From 168775e88070851bf1a6efd50904aa7e1bf67e39 Mon Sep 17 00:00:00 2001
From: Oqisu_req <rojok3001@gmail.com>
Date: Wed, 19 Feb 2025 18:29:21 +0300
Subject: [PATCH] change db and update security

---
 pom.xml                                       |  4 +++
 .../example/nto/config/SecurityConfig.java    | 29 +++++++++++++++++++
 .../nto/controller/EmployeeController.java    | 14 ++++-----
 .../java/com/example/nto/entity/Employee.java |  4 +++
 .../example/nto/service/EmployeeService.java  |  1 +
 .../nto/service/impl/EmployeeServiceImpl.java | 12 +++++++-
 src/main/resources/application.yml            | 11 ++++++-
 src/main/resources/data.sql                   | 10 +++----
 8 files changed, 71 insertions(+), 14 deletions(-)
 create mode 100644 src/main/java/com/example/nto/config/SecurityConfig.java

diff --git a/pom.xml b/pom.xml
index 88282ee..85d913d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -52,6 +52,10 @@
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
     </dependencies>
 
 </project>
\ No newline at end of file
diff --git a/src/main/java/com/example/nto/config/SecurityConfig.java b/src/main/java/com/example/nto/config/SecurityConfig.java
new file mode 100644
index 0000000..8eff956
--- /dev/null
+++ b/src/main/java/com/example/nto/config/SecurityConfig.java
@@ -0,0 +1,29 @@
+package com.example.nto.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+@EnableWebSecurity
+@Configuration
+public class SecurityConfig {
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder(13);
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+        .csrf().disable()
+        .authorizeRequests()
+                .antMatchers("/api/auth").permitAll()
+                .antMatchers("/api/info").hasRole("Admin")
+                .antMatchers("/api/open").authenticated()
+        .anyRequest().authenticated();
+        return http.build();
+    }
+}
diff --git a/src/main/java/com/example/nto/controller/EmployeeController.java b/src/main/java/com/example/nto/controller/EmployeeController.java
index 0c5584b..30ed598 100644
--- a/src/main/java/com/example/nto/controller/EmployeeController.java
+++ b/src/main/java/com/example/nto/controller/EmployeeController.java
@@ -14,21 +14,21 @@ import org.springframework.web.bind.annotation.*;
 public class EmployeeController {
     private final EmployeeService employeeService;
 
-    @GetMapping("{login}/auth")
+    @GetMapping("/auth")
     @ResponseStatus(HttpStatus.OK)
-    public void auth(@PathVariable String login) {
-        employeeService.getEmployee(login);
+    public void auth(@RequestBody String login, @RequestBody String password) {
+        employeeService.checkEmployee(login, password);
     }
 
-    @GetMapping("{login}/info")
+    @GetMapping("/info")
     @ResponseStatus(HttpStatus.OK)
-    public Employee info(@PathVariable String login) {
+    public Employee info(@RequestBody String login) {
         return employeeService.getEmployee(login);
     }
 
-    @PatchMapping("{login}/open")
+    @PatchMapping("/open")
     @ResponseStatus(HttpStatus.OK)
-    public void open(@PathVariable String login, @RequestBody Code code) {
+    public void open(@RequestBody String login, @RequestBody Code code) {
         employeeService.open(login, code);
     }
 }
diff --git a/src/main/java/com/example/nto/entity/Employee.java b/src/main/java/com/example/nto/entity/Employee.java
index fe71db6..53e483c 100644
--- a/src/main/java/com/example/nto/entity/Employee.java
+++ b/src/main/java/com/example/nto/entity/Employee.java
@@ -20,6 +20,10 @@ public class Employee {
     private long id;
     @Column(name = "login")
     private String login;
+    @Column(name = "password")
+    private String password;
+    @Column(name = "isAdmin")
+    private Boolean isAdmin;
     @Column(name = "name")
     private String name;
     @Column(name = "photo")
diff --git a/src/main/java/com/example/nto/service/EmployeeService.java b/src/main/java/com/example/nto/service/EmployeeService.java
index 10edf23..c9d7dbb 100644
--- a/src/main/java/com/example/nto/service/EmployeeService.java
+++ b/src/main/java/com/example/nto/service/EmployeeService.java
@@ -6,5 +6,6 @@ import javassist.tools.web.BadHttpRequest;
 
 public interface EmployeeService {
     Employee getEmployee(String login);
+    void checkEmployee(String login, String password);
     void open(String login, Code code);
 }
diff --git a/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java b/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
index 7d81c0d..518837a 100644
--- a/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
+++ b/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
@@ -11,6 +11,7 @@ import javassist.tools.web.BadHttpRequest;
 import lombok.AllArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.web.bind.annotation.ResponseStatus;
 
@@ -21,17 +22,26 @@ import java.util.List;
 public class EmployeeServiceImpl implements EmployeeService {
     private final CodeRepository codeRepository;
     private final EmployeeRepository employeeRepository;
+    private final BCryptPasswordEncoder bCryptPasswordEncoder;
 
     @Override
     public Employee getEmployee(String login) throws NoSuchEmployeeException {
         List<Employee> employee = employeeRepository.findByLogin(login);
         if (employee.isEmpty()) {
-            throw new NoSuchEmployeeException("логина не существует или неверный");
+            throw new NoSuchEmployeeException("Неверный логин или пароль");
         } else {
             return employee.get(0);
         }
     }
 
+    @Override
+    public void checkEmployee(String login, String password) throws NoSuchEmployeeException{
+        Employee employee = this.getEmployee(login);
+        if(!(bCryptPasswordEncoder.matches(password, employee.getPassword()))) {
+            throw new NoSuchEmployeeException("Неверный логин или пароль");
+        }
+    }
+
     @Override
     public void open(String login, Code code) {
         getEmployee(login);
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index c6bfd72..112d061 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -1,4 +1,6 @@
 spring:
+  port: 8080
+  # 10.6.66.117
 
   datasource:
     url: jdbc:h2:mem:testdb
@@ -25,4 +27,11 @@ spring:
   spring-doc:
     swagger-ui:
       path: /swagger-ui.html
-      operationsSorter: method
\ No newline at end of file
+      operationsSorter: method
+
+  security:
+    basic:
+      enable: false
+    user:
+      name: root
+      password: root
\ No newline at end of file
diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql
index 03720a9..ff3ff42 100644
--- a/src/main/resources/data.sql
+++ b/src/main/resources/data.sql
@@ -1,9 +1,9 @@
-INSERT INTO employee (id, login, name, photo, position, last_visit)
+INSERT INTO employee (id, login, password, name, photo, position, last_visit, is_admin)
 VALUES
-(1, 'pivanov', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30'),
-(2, 'ipetrov', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35'),
-(3, 'asemenov', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31'),
-(4, 'afedorov', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36');
+(1, 'pivanov', '$2a$13$XIDSGI7yCy8w4U2UlMVoQeTbQ18EQR.Pm1PExrGq4JkW5wDwdnu26', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30', false),
+(2, 'ipetrov', '$2a$13$Fpi5mPSNgz.PAeKXmHYBEuutZBgmNdM4fHJFGJbh2AtpLrSmsm2yO', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35', false),
+(3, 'asemenov', '$2a$13$qjWp94aryBy4nJwYZkgN5uwj6VlU76f1OjezyeVunkwVMAVvvtUGG', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31', true),
+(4, 'afedorov', '$2a$13$sKN9jIo/xvGo37YuUUpHkO03yrmODw1PvFRytxu.i.QxLqLR7O7q6', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36', true);
 
 INSERT INTO code (value)
 VALUES