package com.covas.Resources; import java.nio.charset.StandardCharsets; import java.time.LocalDate; import java.time.LocalDateTime; import java.util.List; import java.util.UUID; import javax.annotation.security.RolesAllowed; import javax.inject.Inject; import javax.transaction.Transactional; import javax.ws.rs.core.SecurityContext; import javax.ws.rs.core.Response.Status; import javax.ws.rs.Consumes; import javax.ws.rs.CookieParam; import javax.ws.rs.DELETE; import javax.ws.rs.GET; import javax.ws.rs.PATCH; import javax.ws.rs.POST; import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import com.covas.Classes.Hash; import com.covas.Entity.UsersEntity; import com.covas.Json.UserExist; import com.covas.Json.UserSingle; import io.quarkus.panache.common.Page; import io.quarkus.panache.common.Parameters; import org.eclipse.microprofile.jwt.Claims; import org.eclipse.microprofile.jwt.JsonWebToken; import org.jboss.logging.Logger; import org.postgresql.shaded.com.ongres.scram.common.bouncycastle.base64.Base64; @Produces(MediaType.APPLICATION_JSON) @Path("users") public class UsersRessources { private static final Logger LOGGER = Logger.getLogger(UsersRessources.class); @Inject JsonWebToken jwt; /// Function private Boolean checkUserCookie(String userCookie, UsersEntity users) { if ((userCookie == null) || (users == null)) { return false; } String name = new String(Base64.decode(userCookie), StandardCharsets.UTF_8); if (!name.equals(users.pseudo) && (users.status != 1)) { return false; } return true; } private Response.Status getResponseCheck(SecurityContext ctx, String userCookie, UsersEntity users) { if (!ctx.getUserPrincipal().getName().equals(jwt.getName())) { return Response.Status.INTERNAL_SERVER_ERROR; } if (!checkUserCookie(userCookie, users)) { return Response.Status.FORBIDDEN; } return Response.Status.OK; } /// Appel HTTP /// GET @GET @RolesAllowed("Admin") public Response getUsers(@CookieParam("user") String userCookie, @Context SecurityContext ctx, @QueryParam("page") Integer page, @QueryParam("nbPages") Integer nbPages, @QueryParam("status") Short status, @QueryParam("roles") String roles, @QueryParam("email") String email, @QueryParam("search") String search, @QueryParam("uuid") String uuid) { if(nbPages == null){ nbPages = 20; } if(page == null){ page = 0; } UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status statusHttp = getResponseCheck(ctx, userCookie, user); Response responseHttp = Response.status(statusHttp).build(); if (statusHttp.equals(Response.Status.OK)) { List listUsers = UsersEntity.findAll().page(Page.of(page, nbPages)).list(); if((roles != null) && (status == null)){ listUsers = UsersEntity.find("#Users.byRoles", Parameters.with("roles",roles)).page(Page.of(page, nbPages)).list(); } if((roles == null) && (status != null)){ listUsers = UsersEntity.find("#Users.byStatus", Parameters.with("status",status)).page(Page.of(page, nbPages)).list(); } if((roles != null) && (status != null)){ listUsers = UsersEntity.find("#Users.byRolesandStatus", Parameters.with("roles",roles).and("status", status)).page(Page.of(page, nbPages)).list(); } responseHttp = Response.ok(listUsers).build(); if(uuid != null){ UsersEntity userSingle = UsersEntity.findById(UUID.fromString(uuid)); if((roles != null) && (status == null)){ userSingle = UsersEntity.find("#Users.byUUIDandRoles", Parameters.with("id", UUID.fromString(uuid)).and("roles",roles)).firstResult(); } if((roles == null) && (status != null)){ userSingle = UsersEntity.find("#Users.byUUIDandStatus", Parameters.with("id", UUID.fromString(uuid)).and("status",status)).firstResult(); } if((roles != null) && (status != null)){ userSingle = UsersEntity.find("#Users.byUUIDandRolesandStatus", Parameters.with("id", UUID.fromString(uuid)).and("status",status).and("roles", roles)).firstResult(); } responseHttp = Response.ok(userSingle).build(); } if(email != null){ UsersEntity userSingle = UsersEntity.findByEmail(email); if((roles != null) && (status == null)){ userSingle = UsersEntity.find("#Users.byEmailandRoles", Parameters.with("email", email).and("roles",roles)).firstResult(); } if((roles == null) && (status != null)){ userSingle = UsersEntity.find("#Users.byEmailandStatus", Parameters.with("email", email).and("status",status)).firstResult(); } if((roles != null) && (status != null)){ userSingle = UsersEntity.find("#Users.byEmailandRolesandStatus", Parameters.with("email", email).and("status",status).and("roles", roles)).firstResult(); } responseHttp = Response.ok(userSingle).build(); } if(search != null){ List usersList = UsersEntity.find("#Users.bySearch", Parameters.with("search", search)).page(Page.of(page, nbPages)).list(); if((roles != null) && (status == null)){ usersList = UsersEntity.find("#Users.bySearchandRoles", Parameters.with("search", search).and("roles",roles)).page(Page.of(page, nbPages)).list(); } if((roles == null) && (status != null)){ usersList = UsersEntity.find("#Users.bySearchandStatus", Parameters.with("search", search).and("status",status)).page(Page.of(page, nbPages)).list(); } if((roles != null) && (status != null)){ usersList = UsersEntity.find("#Users.bySearchandRolesandStatus", Parameters.with("search", search).and("status",status).and("roles", roles)).page(Page.of(page, nbPages)).list(); } responseHttp = Response.ok(usersList).build(); } } return responseHttp; } @GET @RolesAllowed("Admin") @Path("count") public Response getCount(@CookieParam("user") String userCookie, @Context SecurityContext ctx){ UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); Response responseHttp = Response.status(status).build(); if (status.equals(Response.Status.OK)){ responseHttp = Response.ok(UsersEntity.count()).build(); } return responseHttp; } @GET @RolesAllowed("Admin") @Path("{id}") public Response getSingleUser(@PathParam("id") String id, @CookieParam("user") String userCookie, @Context SecurityContext ctx) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); Response responseHttp = Response.status(status).build(); if (status.equals(Response.Status.OK)) { UUID uid = UUID.fromString(id); UsersEntity users = UsersEntity.findById(uid); responseHttp = Response.status(Response.Status.NOT_FOUND).build(); if (users != null) { responseHttp = Response.ok(users).build(); } } return responseHttp; } @GET @RolesAllowed("User") @Path("info") public Response getInfoUser(@Context SecurityContext ctx, @CookieParam("user") String userCookie) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); if (status.equals(Response.Status.OK)) { if (user == null) { status = Response.Status.NOT_FOUND; } if (!checkUserCookie(userCookie, user)) { status = Response.Status.FORBIDDEN; } } Response responseHttp = Response.status(status).build(); if (status.equals(Response.Status.OK)) { responseHttp = Response.status(status).entity(new UserSingle(user.name, user.pseudo, user.firstName)) .build(); } return responseHttp; } // POST @POST @Consumes(MediaType.APPLICATION_JSON) @Transactional public Response createUser(UsersEntity users) { Response.Status status = Response.Status.OK; UsersEntity usersPseudo = UsersEntity.findByPseudo(users.pseudo); UsersEntity usersEmail = UsersEntity.findByEmail(users.email); Boolean createUserBool = true; Boolean pseudoExist = false; Boolean emailExist = false; if (usersPseudo != null) { createUserBool = false; status = Response.Status.UNAUTHORIZED; pseudoExist = true; } if(usersEmail != null){ createUserBool = false; status = Response.Status.UNAUTHORIZED; emailExist = true; } if(createUserBool) { UsersEntity usersNew = new UsersEntity(); usersNew.name = users.name; usersNew.pseudo = users.pseudo; usersNew.firstName = users.firstName; usersNew.email = users.email; usersNew.birth = LocalDate.of(users.birth.getYear(), users.birth.getMonth(), users.birth.getDayOfMonth()); usersNew.created_at = LocalDateTime.now(); usersNew.updated_at = LocalDateTime.now(); usersNew.password = Hash .encryptSHA512(Base64.toBase64String(users.password.getBytes(StandardCharsets.UTF_8))); usersNew.roles = users.roles; usersNew.status = 2; usersNew.persist(); if (usersNew.isPersistent()) { status = Response.Status.CREATED; } else { status = Response.Status.NO_CONTENT; } } return Response.status(status).entity(new UserExist(emailExist, pseudoExist)).build(); } // PUT @PUT @RolesAllowed("Admin") @Consumes(MediaType.APPLICATION_JSON) @Transactional public Response addUser(@Context SecurityContext ctx, @CookieParam("user") String userCookie, UsersEntity users) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); Boolean pseudoExist = false; Boolean emailExist = false; if (status.equals(Response.Status.OK)) { UsersEntity usersPseudo = UsersEntity.findByPseudo(users.pseudo); UsersEntity usersEmail = UsersEntity.findByEmail(users.email); Boolean createUserBool = true; if (usersPseudo != null) { createUserBool = false; status = Response.Status.UNAUTHORIZED; pseudoExist = true; } if(usersEmail != null){ createUserBool = false; status = Response.Status.UNAUTHORIZED; emailExist = true; } if(createUserBool) { UsersEntity usersNew = new UsersEntity(); usersNew.name = users.name; usersNew.pseudo = users.pseudo; usersNew.firstName = users.firstName; usersNew.email = users.email; usersNew.birth = LocalDate.of(users.birth.getYear(), users.birth.getMonth(), users.birth.getDayOfMonth()); usersNew.created_at = LocalDateTime.now(); usersNew.updated_at = LocalDateTime.now(); usersNew.password = Hash .encryptSHA512(Base64.toBase64String(users.password.getBytes(StandardCharsets.UTF_8))); usersNew.roles = users.roles; usersNew.status = 1; usersNew.persist(); if (usersNew.isPersistent()) { status = Response.Status.CREATED; } else { status = Response.Status.NO_CONTENT; } } } return Response.status(status).entity(new UserExist(emailExist, pseudoExist)).build(); } // Delete @DELETE @RolesAllowed("User") @Transactional public Response changeStatusToDelete(@Context SecurityContext ctx, @CookieParam("user") String userCookie) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); if (status.equals(Response.Status.OK)) { user.status = -1; user.updated_at = LocalDateTime.now(); user.deleted_at = LocalDateTime.now(); user.persist(); if (!user.isPersistent()) { status = Response.Status.NOT_MODIFIED; } } return Response.status(status).build(); } @DELETE @Path("{id}") @RolesAllowed("Admin") @Transactional public Response changeStatusSingleUserToDelete(@Context SecurityContext ctx, @CookieParam("user") String userCookie, @PathParam("id") String id) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); if (status.equals(Response.Status.OK)) { UsersEntity singleUser = UsersEntity.find("id", UUID.fromString(id)).firstResult(); if (singleUser == null) { status = Response.Status.NOT_FOUND; } else { singleUser.status = -1; singleUser.updated_at = LocalDateTime.now(); singleUser.deleted_at = LocalDateTime.now(); singleUser.persist(); if (!singleUser.isPersistent()) { status = Response.Status.NOT_MODIFIED; } } } return Response.status(status).build(); } @DELETE @RolesAllowed("User") @Transactional @Path("disable") public Response changeStatusToDisable(@Context SecurityContext ctx, @CookieParam("user") String