Refactor and secure backend configuration, DTOs, and authentication flow
- Updated pom.xml: removed redundant tags, grouped dependencies, added scopes, and upgraded plugins
- Enhanced RegisterUserDto with validation annotations and added missing fields (username, fullname)
- Updated User entity with builder constructor and removed redundant getters/setters
- Completed FileMetadata entity with Lombok and required setters/getters
- Improved HDFSConfig with correct annotation and clearer exception message
- Adjusted HTTP to HTTPS redirect port (8085 -> 8443)
- Allowed /actuator/** in SecurityConfig and disabled deprecated XSS protection
- Skipped JWT filter for /api/auth and /actuator paths
- Refactored AuthenticationService to use builder pattern and RSA key injection
- Fixed application.properties for static MySQL connection (removed ${MYSQL_PASSWORD})
This commit is contained in:
+18
-16
@@ -1,15 +1,14 @@
|
||||
package com.skycrate.backend.skycrateBackend.services;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.skycrate.backend.skycrateBackend.dto.LoginUserDto;
|
||||
import com.skycrate.backend.skycrateBackend.dto.RegisterUserDto;
|
||||
import com.skycrate.backend.skycrateBackend.entity.User;
|
||||
import com.skycrate.backend.skycrateBackend.repository.UserRepository;
|
||||
import com.skycrate.backend.skycrateBackend.utils.RSAKeyUtil;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.security.KeyPair;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
@@ -21,28 +20,31 @@ public class AuthenticationService {
|
||||
private final PasswordEncoder passwordEncoder;
|
||||
private final AuthenticationManager authenticationManager;
|
||||
|
||||
public AuthenticationService(UserRepository userRepository, AuthenticationManager authenticationManager, PasswordEncoder passwordEncoder) {
|
||||
public AuthenticationService(UserRepository userRepository,
|
||||
AuthenticationManager authenticationManager,
|
||||
PasswordEncoder passwordEncoder) {
|
||||
this.userRepository = userRepository;
|
||||
this.passwordEncoder = passwordEncoder;
|
||||
this.authenticationManager = authenticationManager;
|
||||
}
|
||||
|
||||
public User signUp(RegisterUserDto inputUser) {
|
||||
User user = new User(
|
||||
inputUser.getFirstname(),
|
||||
inputUser.getLastname(),
|
||||
inputUser.getEmail(),
|
||||
passwordEncoder.encode(inputUser.getPassword())
|
||||
);
|
||||
|
||||
KeyPair keyPair;
|
||||
try {
|
||||
KeyPair keyPair = RSAKeyUtil.generateKeyPair();
|
||||
user.setPublicKey(keyPair.getPublic().getEncoded());
|
||||
user.setPrivateKey(keyPair.getPrivate().getEncoded());
|
||||
keyPair = RSAKeyUtil.generateKeyPair();
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new RuntimeException("Failed to generate RSA key pair", e);
|
||||
}
|
||||
|
||||
User user = User.builder()
|
||||
.fullname(inputUser.getFirstname() + " " + inputUser.getLastname())
|
||||
.username(inputUser.getUsername())
|
||||
.email(inputUser.getEmail())
|
||||
.password(passwordEncoder.encode(inputUser.getPassword()))
|
||||
.publicKey(keyPair.getPublic().getEncoded())
|
||||
.privateKey(keyPair.getPrivate().getEncoded())
|
||||
.build();
|
||||
|
||||
return userRepository.save(user);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user