notkshitij/SkycrateBackend
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add JWT-based login and logout endpoints

Browse Source 
- POST /api/auth/login authenticates user and returns JWT token.
- POST /api/auth/logout is a placeholder (client deletes token).
- JwtService handles token creation and expiry validation.
This commit is contained in:
K
2025-07-03 02:38:55 +05:30
parent e14f27830e
commit 4b21828510
3 changed files with 78 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/java/com/skycrate/backend/skycrateBackend/controller/AuthController.java
+27 -43
View File
@@ -1,58 +1,42 @@
package com.skycrate.backend.skycrateBackend.controller; package com.skycrate.backend.skycrateBackend.controller;
import org.springframework.web.bind.annotation.RestController; import com.skycrate.backend.skycrateBackend.dto.LoginRequest;
import com.skycrate.backend.skycrateBackend.security.JwtService;
import com.skycrate.backend.skycrateBackend.dto.LoginUserDto; import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto; import com.skycrate.backend.skycrateBackend.repository.UserRepository;
import com.skycrate.backend.skycrateBackend.models.User;
import com.skycrate.backend.skycrateBackend.responses.LoginResponse;
import com.skycrate.backend.skycrateBackend.services.AuthenticationService;
import com.skycrate.backend.skycrateBackend.services.JwtService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
@RequestMapping("/api")
@RestController @RestController
@RequestMapping("/api/auth")
public class AuthController { public class AuthController {
private final AuthenticationManager authManager;
private final JwtService jwtService; private final JwtService jwtService;
private AuthenticationService authenticationService; private final UserRepository userRepository;
public AuthController(JwtService jwtService,AuthenticationService authenticationService){ public AuthController(AuthenticationManager authManager, JwtService jwtService, UserRepository userRepository) {
this.jwtService=jwtService; this.authManager = authManager;
this.authenticationService=authenticationService; this.jwtService = jwtService;
this.userRepository = userRepository;
} }
@GetMapping("/test")
public String teString(@RequestParam String param) {
return new String();
}
@PostMapping("/login") @PostMapping("/login")
public ResponseEntity<LoginResponse> LoginController(@RequestBody LoginUserDto entity) { public ResponseEntity<?> login(@RequestBody LoginRequest request) {
authManager.authenticate(new UsernamePasswordAuthenticationToken(request.getEmail(), request.getPassword()));
User authenticatedUser=authenticationService.authenticate(entity); User user = userRepository.findByEmail(request.getEmail())
String jwtToken=jwtService.generateToken(authenticatedUser); .orElseThrow(() -> new RuntimeException("User not found"));
LoginResponse loginResponse=new LoginResponse().setToken(jwtToken).setExpiresIn(jwtService.getExpirtationTime()); String token = jwtService.generateToken(user);
return ResponseEntity.ok(loginResponse); return ResponseEntity.ok().body(token);
} }
@PostMapping("/signup")
public ResponseEntity<User> register(@RequestBody RegisterUserDto entity) {
User registeredUser=authenticationService.signUp(entity);
@PostMapping("/logout")
return ResponseEntity.ok(registeredUser); public ResponseEntity<?> logout() {
// Client-side token deletion (or implement blacklist)
return ResponseEntity.ok("Logged out (client should delete token)");
} }
}
}
src/main/java/com/skycrate/backend/skycrateBackend/dto/LoginRequest.java
+8
View File
@@ -0,0 +1,8 @@
package com.skycrate.backend.skycrateBackend.dto;
public class LoginRequest {
private String email;
private String password;
// Getters and setters
}
src/main/java/com/skycrate/backend/skycrateBackend/security/JwtService.java
+43
View File
@@ -0,0 +1,43 @@
package com.skycrate.backend.skycrateBackend.security;
import com.skycrate.backend.skycrateBackend.entity.User;
import io.jsonwebtoken.*;
import io.jsonwebtoken.security.Keys;
import org.springframework.stereotype.Service;
import java.security.Key;
import java.util.Date;
@Service
public class JwtService {
private static final String SECRET = "super-secret-256-bit-key-which-you-should-keep-safe!";
private static final long EXPIRATION_MS = 1000 * 60 * 60; // 1 hour
private final Key key = Keys.hmacShaKeyFor(SECRET.getBytes());
public String generateToken(User user) {
return Jwts.builder()
.setSubject(user.getEmail())
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_MS))
.signWith(key)
.compact();
}
public String extractUsername(String token) {
return Jwts.parserBuilder().setSigningKey(key).build()
.parseClaimsJws(token)
.getBody().getSubject();
}
public boolean isTokenValid(String token, User user) {
return extractUsername(token).equals(user.getEmail()) && !isTokenExpired(token);
}
public boolean isTokenExpired(String token) {
return Jwts.parserBuilder().setSigningKey(key).build()
.parseClaimsJws(token)
.getBody().getExpiration().before(new Date());
}
}