Changeset bf28e50

Timestamp:

01/27/25 18:06:49 (3 months ago)

Author:

ivanov1332 <zareivanov070@…>

Branches:

master

Children:

0f3afae

Parents:

840887f

Message:

Fixed problem with security

Location:

ReserveNGo-backend

Files:

• .gitignore (modified) (1 diff)
• src/main/java/mk/ukim/finki/it/reservengo/config/WebSecurityConfig.java (modified) (3 diffs)
• src/main/java/mk/ukim/finki/it/reservengo/config/filter/JWTAuthenticationFilter.java (modified) (1 diff)
• src/main/java/mk/ukim/finki/it/reservengo/model/Customer.java (modified) (3 diffs)
• src/main/java/mk/ukim/finki/it/reservengo/service/impl/AuthServiceImpl.java (modified) (4 diffs)
• src/main/java/mk/ukim/finki/it/reservengo/service/impl/JWTServiceImpl.java (modified) (3 diffs)
• src/main/java/mk/ukim/finki/it/reservengo/service/intf/JWTService.java (modified) (2 diffs)
• src/main/java/mk/ukim/finki/it/reservengo/web/AdminController.java (modified) (3 diffs)
• src/main/java/mk/ukim/finki/it/reservengo/web/AuthController.java (modified) (1 diff)
• src/main/java/mk/ukim/finki/it/reservengo/web/CustomerController.java (modified) (3 diffs)
• src/main/java/mk/ukim/finki/it/reservengo/web/LocalController.java (modified) (1 diff)
• src/main/java/mk/ukim/finki/it/reservengo/web/ReservationController.java (modified) (1 diff)

ReserveNGo-backend/.gitignore

@@ -15 +15 @@
 
 ### IntelliJ IDEA ###
-.idea/
+.idea
 *.iws
 *.iml

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/config/WebSecurityConfig.java

@@ -13 +13 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
@@ -35 +37 @@
                 .authorizeHttpRequests((requests) -> requests
                         .requestMatchers(
-                                "/api/auth/**",
+                                "/api/**",
                                 "/h2/**",
-                                "/api/locals/**",
                                 "/favicon.ico")
                         .permitAll()
-                        .requestMatchers("/api/customer/**").hasRole("CUSTOMER")
-                        .requestMatchers("/api/admin/**").hasRole("ADMIN")
                         .anyRequest()
                         .authenticated()
@@ -53 +52 @@
         return http.build();
     }
+
+    @Bean
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**")
+                        .allowedOrigins("http://localhost:5173")
+                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                        .allowedHeaders("*")
+                        .allowCredentials(true);
+            }
+        };
+    }
+
 }

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/config/filter/JWTAuthenticationFilter.java

@@ -36 +36 @@
         final String userEmail;
 
-        System.out.println(request);
-        System.out.println(authHeader);
-
         if (authHeader == null || !authHeader.startsWith("Bearer ")) {
             filterChain.doFilter(request, response);

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/model/Customer.java

@@ -1 +1 @@
 package mk.ukim.finki.it.reservengo.model;
 
-import jakarta.persistence.CascadeType;
-import jakarta.persistence.Entity;
-import jakarta.persistence.OneToMany;
+import jakarta.persistence.*;
 import lombok.EqualsAndHashCode;
 import mk.ukim.finki.it.reservengo.model.enumerations.Role;
@@ -11 +9 @@
 @EqualsAndHashCode(callSuper = true)
 @Entity
+
 public class Customer extends User {
     public Customer(String firstName, String lastName, String email, String password, String phoneNumber, Role userRole) {
@@ -22 +21 @@
     private List<Reservation> reservations;
 
-    @OneToMany
+    @ManyToMany
     private List<Local> favouriteLocals;
 

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/service/impl/AuthServiceImpl.java

@@ -39 +39 @@
         Customer customer = new Customer(firstName, lastName, email, passwordEncoder.encode(password), phoneNumber, Role.ROLE_CUSTOMER);
         customerRepository.save(customer);
-        String jwt = jwtService.generateTokenNoClaims(customer);
+        String jwt = jwtService.generateToken(customer);
 
         return new JWTAuthenticationResponse(
@@ -55 +55 @@
         LocalWorker localWorker = new LocalWorker(firstName, lastName, email, passwordEncoder.encode(password), phoneNumber, Role.ROLE_LOCAL_WORKER);
         localWorkerRepository.save(localWorker);
-        String jwt = jwtService.generateTokenNoClaims(localWorker);
+        String jwt = jwtService.generateToken(localWorker);
 
         return new JWTAuthenticationResponse(
@@ -71 +71 @@
         LocalManager localManager = new LocalManager(firstName, lastName, email, passwordEncoder.encode(password), phoneNumber, Role.ROLE_LOCAL_MANAGER);
         localManagerRepository.save(localManager);
-        String jwt = jwtService.generateTokenNoClaims(localManager);
+        String jwt = jwtService.generateToken(localManager);
 
         return new JWTAuthenticationResponse(
@@ -87 +87 @@
         authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(email, password));
         User user = userRepository.findByEmail(email).orElseThrow(() -> new EmailNotFoundException(email));
-        String jwt = jwtService.generateTokenNoClaims(user);
+        String jwt = jwtService.generateToken(user);
 
         return new JWTAuthenticationResponse(

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/service/impl/JWTServiceImpl.java

