diff --git a/pom.xml b/pom.xml index ca66a72..be68519 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.4.0 + 2.4.4 ru.javaops.bootjava @@ -17,6 +17,7 @@ 15 + 1.5.6 @@ -28,24 +29,75 @@ org.springframework.boot spring-boot-starter-web + + org.springframework.boot + spring-boot-starter-validation + + + org.springframework.boot + spring-boot-starter-data-rest + + + org.springframework.boot + spring-boot-starter-security + + + + + + + + + + org.springdoc + springdoc-openapi-ui + ${springdoc.version} + + + org.springdoc + springdoc-openapi-data-rest + ${springdoc.version} + + + + + org.springframework.boot + spring-boot-starter-cache + + + com.github.ben-manes.caffeine + caffeine + + + + org.springdoc + springdoc-openapi-security + ${springdoc.version} + com.h2database h2 - runtime org.projectlombok lombok + 1.18.28 true - + org.springframework.boot spring-boot-starter-test test + + + org.springframework.security + spring-security-test + test + @@ -53,6 +105,14 @@ org.springframework.boot spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + diff --git a/src/main/java/ru/javaops/bootjava/AuthUser.java b/src/main/java/ru/javaops/bootjava/AuthUser.java new file mode 100644 index 0000000..d4bf023 --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/AuthUser.java @@ -0,0 +1,22 @@ +package ru.javaops.bootjava; + +import lombok.Getter; +import lombok.ToString; +import org.springframework.lang.NonNull; +import ru.javaops.bootjava.model.User; + +@Getter +@ToString(of = "user") +public class AuthUser extends org.springframework.security.core.userdetails.User { + + private final User user; + + public AuthUser(@NonNull User user) { + super(user.getEmail(), user.getPassword(), user.getRoles()); + this.user = user; + } + + public int id() { + return user.id(); + } +} \ No newline at end of file diff --git a/src/main/java/ru/javaops/bootjava/RestaurantVotingApplication.java b/src/main/java/ru/javaops/bootjava/RestaurantVotingApplication.java index 3326420..ee6a1ed 100644 --- a/src/main/java/ru/javaops/bootjava/RestaurantVotingApplication.java +++ b/src/main/java/ru/javaops/bootjava/RestaurantVotingApplication.java @@ -1,11 +1,9 @@ package ru.javaops.bootjava; -import lombok.AllArgsConstructor; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication -@AllArgsConstructor public class RestaurantVotingApplication { public static void main(String[] args) { diff --git a/src/main/java/ru/javaops/bootjava/config/AppConfig.java b/src/main/java/ru/javaops/bootjava/config/AppConfig.java new file mode 100644 index 0000000..4a9742b --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/config/AppConfig.java @@ -0,0 +1,28 @@ +package ru.javaops.bootjava.config; + +import lombok.extern.slf4j.Slf4j; +import org.h2.tools.Server; +import org.springframework.cache.annotation.EnableCaching; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.sql.SQLException; + +@Configuration +@Slf4j +@EnableCaching +public class AppConfig { + +/* + @Bean(initMethod = "start", destroyMethod = "stop") + public Server h2WebServer() throws SQLException { + return Server.createWebServer("-web", "-webAllowOthers", "-webPort", "8082"); + } +*/ + + @Bean(initMethod = "start", destroyMethod = "stop") + public Server h2Server() throws SQLException { + log.info("Start H2 TCP server"); + return Server.createTcpServer("-tcp", "-tcpAllowOthers", "-tcpPort", "9092"); + } +} diff --git a/src/main/java/ru/javaops/bootjava/config/OpenApiConfig.java b/src/main/java/ru/javaops/bootjava/config/OpenApiConfig.java new file mode 100644 index 0000000..4f6293d --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/config/OpenApiConfig.java @@ -0,0 +1,39 @@ +package ru.javaops.bootjava.config; + +import io.swagger.v3.oas.annotations.OpenAPIDefinition; +import io.swagger.v3.oas.annotations.enums.SecuritySchemeType; +import io.swagger.v3.oas.annotations.info.Contact; +import io.swagger.v3.oas.annotations.info.Info; +import io.swagger.v3.oas.annotations.security.SecurityRequirement; +import io.swagger.v3.oas.annotations.security.SecurityScheme; +import org.springdoc.core.GroupedOpenApi; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +@Configuration +//https://sabljakovich.medium.com/adding-basic-auth-authorization-option-to-openapi-swagger-documentation-java-spring-95abbede27e9 +@SecurityScheme( + name = "basicAuth", + type = SecuritySchemeType.HTTP, + scheme = "basic" +) +@OpenAPIDefinition( + info = @Info( + title = "REST API documentation", + version = "1.0", + description = "Приложение по курсу BootJava", + contact = @Contact(url = "https://javaops.ru/#contacts", name = "Grigory Kislin", email = "admin@javaops.ru") + ), + security = @SecurityRequirement(name = "basicAuth") +) +public class OpenApiConfig { + + @Bean + public GroupedOpenApi api() { + return GroupedOpenApi.builder() + .group("REST API") + .pathsToMatch("/api/**") + .pathsToExclude("/api/profile/**") + .build(); + } +} diff --git a/src/main/java/ru/javaops/bootjava/config/WebSecurityConfig.java b/src/main/java/ru/javaops/bootjava/config/WebSecurityConfig.java new file mode 100644 index 0000000..2e18324 --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/config/WebSecurityConfig.java @@ -0,0 +1,68 @@ +package ru.javaops.bootjava.config; + +import com.fasterxml.jackson.databind.ObjectMapper; +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; +import org.springframework.security.crypto.password.PasswordEncoder; +import ru.javaops.bootjava.AuthUser; +import ru.javaops.bootjava.model.Role; +import ru.javaops.bootjava.model.User; +import ru.javaops.bootjava.repository.UserRepository; +import ru.javaops.bootjava.util.JsonUtil; + +import javax.annotation.PostConstruct; +import java.util.Optional; + +@Configuration +@EnableWebSecurity +@Slf4j +@AllArgsConstructor +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + public static final PasswordEncoder PASSWORD_ENCODER = PasswordEncoderFactories.createDelegatingPasswordEncoder(); + private final UserRepository userRepository; + private final ObjectMapper objectMapper; + + @PostConstruct + void setMapper() { + JsonUtil.setObjectMapper(objectMapper); + } + + @Bean + public UserDetailsService userDetailsService() { + return email -> { + log.debug("Authenticating '{}'", email); + Optional optionalUser = userRepository.findByEmailIgnoreCase(email.toLowerCase()); + return new AuthUser(optionalUser.orElseThrow( + () -> new UsernameNotFoundException("User '" + email + "' was not found"))); + }; + } + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(userDetailsService()) + .passwordEncoder(PASSWORD_ENCODER); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/api/account/register").anonymous() + .antMatchers("/api/account").hasRole(Role.USER.name()) + .antMatchers("/api/**").hasRole(Role.ADMIN.name()) + .and().httpBasic() + .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and().csrf().disable(); + } +} \ No newline at end of file diff --git a/src/main/java/ru/javaops/bootjava/error/AppException.java b/src/main/java/ru/javaops/bootjava/error/AppException.java new file mode 100644 index 0000000..809caad --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/error/AppException.java @@ -0,0 +1,16 @@ +package ru.javaops.bootjava.error; + +import lombok.Getter; +import org.springframework.boot.web.error.ErrorAttributeOptions; +import org.springframework.http.HttpStatus; +import org.springframework.web.server.ResponseStatusException; + +@Getter +public class AppException extends ResponseStatusException { + private final ErrorAttributeOptions options; + + public AppException(HttpStatus status, String message, ErrorAttributeOptions options) { + super(status, message); + this.options = options; + } +} diff --git a/src/main/java/ru/javaops/bootjava/error/IllegalRequestDataException.java b/src/main/java/ru/javaops/bootjava/error/IllegalRequestDataException.java new file mode 100644 index 0000000..cb18581 --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/error/IllegalRequestDataException.java @@ -0,0 +1,12 @@ +package ru.javaops.bootjava.error; + +import org.springframework.boot.web.error.ErrorAttributeOptions; +import org.springframework.http.HttpStatus; + +import static org.springframework.boot.web.error.ErrorAttributeOptions.Include.MESSAGE; + +public class IllegalRequestDataException extends AppException { + public IllegalRequestDataException(String msg) { + super(HttpStatus.UNPROCESSABLE_ENTITY, msg, ErrorAttributeOptions.of(MESSAGE)); + } +} \ No newline at end of file diff --git a/src/main/java/ru/javaops/bootjava/model/BaseEntity.java b/src/main/java/ru/javaops/bootjava/model/BaseEntity.java new file mode 100644 index 0000000..72ed0fc --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/model/BaseEntity.java @@ -0,0 +1,54 @@ +package ru.javaops.bootjava.model; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import lombok.*; +import org.springframework.data.domain.Persistable; +import org.springframework.data.util.ProxyUtils; +import org.springframework.util.Assert; + +import javax.persistence.