From a312ae4289a6c521ce179f151cc02d8794b69fcc Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 15 May 2022 15:11:09 +0200 Subject: [PATCH] 100% work for getSingleUser INfo --- src/main/java/com/covas/Json/UserSingle.java | 21 ++++++++++++ .../com/covas/Resources/TokenRessource.java | 3 -- .../com/covas/Resources/UsersRessources.java | 34 ++++++++++++++++--- 3 files changed, 50 insertions(+), 8 deletions(-) create mode 100644 src/main/java/com/covas/Json/UserSingle.java diff --git a/src/main/java/com/covas/Json/UserSingle.java b/src/main/java/com/covas/Json/UserSingle.java new file mode 100644 index 0000000..22ea520 --- /dev/null +++ b/src/main/java/com/covas/Json/UserSingle.java @@ -0,0 +1,21 @@ +package com.covas.Json; + +import java.time.LocalDate; + +import io.quarkus.runtime.annotations.RegisterForReflection; + +@RegisterForReflection +public class UserSingle { + + public final String name; + public final String pseudo; + public final String firstname; + + public UserSingle(String name, String pseudo, String firstname){ + this.name = name; + this.pseudo = pseudo; + this.firstname = firstname; + + } + +} diff --git a/src/main/java/com/covas/Resources/TokenRessource.java b/src/main/java/com/covas/Resources/TokenRessource.java index 84daf33..1411acb 100644 --- a/src/main/java/com/covas/Resources/TokenRessource.java +++ b/src/main/java/com/covas/Resources/TokenRessource.java @@ -2,9 +2,6 @@ package com.covas.Resources; import java.nio.charset.StandardCharsets; import java.time.Duration; -import java.util.Arrays; -import java.util.HashSet; - import javax.inject.Inject; import javax.ws.rs.CookieParam; diff --git a/src/main/java/com/covas/Resources/UsersRessources.java b/src/main/java/com/covas/Resources/UsersRessources.java index 1f193fe..dcf3221 100644 --- a/src/main/java/com/covas/Resources/UsersRessources.java +++ b/src/main/java/com/covas/Resources/UsersRessources.java @@ -1,24 +1,38 @@ package com.covas.Resources; +import java.nio.charset.StandardCharsets; import java.util.UUID; import javax.annotation.security.RolesAllowed; +import javax.inject.Inject; +import javax.ws.rs.core.SecurityContext; +import javax.ws.rs.CookieParam; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import com.covas.Entity.UsersEntity; +import com.covas.Json.UserSingle; +import org.eclipse.microprofile.jwt.Claims; +import org.eclipse.microprofile.jwt.JsonWebToken; import org.jboss.logging.Logger; +import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64; + +import io.quarkus.hibernate.orm.panache.PanacheQuery; @Produces(MediaType.APPLICATION_JSON) @Path("users") public class UsersRessources { private static final Logger LOGGER = Logger.getLogger(UsersRessources.class); + @Inject + JsonWebToken jwt; + @GET @RolesAllowed("Admin") public Response getUsers(){ @@ -40,9 +54,19 @@ public class UsersRessources { @GET @RolesAllowed("User") @Path("info") - public Response getInfoUser(){ - return Response.ok().build(); - } - - + public Response getInfoUser(@Context SecurityContext ctx, @CookieParam("user") String userCookie){ + if(!ctx.getUserPrincipal().getName().equals(jwt.getName())){ + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } + UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); + UsersEntity user = UsersEntity.findById(kid); + if (user == null){ + return Response.status(Response.Status.NOT_FOUND).build(); + } + String name = new String(Base64.decode(userCookie), StandardCharsets.UTF_8); + if(!name.equals(user.pseudo)){ + return Response.status(Response.Status.FORBIDDEN).build(); + } + return Response.ok(new UserSingle(user.name, user.pseudo, user.firstName)).build(); + } }