add spring security and token management
This commit is contained in:
dirgantarasiahaan
@ -0,0 +1,47 @@
|
||||
package com.iconplus.smartproc.service.authentication;
|
||||
|
||||
import com.iconplus.smartproc.exception.BusinessException;
|
||||
import com.iconplus.smartproc.helper.service.BaseService;
|
||||
import com.iconplus.smartproc.model.request.LoginRequest;
|
||||
import com.iconplus.smartproc.model.response.LoginResponse;
|
||||
import com.iconplus.smartproc.repository.UsersRepository;
|
||||
import com.iconplus.smartproc.util.Constants;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@Service
|
||||
@Slf4j
|
||||
public class LoginService implements BaseService<LoginRequest, LoginResponse> {
|
||||
|
||||
|
||||
private final UsersRepository usersRepository;
|
||||
|
||||
public LoginService(UsersRepository userRepository) {
|
||||
this.usersRepository = userRepository;
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public LoginResponse execute(LoginRequest input) {
|
||||
|
||||
var user= usersRepository.findByEmailAndDeletedFalse(input.getEmail())
|
||||
.orElseThrow(() -> new BusinessException(HttpStatus.CONFLICT,
|
||||
Constants.ERR_CODE_10003,
|
||||
Constants.ERR_TTL_10003,
|
||||
String.format(Constants.ERR_MSG_10003, input.getEmail())));
|
||||
|
||||
if (!StringUtils.equalsIgnoreCase(input.getPassword(), user.getPassword())) {
|
||||
throw new BusinessException(HttpStatus.CONFLICT,
|
||||
Constants.ERR_CODE_10004,
|
||||
Constants.ERR_TTL_10004,
|
||||
Constants.ERR_MSG_10004);
|
||||
}
|
||||
|
||||
|
||||
|
||||
return LoginResponse.builder()
|
||||
.build();
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,55 @@
|
||||
package com.iconplus.smartproc.service.authentication;
|
||||
|
||||
import com.iconplus.smartproc.helper.service.BaseService;
|
||||
import com.iconplus.smartproc.helper.service.TokenUtils;
|
||||
import com.iconplus.smartproc.model.projection.TokenManagementView;
|
||||
import com.iconplus.smartproc.model.request.PostAccessTokenRequest;
|
||||
import com.iconplus.smartproc.model.response.PostAccessTokenResponse;
|
||||
import com.iconplus.smartproc.repository.TokenManagementRepository;
|
||||
import com.iconplus.smartproc.util.CommonUtil;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Service
|
||||
@Slf4j
|
||||
public class PostCheckAccessTokenService implements BaseService<PostAccessTokenRequest, PostAccessTokenResponse> {
|
||||
|
||||
private TokenManagementRepository tokenManagementRepository;
|
||||
|
||||
public PostCheckAccessTokenService(TokenManagementRepository tokenManagementRepository) {
|
||||
this.tokenManagementRepository = tokenManagementRepository;
|
||||
}
|
||||
|
||||
@Override
|
||||
public PostAccessTokenResponse execute(PostAccessTokenRequest input) {
|
||||
|
||||
var decodeToken = TokenUtils.decodeToken(input.getAccessToken());
|
||||
String userId = decodeToken.get("user_id");
|
||||
|
||||
List<TokenManagementView> tokenManagementViews = tokenManagementRepository.findAccessTokenByUserIdAndDeletedFalse(userId);
|
||||
if (tokenManagementViews.isEmpty()) {
|
||||
log.error("access token not found in db");
|
||||
return PostAccessTokenResponse.builder()
|
||||
.isValid(false)
|
||||
.build();
|
||||
}
|
||||
|
||||
List<String> userTokenList = tokenManagementViews.stream()
|
||||
.map(c-> CommonUtil.clobToString(c.getAccessToken()))
|
||||
.collect(Collectors.toList());
|
||||
|
||||
boolean isMatch = userTokenList.stream().anyMatch(s -> s.equals(input.getAccessToken()));
|
||||
if (isMatch) {
|
||||
return PostAccessTokenResponse.builder()
|
||||
.isValid(true)
|
||||
.build();
|
||||
}
|
||||
|
||||
return PostAccessTokenResponse.builder()
|
||||
.isValid(false)
|
||||
.build();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user