Index: ckend/src/main/java/com/tradingmk/backend/SecurityConfig.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/SecurityConfig.java (revision d9b20e24eb6d2730ec9bbacdb75651ddf9957613) +++ (revision ) @@ -1,32 +1,0 @@ -package com.tradingmk.backend; - -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.Customizer; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.web.SecurityFilterChain; - -@Configuration -public class SecurityConfig { - - @Bean - public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http - .cors(Customizer.withDefaults()) - .csrf(csrf -> csrf.disable()) - .authorizeHttpRequests(auth -> auth - .requestMatchers( - "/api/auth/**", - "/api/stocks/update", // morame allow za da postiras, smeni go~! - "/api/stocks/**", - "/ws/**", - "/topic/**", - "api/history/upload", - "/api/history/{symbol}" - ).permitAll() - .anyRequest().authenticated() - ); - - return http.build(); - } -} Index: backend/src/main/java/com/tradingmk/backend/config/ApplicationConfig.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/config/ApplicationConfig.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) +++ backend/src/main/java/com/tradingmk/backend/config/ApplicationConfig.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -0,0 +1,49 @@ +package com.tradingmk.backend.config; + + +import com.tradingmk.backend.repository.UserRepository; +import lombok.RequiredArgsConstructor; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; + +@Configuration +@RequiredArgsConstructor +public class ApplicationConfig { + + private final UserRepository repository; + + @Bean + public UserDetailsService userDetailsService(){ + return username -> repository.findByUsername(username) + .orElseThrow(() -> new UsernameNotFoundException("User not found")); + } + + //fetch user details encode password + @Bean + public AuthenticationProvider authenticationProvider(PasswordEncoder passwordEncoder) { + DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); + authProvider.setUserDetailsService(userDetailsService()); + authProvider.setPasswordEncoder(passwordEncoder()); + return authProvider; + } + + @Bean + public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception { + return config.getAuthenticationManager(); + + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } +} Index: backend/src/main/java/com/tradingmk/backend/config/JwtAuthenticationFilter.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/config/JwtAuthenticationFilter.java (revision d9b20e24eb6d2730ec9bbacdb75651ddf9957613) +++ backend/src/main/java/com/tradingmk/backend/config/JwtAuthenticationFilter.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -8,4 +8,10 @@ import lombok.RequiredArgsConstructor; import org.springframework.lang.NonNull; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; @@ -18,4 +24,5 @@ private final UserService userService; + private final UserDetailsService userDetailsService; @Override @@ -26,6 +33,6 @@ //implement check - if (authHeader == null || !authHeader.startsWith("Bearer ")){ - filterChain.doFilter(request,response); + if (authHeader == null || !authHeader.startsWith("Bearer ")) { + filterChain.doFilter(request, response); return; } @@ -36,4 +43,22 @@ username = userService.extractUsername(jwt); + + //if user is auth no need to update... + if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) { + UserDetails userDetails = this.userDetailsService.loadUserByUsername(username); + if (userService.isTokenValid(jwt, userDetails)) { + UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( + userDetails, + null, + userDetails.getAuthorities() + ); + authToken.setDetails( + new WebAuthenticationDetailsSource().buildDetails(request) + ); + SecurityContextHolder.getContext().setAuthentication(authToken); + } + } + filterChain.doFilter(request,response); + } } Index: backend/src/main/java/com/tradingmk/backend/config/SecurityConfig.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/config/SecurityConfig.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) +++ backend/src/main/java/com/tradingmk/backend/config/SecurityConfig.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -0,0 +1,63 @@ +package com.tradingmk.backend.config; + +import lombok.RequiredArgsConstructor; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +@Configuration +@EnableWebSecurity +@RequiredArgsConstructor +public class SecurityConfig { + private final JwtAuthenticationFilter jwtAuthenticationFilter; + private final AuthenticationProvider authenticationProvider; + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http + .csrf() + .disable() + .authorizeHttpRequests() + .requestMatchers( + "/api/auth/**", + "/api/stocks/update", // morame allow za da postiras, smeni go~! + "/api/stocks/**", + "/ws/**", + "/topic/**", + "api/history/upload", + "/api/history/{symbol}") + .permitAll() + .anyRequest() + .authenticated() + .and() + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .authenticationProvider(authenticationProvider) + .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); + + +// http +// .cors(Customizer.withDefaults()) +// .csrf(csrf -> csrf.disable()) +// .authorizeHttpRequests(auth -> auth +// .requestMatchers( +// "/api/auth/**", +// "/api/stocks/update", // morame allow za da postiras, smeni go~! +// "/api/stocks/**", +// "/ws/**", +// "/topic/**", +// "api/history/upload", +// "/api/history/{symbol}" +// ).permitAll() +// .anyRequest().authenticated() +// ); + + return http.build(); + } +} Index: backend/src/main/java/com/tradingmk/backend/controller/AuthController.