@@ -6 +6 @@
 import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.security.Keys;
+import mk.ukim.finki.it.reservengo.model.User;
 import mk.ukim.finki.it.reservengo.service.intf.JWTService;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -12 +13 @@
 import java.security.Key;
 import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
 import java.util.function.Function;
 
@@ -48 +47 @@
 
     @Override
-    public String generateToken(Map<String, Object> extraClaims, UserDetails userDetails) {
-
-        return Jwts
-                .builder()
-                .setClaims(extraClaims)
-                .setSubject(userDetails.getUsername())
-                .setIssuedAt(new Date(System.currentTimeMillis()))
+    public String generateToken(User user) {
+        return Jwts.builder().setSubject(user.getUsername())
+                .claim("name", user.getFirstName())
+                .claim("role", user.getUserRole())
+                .claim("id", user.getId())
+                .setIssuedAt(new Date())
                 .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 24))
                 .signWith(getSignInKey(), SignatureAlgorithm.HS256)
                 .compact();
-    }
-
-    @Override
-    public String generateTokenNoClaims(UserDetails userDetails) {
-        return generateToken(new HashMap<>(), userDetails);
     }
 

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/service/intf/JWTService.java

@@ -2 +2 @@
 
 import io.jsonwebtoken.Claims;
+import mk.ukim.finki.it.reservengo.model.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import java.security.Key;
 import java.util.Date;
-import java.util.Map;
 import java.util.function.Function;
 
 public interface JWTService {
+    String generateToken(User user);
+
     String extractUsername(String token);
 
@@ -18 +20 @@
     <T> T extractClaim(String token, Function<Claims, T> claimsResolver);
 
-    String generateToken(Map<String, Object> extraClaims, UserDetails userDetails);
-
-    String generateTokenNoClaims(UserDetails userDetails);
-
     boolean isTokenValid(String token, UserDetails userDetails);
 

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/web/AdminController.java

@@ -3 +3 @@
 import mk.ukim.finki.it.reservengo.service.intf.AdminService;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
 @RequestMapping("/api/admin")
-@CrossOrigin(origins = "*")
+@PreAuthorize("hasRole('ADMIN')")
 public class AdminController {
 
@@ -19 +20 @@
     public ResponseEntity<?> addLocal(@RequestParam String name) {
         adminService.addLocal(name);
-        return ResponseEntity.ok().build(); // optional if you want to return something after adding
+        return ResponseEntity.ok().build();
     }
 
@@ -25 +26 @@
     public ResponseEntity<?> deleteLocal(@PathVariable Long id) {
         adminService.deleteLocal(id);
-        return ResponseEntity.ok().build(); // optional if you want to return something after deleting
+        return ResponseEntity.ok().build();
     }
 }

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/web/AuthController.java

@@ -10 +10 @@
 @RestController
 @RequestMapping("/api/auth")
-@CrossOrigin(origins = "*")
 public class AuthController {
     private final AuthService authenticationService;

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/web/CustomerController.java

@@ -8 +8 @@
 import mk.ukim.finki.it.reservengo.service.intf.ReservationService;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
@@ -15 +16 @@
 @RestController
 @RequestMapping("/api/customer")
-@CrossOrigin(origins = "*")
+@PreAuthorize("hasRole('CUSTOMER')")
 public class CustomerController {
 
@@ -40 +41 @@
     @GetMapping("/favourite-locals")
     public ResponseEntity<?> listFavouriteLocals(@AuthenticationPrincipal User user) {
-        System.out.println("tuka");
-        System.out.println(user);
         List<Local> favouriteLocals = customerService.listFavouriteLocals(user.getId());
         return ResponseEntity.ok(favouriteLocals);

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/web/LocalController.java

@@ -8 +8 @@
 @RestController
 @RequestMapping("/api/locals")
-@CrossOrigin("*")
 public class LocalController {
 

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/web/ReservationController.java

@@ -9 +9 @@
 @RestController
 @RequestMapping("/api")
-@CrossOrigin("*")
 public class ReservationController {
     private final ReservationService reservationService;