Add SessionController

This commit is contained in:
Tim
2025-06-11 12:34:34 +02:00
parent 24f5b36fcf
commit 9668f625a9
9 changed files with 264 additions and 5 deletions

View File

@@ -16,6 +16,9 @@ public class ControllerPathConfig {
public static final String ACCOUNT_BASE = "/account";
public static final String EMAIL_BASE = "/email";
//SessionController
public static final String SESSION_BASE = "/session";
//ArticleController
public static final String ARTICLE_BASE = "/article";
public static final String ARTICLE_GET_ALL = ARTICLE_BASE + "/all";
@@ -34,9 +37,4 @@ public class ControllerPathConfig {
//ReviewController
public static final String REVIEW_BASE = "/review";
public static final String REVIEW_GET_ALL = REVIEW_BASE + "/all";
//ImageHardcodeController
private static final String HARDCODE_IMAGE = "/images";
public static final String HARDCODE_IMAGE_DPS_STICKER = HARDCODE_IMAGE + "/dps.webp";
}

View File

@@ -0,0 +1,80 @@
package de.htwsaar.webshop.controller;
import de.htwsaar.webshop.model.SessionModel;
import de.htwsaar.webshop.repository.entities.Account;
import de.htwsaar.webshop.repository.entities.Session;
import de.htwsaar.webshop.service.AccountService;
import de.htwsaar.webshop.service.SessionService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import java.util.UUID;
import static de.htwsaar.webshop.config.ControllerPathConfig.SESSION_BASE;
@RestController
@Slf4j
public class SessionController {
private final SessionService sessionService;
private final AccountService accountService;
@Autowired
public SessionController(SessionService sessionService, AccountService accountService) {
this.sessionService = sessionService;
this.accountService = accountService;
}
@RequestMapping(value = SESSION_BASE, method = RequestMethod.POST, produces = "application/json")
public ResponseEntity<SessionModel> create(@RequestParam String email, @RequestParam String password) {
if (email == null || password == null) {
log.warn("Got bad request, email and password");
return ResponseEntity.badRequest().build();
}
Account acc = accountService.isValidLogin(email, password);
if (acc == null) {
log.warn("Got bad request, Account does not exist");
return ResponseEntity.badRequest().build();
}
return ResponseEntity.ok(sessionService.create(acc).toModel());
}
@RequestMapping(value = SESSION_BASE, method = RequestMethod.DELETE, produces = "application/json")
public ResponseEntity<Boolean> delete(@RequestParam String email, @RequestParam UUID token) {
if(email == null || token == null) {
log.warn("Got bad request, email and token");
return ResponseEntity.badRequest().body(false);
}
Session session = sessionService.getByToken(token);
if(!sessionService.isValid(session, email)) {
log.warn("Got bad request, session is invalid");
return ResponseEntity.badRequest().body(false);
}
sessionService.delete(session);
return ResponseEntity.ok(true);
}
@RequestMapping(value = SESSION_BASE, method = RequestMethod.GET, produces = "application/json")
public ResponseEntity<Boolean> isValid(@RequestParam String email, @RequestParam UUID token) {
if(email == null || token == null) {
log.warn("Got bad request, email and token");
return ResponseEntity.badRequest().body(false);
}
Session session = sessionService.getByToken(token);
if(session == null) {
log.warn("Got bad request, session is invalid");
return ResponseEntity.notFound().build();
}
if(sessionService.isValid(session, email)) {
return ResponseEntity.ok(true);
}
return ResponseEntity.notFound().build();
}
}

View File

@@ -0,0 +1,27 @@
package de.htwsaar.webshop.model;
import jakarta.validation.constraints.Max;
import jakarta.validation.constraints.Min;
import jakarta.validation.constraints.NotNull;
import jakarta.validation.constraints.Null;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import java.util.UUID;
import static de.htwsaar.webshop.util.TimeUtil.VALID_MIN_MILLIS_TIMESTAMP;
@Getter
@Setter
@ToString
@AllArgsConstructor
public class SessionModel {
@NotNull
UUID uuid;
@Min(VALID_MIN_MILLIS_TIMESTAMP)
long timeout;
}

