notkshitij/SkycrateBackend
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactor file upload/download with service layer and secure encryption

Browse Source 
- Replaced direct encryption logic in FileController with FileService delegation
- Added JWT-based username extraction in file operations
- Updated FileMetadata entity to include `uploadedAt` field and removed redundant getters/setters
- Refactored EncryptionUtil:
  - Switched to AES-CBC with PBKDF2 key derivation
  - Removed RSA-based encryption logic
  - Added salt and IV generation helpers
- Changed JwtAuthenticationFilter to fetch user by username (not email)
- Renamed method in FileMetadataRepository to match new parameter order

FILE UPLOAD NOW WORKS! TESTED USING CURL.
This commit is contained in:
K
2025-07-03 15:20:10 +05:30
parent f06dbd84ad
commit 23eda639c0
8 changed files with 255 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/java/com/skycrate/backend/skycrateBackend/security/JwtAuthenticationFilter.java
+5 -4
View File
@@ -45,7 +45,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
final String authHeader = request.getHeader("Authorization");
final String jwt;
final String userEmail;
final String username;
if (!StringUtils.hasText(authHeader) || !authHeader.startsWith("Bearer ")) {
filterChain.doFilter(request, response);
@@ -62,15 +62,16 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
}
try {
userEmail = jwtService.extractUsername(jwt);
username = jwtService.extractUsername(jwt); // This is actually the `username`, not email
} catch (Exception e) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("Invalid JWT token");
return;
}
if (userEmail != null && SecurityContextHolder.getContext().getAuthentication() == null) {
User user = userRepository.findByEmail(userEmail).orElse(null);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
// ❗ Use username to find the user
User user = userRepository.findByUsername(username).orElse(null);
if (user != null && jwtService.isTokenValid(jwt, user)) {
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(