example/nto/controller/EmployeeController.java
+++ b/src/main/java/com/example/nto/controller/EmployeeController.java
@ -14,21 +14,21 @@ import org.springframework.web.bind.annotation.*;
 public class EmployeeController {
    private final EmployeeService employeeService;

-    @GetMapping("{login}/auth")
+    @GetMapping("/auth")
    @ResponseStatus(HttpStatus.OK)
-    public void auth(@PathVariable String login) {
-        employeeService.getEmployee(login);
+    public void auth(@RequestBody String login, @RequestBody String password) {
+        employeeService.checkEmployee(login, password);
    }

-    @GetMapping("{login}/info")
+    @GetMapping("/info")
    @ResponseStatus(HttpStatus.OK)
-    public Employee info(@PathVariable String login) {
+    public Employee info(@RequestBody String login) {
        return employeeService.getEmployee(login);
    }

-    @PatchMapping("{login}/open")
+    @PatchMapping("/open")
    @ResponseStatus(HttpStatus.OK)
-    public void open(@PathVariable String login, @RequestBody Code code) {
+    public void open(@RequestBody String login, @RequestBody Code code) {
        employeeService.open(login, code);
    }
 }
--- a/src/main/java/com/example/nto/entity/Employee.java
+++ b/src/main/java/com/example/nto/entity/Employee.java
@ -20,6 +20,10 @@ public class Employee {
    private long id;
    @Column(name = "login")
    private String login;
+    @Column(name = "password")
+    private String password;
+    @Column(name = "isAdmin")
+    private Boolean isAdmin;
    @Column(name = "name")
    private String name;
    @Column(name = "photo")
--- a/src/main/java/com/example/nto/service/EmployeeService.java
+++ b/src/main/java/com/example/nto/service/EmployeeService.java
@ -6,5 +6,6 @@ import javassist.tools.web.BadHttpRequest;

 public interface EmployeeService {
    Employee getEmployee(String login);
+    void checkEmployee(String login, String password);
    void open(String login, Code code);
 }
--- a/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
+++ b/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
@ -11,6 +11,7 @@ import javassist.tools.web.BadHttpRequest;
 import lombok.AllArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.web.bind.annotation.ResponseStatus;

@ -21,17 +22,26 @@ import java.util.List;
 public class EmployeeServiceImpl implements EmployeeService {
    private final CodeRepository codeRepository;
    private final EmployeeRepository employeeRepository;
+    private final BCryptPasswordEncoder bCryptPasswordEncoder;

    @Override
    public Employee getEmployee(String login) throws NoSuchEmployeeException {
        List<Employee> employee = employeeRepository.findByLogin(login);
        if (employee.isEmpty()) {
-            throw new NoSuchEmployeeException("логина не существует или неверный");
+            throw new NoSuchEmployeeException("Неверный логин или пароль");
        } else {
            return employee.get(0);
        }
    }

+    @Override
+    public void checkEmployee(String login, String password) throws NoSuchEmployeeException{
+        Employee employee = this.getEmployee(login);
+        if(!(bCryptPasswordEncoder.matches(password, employee.getPassword()))) {
+            throw new NoSuchEmployeeException("Неверный логин или пароль");
+        }
+    }
+
    @Override
    public void open(String login, Code code) {
        getEmployee(login);
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -1,4 +1,6 @@
 spring:
+  port: 8080
+  # 10.6.66.117

  datasource:
    url: jdbc:h2:mem:testdb
@ -25,4 +27,11 @@ spring:
  spring-doc:
    swagger-ui:
      path: /swagger-ui.html
-      operationsSorter: method
+      operationsSorter: method
+
+  security:
+    basic:
+      enable: false
+    user:
+      name: root
+      password: root
--- a/src/main/resources/data.sql
+++ b/src/main/resources/data.sql
@ -1,9 +1,9 @@
-INSERT INTO employee (id, login, name, photo, position, last_visit)
+INSERT INTO employee (id, login, password, name, photo, position, last_visit, is_admin)
 VALUES
-(1, 'pivanov', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30'),
-(2, 'ipetrov', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35'),
-(3, 'asemenov', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31'),
-(4, 'afedorov', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36');
+(1, 'pivanov', '$2a$13$XIDSGI7yCy8w4U2UlMVoQeTbQ18EQR.Pm1PExrGq4JkW5wDwdnu26', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30', false),
+(2, 'ipetrov', '$2a$13$Fpi5mPSNgz.PAeKXmHYBEuutZBgmNdM4fHJFGJbh2AtpLrSmsm2yO', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35', false),
+(3, 'asemenov', '$2a$13$qjWp94aryBy4nJwYZkgN5uwj6VlU76f1OjezyeVunkwVMAVvvtUGG', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31', true),
+(4, 'afedorov', '$2a$13$sKN9jIo/xvGo37YuUUpHkO03yrmODw1PvFRytxu.i.QxLqLR7O7q6', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36', true);

 INSERT INTO code (value)
 VALUES