Merge pull request 'expire-token' (#3) from expire-token into master
Reviewed-on: #3
This commit is contained in:
commit
950b880d66
@ -1,6 +1,7 @@
|
||||
package com.covas.Resources;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.time.Duration;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
|
||||
@ -21,57 +22,66 @@ import io.smallrye.jwt.auth.principal.JWTParser;
|
||||
import io.smallrye.jwt.auth.principal.ParseException;
|
||||
import io.smallrye.jwt.build.Jwt;
|
||||
|
||||
import org.eclipse.microprofile.jwt.Claims;
|
||||
import org.eclipse.microprofile.jwt.JsonWebToken;
|
||||
import org.jboss.logging.Logger;
|
||||
import org.jboss.resteasy.annotations.jaxrs.HeaderParam;
|
||||
import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64;
|
||||
|
||||
@Path("/api")
|
||||
@Path("/token")
|
||||
public class TokenRessource {
|
||||
@Inject
|
||||
JsonWebToken jwt;
|
||||
private static final Logger LOGGER = Logger.getLogger(UsersRessources.class);
|
||||
|
||||
|
||||
|
||||
@Inject JWTParser parser;
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("token")
|
||||
public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("jwt") String jwtCookie) {
|
||||
public Response tokenRefresh(@HeaderParam("Authorization") String auth, @CookieParam("user") String user, @CookieParam("jwt") String jwtCookie) {
|
||||
String name = "anonymous";
|
||||
String password = "";
|
||||
|
||||
if (jwtCookie == null) {
|
||||
if(auth == null){
|
||||
if(user == null){
|
||||
return Response.status(Response.Status.BAD_REQUEST).build();
|
||||
} else {
|
||||
name = new String(Base64.decode(user), StandardCharsets.UTF_8);
|
||||
}
|
||||
} else {
|
||||
String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":");
|
||||
name = hash[0];
|
||||
password = Hash.encryptSHA512(hash[1]);
|
||||
|
||||
UsersEntity users = UsersEntity.findByPseudo(name);
|
||||
if(users != null){
|
||||
|
||||
if(password.equals(users.password)){
|
||||
// Create a JWT token signed using the 'HS256' algorithm
|
||||
String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(new HashSet<>(Arrays.asList(users.roles))).sign();
|
||||
// or create a JWT token encrypted using the 'A256KW' algorithm
|
||||
// Jwt.upn("alice").encryptWithSecret(secret);
|
||||
return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build();
|
||||
} else {
|
||||
return Response.status(Response.Status.FORBIDDEN).build();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
return Response.status(Response.Status.NOT_FOUND).build();
|
||||
|
||||
} else {
|
||||
// All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized.
|
||||
try {
|
||||
jwt = parser.parse(jwtCookie);
|
||||
}
|
||||
catch(ParseException p){
|
||||
return Response.status(Response.Status.UNAUTHORIZED).build();
|
||||
}
|
||||
// or jwt = parser.decrypt(jwtCookie, secret);
|
||||
return Response.status(Response.Status.OK).build();
|
||||
}
|
||||
UsersEntity users = UsersEntity.findByPseudo(name);
|
||||
if (users == null){
|
||||
return Response.status(Response.Status.NOT_FOUND).build();
|
||||
}
|
||||
if (jwtCookie == null) {
|
||||
if(!password.equals(users.password)){
|
||||
return Response.status(Response.Status.FORBIDDEN).build();
|
||||
}
|
||||
// Create a JWT token signed using the 'HS256' algorithm
|
||||
String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign();
|
||||
// or create a JWT token encrypted using the 'A256KW' algorithm
|
||||
// Jwt.upn("alice").encryptWithSecret(secret);
|
||||
String nameEncoded = Base64.toBase64String(name.getBytes(StandardCharsets.UTF_8));
|
||||
return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie), new NewCookie("user", nameEncoded)).build();
|
||||
}
|
||||
// All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized.
|
||||
try {
|
||||
jwt = parser.parse(jwtCookie);
|
||||
}
|
||||
catch(ParseException p){
|
||||
return Response.status(Response.Status.NOT_ACCEPTABLE).build();
|
||||
}
|
||||
// or jwt = parser.decrypt(jwtCookie, secret);
|
||||
String kid = jwt.getClaim(Claims.kid).toString();
|
||||
if(!kid.equals(users.id.toString())){
|
||||
return Response.status(Response.Status.UNAUTHORIZED).build();
|
||||
}
|
||||
return Response.status(Response.Status.OK).build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -20,13 +20,13 @@ import org.jboss.logging.Logger;
|
||||
public class UsersRessources {
|
||||
private static final Logger LOGGER = Logger.getLogger(UsersRessources.class);
|
||||
@GET
|
||||
@RolesAllowed({"Admin"})
|
||||
@RolesAllowed("Admin")
|
||||
public Response getUsers(){
|
||||
return Response.ok(UsersEntity.listAll()).build();
|
||||
}
|
||||
|
||||
@GET
|
||||
@RolesAllowed({"Admin"})
|
||||
@RolesAllowed("Admin")
|
||||
@Path("{id}")
|
||||
public Response getSingleUser(@PathParam("id") String id){
|
||||
UUID uid = UUID.fromString(id);
|
||||
@ -38,7 +38,7 @@ public class UsersRessources {
|
||||
}
|
||||
|
||||
@GET
|
||||
@RolesAllowed({"User"})
|
||||
@RolesAllowed("User")
|
||||
@Path("info")
|
||||
public Response getInfoUser(){
|
||||
return Response.ok().build();
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user