Refactor Auth and HDFS controllers, fix User model, and improve HDFS config
- Rewrote AuthController to inject all dependencies via constructor - Fixed token refresh/login logic and added rate limiter and blacklist support - Implemented getters in LoginRequest DTO - Updated User model to implement UserDetails and extend entity.User - Switched HDFScontroller to use entity.User instead of models.User - Rewrote HDFSConfig to include static getHDFS() method and secure config via env vars - Simplified JwtService, added overload for entity.User, and fixed key handling
This commit is contained in:
@@ -1,13 +1,17 @@
|
||||
package com.skycrate.backend.skycrateBackend.controller;
|
||||
|
||||
import com.skycrate.backend.skycrateBackend.dto.LoginRequest;
|
||||
import com.skycrate.backend.skycrateBackend.services.JwtService;
|
||||
import com.skycrate.backend.skycrateBackend.dto.LoginResponse;
|
||||
import com.skycrate.backend.skycrateBackend.dto.TokenRefreshRequest;
|
||||
import com.skycrate.backend.skycrateBackend.dto.TokenRefreshResponse;
|
||||
import com.skycrate.backend.skycrateBackend.entity.RefreshToken;
|
||||
import com.skycrate.backend.skycrateBackend.entity.User;
|
||||
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
|
||||
import com.skycrate.backend.skycrateBackend.security.TokenBlacklistService;
|
||||
import com.skycrate.backend.skycrateBackend.services.JwtService;
|
||||
import com.skycrate.backend.skycrateBackend.services.RefreshTokenService;
|
||||
import com.skycrate.backend.skycrateBackend.services.RateLimiterService;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
@@ -20,16 +24,26 @@ public class AuthController {
|
||||
private final AuthenticationManager authManager;
|
||||
private final JwtService jwtService;
|
||||
private final UserRepository userRepository;
|
||||
private final RefreshTokenService refreshTokenService;
|
||||
private final TokenBlacklistService tokenBlacklistService;
|
||||
private final RateLimiterService rateLimiterService;
|
||||
|
||||
public AuthController(AuthenticationManager authManager, JwtService jwtService, UserRepository userRepository) {
|
||||
public AuthController(
|
||||
AuthenticationManager authManager,
|
||||
JwtService jwtService,
|
||||
UserRepository userRepository,
|
||||
RefreshTokenService refreshTokenService,
|
||||
TokenBlacklistService tokenBlacklistService,
|
||||
RateLimiterService rateLimiterService
|
||||
) {
|
||||
this.authManager = authManager;
|
||||
this.jwtService = jwtService;
|
||||
this.userRepository = userRepository;
|
||||
this.refreshTokenService = refreshTokenService;
|
||||
this.tokenBlacklistService = tokenBlacklistService;
|
||||
this.rateLimiterService = rateLimiterService;
|
||||
}
|
||||
|
||||
@Autowired
|
||||
private RefreshTokenService refreshTokenService;
|
||||
|
||||
@PostMapping("/login")
|
||||
public ResponseEntity<?> login(@RequestBody LoginRequest request, HttpServletRequest servletRequest) {
|
||||
String ip = servletRequest.getRemoteAddr();
|
||||
@@ -52,43 +66,29 @@ public class AuthController {
|
||||
|
||||
rateLimiterService.resetAttempts(ip);
|
||||
|
||||
// ✅ Generate tokens
|
||||
String accessToken = jwtService.generateToken(user);
|
||||
RefreshToken refreshToken = refreshTokenService.createRefreshToken(user);
|
||||
|
||||
return ResponseEntity.ok(new LoginResponse(accessToken, refreshToken.getToken()));
|
||||
}
|
||||
|
||||
User user = userRepository.findByEmail(request.getEmail())
|
||||
.orElseThrow(() -> new RuntimeException("User not found"));
|
||||
@PostMapping("/logout")
|
||||
public ResponseEntity<?> logout(HttpServletRequest request) {
|
||||
String authHeader = request.getHeader("Authorization");
|
||||
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
|
||||
return ResponseEntity.badRequest().body("Missing or invalid Authorization header");
|
||||
}
|
||||
|
||||
rateLimiterService.resetAttempts(ip);
|
||||
String token = jwtService.generateToken(user);
|
||||
return ResponseEntity.ok().body(token);
|
||||
String token = authHeader.substring(7);
|
||||
|
||||
tokenBlacklistService.blacklistToken(token);
|
||||
|
||||
String email = jwtService.extractUsername(token);
|
||||
userRepository.findByEmail(email).ifPresent(refreshTokenService::deleteByUser);
|
||||
|
||||
return ResponseEntity.ok("Logged out successfully");
|
||||
}
|
||||
|
||||
@Autowired
|
||||
private TokenBlacklistService tokenBlacklistService;
|
||||
|
||||
@PostMapping("/logout")
|
||||
public ResponseEntity<?> logout(HttpServletRequest request) {
|
||||
String authHeader = request.getHeader("Authorization");
|
||||
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
|
||||
return ResponseEntity.badRequest().body("Missing or invalid Authorization header");
|
||||
}
|
||||
|
||||
String token = authHeader.substring(7);
|
||||
|
||||
// Blacklist access token
|
||||
tokenBlacklistService.blacklistToken(token);
|
||||
|
||||
// Extract user from token and delete their refresh token
|
||||
String email = jwtService.extractUsername(token);
|
||||
userRepository.findByEmail(email).ifPresent(refreshTokenService::deleteByUser);
|
||||
|
||||
return ResponseEntity.ok("Logged out successfully");
|
||||
}
|
||||
|
||||
@PostMapping("/refresh")
|
||||
public ResponseEntity<?> refresh(@RequestBody TokenRefreshRequest request) {
|
||||
String requestToken = request.getRefreshToken();
|
||||
@@ -105,5 +105,4 @@ public ResponseEntity<?> logout(HttpServletRequest request) {
|
||||
})
|
||||
.orElseGet(() -> ResponseEntity.status(403).body("Invalid refresh token"));
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user