package com.contaazul.javaOauthSample; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.RequestParam; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; import static org.springframework.web.bind.annotation.RequestMethod.DELETE; import static org.springframework.web.bind.annotation.RequestMethod.GET; @RequestMapping(value = "/user") @RestController class UserController { private final String CONTAAZUL_STATE_KEY = "contaazul_auth_state"; @Autowired ContaAzulService contaAzulService; /** * Redirects users to ContaAzul Authorization URL, adding credentials and a state variable, to be used later to * assure that the user is coming from your application integration flow **/ @RequestMapping(method = GET, value = "/authorize") public void authorize(HttpServletResponse response, HttpServletRequest request) throws IOException{ String contaAzulState = contaAzulService.generateRandomString(); String authorizationUrl = contaAzulService.getRedirectUrl(request, contaAzulState ); Cookie cookie = new Cookie(CONTAAZUL_STATE_KEY, contaAzulState ); cookie.setPath("/"); response.addCookie(cookie); response.sendRedirect(authorizationUrl); } /* * This is the URL called after authorization. It will receive an authorization code from ContaAzul, * which will be used to get access token and refresh token. * */ @RequestMapping(method = GET, value = "/token") public ResponseEntity<?> getOauth2Tokens(HttpServletRequest request, HttpServletResponse response, @RequestParam("code") String authorizationCode, @RequestParam("state") String state, @CookieValue(CONTAAZUL_STATE_KEY) String storedState) throws IOException { if (!state.equals(storedState)) { return new ResponseEntity<String>("{error:'Invalid State'}", HttpStatus.UNAUTHORIZED); } Token token = contaAzulService.getContaAzulTokens( contaAzulService.getTokenUrl(authorizationCode) ); response.sendRedirect( contaAzulService.getHomeUrlWithTokens(request, token) ); return null; } /* * Get new accessToken using refreshToken * */ @RequestMapping(method = GET, value = "/refreshToken") public ResponseEntity<Token> refreshToken(HttpSession session, HttpServletRequest request, HttpServletResponse response, @RequestParam("refresh_token") String refreshToken) throws Exception { Token token = contaAzulService.getContaAzulTokens( contaAzulService.getRefreshTokenUrl(refreshToken) ); return new ResponseEntity<>(token, HttpStatus.OK); } /* * List user products * */ @RequestMapping(method = GET, value = "/products") public ResponseEntity<Product[]> listProducts(@RequestParam("access_token") String accessToken, @RequestParam("page") String page) { ResponseEntity<Product[]> productListResponse = contaAzulService.listProducts(accessToken, page); if (productListResponse.getStatusCode() != HttpStatus.OK) { return new ResponseEntity(productListResponse.getBody().toString(), HttpStatus.INTERNAL_SERVER_ERROR); } return new ResponseEntity<Product[]>(productListResponse.getBody(), HttpStatus.OK); } @RequestMapping(method = DELETE, value = "/deleteProduct") public void deleteProduct( @RequestParam("access_token") String accessToken, @RequestParam("id") String id) { contaAzulService.deleteProduct(accessToken, id); } }