diff --git a/src/main/java/com/hackerupdates/hsw/constants/Constant.java b/src/main/java/com/hackerupdates/hsw/constants/Constant.java index 3628f7a..186287b 100644 --- a/src/main/java/com/hackerupdates/hsw/constants/Constant.java +++ b/src/main/java/com/hackerupdates/hsw/constants/Constant.java @@ -37,8 +37,10 @@ public static class Path { public static final String SIGN_IN = "/signIn"; public static final String TOKEN_VALIDATE = "/validate"; public static final String COOKIE = "/createCookie"; - public static final String SWAGGER_UI = "/swagger"; + public static final String SWAGGER_UI = "/swagger-ui"; public static final String API_DOCS = "/api-docs"; + public static final String API_ALL_SHARES = "/api/connectionShare/list"; + public static final String API_ALL_SHARES_FROM = "/api/connectionShare/listFrom"; } @NoArgsConstructor(access = AccessLevel.PRIVATE) diff --git a/src/main/java/com/hackerupdates/hsw/controller/AuthenticationController.java b/src/main/java/com/hackerupdates/hsw/controller/AuthenticationController.java index 75e43c5..c981b6f 100644 --- a/src/main/java/com/hackerupdates/hsw/controller/AuthenticationController.java +++ b/src/main/java/com/hackerupdates/hsw/controller/AuthenticationController.java @@ -38,7 +38,7 @@ public ResponseEntity validate() { } @GetMapping(value = "/login/auth={auth}&code={code}") - @ApiOperation(value = "Try sign up with", notes = "") + @ApiOperation(value = "Try sign in with", notes = "") public ResponseEntity login(@PathVariable Auth auth, @PathVariable String code) { return ResponseEntity.ok(authentication.login(auth, code)); } diff --git a/src/main/java/com/hackerupdates/hsw/controller/ConnectionShareController.java b/src/main/java/com/hackerupdates/hsw/controller/ConnectionShareController.java index 6669ca7..f9ceba0 100644 --- a/src/main/java/com/hackerupdates/hsw/controller/ConnectionShareController.java +++ b/src/main/java/com/hackerupdates/hsw/controller/ConnectionShareController.java @@ -2,6 +2,8 @@ import com.hackerupdates.hsw.constants.Constant; import com.hackerupdates.hsw.domain.dto.ConnectionShareDTO; +import com.hackerupdates.hsw.enums.ValidationRule; +import com.hackerupdates.hsw.exception.HswException; import com.hackerupdates.hsw.service.ConnectionShareService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -40,6 +42,9 @@ public ResponseEntity> listFrom(@RequestHeader(Constant @PostMapping(value = "/list") @ApiOperation(value = "Get all shares") public ResponseEntity> list(@RequestParam int pageNumber, @RequestParam int pageSize) { + int PAGE_SIZE_LIMIT = 50; + if (pageSize > PAGE_SIZE_LIMIT) + throw new HswException(ValidationRule.UNAUTHORIZED_ACCESS); return ResponseEntity.ok(connectionShareService.findAllShares(pageNumber, pageSize)); } diff --git a/src/main/java/com/hackerupdates/hsw/filter/AuthenticationFilter.java b/src/main/java/com/hackerupdates/hsw/filter/AuthenticationFilter.java index e14e606..f9c5b6f 100644 --- a/src/main/java/com/hackerupdates/hsw/filter/AuthenticationFilter.java +++ b/src/main/java/com/hackerupdates/hsw/filter/AuthenticationFilter.java @@ -35,7 +35,10 @@ public class AuthenticationFilter implements Filter { private final TokenService tokenService; - private final List blackList = List.of(Path.LOGIN, Path.SIGN_UP, Path.SIGN_IN, Path.COOKIE, Path.SWAGGER_UI, Path.API_DOCS); + private final List blackListAPI = List.of(Path.API_ALL_SHARES, Path.API_ALL_SHARES_FROM); + + private final List blackList = List.of(Path.LOGIN, Path.SIGN_UP, Path.SIGN_IN, Path.COOKIE, + Path.SWAGGER_UI, Path.API_DOCS); @Override public void init(FilterConfig filterConfig) { @@ -54,7 +57,7 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain } } - if (blackList.stream().noneMatch(url::contains)) { + if (blackListAPI.stream().noneMatch(url::equals) && blackList.stream().noneMatch(url::contains)) { cachedToken = tokenService.get(token); if (isNull(cachedToken) || !cachedToken.getToken().equals(token)) { cachedToken = tokenService.getFromDB(token); diff --git a/src/main/java/com/hackerupdates/hsw/service/authentication/Authentication.java b/src/main/java/com/hackerupdates/hsw/service/authentication/Authentication.java index a7e2997..4e613e9 100644 --- a/src/main/java/com/hackerupdates/hsw/service/authentication/Authentication.java +++ b/src/main/java/com/hackerupdates/hsw/service/authentication/Authentication.java @@ -37,6 +37,8 @@ public class Authentication { public PersonDTO login(Auth auth, String code) { + log.debug("Login attempt. Auth Name: {}, Code: {}", auth.name(), code); + Person personInfo = null; var isRegistration = Boolean.FALSE; @@ -69,10 +71,13 @@ public PersonDTO signIn(SignInDTO signInDTO) { Person