From f13c0767c78bd06cac07bffce99a5bc262980860 Mon Sep 17 00:00:00 2001
From: truettwo <fedor.ivanov2009@mail.ru>
Date: Wed, 19 Feb 2025 14:28:01 +0300
Subject: [PATCH] s b security for admin panel
---
pom.xml | 4 +
.../nto/controller/EmployeeController.java | 106 ++++++------------
2 files changed, 38 insertions(+), 72 deletions(-)
diff --git a/pom.xml b/pom.xml
index 88282ee..85d913d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -52,6 +52,10 @@
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ </dependency>
</dependencies>
</project>
\ No newline at end of file
diff --git a/src/main/java/com/example/nto/controller/EmployeeController.java b/src/main/java/com/example/nto/controller/EmployeeController.java
index 54b7d67..ea1cc60 100644
--- a/src/main/java/com/example/nto/controller/EmployeeController.java
+++ b/src/main/java/com/example/nto/controller/EmployeeController.java
@@ -9,75 +9,18 @@ import org.springframework.web.bind.annotation.*;
import java.util.List;
import java.util.Map;
import java.util.Optional;
-//я поменял на BAD_REQUEST 06.12.24 23:00
@RestController
-@RequestMapping("/api")//база
+@RequestMapping("/api") // база
public class EmployeeController {
+
private final EmployeeService employeeService;
public EmployeeController(EmployeeService employeeService) {
-
this.employeeService = employeeService;
-
-
}
-
- @GetMapping("/{login}/auth")//auth
- public ResponseEntity<?> authenticate(@PathVariable String login) {
- Optional<Employee> employee = employeeService.findByLogin(login);
- if (employee.isPresent()) {
- return ResponseEntity.ok("Valid login");
-
-
- } else {
- return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid login");
-
- }
-
- }
-
- @GetMapping("/{login}/info")//info
- public ResponseEntity<?> getInfo(@PathVariable String login) {
- Optional<Employee> employee = employeeService.findByLogin(login);
- if (employee.isPresent()) {
- return ResponseEntity.ok(employee.get());
-
- } else {
- return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid login");
-
- }
- }
-
-
-
- @PatchMapping("/{login}/open")//open
- public ResponseEntity<?> openDoor(@PathVariable String login, @RequestBody Map<String, Long> payload) {
- Long code = payload.get("value");
- if (code == null) {
- return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid payload");
-
- }
-
-
-
- Optional<Employee> employee = employeeService.findByLogin(login);
- if (employee.isEmpty()) {
- return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid login");
-
- }
-
-
-
- if (employeeService.validateCode(login, code)) {
- return ResponseEntity.ok("Door opened");
-
- } else {
- return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid code");
- }
- }
- @PostMapping("/auth") // auth
+ @PostMapping("/auth") // Аутентификация
public ResponseEntity<?> authenticate(@RequestBody Map<String, String> payload) {
String login = payload.get("login");
String password = payload.get("password");
@@ -90,20 +33,39 @@ public class EmployeeController {
}
}
- @PostMapping("/workers")
- public ResponseEntity<?> getAllWorkers(@RequestBody Map<String, String> payload) {
- String login = payload.get("login");
- String password = payload.get("password");
-
+ @GetMapping("/{login}/info") // Получение информации о сотруднике
+ public ResponseEntity<?> getInfo(@PathVariable String login) {
Optional<Employee> employee = employeeService.findByLogin(login);
-
- if (employee.isPresent() && employee.get().getPassword().equals(password) && employee.get().getRole().equals("admin")) {
- List<Employee> allEmployees = employeeService.findAll(); // Получить всех сотрудников
- return ResponseEntity.ok(allEmployees);
+ if (employee.isPresent()) {
+ return ResponseEntity.ok(employee.get());
} else {
- return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Access denied");
+ return ResponseEntity.status(HttpStatus.NOT_FOUND).body("Employee not found");
}
}
-}
-// made by truettwo and maks ))
\ No newline at end of file
+ @PatchMapping("/{login}/open") // Открыть дверь
+ public ResponseEntity<?> openDoor(@PathVariable String login, @RequestBody Map<String, Long> payload) {
+ Long code = payload.get("value");
+
+ if (code == null) {
+ return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid payload");
+ }
+
+ Optional<Employee> employee = employeeService.findByLogin(login);
+ if (employee.isEmpty()) {
+ return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid login");
+ }
+
+ if (employeeService.validateCode(login, code)) {
+ return ResponseEntity.ok("Door opened");
+ } else {
+ return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid code");
+ }
+ }
+
+ @GetMapping("/workers") // Получить всех сотрудников
+ public ResponseEntity<List<Employee>> getAllWorkers() {
+ List<Employee> allEmployees = employeeService.findAll(); // Получить всех сотрудников
+ return ResponseEntity.ok(allEmployees);
+ }
+}
\ No newline at end of file