*; + +@MappedSuperclass +// https://stackoverflow.com/a/6084701/548473 +@Access(AccessType.FIELD) +@Getter +@Setter +@NoArgsConstructor(access = AccessLevel.PROTECTED) +@AllArgsConstructor(access = AccessLevel.PROTECTED) +@ToString +public abstract class BaseEntity implements Persistable { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + protected Integer id; + + // doesn't work for hibernate lazy proxy + public int id() { + Assert.notNull(id, "Entity must have id"); + return id; + } + + @JsonIgnore + @Override + public boolean isNew() { + return id == null; + } + + // https://stackoverflow.com/questions/1638723 + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || !getClass().equals(ProxyUtils.getUserClass(o))) { + return false; + } + BaseEntity that = (BaseEntity) o; + return id != null && id.equals(that.id); + } + + @Override + public int hashCode() { + return id == null ? 0 : id; + } +} \ No newline at end of file diff --git a/src/main/java/ru/javaops/bootjava/model/Role.java b/src/main/java/ru/javaops/bootjava/model/Role.java new file mode 100644 index 0000000..08bc76d --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/model/Role.java @@ -0,0 +1,14 @@ +package ru.javaops.bootjava.model; + +import org.springframework.security.core.GrantedAuthority; + +public enum Role implements GrantedAuthority { + USER, + ADMIN; + + @Override + public String getAuthority() { + // https://stackoverflow.com/a/19542316/548473 + return "ROLE_" + name(); + } +} \ No newline at end of file diff --git a/src/main/java/ru/javaops/bootjava/model/User.java b/src/main/java/ru/javaops/bootjava/model/User.java new file mode 100644 index 0000000..effb0b1 --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/model/User.java @@ -0,0 +1,60 @@ +package ru.javaops.bootjava.model; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import lombok.*; +import org.springframework.util.StringUtils; +import ru.javaops.bootjava.util.JsonDeserializers; + +import javax.persistence.*; +import javax.validation.constraints.Email; +import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.Size; +import java.io.Serializable; +import java.util.Collection; +import java.util.EnumSet; +import java.util.Set; + +@Entity +@Table(name = "users") +@Getter +@Setter +@NoArgsConstructor(access = AccessLevel.PROTECTED) +@AllArgsConstructor +@ToString(callSuper = true, exclude = {"password"}) +public class User extends BaseEntity implements Serializable { + public User(Integer id, String email, String firstName, String lastName, String password, Collection roles) { + this(email, firstName, lastName, password, EnumSet.copyOf(roles)); + this.id = id; + } + + @Column(name = "email", nullable = false, unique = true) + @Email + @NotEmpty + @Size(max = 128) + private String email; + + @Column(name = "first_name") + @Size(max = 128) + private String firstName; + + @Column(name = "last_name") + @Size(max = 128) + private String lastName; + + @Column(name = "password") + @Size(max = 256) + @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) + @JsonDeserialize(using = JsonDeserializers.PasswordDeserializer.class) + private String password; + + @Enumerated(EnumType.STRING) + @CollectionTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), uniqueConstraints = {@UniqueConstraint(columnNames = {"user_id", "role"}, name = "user_roles_unique")}) + @Column(name = "role") + @ElementCollection(fetch = FetchType.EAGER) + private Set roles; + + public void setEmail(String email) { + this.email = StringUtils.hasText(email) ? email.toLowerCase() : null; + } +} \ No newline at end of file diff --git a/src/main/java/ru/javaops/bootjava/repository/UserRepository.java b/src/main/java/ru/javaops/bootjava/repository/UserRepository.java new file mode 100644 index 0000000..a579ae6 --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/repository/UserRepository.java @@ -0,0 +1,47 @@ +package ru.javaops.bootjava.repository; + +import io.swagger.v3.oas.annotations.tags.Tag; +import org.springframework.cache.annotation.CacheEvict; +import org.springframework.cache.annotation.CachePut; +import org.springframework.cache.annotation.Cacheable; +import org.springframework.data.domain.Page; +import org.springframework.data.domain.Pageable; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.rest.core.annotation.RestResource; +import org.springframework.transaction.annotation.Transactional; +import ru.javaops.bootjava.model.User; + +import java.util.Optional; + +@Transactional(readOnly = true) +@Tag(name = "User Controller") +public interface UserRepository extends JpaRepository { + + @RestResource(rel = "by-email", path = "by-email") + @Query("SELECT u FROM User u WHERE u.email = LOWER(:email)") + @Cacheable("users") + Optional findByEmailIgnoreCase(String email); + + @RestResource(rel = "by-lastname", path = "by-lastname") + Page findByLastNameContainingIgnoreCase(String lastName, Pageable page); + + @Override + @Modifying + @Transactional + @CachePut(value = "users", key = "#user.email") + User save(User user); + + @Override + @Modifying + @Transactional + @CacheEvict(value = "users", key = "#user.email") + void delete(User user); + + @Override + @Modifying + @Transactional + @CacheEvict(value = "users", allEntries = true) + void deleteById(Integer integer); +} \ No newline at end of file diff --git a/src/main/java/ru/javaops/bootjava/util/JsonDeserializers.java b/src/main/java/ru/javaops/bootjava/util/JsonDeserializers.java new file mode 100644 index 0000000..153afb4 --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/util/JsonDeserializers.java @@ -0,0 +1,25 @@ +package ru.javaops.bootjava.util; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.ObjectCodec; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import lombok.experimental.UtilityClass; +import ru.javaops.bootjava.config.WebSecurityConfig; + +import java.io.IOException; + +@UtilityClass +public class JsonDeserializers { + + // https://stackoverflow.com/a/60995048/548473 + public static class PasswordDeserializer extends JsonDeserializer { + public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + ObjectCodec oc = jsonParser.getCodec(); + JsonNode node = oc.readTree(jsonParser); + String rawPassword = node.asText(); + return WebSecurityConfig.PASSWORD_ENCODER.encode(rawPassword); + } + } +} diff --git a/src/main/java/ru/javaops/bootjava/util/JsonUtil.java b/src/main/java/ru/javaops/bootjava/util/JsonUtil.java new file mode 100644 index 0000000..336088a --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/util/JsonUtil.java @@ -0,0 +1,31 @@ +package ru.javaops.bootjava.util; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectReader; +import lombok.experimental.UtilityClass; + +import java.io.IOException; +import java.util.List; + +@UtilityClass +public class JsonUtil { + private static ObjectMapper objectMapper; + + public static void setObjectMapper(ObjectMapper objectMapper) { + JsonUtil.objectMapper = objectMapper; + } + + public static List readValues(String json, Class clazz) throws IOException { + ObjectReader reader = objectMapper.readerFor(clazz); + return reader.readValues(json).readAll(); + } + + public static T readValue(String json, Class clazz) throws JsonProcessingException { + return objectMapper.readValue(json, clazz); + } + + public static String writeValue(T obj) throws JsonProcessingException { + return objectMapper.writeValueAsString(obj); + } +} \ No newline at end of file diff --git a/src/main/java/ru/javaops/bootjava/util/ValidationUtil.java b/src/main/java/ru/javaops/bootjava/util/ValidationUtil.java new file mode 100644 index 0000000..4d5c29c --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/util/ValidationUtil.java @@ -0,0 +1,24 @@ +package ru.javaops.bootjava.util; + +import lombok.experimental.UtilityClass; +import ru.javaops.bootjava.error.IllegalRequestDataException; +import ru.javaops.bootjava.model.BaseEntity; + +@UtilityClass +public class ValidationUtil { + + public static void checkNew(BaseEntity entity) { + if (!entity.isNew()) { + throw new IllegalRequestDataException(entity.getClass().getSimpleName() + " must be new (id=null)"); + } + } + + // Conservative when you reply, but accept liberally (http://stackoverflow.com/a/32728226/548473) + public static void assureIdConsistent(BaseEntity entity, int id) { + if (entity.isNew()) { + entity.setId(id); + } else if (entity.id() != id) { + throw new IllegalRequestDataException(entity.getClass().getSimpleName() + " must has id=" + id); + } + } +} \ No newline at end of file diff --git a/src/main/java/ru/javaops/bootjava/web/AccountController.java b/src/main/java/ru/javaops/bootjava/web/AccountController.java new file mode 100644 index 0000000..a43eb3e --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/web/AccountController.java @@ -0,0 +1,113 @@ +package ru.javaops.bootjava.web; + +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.cache.annotation.CacheEvict; +import org.springframework.cache.annotation.CachePut; +import org.springframework.data.rest.webmvc.RepositoryLinksResource; +import org.springframework.hateoas.EntityModel; +import org.springframework.hateoas.MediaTypes; +import org.springframework.hateoas.server.RepresentationModelProcessor; +import org.springframework.hateoas.server.mvc.RepresentationModelAssemblerSupport; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.web.bind.annotation.