View File

@@ -0,0 +1,16 @@
package de.htwsaar.webshop.repository;
import de.htwsaar.webshop.repository.entities.Account;
import de.htwsaar.webshop.repository.entities.Session;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.UUID;
@Repository
public interface SessionRepository extends JpaRepository<Session, Long> {
Session findByAccount(Account account);
Session getSessionByToken(UUID token);
}

View File

@@ -0,0 +1,37 @@
package de.htwsaar.webshop.repository.entities;
import de.htwsaar.webshop.model.SessionModel;
import jakarta.persistence.*;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.UUID;
@Getter
@Setter
@AllArgsConstructor
@NoArgsConstructor
@Entity
@Table(name = "Sessions")
public class Session {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@JoinColumn(name = "token", nullable = false)
private UUID token;
@Column(name = "timeout", nullable = false)
private Long timeout;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "account_id", referencedColumnName = "id", nullable = false)
private Account account;
public SessionModel toModel() {
return new SessionModel(token, timeout);
}
}

View File

@@ -0,0 +1,16 @@
package de.htwsaar.webshop.service;
import de.htwsaar.webshop.model.SessionModel;
import de.htwsaar.webshop.repository.entities.Account;
import de.htwsaar.webshop.repository.entities.Session;
import java.util.UUID;
public interface SessionService {
Session create(Account account);
void delete(Session session);
Session findByAccount(Account account);
Session getByToken(UUID token);
boolean isValid(Session session, String email);
boolean isValid(UUID token, String email);
}

View File

@@ -0,0 +1,74 @@
package de.htwsaar.webshop.service.impl;
import de.htwsaar.webshop.model.SessionModel;
import de.htwsaar.webshop.repository.AccountRepository;
import de.htwsaar.webshop.repository.SessionRepository;
import de.htwsaar.webshop.repository.entities.Account;
import de.htwsaar.webshop.repository.entities.Session;
import de.htwsaar.webshop.service.SessionService;
import de.htwsaar.webshop.util.TimeUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.UUID;
@Service
@Slf4j
public class SessionServiceImpl implements SessionService {
private final SessionRepository sessionRepository;
private final AccountRepository accountRepository;
@Autowired
public SessionServiceImpl(SessionRepository sessionRepository, AccountRepository accountRepository) {
this.sessionRepository = sessionRepository;
this.accountRepository = accountRepository;
}
@Override
public Session create(Account account) {
long timeout = TimeUtil.nowPlusDays(7);
UUID token = UUID.randomUUID();
log.info("Creating session with account {} and token {} with timeout {} ", account, token, timeout);
return sessionRepository.save(new Session(0L, token, timeout, account));
}
@Override
public void delete(Session session) {
sessionRepository.delete(session);
}
@Override
public Session findByAccount(Account account) {
return sessionRepository.findByAccount(account);
}
@Override
public Session getByToken(UUID token) {
return sessionRepository.getSessionByToken(token);
}
@Override
public boolean isValid(Session session, String email) {
if(session == null || email == null) {
return false;
}
Account accountEmail = accountRepository.getAccountByEmail(email);
if(!session.getAccount().equals(accountEmail)) {
return false;
}
if(session.getTimeout() >= System.currentTimeMillis()) {
log.info("Session with email {} is expired", email);
delete(session);
return false;
}
log.info("Session with email {} is valid", email);
return true;
}
@Override
public boolean isValid(UUID token, String email) {
return isValid(getByToken(token), email);
}
}

View File

@@ -82,3 +82,14 @@ CREATE TABLE IF NOT EXISTS OrderItems
ON DELETE SET NULL
ON UPDATE CASCADE
);
CREATE TABLE IF NOT EXISTS Sessions
(
id INTEGER NOT NULL PRIMARY KEY,
token TEXT UNIQUE NOT NULL,
timeout INTEGER NOT NULL,
account_id INTEGER NOT NULL,
FOREIGN KEY (account_id) REFERENCES Accounts (id)
ON DELETE CASCADE
ON UPDATE CASCADE
);