userCookie) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); if (status.equals(Response.Status.OK)) { user.status = -1; user.updated_at = LocalDateTime.now(); user.deleted_at = LocalDateTime.now(); user.persist(); if (!user.isPersistent()) { status = Response.Status.NOT_MODIFIED; } } return Response.status(status).build(); } @DELETE @Path("/disable/{id}") @RolesAllowed("Admin") @Transactional public Response changeStatusSingleUserToDisable(@Context SecurityContext ctx, @CookieParam("user") String userCookie, @PathParam("id") String id) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); if (status.equals(Response.Status.OK)) { UsersEntity singleUser = UsersEntity.find("id", UUID.fromString(id)).firstResult(); if (singleUser == null) { status = Response.Status.NOT_FOUND; } else { singleUser.status = 0; singleUser.updated_at = LocalDateTime.now(); singleUser.deleted_at = LocalDateTime.now(); singleUser.persist(); if (!singleUser.isPersistent()) { status = Response.Status.NOT_MODIFIED; } } } return Response.status(status).build(); } // PATCH @PATCH @RolesAllowed("Admin") @Consumes(MediaType.APPLICATION_JSON) @Transactional @Path("{id}") public Response updateUserAdmin(@Context SecurityContext ctx, @CookieParam("user") String userCookie, UsersEntity users, @PathParam("id") String id) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); if (status.equals(Response.Status.OK)) { UsersEntity usersOrig = UsersEntity.findById(UUID.fromString(id)); if (usersOrig == null) { status = Response.Status.NOT_FOUND; } else { usersOrig.name = users.name; usersOrig.firstName = users.firstName; usersOrig.email = users.email; usersOrig.birth = LocalDate.of(users.birth.getYear(), users.birth.getMonth(), users.birth.getDayOfMonth()); usersOrig.updated_at = LocalDateTime.now(); if(users.password.length() > 0){ usersOrig.password = Hash .encryptSHA512(Base64.toBase64String(users.password.getBytes(StandardCharsets.UTF_8))); } usersOrig.roles = users.roles; if(users.status == 1){ usersOrig.deleted_at = null; usersOrig.status = 1; } usersOrig.persist(); if (!usersOrig.isPersistent()) { status = Response.Status.NOT_MODIFIED; } } } return Response.status(status).build(); } @PATCH @RolesAllowed("Admin") @Consumes(MediaType.APPLICATION_JSON) @Transactional @Path("enable/{id}") public Response enableUserAdmin(@Context SecurityContext ctx, @CookieParam("user") String userCookie, @PathParam("id") String id) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); if (status.equals(Response.Status.OK)) { UsersEntity usersOrig = UsersEntity.findById(UUID.fromString(id)); if (usersOrig == null) { status = Response.Status.NOT_FOUND; } else { usersOrig.status = 1; usersOrig.persist(); if (!usersOrig.isPersistent()) { status = Response.Status.NOT_MODIFIED; } } } return Response.status(status).build(); } @PATCH @RolesAllowed("User") @Consumes(MediaType.APPLICATION_JSON) @Transactional public Response updateSingleUser(@Context SecurityContext ctx, @CookieParam("user") String userCookie, UsersEntity users) { UUID kid = UUID.fromString(jwt.getClaim(Claims.kid)); UsersEntity user = UsersEntity.findById(kid); Response.Status status = getResponseCheck(ctx, userCookie, user); if (status.equals(Response.Status.OK)) { user.name = users.name; user.firstName = users.firstName; user.email = users.email; user.birth = LocalDate.of(users.birth.getYear(), users.birth.getMonth(), users.birth.getDayOfMonth()); user.updated_at = LocalDateTime.now(); user.password = Hash.encryptSHA512(Base64.toBase64String(users.password.getBytes(StandardCharsets.UTF_8))); user.persist(); if (!user.isPersistent()) { status = Response.Status.NOT_MODIFIED; } } return Response.status(status).build(); } }