-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #32 from JewelleryManagement/feature-19-user-authe…
…ntication Implemented user authentication
- Loading branch information
Showing
40 changed files
with
1,298 additions
and
92 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,69 @@ | ||
# Jewellery Management Service | ||
|
||
A jewellery store management project | ||
This is the backend service for a jewellery management administration system. | ||
|
||
## Prerequisites | ||
## Setup and Running the Project | ||
|
||
### Prerequisites | ||
|
||
What things you need to install the software and how to install them. For example: | ||
You would need the following tools installed before running the project locally: | ||
|
||
- Java 17 | ||
- Maven | ||
- IntelliJ IDEA (or any preferred IDE) | ||
- Docker | ||
|
||
## Setup and Running the Project | ||
[Click here to open instructions on how to create and run the docker container with postgres database](https://docs.google.com/document/d/12QSq2K_E1DIsF0a99rClwVmwdu7eLKnVagnG0i9JjBI/edit?usp=drive_link) | ||
### Running the project | ||
|
||
### Clone the Repository | ||
1. Create .env file in the root folder with database credentials: | ||
``` | ||
JMS_DATABASE_NAME=jewellery-management | ||
JMS_DATABASE_USER=admin | ||
JMS_DATABASE_PASSWORD=DB-p@s5w0rD | ||
``` | ||
2. Start DB | ||
- run `docker-compose up` in a terminal in the root folder | ||
- This command will start a postgreSQL DB in a docker container with the properties we've entered in the .env file | ||
3. Setup root user for authenticated access | ||
- Create data.sql file in src/main/resources with the following content: | ||
``` | ||
INSERT INTO users (id, name, email, password, role) | ||
VALUES ('88596531-7f0f-407d-b502-31833b8c8e8d', 'root', 'root@gmail.com', '$2a$12$fGuoN79WFwHPUmirHOlxIO9kdmMTBrlNGKob0ay4muxXNDePg38ri', 'ADMIN') | ||
ON CONFLICT (email) DO UPDATE | ||
SET name = 'root', email = 'root@gmail.com', password = '$2a$12$fGuoN79WFwHPUmirHOlxIO9kdmMTBrlNGKob0ay4muxXNDePg38ri', role = 'ADMIN'; | ||
``` | ||
The password field is the bcrypt encoded value of `p@s5W07d`. You can either use this or choose your own | ||
secure | ||
password and put it through a [b-crypt generator](https://bcrypt-generator.com) | ||
4. Setup IntelliJ environment variables | ||
- Run -> Edit Configurations, then under Environment Variables, you should add the following: | ||
``` | ||
JMS_DATABASE_NAME=jewellery-management;JMS_DATABASE_USER=admin;JMS_DATABASE_PASSWORD=DB-p@s5w0rD;SECRET_KEY=9dDDE3/Z7EdcCqA35PbruWDfEt0Dxk5cbPGaaudhJ5o= | ||
``` | ||
The first 3 parameters are responsible for database connection and should match the ones we set up in | ||
step 1. The | ||
last one is a key for JWT token encoding. You can choose to use a different one. | ||
|
||
```bash | ||
git clone <https://github.com/JewelleryManagement/jewellery-management-service.git> | ||
``` | ||
1. Follow instructions in file for creating the database docker container | ||
2. Run the project from JewelleryInventoryApplication.java | ||
5. Start the app | ||
- run `mvn clean install` in a terminal to get all the needed dependencies and to build the project | ||
- Run -> Run -> choose the configuration you set up in step 4 | ||
- The app should be running on localhost:8080 | ||
6. Interact with the app | ||
- Send POST to `localhost:8080/login` with JSON body with payload: | ||
```json | ||
{ | ||
"email": "root@gmail.com", | ||
"password": "p@s5W07d" // or the password you have chosen yourself | ||
} | ||
``` | ||
- The response will contain a token. You'd need to include this token in the Authorization | ||
header in every | ||