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/controller/AuthController.java (revision d9b20e24eb6d2730ec9bbacdb75651ddf9957613) +++ backend/src/main/java/com/tradingmk/backend/controller/AuthController.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -1,8 +1,11 @@ package com.tradingmk.backend.controller; -import com.tradingmk.backend.model.User; +import com.tradingmk.backend.dto.AuthenticationRequest; +import com.tradingmk.backend.dto.AuthenticationResponse; +import com.tradingmk.backend.service.AuthenticationService; +import com.tradingmk.backend.dto.RegisterRequest; import com.tradingmk.backend.service.UserService; +import lombok.RequiredArgsConstructor; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; @@ -10,26 +13,47 @@ @RestController @RequestMapping("/api/auth") -@CrossOrigin(origins = "{http://localhost:5175, http://localhost:5176},http://localhost:5173}") +@RequiredArgsConstructor +@CrossOrigin(origins = {"http://localhost:5175", "http://localhost:5176", "http://localhost:5173"}) public class AuthController { + + private final AuthenticationService service; @Autowired private UserService userService; - @PostMapping("/signup") - public String signup(@RequestBody User user) { - //zemi gi podatocite od frontend - userService.register(user); - return "user registered successfully "; +// @PostMapping("/signup") +// public String signup(@RequestBody User user) { +// //zemi gi podatocite od frontend +// userService.register(user); +// return "user registered successfully "; +// } + + @PostMapping("/register") + public ResponseEntity register( + @RequestBody RegisterRequest request + ){ + return ResponseEntity.ok(service.register(request)); + } - @PostMapping("/login") - public ResponseEntity login(@RequestBody User loginRequest) { - User user = userService.login(loginRequest.getUsername(), loginRequest.getPassword()); - if (user != null) { - return ResponseEntity.ok("Login successful"); - } else { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid userna me or password"); - } + @PostMapping("/authenticate") + public ResponseEntity authenticate( + @RequestBody AuthenticationRequest request + ){ + + return ResponseEntity.ok(service.authenticate(request)); + } + +// @PostMapping("/login") +// public ResponseEntity login(@RequestBody User loginRequest) { +// User user = userService.login(loginRequest.getUsername(), loginRequest.getPassword()); +// if (user != null) { +// +// return ResponseEntity.ok("Login successful"); +// } else { +// return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid userna me or password"); +// } +// } } Index: backend/src/main/java/com/tradingmk/backend/demo/DemoController.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/demo/DemoController.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) +++ backend/src/main/java/com/tradingmk/backend/demo/DemoController.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -0,0 +1,14 @@ +package com.tradingmk.backend.demo; + +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; + +@RequestMapping("/api/demo-controller") +public class DemoController { + + @GetMapping + public ResponseEntity sayHello() { + return ResponseEntity.ok("Hello from security endppoint"); + } +} Index: backend/src/main/java/com/tradingmk/backend/dto/AuthenticationRequest.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/dto/AuthenticationRequest.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) +++ backend/src/main/java/com/tradingmk/backend/dto/AuthenticationRequest.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -0,0 +1,17 @@ +package com.tradingmk.backend.dto; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@Builder +@AllArgsConstructor +@NoArgsConstructor +public class AuthenticationRequest { + + private String email; + private String username; + private String password; +} Index: backend/src/main/java/com/tradingmk/backend/dto/AuthenticationResponse.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/dto/AuthenticationResponse.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) +++ backend/src/main/java/com/tradingmk/backend/dto/AuthenticationResponse.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -0,0 +1,16 @@ +package com.tradingmk.backend.dto; + + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@Builder +@AllArgsConstructor +@NoArgsConstructor +public class AuthenticationResponse { + + private String token; +} Index: ckend/src/main/java/com/tradingmk/backend/dto/LoginRequest.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/dto/LoginRequest.java (revision d9b20e24eb6d2730ec9bbacdb75651ddf9957613) +++ (revision ) @@ -1,6 +1,0 @@ -package com.tradingmk.backend.dto; - -public class LoginRequest { - public String username; - public String password; -} Index: backend/src/main/java/com/tradingmk/backend/dto/RegisterRequest.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/dto/RegisterRequest.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) +++ backend/src/main/java/com/tradingmk/backend/dto/RegisterRequest.