server-side auth handling and managing endpoints

3 files changed, 76 insertions, 13 deletions

diff --git a/src/main/java/me/imsonmia/epqapi/controller/AuthController.java b/src/main/java/me/imsonmia/epqapi/controller/AuthController.java
index 557fdbf..97c7b7f 100644
--- a/src/main/java/me/imsonmia/epqapi/controller/AuthController.java
+++ b/src/main/java/me/imsonmia/epqapi/controller/AuthController.java
@@ -2,56 +2,107 @@ package me.imsonmia.epqapi.controller;
 
 import java.util.Date;
 import java.util.Optional;
+import java.util.UUID;
 
+import org.aspectj.internal.lang.annotation.ajcDeclareAnnotation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 
 import io.micrometer.common.lang.Nullable;
+import lombok.Data;
+import lombok.Setter;
+import me.imsonmia.epqapi.model.User;
 import me.imsonmia.epqapi.repository.UserRepository;
-
+@Controller
 @RequestMapping("/api/v1")
 public class AuthController {
+    @Autowired
     private UserRepository userRepository;
     private Logger logger = LoggerFactory.getLogger(getClass());
 
     /**
      * AuthData
      */
+    @Data
     public class AuthData {
-
         private boolean success;
         private boolean hasProfile;
         private boolean exists;
         private String authMessage;
         private long authResponseTimestampMillis;
 
-        public AuthData(boolean success, boolean hasProfile, @Nullable String authMessage) {
+        public AuthData(boolean success, boolean hasProfile, boolean exists, @Nullable String authMessage) {
             this.success = success;
             this.hasProfile = hasProfile;
+            this.exists = exists;
             this.authMessage = authMessage == null ? "" : authMessage;
             this.authResponseTimestampMillis = new Date().getTime();
         }
     }
 
-    public abstract class AuthRequestData {
+    public static class AuthRequestData {
         private String userName;
         private String userPasswordHash;
-
+        public String getUserName() {
+            return userName;
+        }
+        public String getUserPasswordHash() {
+            return userPasswordHash;
+        }
+        public void setUserName(String userName) {
+            this.userName = userName;
+        }
+        public void setUserPasswordHash(String userPasswordHash) {
+            this.userPasswordHash = userPasswordHash;
+        }
+        public AuthRequestData() {
+            
+        }
         public AuthRequestData(String userName, String userPasswordHash) {
             this.userName = userName;
             this.userPasswordHash = userPasswordHash;
         }
     }
+    @Data
+    public static class RegisterRequestData {
+        @Setter
+        private String userName;
+        @Setter
+        private String newUserPassword;
+        public RegisterRequestData() {}
+        public RegisterRequestData(String userName, String newUserPassword) {
+            this.userName = userName;
+            this.newUserPassword = newUserPassword;
+        }
+    }
+
+    @PostMapping("/register")
+    public ResponseEntity<AuthData> authRegister(@RequestBody RegisterRequestData registerRequestData) {
+        if (userRepository.existsByUserName(registerRequestData.userName)) {
+            return new ResponseEntity<>(new AuthData(false, true, true, "Login failed. Username already exists."), null,
+                    200);
+        }
+        User newUser = new User(UUID.randomUUID().toString(), registerRequestData.userName, new Date(), new Date(),
+                registerRequestData.newUserPassword);
+        userRepository.save(newUser);
+        return new ResponseEntity<AuthData>(new AuthData(true, true, true, "Login successful. Used registration endpoint."),
+                null, 200);
+    }
 
     /**
      * Authentication HTTPS endpoint used instead of client-side verification which
      * is unsafe
      */
-    @PostMapping("/auth")
+    @PostMapping(value = "/auth",
+    produces = MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity<AuthData> authLogin(@RequestBody AuthRequestData authRequestData) {
         if (!userRepository.existsByUserName(authRequestData.userName)) {
 
@@ -59,15 +110,22 @@ public class AuthController {
             return new ResponseEntity<AuthData>(new AuthData(
                     false,
                     false,
+                    false,
                     "Login invalid: User doesn't exist in database."),
                     null,
                     200);
         }
         String pwdHash = userRepository.findByUserName(authRequestData.userName).get().getPasswordHash();
-        if (pwdHash != authRequestData.userPasswordHash) {
-            return new ResponseEntity<>(new AuthData(false, true, "Login invalid: Password incorrect."), null, 200);
+        // NOTE Cannot use straight == comparison. Must use equals function @ 22:17 2024-04-01
+        if (!pwdHash.equals(authRequestData.getUserPasswordHash())) {
+            return new ResponseEntity<>(new AuthData(
+                false,
+                true,
+                true,
+                "Login invalid: Password incorrect."
+                ), null, 200);
         } else {
-            return new ResponseEntity<>(new AuthData(true, true, "Authentication success"), null, 200);
+            return new ResponseEntity<>(new AuthData(true, true, true, "Authentication success"), null, 200);
         }
     }
 }
diff --git a/src/main/java/me/imsonmia/epqapi/controller/MessageController.java b/src/main/java/me/imsonmia/epqapi/controller/MessageController.java
index 53d3591..8ed20cb 100644
--- a/src/main/java/me/imsonmia/epqapi/controller/MessageController.java
+++ b/src/main/java/me/imsonmia/epqapi/controller/MessageController.java
@@ -1,5 +1,6 @@
 package me.imsonmia.epqapi.controller;
 
+import org.antlr.v4.runtime.misc.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.messaging.handler.annotation.MessageMapping;
 import org.springframework.messaging.handler.annotation.SendTo;
@@ -13,6 +14,7 @@ import me.imsonmia.epqapi.repository.MessageRepository;
 public class MessageController {
     @Autowired
     private MessageRepository repository;
+
     @MessageMapping("/chat")
     @SendTo("/sub/chat")
     public Message messageHandler(Message message) throws Exception {
@@ -21,9 +23,9 @@ public class MessageController {
         // Forward message to subscribers of Stomp endpoint
         return message;
     }
-    
+
     // @GetMapping("/msg/{id}")
     // public ChatMessage getMessageById(@PathVariable(value = "id") Long id) {
-    //     return chatMessageRepository.findById(id).get();
+    // return chatMessageRepository.findById(id).get();
     // }
 }
diff --git a/src/main/java/me/imsonmia/epqapi/model/User.java b/src/main/java/me/imsonmia/epqapi/model/User.java
index ee79cf3..1c3edf3 100644
--- a/src/main/java/me/imsonmia/epqapi/model/User.java
+++ b/src/main/java/me/imsonmia/epqapi/model/User.java
@@ -19,6 +19,9 @@ public class User {
     Long id;
     @Getter
     @Setter
+    String userId;
+    @Getter
+    @Setter
     String userName;
     @Getter
     @Setter
@@ -34,8 +37,8 @@ public class User {
 
     }
 
-    public User(Long id, String userName, Date dateJoined, Date lastSeen, String passwordHash) {
-        this.id = id;
+    public User(String userId, String userName, Date dateJoined, Date lastSeen, String passwordHash) {
+        this.userId = userId;
         this.userName = userName;
         this.dateJoined = dateJoined;
         this.lastSeen = lastSeen;