other request you'd want to send to the service. | ||
- Authorization header: `Authorization: Bearer <token>` | ||
- Access any endpoint of the service | ||
- Example of a `GET /resources` request using curl: | ||
```bash | ||
curl --location 'localhost:8080/resources/quantity/d3515db3-d8a0-4807-bfae-40d53da0405a' \ | ||
--header 'Authorization: Bearer | ||
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJyb290QGdtYWlsLmNvbSIsImlhdCI6MTY5NjQ5NjMzMywiZXhwIjoxNjk2NTgyNzMzfQ.WqZMlAvLWkPbqepGrdpwfQY1dG39Jr_69npIWJQb_3U' | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 26 additions & 0 deletions
26
src/main/java/jewellery/inventory/controller/AuthController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
package jewellery.inventory.controller; | ||
|
||
import jakarta.validation.Valid; | ||
import jewellery.inventory.dto.request.AuthenticationRequestDto; | ||
import jewellery.inventory.dto.response.UserAuthDetailsDto; | ||
import jewellery.inventory.service.security.AuthService; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.http.HttpStatus; | ||
import org.springframework.web.bind.annotation.PostMapping; | ||
import org.springframework.web.bind.annotation.RequestBody; | ||
import org.springframework.web.bind.annotation.RequestMapping; | ||
import org.springframework.web.bind.annotation.ResponseStatus; | ||
import org.springframework.web.bind.annotation.RestController; | ||
|
||
@RestController | ||
@RequestMapping("/login") | ||
@RequiredArgsConstructor | ||
public class AuthController { | ||
private final AuthService authService; | ||
|
||
@ResponseStatus(HttpStatus.CREATED) | ||
@PostMapping | ||
public UserAuthDetailsDto login(@Valid @RequestBody AuthenticationRequestDto authRequest) { | ||
return authService.login(authRequest); | ||
} | ||
} |
2 changes: 0 additions & 2 deletions
2
src/main/java/jewellery/inventory/controller/HomeController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
src/main/java/jewellery/inventory/dto/request/AuthenticationRequestDto.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package jewellery.inventory.dto.request; | ||
|
||
import jakarta.validation.constraints.NotBlank; | ||
import lombok.AllArgsConstructor; | ||
import lombok.Data; | ||
import lombok.NoArgsConstructor; | ||
|
||
@Data | ||
@AllArgsConstructor | ||
@NoArgsConstructor | ||
public class AuthenticationRequestDto { | ||
@NotBlank(message = "Email must not be blank, empty or null") | ||
private String email; | ||
|
||
@NotBlank(message = "Password must not be blank, empty or null") | ||
private String password; | ||
} |
28 changes: 17 additions & 11 deletions
28
src/main/java/jewellery/inventory/dto/request/UserRequestDto.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,32 @@ | ||
package jewellery.inventory.dto.request; | ||
|
||
import jakarta.validation.constraints.NotEmpty; | ||
import jakarta.validation.constraints.NotBlank; | ||
import jakarta.validation.constraints.Pattern; | ||
import jakarta.validation.constraints.Size; | ||
import lombok.Data; | ||
|
||
@Data | ||
public class UserRequestDto { | ||
private static final String NAME_PATTERN_REGEX = "^(?!.*__)[A-Za-z0-9_]*$"; | ||
private static final String EMAIL_PATTERN_REGEX = | ||
"^[a-zA-Z0-9_!#$%&'*+/=?`{|}~^.-]+@[a-zA-Z0-9.-]+$"; | ||
private static final String NAME_SIZE_VALIDATION_MSG = "Size must be between 3 and 64"; | ||
private static final String NAME_PATTERN_VALIDATION_MSG = | ||
"Name must only contain alphanumeric characters and underscores, and no consecutive underscores"; | ||
private static final String EMAIL_VALIDATION_MSG = "Email must be valid"; | ||
private static final String PWD_PATTERN_VALIDATION_MSG = | ||
