Changeset b81f586


Ignore:
Timestamp:
01/26/26 09:02:46 (6 months ago)
Author:
Filip Gavrilovski <filipgavrilovski28@…>
Branches:
main
Children:
561e9a6
Parents:
c6f7486
Message:

small refactor; moving business logic from auth controller to service

Location:
finkwave/src/main/java/com/ukim/finki/develop/finkwave
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • finkwave/src/main/java/com/ukim/finki/develop/finkwave/controller/AuthController.java

    rc6f7486 rb81f586  
    3232    // todo: read from config
    3333    private final int accessTokenMaxAge = 900;
    34     private final int refreshTokenMaxAge = 10 * 24 * 60 * 60;
    3534    private final AuthService authService;
    3635
     
    4039            HttpServletResponse httpServletResponse){
    4140        try {
    42             AuthResponseDto authResponse = authService.registerAndLogIn(authRequestDto);
    43             addTokensToResponse(httpServletResponse, authResponse);
     41            AuthResponseDto authResponse = authService.registerAndLogIn(httpServletResponse, authRequestDto);
    4442            return ResponseEntity.ok(Map.of(
    4543                    "user", authResponse.userResponseDto(),
     
    5856            HttpServletResponse httpServletResponse){
    5957        try {
    60             AuthResponseDto authResponse = authService.login(loginRequestDto.username(), loginRequestDto.password());
    61             addTokensToResponse(httpServletResponse, authResponse);
     58            AuthResponseDto authResponse = authService.login(httpServletResponse, loginRequestDto);
    6259            return ResponseEntity.ok(Map.of(
    6360                    "user", authResponse.userResponseDto(),
     
    9087            HttpServletResponse httpServletResponse,
    9188            @CookieValue(name = "refreshToken", required = false) String refreshToken){
    92         clearCookies(httpServletResponse, refreshToken);
     89        authService.clearCookies(httpServletResponse, refreshToken);
    9390        SecurityContextHolder.clearContext();
    9491        return ResponseEntity.ok(Map.of("message", "Successful log out"));
     
    112109    }
    113110
    114     private void clearCookies(HttpServletResponse httpServletResponse, String refreshToken) {
    115         if (refreshToken != null){
    116             authService.invalidateRefreshToken(refreshToken);
    117             Cookie clearCookie = new Cookie("refreshToken", null);
    118             clearCookie.setHttpOnly(true);
    119             clearCookie.setSecure(false);
    120             clearCookie.setPath("/");
    121             clearCookie.setMaxAge(0);
    122             httpServletResponse.addCookie(clearCookie);
    123         }
    124 
    125         Cookie clearAccess = new Cookie("accessToken", null);
    126         clearAccess.setHttpOnly(true);
    127         clearAccess.setSecure(false);
    128         clearAccess.setPath("/");
    129         clearAccess.setMaxAge(0);
    130         httpServletResponse.addCookie(clearAccess);
    131     }
    132 
    133 
    134     private void addTokensToResponse(HttpServletResponse response, AuthResponseDto authResponse){
    135         Cookie refreshCookie = new Cookie("refreshToken", authResponse.refreshToken().getToken());
    136         refreshCookie.setSecure(false);
    137         refreshCookie.setHttpOnly(true);
    138         refreshCookie.setPath("/");
    139         refreshCookie.setMaxAge(refreshTokenMaxAge);
    140         response.addCookie(refreshCookie);
    141 
    142         authService.addAccessCookieToResponse(response, authResponse.accessToken());
    143     }
    144111}
  • finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/AuthService.java

    rc6f7486 rb81f586  
    11package com.ukim.finki.develop.finkwave.service;
    22
     3import com.ukim.finki.develop.finkwave.dto.LoginRequestDto;
    34import org.springframework.security.crypto.password.PasswordEncoder;
    45import org.springframework.stereotype.Service;
     