*; +import org.springframework.web.servlet.support.ServletUriComponentsBuilder; +import ru.javaops.bootjava.AuthUser; +import ru.javaops.bootjava.model.Role; +import ru.javaops.bootjava.model.User; +import ru.javaops.bootjava.repository.UserRepository; +import ru.javaops.bootjava.util.ValidationUtil; + +import javax.validation.Valid; +import java.net.URI; +import java.util.EnumSet; + +import static org.springframework.hateoas.server.mvc.WebMvcLinkBuilder.linkTo; + +/** + * Do not use {@link org.springframework.data.rest.webmvc.RepositoryRestController (BasePathAwareController} + * Bugs: + * NPE with http://localhost:8080/api/account
+ * data.rest.base-path missed in HAL links
+ * Two endpoints created + *

+ * RequestMapping("/${spring.data.rest.basePath}/account") give "Not enough variable values" + */ +@RestController +@RequestMapping(AccountController.URL) +@AllArgsConstructor +@Slf4j +@Tag(name = "Account Controller") +public class AccountController implements RepresentationModelProcessor { + static final String URL = "/api/account"; + + @SuppressWarnings("unchecked") + private static final RepresentationModelAssemblerSupport> ASSEMBLER = + new RepresentationModelAssemblerSupport<>(AccountController.class, (Class>) (Class) EntityModel.class) { + @Override + public EntityModel toModel(User user) { + return EntityModel.of(user, linkTo(AccountController.class).withSelfRel()); + } + }; + + private final UserRepository userRepository; + + @GetMapping(produces = MediaTypes.HAL_JSON_VALUE) + public EntityModel get(@AuthenticationPrincipal AuthUser authUser) { + log.info("get {}", authUser); + return ASSEMBLER.toModel(authUser.getUser()); + } + + @DeleteMapping + @ResponseStatus(HttpStatus.NO_CONTENT) + @CacheEvict(value = "users", key = "#authUser.username") + public void delete(@AuthenticationPrincipal AuthUser authUser) { + log.info("delete {}", authUser); + userRepository.deleteById(authUser.id()); + } + + @PostMapping(value = "/register", consumes = MediaType.APPLICATION_JSON_VALUE) + @ResponseStatus(value = HttpStatus.CREATED) + public ResponseEntity> register(@Valid @RequestBody User user) { + log.info("register {}", user); + ValidationUtil.checkNew(user); + user.setRoles(EnumSet.of(Role.USER)); + user = userRepository.save(user); + URI uriOfNewResource = ServletUriComponentsBuilder.fromCurrentContextPath() + .path("/api/account") + .build().toUri(); + return ResponseEntity.created(uriOfNewResource).body(ASSEMBLER.toModel(user)); + } + + @PutMapping(consumes = MediaType.APPLICATION_JSON_VALUE) + @ResponseStatus(HttpStatus.NO_CONTENT) + @CachePut(value = "users", key = "#authUser.username") + public User update(@Valid @RequestBody User user, @AuthenticationPrincipal AuthUser authUser) { + log.info("update {} to {}", authUser, user); + User oldUser = authUser.getUser(); + ValidationUtil.assureIdConsistent(user, oldUser.id()); + user.setRoles(oldUser.getRoles()); + if (user.getPassword() == null) { + user.setPassword(oldUser.getPassword()); + } + return userRepository.save(user); + } + +/* + @GetMapping(value = "/pageDemo", produces = MediaTypes.HAL_JSON_VALUE) + public PagedModel> pageDemo(Pageable page, PagedResourcesAssembler pagedAssembler) { + Page users = userRepository.findAll(page); + return pagedAssembler.toModel(users, ASSEMBLER); + } +*/ + + @Override + public RepositoryLinksResource process(RepositoryLinksResource resource) { + resource.add(linkTo(AccountController.class).withRel("account")); + return resource; + } +} diff --git a/src/main/java/ru/javaops/bootjava/web/error/GlobalExceptionHandler.java b/src/main/java/ru/javaops/bootjava/web/error/GlobalExceptionHandler.java new file mode 100644 index 0000000..d441662 --- /dev/null +++ b/src/main/java/ru/javaops/bootjava/web/error/GlobalExceptionHandler.java @@ -0,0 +1,38 @@ +package ru.javaops.bootjava.web.error; + +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.boot.web.servlet.error.ErrorAttributes; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.RestControllerAdvice; +import org.springframework.web.context.request.WebRequest; +import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; +import ru.javaops.bootjava.error.AppException; + +import java.util.Map; + +@RestControllerAdvice +@AllArgsConstructor +@Slf4j +public class GlobalExceptionHandler extends