"Password must contain at least one digit, one lowercase letter, one uppercase letter, one special character, and be at least 8 characters long"; | ||
|
||
@NotEmpty | ||
@Size(min = 3, max = 64, message = NAME_SIZE_VALIDATION_MSG) | ||
@Pattern(regexp = NAME_PATTERN_REGEX, message = NAME_PATTERN_VALIDATION_MSG) | ||
@NotBlank(message = "Name must not be blank, empty or null") | ||
@Size(min = 3, max = 64, message = "Name size must be between 3 and 64") | ||
@Pattern(regexp = "^(?!.*__)[A-Za-z0-9_]*$", message = NAME_PATTERN_VALIDATION_MSG) | ||
private String name; | ||
|
||
@NotEmpty | ||
@Pattern(regexp = EMAIL_PATTERN_REGEX, message = EMAIL_VALIDATION_MSG) | ||
@NotBlank(message = "Email must not be blank, empty or null") | ||
@Pattern( | ||
regexp = "^[a-zA-Z0-9_!#$%&'*+/=?`{|}~^.-]+@[a-zA-Z0-9.-]+$", | ||
message = "Email must be valid") | ||
private String email; | ||
|
||
@NotBlank(message = "Password must not be blank, empty or null") | ||
@Size(min = 8, message = "Size must be at least 8 characters") | ||
@Pattern( | ||
regexp = "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=])(?=\\S+$).{8,}$", | ||
message = PWD_PATTERN_VALIDATION_MSG) | ||
private String password; | ||
} |
11 changes: 11 additions & 0 deletions
11
src/main/java/jewellery/inventory/dto/response/UserAuthDetailsDto.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
package jewellery.inventory.dto.response; | ||
|
||
import lombok.AllArgsConstructor; | ||
import lombok.Data; | ||
|
||
@Data | ||
@AllArgsConstructor | ||
public class UserAuthDetailsDto { | ||
String token; | ||
UserResponseDto user; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
src/main/java/jewellery/inventory/exception/security/InvalidCredentialsException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package jewellery.inventory.exception.security; | ||
|
||
import jewellery.inventory.exception.security.jwt.JwtAuthenticationBaseException; | ||
|
||
|
||
public class InvalidCredentialsException extends JwtAuthenticationBaseException { | ||
public InvalidCredentialsException() { | ||
super("Invalid credentials"); | ||
} | ||
} |
9 changes: 9 additions & 0 deletions
9
src/main/java/jewellery/inventory/exception/security/InvalidSecretKeyException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
package jewellery.inventory.exception.security; | ||
|
||
import io.jsonwebtoken.security.WeakKeyException; | ||
|
||
public class InvalidSecretKeyException extends RuntimeException { | ||
public InvalidSecretKeyException(WeakKeyException e) { | ||
super("Invalid secret key: " + e.getMessage(), e.getCause()); | ||
} | ||
} |
13 changes: 13 additions & 0 deletions
13
src/main/java/jewellery/inventory/exception/security/jwt/JwtAuthenticationBaseException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package jewellery.inventory.exception.security.jwt; | ||
|
||
import org.springframework.security.core.AuthenticationException; | ||
|
||
public class JwtAuthenticationBaseException extends AuthenticationException { | ||
public JwtAuthenticationBaseException(String msg) { | ||
super(msg); | ||
} | ||
|
||
public JwtAuthenticationBaseException(String msg, Throwable cause) { | ||
super(msg, cause); | ||
} | ||
} |
8 changes: 8 additions & 0 deletions
8
src/main/java/jewellery/inventory/exception/security/jwt/JwtExpiredException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
package jewellery.inventory.exception.security.jwt; | ||
|
||
public class JwtExpiredException extends JwtAuthenticationBaseException { | ||
|
||
public JwtExpiredException() { | ||
super("JWT token has expired"); | ||
} | ||
} |
Oops, something went wrong.