v4l3n71n/covas-quarkus
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request 'expire-token' (#3) from expire-token into master

Browse Source 
Reviewed-on: #3
This commit is contained in:
v4l3n71n 2022-05-15 11:38:14 +00:00
commit 950b880d66
2 changed files with 46 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/main/java/com/covas/Resources/TokenRessource.java
View File

@ -1,6 +1,7 @@
package com.covas.Resources; package com.covas.Resources;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashSet; import java.util.HashSet;
@ -21,57 +22,66 @@ import io.smallrye.jwt.auth.principal.JWTParser;
import io.smallrye.jwt.auth.principal.ParseException; import io.smallrye.jwt.auth.principal.ParseException;
import io.smallrye.jwt.build.Jwt; import io.smallrye.jwt.build.Jwt;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.JsonWebToken; import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.jaxrs.HeaderParam; import org.jboss.resteasy.annotations.jaxrs.HeaderParam;
import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64; import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64;
@Path("/api") @Path("/token")
public class TokenRessource { public class TokenRessource {
@Inject @Inject
JsonWebToken jwt; JsonWebToken jwt;
private static final Logger LOGGER = Logger.getLogger(UsersRessources.class);
@Inject JWTParser parser; @Inject JWTParser parser;
@GET @GET
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Path("token") public Response tokenRefresh(@HeaderParam("Authorization") String auth, @CookieParam("user") String user, @CookieParam("jwt") String jwtCookie) {
public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("jwt") String jwtCookie) {
String name = "anonymous"; String name = "anonymous";
String password = ""; String password = "";
if(auth == null){
if (jwtCookie == null) { if(user == null){
return Response.status(Response.Status.BAD_REQUEST).build();
} else {
name = new String(Base64.decode(user), StandardCharsets.UTF_8);
}
} else {
String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":"); String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":");
name = hash[0]; name = hash[0];
password = Hash.encryptSHA512(hash[1]); password = Hash.encryptSHA512(hash[1]);
}
UsersEntity users = UsersEntity.findByPseudo(name); UsersEntity users = UsersEntity.findByPseudo(name);
if(users != null){ if (users == null){
return Response.status(Response.Status.NOT_FOUND).build();
if(password.equals(users.password)){ }
// Create a JWT token signed using the 'HS256' algorithm if (jwtCookie == null) {
String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(new HashSet<>(Arrays.asList(users.roles))).sign(); if(!password.equals(users.password)){
// or create a JWT token encrypted using the 'A256KW' algorithm
// Jwt.upn("alice").encryptWithSecret(secret);
return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build();
} else {
return Response.status(Response.Status.FORBIDDEN).build(); return Response.status(Response.Status.FORBIDDEN).build();
} }
// Create a JWT token signed using the 'HS256' algorithm
String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign();
// or create a JWT token encrypted using the 'A256KW' algorithm
// Jwt.upn("alice").encryptWithSecret(secret);
String nameEncoded = Base64.toBase64String(name.getBytes(StandardCharsets.UTF_8));
return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie), new NewCookie("user", nameEncoded)).build();
} }
return Response.status(Response.Status.NOT_FOUND).build();
} else {
// All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized. // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized.
try { try {
jwt = parser.parse(jwtCookie); jwt = parser.parse(jwtCookie);
} }
catch(ParseException p){ catch(ParseException p){
return Response.status(Response.Status.UNAUTHORIZED).build(); return Response.status(Response.Status.NOT_ACCEPTABLE).build();
} }
// or jwt = parser.decrypt(jwtCookie, secret); // or jwt = parser.decrypt(jwtCookie, secret);
String kid = jwt.getClaim(Claims.kid).toString();
if(!kid.equals(users.id.toString())){
return Response.status(Response.Status.UNAUTHORIZED).build();
}
return Response.status(Response.Status.OK).build(); return Response.status(Response.Status.OK).build();
} }
}
} }

6
src/main/java/com/covas/Resources/UsersRessources.java
View File

@ -20,13 +20,13 @@ import org.jboss.logging.Logger;
public class UsersRessources { public class UsersRessources {
private static final Logger LOGGER = Logger.getLogger(UsersRessources.class); private static final Logger LOGGER = Logger.getLogger(UsersRessources.class);
@GET @GET
@RolesAllowed({"Admin"}) @RolesAllowed("Admin")
public Response getUsers(){ public Response getUsers(){
return Response.ok(UsersEntity.listAll()).build(); return Response.ok(UsersEntity.listAll()).build();
} }
@GET @GET
@RolesAllowed({"Admin"}) @RolesAllowed("Admin")
@Path("{id}") @Path("{id}")
public Response getSingleUser(@PathParam("id") String id){ public Response getSingleUser(@PathParam("id") String id){
UUID uid = UUID.fromString(id); UUID uid = UUID.fromString(id);
@ -38,7 +38,7 @@ public class UsersRessources {
} }
@GET @GET
@RolesAllowed({"User"}) @RolesAllowed("User")
@Path("info") @Path("info")
public Response getInfoUser(){ public Response getInfoUser(){
return Response.ok().build(); return Response.ok().build();