personInfo; try { personInfo = personQueryService.findByUserName(signInDTO.getUserName()); + log.debug("Login success. User info: {}", personInfo); } catch (HswException e) { + log.debug("Invalid user or password: {}", signInDTO); throw new HswException(ValidationRule.INVALID_USER_OR_PASSWORD); } if (!passwordEncoder.matches(signInDTO.getPassword(), personInfo.getPassword())) { + log.debug("Invalid user or password: {}", signInDTO); throw new HswException(ValidationRule.INVALID_USER_OR_PASSWORD); } @@ -88,6 +93,7 @@ public PersonDTO signIn(SignInDTO signInDTO) { public PersonDTO signUp(SignUpDTO signUpDTO) { try { personQueryService.findByUserName(signUpDTO.getUserName()); + log.debug("Person already exists. Redirect for login: {}", signUpDTO); } catch (HswException e) { var encodedPassword = passwordEncoder.encode(signUpDTO.getPassword()); var personInfo = createPerson(UserDTO.builder() @@ -111,11 +117,12 @@ public PersonDTO signUp(SignUpDTO signUpDTO) { } public boolean logout(String code) { + log.debug("Logout for code: {}", code); return tokenService.remove(code); } private Person createPerson(UserDTO user) { - log.info("Create new person for user: {}", user.toString()); + log.info("Create new person for user: {}", user); return personCommandService.add(Person.builder() .name(nonNull(user.getName()) ? user.getName() : user.getLogin()) .userName(user.getLogin()) diff --git a/src/main/java/com/hackerupdates/hsw/service/authentication/GithubAuthProvider.java b/src/main/java/com/hackerupdates/hsw/service/authentication/GithubAuthProvider.java index 60dc901..2918d95 100644 --- a/src/main/java/com/hackerupdates/hsw/service/authentication/GithubAuthProvider.java +++ b/src/main/java/com/hackerupdates/hsw/service/authentication/GithubAuthProvider.java @@ -42,6 +42,7 @@ public Optional login(String code) { var respForAccessToken = getAccessToken(body, headers); if (HttpStatus.OK.equals(respForAccessToken.getStatusCode())) { + log.debug("Access token retrieved with code: {}", code); var respBody = respForAccessToken.getBody(); var accessToken = respBody.get(tokenName); @@ -50,12 +51,14 @@ public Optional login(String code) { var respForUser = getUserByAccessToken(headers); if (HttpStatus.OK.equals(respForUser.getStatusCode())) { + log.debug("Users retrieved: {}, {}", code, accessToken); var githubUserDTO = respForUser.getBody(); return Optional.of(githubUserDTO); } } } + log.debug("Could not sign in. Code: {}", code); throw new HswException(ValidationRule.COULD_NOT_SIGN_IN); } diff --git a/src/main/java/com/hackerupdates/hsw/service/security/TokenService.java b/src/main/java/com/hackerupdates/hsw/service/security/TokenService.java index 9d5d49e..fd1eab3 100644 --- a/src/main/java/com/hackerupdates/hsw/service/security/TokenService.java +++ b/src/main/java/com/hackerupdates/hsw/service/security/TokenService.java @@ -25,16 +25,16 @@ public Token get(String token) { } public Token getFromDB(String token) { - log.debug("Get persisted token for key: {}", token); + log.debug("Get stored token for key: {}", token); var tokenPossible = tokenRepository.findByToken(token); if (tokenPossible.isPresent()) { - log.debug("Return persisted token for key: {}", tokenPossible.get().getToken()); + log.debug("Return stored token for key: {}", tokenPossible.get().getToken()); return tokenPossible.get(); } return null; } - @CachePut(value= Constant.CACHE_NAME_FOR_TOKEN, key = "#token") + @CachePut(value = Constant.CACHE_NAME_FOR_TOKEN, key = "#token") public Token set(Long personId, String userName, String token) { var expiredDate = Instant.now().plusSeconds(Constant.COOKIE_EXPIRE_TIME).getEpochSecond(); @@ -59,7 +59,7 @@ public Token set(Long personId, String userName, String token) { return newToken; } - @CacheEvict(value= Constant.CACHE_NAME_FOR_TOKEN) + @Cacheable(Constant.CACHE_NAME_FOR_TOKEN) public boolean remove(String token) { tokenRepository.deleteById(getFromDB(token).getId()); log.debug("Evict add delete token for key: {}", token); diff --git a/src/main/resources/application-local.yml b/src/main/resources/application-local.yml index 59f601f..c382b04 100644 --- a/src/main/resources/application-local.yml +++ b/src/main/resources/application-local.yml @@ -3,3 +3,8 @@ spring: url: jdbc:postgresql://localhost:5432/hsw?currentSchema=public username: postgres password: 12345678 + jpa: + show-sql: false + properties: + hibernate: + format_sql: false \ No newline at end of file diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 408dce6..194bbe4 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -2,6 +2,11 @@ server: servlet: context-path: /api +logging: + level: + com: + hackerupdates: DEBUG + spring: sql: init: