From a96ba9468c1f71ca6f6ab2ff0c0911c54b07ea25 Mon Sep 17 00:00:00 2001 From: Vitor Hideyoshi Nakazone Batista Date: Sat, 24 Feb 2024 02:07:21 -0300 Subject: [PATCH] Initial AuthService Refactor and ValidateAccessToken EndPoint --- pom.xml | 6 +- .../filter/CustomAuthorizationFilter.java | 4 +- .../security/oauth/mapper/OAuthMapper.java | 6 +- .../base/security/service/AuthService.java | 232 +++++++++++++- .../security/service/AuthServiceImpl.java | 290 ------------------ .../base/user/api/UserController.java | 11 +- .../base/user/entity/Provider.java | 9 +- .../service/StorageService.java | 2 +- 8 files changed, 242 insertions(+), 318 deletions(-) delete mode 100644 src/main/java/com/hideyoshi/backendportfolio/base/security/service/AuthServiceImpl.java diff --git a/pom.xml b/pom.xml index 4aa16dc..40ed121 100644 --- a/pom.xml +++ b/pom.xml @@ -107,7 +107,11 @@ httpclient 4.5.14 - + + org.springframework.boot + spring-boot-starter-actuator + + diff --git a/src/main/java/com/hideyoshi/backendportfolio/base/security/filter/CustomAuthorizationFilter.java b/src/main/java/com/hideyoshi/backendportfolio/base/security/filter/CustomAuthorizationFilter.java index 87607eb..af9132b 100644 --- a/src/main/java/com/hideyoshi/backendportfolio/base/security/filter/CustomAuthorizationFilter.java +++ b/src/main/java/com/hideyoshi/backendportfolio/base/security/filter/CustomAuthorizationFilter.java @@ -4,7 +4,6 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.hideyoshi.backendportfolio.base.security.service.AuthService; import com.hideyoshi.backendportfolio.util.exception.AuthenticationInvalidException; import com.hideyoshi.backendportfolio.util.exception.AuthenticationInvalidExceptionDetails; -import com.hideyoshi.backendportfolio.util.exception.BadRequestException; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; @@ -78,7 +77,8 @@ public class CustomAuthorizationFilter extends OncePerRequestFilter { private UsernamePasswordAuthenticationToken validateUserAccess(String authorizationHeader) { if (Objects.nonNull(authorizationHeader) && authorizationHeader.startsWith(AUTHORIZATION_TYPE_STRING)) { - return this.authService.verifyAccessToken(authorizationHeader); + String accessToken = authorizationHeader.substring(AUTHORIZATION_TYPE_STRING.length()); + return this.authService.extractAccessTokenInfo(accessToken); } else { throw new AuthenticationInvalidException("Access denied"); } diff --git a/src/main/java/com/hideyoshi/backendportfolio/base/security/oauth/mapper/OAuthMapper.java b/src/main/java/com/hideyoshi/backendportfolio/base/security/oauth/mapper/OAuthMapper.java index b4b73b8..bbd8642 100644 --- a/src/main/java/com/hideyoshi/backendportfolio/base/security/oauth/mapper/OAuthMapper.java +++ b/src/main/java/com/hideyoshi/backendportfolio/base/security/oauth/mapper/OAuthMapper.java @@ -9,12 +9,12 @@ public enum OAuthMapper { GITHUB(GithubOAuthMap.class, Provider.GITHUB); - private final Class oAuthMap; + private final Class oAuthMap; @Getter private final Provider provider; - private OAuthMapper(Class oAuthMap, Provider provider) { + private OAuthMapper(Class oAuthMap, Provider provider) { this.oAuthMap = oAuthMap; this.provider = provider; } @@ -28,7 +28,7 @@ public enum OAuthMapper { throw new IllegalArgumentException("Argument not valid."); } - public Class getMap() { + public Class getMap() { return oAuthMap; } diff --git a/src/main/java/com/hideyoshi/backendportfolio/base/security/service/AuthService.java b/src/main/java/com/hideyoshi/backendportfolio/base/security/service/AuthService.java index 81fc064..bb2afe7 100644 --- a/src/main/java/com/hideyoshi/backendportfolio/base/security/service/AuthService.java +++ b/src/main/java/com/hideyoshi/backendportfolio/base/security/service/AuthService.java @@ -1,40 +1,246 @@ package com.hideyoshi.backendportfolio.base.security.service; +import com.auth0.jwt.JWT; +import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; +import com.auth0.jwt.interfaces.DecodedJWT; +import com.fasterxml.jackson.databind.ObjectMapper; import com.hideyoshi.backendportfolio.base.security.model.AuthDTO; +import com.hideyoshi.backendportfolio.base.security.oauth.mapper.OAuthMap; +import