ResponseEntityExceptionHandler { + private final ErrorAttributes errorAttributes; + + @ExceptionHandler(AppException.class) + public ResponseEntity> appException(AppException ex, WebRequest request) { + log.error("Application Exception", ex); + Map body = errorAttributes.getErrorAttributes(request, ex.getOptions()); + HttpStatus status = ex.getStatus(); + body.put("status", status.value()); + body.put("error", status.getReasonPhrase()); + return ResponseEntity.status(status).body(body); + } + + @Override + protected ResponseEntity handleExceptionInternal(Exception ex, Object body, HttpHeaders headers, HttpStatus status, WebRequest request) { + log.error("Exception", ex); + return super.handleExceptionInternal(ex, body, headers, status, request); + } +} diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties deleted file mode 100644 index e69de29..0000000 diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml new file mode 100644 index 0000000..77f94f8 --- /dev/null +++ b/src/main/resources/application.yaml @@ -0,0 +1,61 @@ +# https://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html +spring: + jpa: + show-sql: true + open-in-view: false + hibernate: + ddl-auto: create + properties: + # http://docs.jboss.org/hibernate/orm/5.3/userguide/html_single/Hibernate_User_Guide.html#configurations + hibernate: + format_sql: true + default_batch_fetch_size: 20 + # https://stackoverflow.com/questions/21257819/what-is-the-difference-between-hibernate-jdbc-fetch-size-and-hibernate-jdbc-batc + jdbc.batch_size: 20 + datasource: + # ImMemory + url: jdbc:h2:mem:voting + # tcp: jdbc:h2:tcp://localhost:9092/mem:voting + # Absolute path + # url: jdbc:h2:C:/projects/bootjava/restorant-voting/db/voting + # tcp: jdbc:h2:tcp://localhost:9092/C:/projects/bootjava/restorant-voting/db/voting + # Relative path form current dir + # url: jdbc:h2:./db/voting + # Relative path from home + # url: jdbc:h2:~/voting + # tcp: jdbc:h2:tcp://localhost:9092/~/voting + username: sa + password: + h2.console.enabled: true + + data.rest: + # https://docs.spring.io/spring-data/rest/docs/current/reference/html/#getting-started.basic-settings + basePath: /api + defaultPageSize: 20 + returnBodyOnCreate: true + +# https://docs.spring.io/spring-boot/docs/current/reference/html/appendix-application-properties.html#security-properties +# security: +# user: +# name: user +# password: password +# roles: USER + +logging: + level: + root: WARN + ru.javaops.bootjava: DEBUG +# org.springframework.security.web.FilterChainProxy: DEBUG + +server.servlet: + encoding: + charset: UTF-8 # Charset of HTTP requests and responses. Added to the "Content-Type" header if not set explicitly + enabled: true # Enable http encoding support + force: true + +# Jackson Serialization Issue Resolver +# jackson: +# visibility.field: any +# visibility.getter: none +# visibility.setter: none +# visibility.is-getter: none \ No newline at end of file diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql new file mode 100644 index 0000000..778d2f3 --- /dev/null +++ b/src/main/resources/data.sql @@ -0,0 +1,8 @@ +INSERT INTO USERS (EMAIL, FIRST_NAME, LAST_NAME, PASSWORD) +VALUES ('user@gmail.com', 'User_First', 'User_Last', '{noop}password'), + ('admin@javaops.ru', 'Admin_First', 'Admin_Last', '{noop}admin'); + +INSERT INTO USER_ROLE (ROLE, USER_ID) +VALUES ('USER', 1), + ('ADMIN', 2), + ('USER', 2); \ No newline at end of file diff --git a/src/test/java/ru/javaops/bootjava/RestaurantVotingApplicationTests.java b/src/test/java/ru/javaops/bootjava/RestaurantVotingApplicationTests.java deleted file mode 100644 index 52bba6d..0000000 --- a/src/test/java/ru/javaops/bootjava/RestaurantVotingApplicationTests.java +++ /dev/null @@ -1,12 +0,0 @@ -package ru.javaops.bootjava; - -import org.junit.jupiter.api.Test; -import org.springframework.boot.test.context.SpringBootTest; - -@SpringBootTest -class RestaurantVotingApplicationTests { - - @Test - void contextLoads() { - } -} diff --git a/src/test/java/ru/javaops/bootjava/UserTestUtil.java b/src/test/java/ru/javaops/bootjava/UserTestUtil.java new file mode 100644 index 0000000..c0c5c78 --- /dev/null +++ b/src/test/java/ru/javaops/bootjava/UserTestUtil.java @@ -0,0 +1,49 @@ +package ru.javaops.bootjava; + +import com.fasterxml.jackson.core.JsonProcessingException; +import org.springframework.test.web.servlet.MvcResult; +import org.springframework.test.web.servlet.ResultMatcher; +import ru.javaops.bootjava.model.Role; +import ru.javaops.bootjava.model.User; +import ru.javaops.bootjava.util.JsonUtil; + +import