use of com.adja.evchargerappserver.api.role.Role in project iet-hf-2022-k-k-k-k-k-k by BME-MIT-IET.
the class TokenController method post.
@ApiOperation("AuthChecking")
@PostMapping("/hasRightForPage")
public ResponseEntity<PageAuthorizationResponse> post(@RequestHeader HttpHeaders headers, @RequestBody PageAuthorizationRequest body) {
String authHeader = headers.getFirst(HttpHeaders.AUTHORIZATION);
String route = body.getRoute();
if (PageAuthorizationChecker.noRightPages().contains(route)) {
return new ResponseEntity<>(PageAuthorizationResponse.hasRight, HttpStatus.OK);
}
if (authHeader == null) {
return new ResponseEntity<>(PageAuthorizationResponse.tokenExpired, HttpStatus.OK);
} else if (authHeader.startsWith("Bearer") && authHeader.length() < 7) {
return new ResponseEntity<>(PageAuthorizationResponse.tokenExpired, HttpStatus.OK);
}
try {
DecodedJWT jwt = JwtUtil.getDecodedJWT(authHeader);
if (jwt.getExpiresAt().before(new Date())) {
return new ResponseEntity<>(PageAuthorizationResponse.tokenExpired, HttpStatus.OK);
}
Collection<Role> rolesOfUser = this.personService.getByUsername(JwtUtil.getUsernameFromJwt(authHeader)).getRoles();
if (PageAuthorizationChecker.hasRightForPage(route, rolesOfUser)) {
return new ResponseEntity<>(PageAuthorizationResponse.hasRight, HttpStatus.OK);
} else {
return new ResponseEntity<>(PageAuthorizationResponse.noRight, HttpStatus.OK);
}
} catch (Exception e) {
return new ResponseEntity<>(PageAuthorizationResponse.tokenExpired, HttpStatus.OK);
}
}
use of com.adja.evchargerappserver.api.role.Role in project iet-hf-2022-k-k-k-k-k-k by BME-MIT-IET.
the class TokenController method refreshToken.
@PostMapping("/token/refresh")
public void refreshToken(HttpServletRequest request, HttpServletResponse response) throws IOException {
String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
try {
Person person = this.personService.getByUsername(JwtUtil.getUsernameFromJwt(authorizationHeader));
String accessToken = JwtUtil.createAccessToken(request.getRequestURL().toString(), person.getRoles().stream().map(Role::getName).collect(Collectors.toList()), request.getRequestURL().toString());
String refreshToken = authorizationHeader.substring("Bearer ".length());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
Map<String, String> tokens = new HashMap<>();
tokens.put("accessToken", accessToken);
tokens.put("refreshToken", refreshToken);
new ObjectMapper().writeValue(response.getOutputStream(), tokens);
} catch (Exception e) {
response.setHeader("error", e.getMessage());
response.setStatus(HttpStatus.FORBIDDEN.value());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
Map<String, String> error = new HashMap<>();
error.put("error_message", e.getMessage());
new ObjectMapper().writeValue(response.getOutputStream(), error);
}
} else {
throw new RuntimeException("Refresh token is missing");
}
}
Aggregations