com.hideyoshi.backendportfolio.base.security.oauth.mapper.OAuthMapper; +import com.hideyoshi.backendportfolio.base.user.entity.Provider; +import com.hideyoshi.backendportfolio.base.user.entity.Role; import com.hideyoshi.backendportfolio.base.user.model.TokenDTO; import com.hideyoshi.backendportfolio.base.user.model.UserDTO; +import com.hideyoshi.backendportfolio.base.user.service.UserService; +import com.hideyoshi.backendportfolio.microservice.storageService.model.StorageServiceDownloadResponse; +import com.hideyoshi.backendportfolio.microservice.storageService.service.StorageService; +import com.hideyoshi.backendportfolio.util.exception.BadRequestException; +import lombok.RequiredArgsConstructor; +import lombok.extern.log4j.Log4j2; +import org.springframework.beans.factory.annotation.Value; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.core.user.OAuth2User; +import org.springframework.stereotype.Service; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import javax.validation.Valid; import java.io.IOException; -import java.util.HashMap; +import java.util.*; +import java.util.stream.Collectors; -public interface AuthService { +import static java.util.Arrays.stream; +import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; - TokenDTO generateAccessToken(@Valid UserDTO user, Algorithm algorithm, HttpServletRequest request); +@Log4j2 +@Service +@RequiredArgsConstructor +public class AuthService { + private static final String AUTHORIZATION_TYPE_STRING = "Bearer "; - TokenDTO generateRefreshToken(@Valid UserDTO user, Algorithm algorithm, HttpServletRequest request); + private final UserService userService; - HashMap generateTokens(@Valid UserDTO user, Algorithm algorithm, HttpServletRequest request); + private final StorageService storageService; - UsernamePasswordAuthenticationToken verifyAccessToken(String authorizationHeader); + @Value("${com.hideyoshi.tokenSecret}") + private String TOKEN_SECRET; - AuthDTO refreshAccessToken(String refreshToken, HttpServletRequest request, HttpServletResponse response); + @Value("${com.hideyoshi.accessTokenDuration}") + private Integer ACCESS_TOKEN_DURATION; - AuthDTO signupUser(@Valid UserDTO user, HttpServletRequest request); + @Value("${com.hideyoshi.refreshTokenDuration}") + private Integer REFRESH_TOKEN_DURATION; - AuthDTO generateUserWithTokens(UserDTO user, HttpServletRequest request); + public UsernamePasswordAuthenticationToken extractAccessTokenInfo(String accessToken) { + DecodedJWT decodedJWT = this.decodeToken(accessToken) + .orElseThrow(() -> new BadRequestException("Invalid Token")); - AuthDTO processOAuthPostLogin(@Valid UserDTO user, HttpServletRequest request); + String username = decodedJWT.getSubject(); + String[] roles = decodedJWT.getClaim("roles").asArray(String.class); - void loginUser(HttpServletRequest request, HttpServletResponse response, @Valid UserDTO user) throws IOException; + Collection authorities = new ArrayList<>(); + stream(roles).forEach(role -> { + authorities.add(new SimpleGrantedAuthority(role)); + }); - void loginOAuthUser(HttpServletRequest request, HttpServletResponse response, OAuth2User user) throws IOException; + return new UsernamePasswordAuthenticationToken(username, null, authorities); + } - UserDTO getLoggedUser(); + public AuthDTO signupUser(@Valid UserDTO user, HttpServletRequest request) { + user.setProvider(Provider.LOCAL); + + UserDTO authenticatedUser = this.userService.saveUser(user); + authenticatedUser.setProfilePictureUrl(this.extractProfilePictureUrl(authenticatedUser)); + + return this.generateNewAuthenticatedUser( + authenticatedUser, + request + ); + + } + + public void loginUser(HttpServletRequest request, HttpServletResponse response, @Valid UserDTO user) throws IOException { + user.setProfilePictureUrl(this.extractProfilePictureUrl(user)); + + AuthDTO authObject = this.generateNewAuthenticatedUser( + user, + request + ); + + response.setContentType(APPLICATION_JSON_VALUE); + new ObjectMapper() + .writeValue(response.getOutputStream(), authObject); + } + + public AuthDTO refreshAccessToken(String requestToken, HttpServletRequest request) { + DecodedJWT decodedJWT = this.decodeToken(requestToken) + .orElseThrow(() -> new BadRequestException("Invalid Token")); + + String username = decodedJWT.getSubject(); + + UserDTO user = this.userService.getUser(username); + user.setProfilePictureUrl(this.extractProfilePictureUrl(user)); + + return this.refreshAuthenticatedUser(user, request, new TokenDTO(requestToken, decodedJWT.getExpiresAt())); + } + + public AuthDTO validateAccessToken(HttpServletRequest request) { + UserDTO user = this.getLoggedUser(); + user.setProfilePictureUrl(this.extractProfilePictureUrl(user)); + + return this.generateNewAuthenticatedUser(user, request); + + } + + public void loginOAuthUser(HttpServletRequest request, + HttpServletResponse response, + OAuth2User oauthUser) throws IOException { + + String clientId = this.getClientFromUrl(request.getRequestURL().toString()); + OAuthMap oauthMap = this.generateOAuthMap(clientId, oauthUser); + + AuthDTO authObject = this.processOAuthPostLogin( + this.generateAuthenticatedUserFromOAuth(oauthMap, oauthUser), + request + ); + + response.setContentType(APPLICATION_JSON_VALUE); + new ObjectMapper() + .writeValue(response.getOutputStream(), authObject); + } + + public UserDTO getLoggedUser() { + String username = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); + return userService.getUser(username); + } + + private Optional decodeToken(String token) { + Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET.getBytes()); + JWTVerifier verifier = JWT.require(algorithm).build(); + try { + return Optional.of(verifier.verify(token)); + } catch (Exception e) { + log.warn("Token verification failed: {}", e.getMessage()); + } + return Optional.empty(); + } + + private AuthDTO processOAuthPostLogin(@Valid UserDTO user, HttpServletRequest request) { + + if (Objects.nonNull(user.getId())) { + this.userService.alterUser(user.getId(), user); + } else { + this.userService.saveUser(user); + } + + return this.generateNewAuthenticatedUser(user, request); + } + + private String getClientFromUrl(String url) { + String[] urlPartition = url.split("/"); + return urlPartition[urlPartition.length - 1]; + } + + private OAuthMap generateOAuthMap(String clientId, OAuth2User oauthUser) { + try { + return OAuthMapper.byValue(clientId).getMap() + .getDeclaredConstructor(OAuth2User.class).newInstance(oauthUser); + } catch (Exception e) { + throw new BadRequestException("Unsupported OAuth Client."); + } + } + + private String extractProfilePictureUrl(UserDTO user) { + return this.storageService.getFileUrl(user.getUsername(), "profile") + .map(StorageServiceDownloadResponse::getPresignedUrl) + .orElse(null); + } + + private UserDTO generateAuthenticatedUserFromOAuth(OAuthMap oauthMap, OAuth2User oauthUser) { + UserDTO user; + try { + user = this.userService.getUser(oauthMap.getPrincipal()); + } catch (BadRequestException e) { + user = UserDTO.builder() + .name(oauthUser.getAttribute("name")) + .username(oauthMap.getPrincipal()) + .email(oauthUser.getAttribute("email")) + .roles(List.of(Role.USER)) + .provider(oauthMap.getProvider()) + .build(); + } + user.setProfilePictureUrl(oauthMap.getProfilePicture()); + + return user; + } + + private AuthDTO generateNewAuthenticatedUser(UserDTO user, HttpServletRequest request) { + HttpSession httpSession = request.getSession(); + AuthDTO authObject = new AuthDTO( + user, + this.generateToken(user, request, ACCESS_TOKEN_DURATION), + this.generateToken(user, request, REFRESH_TOKEN_DURATION) + ); + + httpSession.setAttribute("user", authObject); + + return authObject; + } + + private AuthDTO refreshAuthenticatedUser(UserDTO user, HttpServletRequest request, TokenDTO refreshToken) { + HttpSession httpSession = request.getSession(); + AuthDTO authObject = new AuthDTO( + user, + this.generateToken(user, request, ACCESS_TOKEN_DURATION), + refreshToken + ); + + httpSession.setAttribute("user", authObject); + + return authObject; + } + + private TokenDTO generateToken(@Valid UserDTO user, HttpServletRequest request, Integer duration) { + + Date expirationDate = new Date(System.currentTimeMillis() + duration); + Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET.getBytes()); + + String token = JWT.create() + .withSubject(user.getUsername()) + .withExpiresAt(expirationDate) + .withIssuer(request.getRequestURL().toString()) + .withClaim("roles", user.getAuthorities() + .stream().map(GrantedAuthority::getAuthority) + .collect(Collectors.toList())) + .sign(algorithm); + + return new TokenDTO(token, expirationDate); + + } } diff --git a/src/main/java/com/hideyoshi/backendportfolio/base/security/service/AuthServiceImpl.java b/src/main/java/com/hideyoshi/backendportfolio/base/security/service/AuthServiceImpl.java deleted file mode 100644 index ed7e81b..0000000 --- a/src/main/java/com/hideyoshi/backendportfolio/base/security/service/AuthServiceImpl.java +++ /dev/null @@ -1,290 +0,0 @@ -package com.hideyoshi.backendportfolio.base.security.service; - -import com.auth0.jwt.JWT; -import com.auth0.jwt.JWTVerifier; -import com.auth0.jwt.algorithms.Algorithm; -import com.auth0.jwt.interfaces.DecodedJWT; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.hideyoshi.backendportfolio.base.security.model.AuthDTO; -import com.hideyoshi.backendportfolio.base.security.oauth.mapper.OAuthMap; -import com.hideyoshi.backendportfolio.base.security.oauth.mapper.OAuthMapper; -import com.hideyoshi.backendportfolio.base.user.entity.Provider; -import com.hideyoshi.backendportfolio.base.user.entity.Role; -import com.hideyoshi.backendportfolio.base.user.model.TokenDTO; -import com.hideyoshi.backendportfolio.base.user.model.UserDTO; -import com.hideyoshi.backendportfolio.base.user.service.UserService; -import com.hideyoshi.backendportfolio.microservice.storageService.service.StorageService; -import com.hideyoshi.backendportfolio.util.exception.BadRequestException; -import lombok.RequiredArgsConstructor; -import lombok.extern.log4j.Log4j2; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.core.user.OAuth2User; -import org.springframework.stereotype.Service; -import org.springframework.web.servlet.HandlerExceptionResolver; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.validation.Valid; -import java.io.IOException; -import java.util.*; -import java.util.stream.Collectors; - -import static java.util.Arrays.stream; -import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; - -@Log4j2 -@Service -@RequiredArgsConstructor -public class AuthServiceImpl implements AuthService { - - - private static final String AUTHORIZATION_TYPE_STRING = "Bearer "; - private final UserService userService; - private final StorageService storageService; - @Value("${com.hideyoshi.tokenSecret}") - private String TOKEN_SECRET; - @Value("${com.hideyoshi.accessTokenDuration}") - private Integer ACCESS_TOKEN_DURATION; - @Value("${com.hideyoshi.refreshTokenDuration}") - private Integer REFRESH_TOKEN_DURATION; - @Autowired - @Qualifier("handlerExceptionResolver") - private HandlerExceptionResolver resolver; - - @Override - public TokenDTO generateAccessToken(@Valid UserDTO user, Algorithm algorithm, HttpServletRequest request) { - - Date expirationDate = new Date(System.currentTimeMillis() + ACCESS_TOKEN_DURATION); - - String accessToken = JWT.create() - .withSubject(user.getUsername()) - .withExpiresAt(expirationDate) - .withIssuer(request.getRequestURL().toString()) - .withClaim("roles", user.getAuthorities() - .stream().map(GrantedAuthority::getAuthority) - .collect(Collectors.toList())) - .sign(algorithm); - - return new TokenDTO(accessToken, expirationDate); - - } - - @Override - public TokenDTO generateRefreshToken(@Valid UserDTO user, Algorithm algorithm, HttpServletRequest request) { - - Date expirationDate = new Date(System.currentTimeMillis() + REFRESH_TOKEN_DURATION); - - String refreshToken = JWT.create() - .withSubject(user.getUsername()) - .withExpiresAt(expirationDate) - .withIssuer(request.getRequestURL().toString()) - .sign(algorithm); - - return new TokenDTO(refreshToken, expirationDate); - - } - - @Override - public HashMap generateTokens(@Valid UserDTO user, Algorithm algorithm, HttpServletRequest request) { - - TokenDTO accessToken = generateAccessToken(user, algorithm, request); - TokenDTO refreshToken = generateRefreshToken(user, algorithm, request); - - HashMap tokens = new