change db and update security

2025-02-19 18:29:21 +03:00 · 2025-02-19 18:29:21 +03:00 · 168775e880
commit 168775e880
parent 22e2bbe932
8 changed files with 71 additions and 14 deletions
--- a/pom.xml
+++ b/pom.xml
@ -52,6 +52,10 @@
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
    </dependencies>
 </project>
--- a/src/main/java/com/example/nto/config/SecurityConfig.java
+++ b/src/main/java/com/example/nto/config/SecurityConfig.java
@ -0,0 +1,29 @@
 package com.example.nto.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
@Configuration
 public class SecurityConfig {
    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder(13);
    }
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
        .csrf().disable()
        .authorizeRequests()
                .antMatchers("/api/auth").permitAll()
                .antMatchers("/api/info").hasRole("Admin")
                .antMatchers("/api/open").authenticated()
        .anyRequest().authenticated();
        return http.build();
    }
 }
--- a/src/main/java/com/example/nto/controller/EmployeeController.java
+++ b/src/main/java/com/example/nto/controller/EmployeeController.java
@ -14,21 +14,21 @@ import org.springframework.web.bind.annotation.*;
 public class EmployeeController {
    private final EmployeeService employeeService;
-    @GetMapping("{login}/auth")
+    @GetMapping("/auth")
    @ResponseStatus(HttpStatus.OK)
-    public void auth(@PathVariable String login) {
+    public void auth(@RequestBody String login, @RequestBody String password) {
-        employeeService.getEmployee(login);
+        employeeService.checkEmployee(login, password);
    }
-    @GetMapping("{login}/info")
+    @GetMapping("/info")
    @ResponseStatus(HttpStatus.OK)
-    public Employee info(@PathVariable String login) {
+    public Employee info(@RequestBody String login) {
        return employeeService.getEmployee(login);
    }
-    @PatchMapping("{login}/open")
+    @PatchMapping("/open")
    @ResponseStatus(HttpStatus.OK)
-    public void open(@PathVariable String login, @RequestBody Code code) {
+    public void open(@RequestBody String login, @RequestBody Code code) {
        employeeService.open(login, code);
    }
 }
--- a/src/main/java/com/example/nto/entity/Employee.java
+++ b/src/main/java/com/example/nto/entity/Employee.java
@ -20,6 +20,10 @@ public class Employee {
    private long id;
    @Column(name = "login")
    private String login;
    @Column(name = "password")
    private String password;
    @Column(name = "isAdmin")
    private Boolean isAdmin;
    @Column(name = "name")
    private String name;
    @Column(name = "photo")
--- a/src/main/java/com/example/nto/service/EmployeeService.java
+++ b/src/main/java/com/example/nto/service/EmployeeService.java
@ -6,5 +6,6 @@ import javassist.tools.web.BadHttpRequest;
 public interface EmployeeService {
    Employee getEmployee(String login);
    void checkEmployee(String login, String password);
    void open(String login, Code code);
 }
--- a/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
+++ b/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java
@ -11,6 +11,7 @@ import javassist.tools.web.BadHttpRequest;
 import lombok.AllArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.web.bind.annotation.ResponseStatus;
@ -21,17 +22,26 @@ import java.util.List;
 public class EmployeeServiceImpl implements EmployeeService {
    private final CodeRepository codeRepository;
    private final EmployeeRepository employeeRepository;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;
    @Override
    public Employee getEmployee(String login) throws NoSuchEmployeeException {
        List<Employee> employee = employeeRepository.findByLogin(login);
        if (employee.isEmpty()) {
-            throw new NoSuchEmployeeException("логина не существует или неверный");
+            throw new NoSuchEmployeeException("Неверный логин или пароль");
        } else {
            return employee.get(0);
        }
    }
    @Override
    public void checkEmployee(String login, String password) throws NoSuchEmployeeException{
        Employee employee = this.getEmployee(login);
        if(!(bCryptPasswordEncoder.matches(password, employee.getPassword()))) {
            throw new NoSuchEmployeeException("Неверный логин или пароль");
        }
    }
    @Override
    public void open(String login, Code code) {
        getEmployee(login);
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -1,4 +1,6 @@
 spring:
  port: 8080
  # 10.6.66.117
  datasource:
    url: jdbc:h2:mem:testdb
@ -26,3 +28,10 @@ spring:
    swagger-ui:
      path: /swagger-ui.html
      operationsSorter: method
  security:
    basic:
      enable: false
    user:
      name: root
      password: root
--- a/src/main/resources/data.sql
+++ b/src/main/resources/data.sql
@ -1,9 +1,9 @@
-INSERT INTO employee (id, login, name, photo, position, last_visit)
+INSERT INTO employee (id, login, password, name, photo, position, last_visit, is_admin)
 VALUES
-(1, 'pivanov', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30'),
+(1, 'pivanov', '$2a$13$XIDSGI7yCy8w4U2UlMVoQeTbQ18EQR.Pm1PExrGq4JkW5wDwdnu26', 'Иванов Петр Федорович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-12T08:30', false),
-(2, 'ipetrov', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35'),
+(2, 'ipetrov', '$2a$13$Fpi5mPSNgz.PAeKXmHYBEuutZBgmNdM4fHJFGJbh2AtpLrSmsm2yO', 'Петров Иван Константинович', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Аналитик', '2024-02-13T08:35', false),
-(3, 'asemenov', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31'),
+(3, 'asemenov', '$2a$13$qjWp94aryBy4nJwYZkgN5uwj6VlU76f1OjezyeVunkwVMAVvvtUGG', 'Семенов Анатолий Анатольевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Разработчик', '2024-02-13T08:31', true),
-(4, 'afedorov', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36');
+(4, 'afedorov', '$2a$13$sKN9jIo/xvGo37YuUUpHkO03yrmODw1PvFRytxu.i.QxLqLR7O7q6', 'Федоров Александр Сергеевич', 'https://funnyducks.ru/upload/iblock/0cd/0cdeb7ec3ed6fddda0f90fccee05557d.jpg', 'Тестировщик', '2024-02-12T08:36', true);
 INSERT INTO code (value)
 VALUES