package org.apache.servicecomb.scaffold.user; import static javax.ws.rs.core.Response.Status.BAD_REQUEST; import static org.springframework.http.HttpHeaders.AUTHORIZATION; import org.apache.commons.lang3.StringUtils; import org.apache.servicecomb.provider.rest.common.RestSchema; import org.apache.servicecomb.scaffold.user.api.UserDTO; import org.apache.servicecomb.scaffold.user.api.UserService; import org.apache.servicecomb.scaffold.user.api.UserUpdateDTO; import org.apache.servicecomb.swagger.invocation.exception.InvocationException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @RestSchema(schemaId = "user") @RequestMapping(path = "/") public class UserServiceImpl implements UserService { private final UserRepository repository; private final TokenStore tokenStore; @Autowired public UserServiceImpl(UserRepository repository, TokenStore tokenStore) { this.repository = repository; this.tokenStore = tokenStore; } @Override @PostMapping(path = "logon") public ResponseEntity<Boolean> logon(@RequestBody UserDTO user) { if (validateUser(user)) { UserEntity dbUser = repository.findByName(user.getName()); if (dbUser == null) { UserEntity entity = new UserEntity(user.getName(), user.getPassword()); repository.save(entity); return new ResponseEntity<>(true, HttpStatus.OK); } throw new InvocationException(BAD_REQUEST, "user name had exist"); } throw new InvocationException(BAD_REQUEST, "incorrect user"); } @Override @PostMapping(path = "login") public ResponseEntity<Boolean> login(@RequestBody UserDTO user) { if (validateUser(user)) { UserEntity dbUser = repository.findByName(user.getName()); if (dbUser != null) { if (dbUser.getPassword().equals(user.getPassword())) { String token = tokenStore.generate(user.getName()); HttpHeaders headers = generateAuthenticationHeaders(token); //add authentication header return new ResponseEntity<>(true, headers, HttpStatus.OK); } throw new InvocationException(BAD_REQUEST, "wrong password"); } throw new InvocationException(BAD_REQUEST, "user name not exist"); } throw new InvocationException(BAD_REQUEST, "incorrect user"); } @Override @PostMapping(path = "changePassword") public ResponseEntity<Boolean> changePassword(@RequestBody UserUpdateDTO userUpdate) { if (validateUserUpdate(userUpdate)) { UserEntity dbUser = repository.findByName(userUpdate.getName()); if (dbUser != null) { if (dbUser.getPassword().equals(userUpdate.getOldPassword())) { dbUser.setPassword(userUpdate.getNewPassword()); repository.save(dbUser); return new ResponseEntity<>(true, HttpStatus.OK); } throw new InvocationException(BAD_REQUEST, "wrong password"); } throw new InvocationException(BAD_REQUEST, "user name not exist"); } throw new InvocationException(BAD_REQUEST, "incorrect user"); } private boolean validateUser(UserDTO user) { return user != null && StringUtils.isNotEmpty(user.getName()) && StringUtils.isNotEmpty(user.getPassword()); } private boolean validateUserUpdate(UserUpdateDTO user) { return user != null && StringUtils.isNotEmpty(user.getName()) && StringUtils.isNotEmpty(user.getOldPassword()) && StringUtils.isNotEmpty(user.getNewPassword()); } private HttpHeaders generateAuthenticationHeaders(String token) { HttpHeaders headers = new HttpHeaders(); headers.add(AUTHORIZATION, token); return headers; } }