HashMap<>(); - tokens.put("accessToken", accessToken); - tokens.put("refreshToken", refreshToken); - - return tokens; - } - - @Override - public UsernamePasswordAuthenticationToken verifyAccessToken(String authorizationHeader) { - - if (!authorizationHeader.startsWith(AUTHORIZATION_TYPE_STRING)) { - return null; - } - - String authorizationToken = authorizationHeader.substring(AUTHORIZATION_TYPE_STRING.length()); - Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET.getBytes()); - - JWTVerifier verifier = JWT.require(algorithm).build(); - DecodedJWT decodedJWT = verifier.verify(authorizationToken); - - String username = decodedJWT.getSubject(); - String[] roles = decodedJWT.getClaim("roles").asArray(String.class); - - Collection authorities = new ArrayList<>(); - stream(roles).forEach(role -> { - authorities.add(new SimpleGrantedAuthority(role)); - }); - - return new UsernamePasswordAuthenticationToken(username, null, authorities); - } - - @Override - public AuthDTO generateUserWithTokens(UserDTO user, HttpServletRequest request) { - - Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET.getBytes()); - - HashMap tokens = this.generateTokens(user, algorithm, request); - - HttpSession httpSession = request.getSession(); - AuthDTO authObject = new AuthDTO(user, tokens.get("accessToken"), tokens.get("refreshToken")); - - httpSession.setAttribute("user", authObject); - - return authObject; - } - - @Override - public AuthDTO signupUser(@Valid UserDTO user, HttpServletRequest request) { - - user.setProvider(Provider.LOCAL); - - UserDTO authenticatedUser = this.userService.saveUser(user); - - var profilePicture = this.storageService.getFileUrl(authenticatedUser.getUsername(), "profile"); - profilePicture.ifPresent( - storageServiceDownloadResponse -> authenticatedUser.setProfilePictureUrl(storageServiceDownloadResponse.getPresignedUrl()) - ); - - return this.generateUserWithTokens( - authenticatedUser, - request - ); - - } - - @Override - public void loginUser(HttpServletRequest request, HttpServletResponse response, @Valid UserDTO user) throws IOException { - var profilePicture = this.storageService.getFileUrl(user.getUsername(), "profile"); - profilePicture.ifPresent( - storageServiceDownloadResponse -> user.setProfilePictureUrl(storageServiceDownloadResponse.getPresignedUrl()) - ); - - AuthDTO authObject = this.generateUserWithTokens( - user, - request - ); - - response.setContentType(APPLICATION_JSON_VALUE); - new ObjectMapper() - .writeValue(response.getOutputStream(), authObject); - } - - @Override - public AuthDTO refreshAccessToken(String refreshToken, HttpServletRequest request, HttpServletResponse response) { - - if (!Objects.nonNull(refreshToken)) { - resolver.resolveException( - request, - response, - null, - new BadRequestException("Invalid Refresh Token. Please authenticate first.") - ); - } - - Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET.getBytes()); - - JWTVerifier verifier = JWT.require(algorithm).build(); - DecodedJWT decodedJWT = verifier.verify(refreshToken); - - UserDTO user = this.userService.getUser(decodedJWT.getSubject()); - - var profilePicture = this.storageService.getFileUrl(user.getUsername(), "profile"); - profilePicture.ifPresent( - storageServiceDownloadResponse -> user.setProfilePictureUrl(storageServiceDownloadResponse.getPresignedUrl()) - ); - - HttpSession httpSession = request.getSession(); - AuthDTO authenticatedUser = new AuthDTO( - user, - this.generateAccessToken(user, algorithm, request), - new TokenDTO( - refreshToken, - decodedJWT.getExpiresAt() - ) - ); - httpSession.setAttribute("user", authenticatedUser); - - return authenticatedUser; - - } - - @Override - public AuthDTO processOAuthPostLogin(@Valid UserDTO user, HttpServletRequest request) { - - if (Objects.nonNull(user.getId())) { - this.userService.alterUser(user.getId(), user); - } else { - this.userService.saveUser(user); - } - - return this.generateUserWithTokens(user, request); - } - - @Override - public void loginOAuthUser(HttpServletRequest request, - HttpServletResponse response, - OAuth2User oauthUser) throws IOException { - - String clientId = this.getClientFromUrl(request.getRequestURL().toString()); - - OAuthMap oauthMap = this.generateOAuthMap(clientId, oauthUser); - - AuthDTO authObject = this.processOAuthPostLogin( - this.generateUserFromAuthUser(oauthMap, oauthUser), - request - ); - - response.setContentType(APPLICATION_JSON_VALUE); - new ObjectMapper() - .writeValue(response.getOutputStream(), authObject); - } - - @Override - public UserDTO getLoggedUser() { - String username = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); - return userService.getUser(username); - } - - private String getClientFromUrl(String url) { - String[] urlPartition = url.split("/"); - return urlPartition[urlPartition.length - 1]; - } - - private OAuthMap generateOAuthMap(String clientId, OAuth2User oauthUser) { - try { - return (OAuthMap) OAuthMapper.byValue(clientId).getMap() - .getDeclaredConstructor(OAuth2User.class).newInstance(oauthUser); - } catch (Exception e) { - throw new BadRequestException("Unsupported OAuth Client."); - } - } - - private UserDTO generateUserFromAuthUser(OAuthMap oauthMap, OAuth2User oauthUser) { - UserDTO user = null; - try { - user = this.userService.getUser(oauthMap.getPrincipal()); - } catch (BadRequestException e) { - user = UserDTO.builder() - .name(oauthUser.getAttribute("name")) - .username(oauthMap.getPrincipal()) - .email(oauthUser.getAttribute("email")) - .roles(Arrays.asList(Role.USER)) - .provider(oauthMap.getProvider()) - .build(); - } - user.setProfilePictureUrl(oauthMap.getProfilePicture()); - - return user; - } - -} diff --git a/src/main/java/com/hideyoshi/backendportfolio/base/user/api/UserController.java b/src/main/java/com/hideyoshi/backendportfolio/base/user/api/UserController.java index 1c88292..aca0317 100644 --- a/src/main/java/com/hideyoshi/backendportfolio/base/user/api/UserController.java +++ b/src/main/java/com/hideyoshi/backendportfolio/base/user/api/UserController.java @@ -59,9 +59,14 @@ public class UserController { @UserResourceGuard(accessType = UserResourceGuardEnum.OPEN) public ResponseEntity refreshAccessToken( @RequestBody @Valid TokenDTO refreshToken, - HttpServletRequest request, - HttpServletResponse response) { - return ResponseEntity.ok(this.authService.refreshAccessToken(refreshToken.getToken(), request, response)); + HttpServletRequest request) { + return ResponseEntity.ok(this.authService.refreshAccessToken(refreshToken.getToken(), request)); + } + + @PostMapping("/login/validate") + @UserResourceGuard(accessType = UserResourceGuardEnum.USER) + public ResponseEntity validateAccessToken(HttpServletRequest request) { + return ResponseEntity.ok(this.authService.validateAccessToken(request)); } @DeleteMapping("/delete") diff --git a/src/main/java/com/hideyoshi/backendportfolio/base/user/entity/Provider.java b/src/main/java/com/hideyoshi/backendportfolio/base/user/entity/Provider.java index 6819ce7..29514f9 100644 --- a/src/main/java/com/hideyoshi/backendportfolio/base/user/entity/Provider.java +++ b/src/main/java/com/hideyoshi/backendportfolio/base/user/entity/Provider.java @@ -1,5 +1,8 @@ package com.hideyoshi.backendportfolio.base.user.entity; +import lombok.Getter; + +@Getter public enum Provider { GOOGLE("google"), @@ -8,7 +11,7 @@ public enum Provider { LOCAL("local"); - private String name; + private final String name; Provider(String name) { this.name = name; @@ -23,8 +26,4 @@ public enum Provider { throw new IllegalArgumentException("Argument not valid."); } - public String getName() { - return name; - } - } diff --git a/src/main/java/com/hideyoshi/backendportfolio/microservice/storageService/service/StorageService.java b/src/main/java/com/hideyoshi/backendportfolio/microservice/storageService/service/StorageService.java index 7c16c41..8b19020 100644 --- a/src/main/java/com/hideyoshi/backendportfolio/microservice/storageService/service/StorageService.java +++ b/src/main/java/com/hideyoshi/backendportfolio/microservice/storageService/service/StorageService.java @@ -63,7 +63,7 @@ public class StorageService { } public Optional getFileUrl(String username, String filePostfix) { - URI uri = null; + URI uri; try { uri = new URIBuilder(storageServiceConfig.getFileServicePath() + "/file") .addParameter(PARAMETER_USERNAME, username)