java.io.UnsupportedEncodingException; +import java.util.List; +import java.util.function.BiConsumer; + +import static org.assertj.core.api.Assertions.assertThat; + +public class UserTestUtil { + public static final int USER_ID = 1; + public static final int ADMIN_ID = 2; + public static final String USER_MAIL = "user@gmail.com"; + public static final String ADMIN_MAIL = "admin@javaops.ru"; + public static final User user = new User(USER_ID, USER_MAIL, "User_First", "User_Last", "password", List.of(Role.USER)); + public static final User admin = new User(ADMIN_ID, ADMIN_MAIL, "Admin_First", "Admin_Last", "admin", List.of(Role.ADMIN, Role.USER)); + + public static User getNew() { + return new User(null, "new@gmail.com", "New_First", "New_Last", "newpass", List.of(Role.USER)); + } + + public static User getUpdated() { + return new User(USER_ID, "user_update@gmail.com", "User_First_Update", "User_Last_Update", "password_update", List.of(Role.USER)); + } + + public static void assertEquals(User actual, User expected) { + assertThat(actual).usingRecursiveComparison().ignoringFields("password").isEqualTo(expected); + } + + // No id in HATEOAS answer + public static void assertNoIdEquals(User actual, User expected) { + assertThat(actual).usingRecursiveComparison().ignoringFields("id", "password").isEqualTo(expected); + } + + public static User asUser(MvcResult mvcResult) throws UnsupportedEncodingException, JsonProcessingException { + String jsonActual = mvcResult.getResponse().getContentAsString(); + return JsonUtil.readValue(jsonActual, User.class); + } + + public static ResultMatcher jsonMatcher(User expected, BiConsumer equalsAssertion) { + return mvcResult -> equalsAssertion.accept(asUser(mvcResult), expected); + } +} diff --git a/src/test/java/ru/javaops/bootjava/web/AbstractControllerTest.java b/src/test/java/ru/javaops/bootjava/web/AbstractControllerTest.java new file mode 100644 index 0000000..68cf79c --- /dev/null +++ b/src/test/java/ru/javaops/bootjava/web/AbstractControllerTest.java @@ -0,0 +1,26 @@ +package ru.javaops.bootjava.web; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.ResultActions; +import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; +import org.springframework.transaction.annotation.Transactional; + +//https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-testing-spring-boot-applications +@SpringBootTest +@Transactional +@AutoConfigureMockMvc +@ActiveProfiles("test") +//https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-testing-spring-boot-applications-testing-with-mock-environment +public abstract class AbstractControllerTest { + + @Autowired + protected MockMvc mockMvc; + + protected ResultActions perform(MockHttpServletRequestBuilder builder) throws Exception { + return mockMvc.perform(builder); + } +} diff --git a/src/test/java/ru/javaops/bootjava/web/AccountControllerTest.java b/src/test/java/ru/javaops/bootjava/web/AccountControllerTest.java new file mode 100644 index 0000000..9185be8 --- /dev/null +++ b/src/test/java/ru/javaops/bootjava/web/AccountControllerTest.java @@ -0,0 +1,75 @@ +package ru.javaops.bootjava.web; + +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.hateoas.MediaTypes; +import org.springframework.http.MediaType; +import org.springframework.security.test.context.support.WithUserDetails; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import ru.javaops.bootjava.UserTestUtil; +import ru.javaops.bootjava.model.User; +import ru.javaops.bootjava.repository.UserRepository; + +import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import static ru.javaops.bootjava.UserTestUtil.*; +import static ru.javaops.bootjava.util.JsonUtil.writeValue; +import static ru.javaops.bootjava.web.AccountController.URL; + +class AccountControllerTest extends AbstractControllerTest { + + @Autowired + private UserRepository userRepository; + + @Test + @WithUserDetails(value = USER_MAIL) + void get() throws Exception { + perform(MockMvcRequestBuilders.get(URL)) + .andExpect(status().isOk()) + .andDo(print()) + .andExpect(content().contentTypeCompatibleWith(MediaTypes.HAL_JSON_VALUE)) + .andExpect(jsonMatcher(user, UserTestUtil::assertEquals)); + } + + @Test + void getUnAuth() throws Exception { + perform(MockMvcRequestBuilders.get(URL)) + .andExpect(status().isUnauthorized()); + } + + @Test + @WithUserDetails(value = USER_MAIL) + void delete() throws Exception { + perform(MockMvcRequestBuilders.delete(URL)) + .andExpect(status().isNoContent()); + Assertions.assertFalse(userRepository.findById(USER_ID).isPresent()); + Assertions.assertTrue(userRepository.findById(ADMIN_ID).isPresent()); + } + + @Test + void register() throws Exception { + User newUser = UserTestUtil.getNew(); + User registered = asUser(perform(MockMvcRequestBuilders.post(URL + "/register") + .contentType(MediaType.APPLICATION_JSON) + .content(writeValue(newUser))) + .andExpect(status().isCreated()).andReturn()); + int newId = registered.id(); + newUser.setId(newId); + UserTestUtil.assertEquals(registered, newUser); + UserTestUtil.assertEquals(registered, userRepository.findById(newId).orElseThrow()); + } + + @Test + @WithUserDetails(value = USER_MAIL) + void update() throws Exception { + User updated = UserTestUtil.getUpdated(); + perform(MockMvcRequestBuilders.put(URL) + .contentType(MediaType.APPLICATION_JSON) + .content(writeValue(updated))) + .andDo(print()) + .andExpect(status().isNoContent()); + UserTestUtil.assertEquals(updated, userRepository.findById(USER_ID).orElseThrow()); + } +} \ No newline at end of file diff --git a/src/test/java/ru/javaops/bootjava/web/UserControllerTest.java b/src/test/java/ru/javaops/bootjava/web/UserControllerTest.java new file mode 100644 index 0000000..9295ca0 --- /dev/null +++ b/src/test/java/ru/javaops/bootjava/web/UserControllerTest.java @@ -0,0 +1,93 @@ +package ru.javaops.bootjava.web; + +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.hateoas.MediaTypes; +import org.springframework.http.MediaType; +import org.springframework.security.test.context.support.WithUserDetails; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import ru.javaops.bootjava.UserTestUtil; +import ru.javaops.bootjava.model.User; +import ru.javaops.bootjava.repository.UserRepository; + +import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import static ru.javaops.bootjava.UserTestUtil.*; +import static ru.javaops.bootjava.util.JsonUtil.writeValue; + +class UserControllerTest extends AbstractControllerTest { + static final String URL = "/api/users/"; + + @Autowired + private UserRepository userRepository; + + @Test + @WithUserDetails(value = ADMIN_MAIL) + void get() throws Exception { + perform(MockMvcRequestBuilders.get(URL + USER_ID)) + .andExpect(status().isOk()) + .andDo(print()) + .andExpect(content().contentTypeCompatibleWith(MediaTypes.HAL_JSON_VALUE)) + .andExpect(jsonMatcher(user, UserTestUtil::assertNoIdEquals)); + } + + @Test + @WithUserDetails(value = ADMIN_MAIL) + void getAll() throws Exception { + // TODO check content yourself + perform(MockMvcRequestBuilders.get(URL)) + .andExpect(status().isOk()) + .andDo(print()) + .andExpect(content().contentTypeCompatibleWith(MediaTypes.HAL_JSON_VALUE)); + } + + @Test + @WithUserDetails(value = ADMIN_MAIL) + void getByEmail() throws Exception { + perform(MockMvcRequestBuilders.get(URL + "search/by-email?email=" + ADMIN_MAIL)) + .andExpect(status().isOk()) + .andDo(print()) + .andExpect(content().contentTypeCompatibleWith(MediaTypes.HAL_JSON_VALUE)) + .andExpect(jsonMatcher(admin, UserTestUtil::assertNoIdEquals)); + } + + @Test + @WithUserDetails(value = USER_MAIL) + void getForbidden() throws Exception { + perform(MockMvcRequestBuilders.get(URL)) + .andExpect(status().isForbidden()); + } + + @Test + @WithUserDetails(value = ADMIN_MAIL) + void delete() throws Exception { + perform(MockMvcRequestBuilders.delete(URL + USER_ID)) + .andExpect(status().isNoContent()); + Assertions.assertFalse(userRepository.findById(USER_ID).isPresent()); + Assertions.assertTrue(userRepository.findById(ADMIN_ID).isPresent()); + } + + @Test + @WithUserDetails(value = ADMIN_MAIL) + void create() throws Exception { + User newUser = UserTestUtil.getNew(); + perform(MockMvcRequestBuilders.post(URL) + .contentType(MediaType.APPLICATION_JSON) + .content(writeValue(newUser))) + .andExpect(status().isCreated()) + .andExpect(jsonMatcher(newUser, UserTestUtil::assertNoIdEquals)); + } + + @Test + @WithUserDetails(value = ADMIN_MAIL) + void update() throws Exception { + User updated = UserTestUtil.getUpdated(); + perform(MockMvcRequestBuilders.put(URL + USER_ID) + .contentType(MediaType.APPLICATION_JSON) + .content(writeValue(updated))) + .andExpect(status().isNoContent()); + UserTestUtil.assertEquals(updated, userRepository.findById(USER_ID).orElseThrow()); + } +} \ No newline at end of file diff --git a/src/test/resources/application-test.yaml b/src/test/resources/application-test.yaml new file mode 100644 index 0000000..be16632 --- /dev/null +++ b/src/test/resources/application-test.yaml @@ -0,0 +1 @@ +spring.cache.type: none \ No newline at end of file