    2728    private final RefreshTokenService refreshTokenService;
    2829    private final int accessTokenMaxAge = 900;
     30    private final int refreshTokenMaxAge = 10 * 24 * 60 * 60;
    2931
    3032    // todo: should it be transactional?
    3133//    @Transactional
    32     public AuthResponseDto registerAndLogIn(AuthRequestDto authRequestDto){
     34    public AuthResponseDto registerAndLogIn(HttpServletResponse response, AuthRequestDto authRequestDto){
    3335        if (userRepository.findByUsername(authRequestDto.username()).isPresent()){
    3436            throw new RuntimeException("User already exists");
     
    3638        User user = new User();
    3739
    38         // todo: builder
     40        // todo: builder / private createUser method
    3941        user.setUsername(authRequestDto.username());
    4042        user.setRole(Role.NONADMIN);
     
    4850        nonAdminUserRepository.save(nonAdminUser);
    4951        userRepository.save(user);
    50         return login(user.getUsername(), authRequestDto.password());
     52        // todo: could also be redirect in controller, which one is better?
     53        return login(response, new LoginRequestDto(user.getUsername(), authRequestDto.password()));
    5154    }
    5255
    5356
    54     public AuthResponseDto login(String username, String password){
    55         User user = userRepository.findByUsername(username)
     57    // todo: dto in arguments or the standalone values?
     58    public AuthResponseDto login(HttpServletResponse response, LoginRequestDto loginRequestDto){
     59        User user = userRepository.findByUsername(loginRequestDto.username())
    5660                .orElseThrow(() -> new RuntimeException("Invalid credentials"));
    57         if (!passwordEncoder.matches(password, user.getPassword())){
     61        if (!passwordEncoder.matches(loginRequestDto.password(), user.getPassword())){
    5862            throw new RuntimeException("Invalid credentials");
    5963        }
    6064
    61         String accessToken = jwtService.generateToken(username, user.getRole().name());
     65        String accessToken = jwtService.generateToken(loginRequestDto.username(), user.getRole().name());
    6266        RefreshToken refreshToken = refreshTokenService.createRefreshToken(user);
     67
    6368        UserResponseDto userResponseDto = new UserResponseDto(user.getUsername(), user.getRole());
    64         return new AuthResponseDto(accessToken, refreshToken, userResponseDto);
     69        // todo: dto inside a dto??
     70        AuthResponseDto authResponseDto = new AuthResponseDto(accessToken, refreshToken, userResponseDto);
     71        addTokensToResponse(response, authResponseDto);
     72        return authResponseDto;
    6573    }
    6674
     
    94102        response.addCookie(accessCookie);
    95103    }
     104
     105    public void clearCookies(HttpServletResponse httpServletResponse, String refreshToken) {
     106        if (refreshToken != null){
     107            invalidateRefreshToken(refreshToken);
     108            Cookie clearCookie = new Cookie("refreshToken", null);
     109            clearCookie.setHttpOnly(true);
     110            clearCookie.setSecure(false);
     111            clearCookie.setPath("/");
     112            clearCookie.setMaxAge(0);
     113            httpServletResponse.addCookie(clearCookie);
     114        }
     115
     116        Cookie clearAccess = new Cookie("accessToken", null);
     117        clearAccess.setHttpOnly(true);
     118        clearAccess.setSecure(false);
     119        clearAccess.setPath("/");
     120        clearAccess.setMaxAge(0);
     121        httpServletResponse.addCookie(clearAccess);
     122    }
     123
     124
     125    private void addTokensToResponse(HttpServletResponse response, AuthResponseDto authResponse){
     126        Cookie refreshCookie = new Cookie("refreshToken", authResponse.refreshToken().getToken());
     127        refreshCookie.setSecure(false);
     128        refreshCookie.setHttpOnly(true);
     129        refreshCookie.setPath("/");
     130        refreshCookie.setMaxAge(refreshTokenMaxAge);
     131        response.addCookie(refreshCookie);
     132
     133        addAccessCookieToResponse(response, authResponse.accessToken());
     134    }
    96135}
Note: See TracChangeset for help on using the changeset viewer.