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -0,0 +1,20 @@ +package com.tradingmk.backend.dto; + + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@Builder +@AllArgsConstructor +@NoArgsConstructor +public class RegisterRequest { + + private String firstname; + private String username; + private String lastname; + private String email; + private String password; +} Index: ckend/src/main/java/com/tradingmk/backend/dto/SignupRequest.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/dto/SignupRequest.java (revision d9b20e24eb6d2730ec9bbacdb75651ddf9957613) +++ (revision ) @@ -1,6 +1,0 @@ -package com.tradingmk.backend.dto; - -public class SignupRequest { - public String username; - public String password; -} Index: backend/src/main/java/com/tradingmk/backend/model/User.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/model/User.java (revision d9b20e24eb6d2730ec9bbacdb75651ddf9957613) +++ backend/src/main/java/com/tradingmk/backend/model/User.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -2,4 +2,8 @@ import jakarta.persistence.*; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -11,4 +15,8 @@ @Entity @Table(name = "users") +@Data +@Builder +@AllArgsConstructor +@NoArgsConstructor public class User implements UserDetails { Index: backend/src/main/java/com/tradingmk/backend/service/AuthenticationService.java =================================================================== --- backend/src/main/java/com/tradingmk/backend/service/AuthenticationService.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) +++ backend/src/main/java/com/tradingmk/backend/service/AuthenticationService.java (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -0,0 +1,62 @@ +package com.tradingmk.backend.service; + + +import com.tradingmk.backend.dto.AuthenticationResponse; +import com.tradingmk.backend.dto.AuthenticationRequest; +import com.tradingmk.backend.dto.RegisterRequest; +import com.tradingmk.backend.model.Role; +import com.tradingmk.backend.model.User; +import com.tradingmk.backend.repository.UserRepository; +import lombok.RequiredArgsConstructor; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.stereotype.Service; + +@Service +@RequiredArgsConstructor +public class AuthenticationService { + private final UserRepository repository; + + private final PasswordEncoder passwordEncoder; + + private final UserService userService; + + private final AuthenticationManager authenticationManager; + + + public AuthenticationResponse register(RegisterRequest request) { + var user = User.builder() + .username(request.getUsername()) + .email(request.getEmail()) + .password(passwordEncoder.encode(request.getPassword())) + .role(Role.USER) + .build(); + repository.save(user); + var jwtToken = userService.generateToken(user); + return AuthenticationResponse.builder() + .token(jwtToken) + .build(); + } + + public AuthenticationResponse authenticate(AuthenticationRequest request) { + System.out.println("Authenticating: " + request.getUsername()); + + authenticationManager.authenticate( + new UsernamePasswordAuthenticationToken( + request.getEmail(), + request.getPassword() + ) + ); + + //it means it is authenticated + var user = repository.findByUsername(request.getUsername()) + .orElseThrow(); + + var jwtToken = userService.generateToken(user); + System.out.println("Generated JWT: " + jwtToken); + return AuthenticationResponse.builder() + .token(jwtToken) + .build(); + } +} Index: frontend/src/pages/Signup-Login/LoginPage.jsx =================================================================== --- frontend/src/pages/Signup-Login/LoginPage.jsx (revision d9b20e24eb6d2730ec9bbacdb75651ddf9957613) +++ frontend/src/pages/Signup-Login/LoginPage.jsx (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -10,5 +10,5 @@ const login = async () => { - const response = await fetch('http://localhost:8080/api/auth/login', { + const response = await fetch('http://localhost:8080/api/auth/authenticate', { method: 'POST', headers: {'Content-Type': 'application/json'}, @@ -18,5 +18,4 @@ if (response.ok) { navigate('/dashboard'); - localStorage.setItem('username', username); } else { throw new Error(await response.text()); Index: frontend/src/pages/Signup-Login/SignupPage.jsx =================================================================== --- frontend/src/pages/Signup-Login/SignupPage.jsx (revision d9b20e24eb6d2730ec9bbacdb75651ddf9957613) +++ frontend/src/pages/Signup-Login/SignupPage.jsx (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -11,5 +11,5 @@ const signup = async () => { - const response = await fetch('http://localhost:8080/api/auth/signup', { + const response = await fetch('http://localhost:8080/api/auth/register', { method: 'POST', headers: { 'Content-Type': 'application/json' }, @@ -19,5 +19,4 @@ if (response.ok) { navigate('/dashboard'); - localStorage.setItem('username', username); }else{ throw new Error(await response.text()); Index: scraper/scraper_historical_data.py =================================================================== --- scraper/scraper_historical_data.py (revision d9b20e24eb6d2730ec9bbacdb75651ddf9957613) +++ scraper/scraper_historical_data.py (revision 76c503fa4a6cfad0fb4103d0e7d2100761d7d49c) @@ -64,7 +64,2 @@ post_history_to_backend("GRNT") post_history_to_backend("MTUR") - - - - -