JewelleryManagement · VladoKat · Oct 5, 2023 · Sep 13, 2023 · Sep 13, 2023 · Sep 13, 2023
diff --git a/.gitignore b/.gitignore
@@ -34,10 +34,10 @@ build/
 
 # Gradle files
 .gradle/
-build/
 
 # Spring Boot properties
 .env
+/src/main/resources/data.sql
 
 pom.xml.tag
 pom.xml.releaseBackup

diff --git a/pom.xml b/pom.xml
@@ -18,14 +18,44 @@
         <org.mapstruct.version>1.5.5.Final</org.mapstruct.version>
         <testcontainers.version>1.18.3</testcontainers.version>
         <lombok.version>1.18.22</lombok.version>
-        <lombok-mapstruct-binding>0.2.0</lombok-mapstruct-binding>
+        <lombok-mapstruct-binding-version>0.2.0</lombok-mapstruct-binding-version>
+        <jjwt-version>0.11.5</jjwt-version>
     </properties>
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>${jjwt-version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>${jjwt-version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>${jjwt-version}</version>
+        </dependency>
+
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-validation</artifactId>
@@ -51,7 +81,7 @@
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok-mapstruct-binding</artifactId>
-            <version>${lombok-mapstruct-binding}</version>
+            <version>${lombok-mapstruct-binding-version}</version>
         </dependency>
 
         <!--  snakeyaml 2.0 dependency is only added to fix vulnerability coming from
@@ -158,7 +188,7 @@
                         <path>
                             <groupId>org.projectlombok</groupId>
                             <artifactId>lombok-mapstruct-binding</artifactId>
-                            <version>${lombok-mapstruct-binding}</version>
+                            <version>${lombok-mapstruct-binding-version}</version>
                         </path>
                     </annotationProcessorPaths>
                 </configuration>

diff --git a/src/main/java/jewellery/inventory/controller/AuthController.java b/src/main/java/jewellery/inventory/controller/AuthController.java
@@ -0,0 +1,26 @@
+package jewellery.inventory.controller;
+
+import jakarta.validation.Valid;
+import jewellery.inventory.dto.request.AuthenticationRequestDto;
+import jewellery.inventory.dto.response.UserAuthDetailsDto;
+import jewellery.inventory.service.security.AuthService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/login")
+@RequiredArgsConstructor
+public class AuthController {
+  private final AuthService authService;
+
+  @ResponseStatus(HttpStatus.CREATED)
+  @PostMapping
+  public UserAuthDetailsDto login(@Valid @RequestBody AuthenticationRequestDto authRequest) {
+    return authService.login(authRequest);
+  }
+}
diff --git a/src/main/java/jewellery/inventory/controller/HomeController.java b/src/main/java/jewellery/inventory/controller/HomeController.java
@@ -1,11 +1,9 @@
 package jewellery.inventory.controller;
 
-import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@CrossOrigin(origins = "${cors.origins}")
 public class HomeController {
 
   @GetMapping("/home")

diff --git a/src/main/java/jewellery/inventory/controller/ResourceController.java b/src/main/java/jewellery/inventory/controller/ResourceController.java
@@ -14,7 +14,6 @@
 
 @RestController
 @RequestMapping("/resources")
-@CrossOrigin(origins = "${cors.origins}")
 @RequiredArgsConstructor
 public class ResourceController {
   private final ResourceService resourceService;

diff --git a/src/main/java/jewellery/inventory/controller/ResourceInUserController.java b/src/main/java/jewellery/inventory/controller/ResourceInUserController.java
@@ -8,7 +8,6 @@
 import jewellery.inventory.service.ResourceInUserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
-import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -20,7 +19,6 @@
 
 @RestController
 @RequestMapping("/resources/availability")
-@CrossOrigin(origins = "${cors.origins}")
 @RequiredArgsConstructor
 public class ResourceInUserController {
   private final ResourceInUserService resourceAvailabilityService;

diff --git a/src/main/java/jewellery/inventory/controller/UserController.java b/src/main/java/jewellery/inventory/controller/UserController.java
@@ -8,7 +8,6 @@
 import jewellery.inventory.service.UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
-import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -21,7 +20,6 @@
 
 @RestController
 @RequestMapping("/users")
-@CrossOrigin(origins = "${cors.origins}")
 @RequiredArgsConstructor
 public class UserController {
   private final UserService userService;

diff --git a/src/main/java/jewellery/inventory/dto/request/AuthenticationRequestDto.java b/src/main/java/jewellery/inventory/dto/request/AuthenticationRequestDto.java
@@ -0,0 +1,17 @@
+package jewellery.inventory.dto.request;
+
+import jakarta.validation.constraints.NotBlank;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthenticationRequestDto {
+  @NotBlank(message = "Email must not be blank, empty or null")
+  private String email;
+
+  @NotBlank(message = "Password must not be blank, empty or null")
+  private String password;
+}
diff --git a/src/main/java/jewellery/inventory/dto/request/UserRequestDto.java b/src/main/java/jewellery/inventory/dto/request/UserRequestDto.java
@@ -1,26 +1,32 @@
 package jewellery.inventory.dto.request;
 
-import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.Pattern;
 import jakarta.validation.constraints.Size;
 import lombok.Data;
 
 @Data
 public class UserRequestDto {
-  private static final String NAME_PATTERN_REGEX = "^(?!.*__)[A-Za-z0-9_]*$";
-  private static final String EMAIL_PATTERN_REGEX =
-      "^[a-zA-Z0-9_!#$%&'*+/=?`{|}~^.-]+@[a-zA-Z0-9.-]+$";
-  private static final String NAME_SIZE_VALIDATION_MSG = "Size must be between 3 and 64";
   private static final String NAME_PATTERN_VALIDATION_MSG =
       "Name must only contain alphanumeric characters and underscores, and no consecutive underscores";
-  private static final String EMAIL_VALIDATION_MSG = "Email must be valid";
+  private static final String PWD_PATTERN_VALIDATION_MSG =
+      "Password must contain at least one digit, one lowercase letter, one uppercase letter, one special character, and be at least 8 characters long";
 
-  @NotEmpty
-  @Size(min = 3, max = 64, message = NAME_SIZE_VALIDATION_MSG)
-  @Pattern(regexp = NAME_PATTERN_REGEX, message = NAME_PATTERN_VALIDATION_MSG)
+  @NotBlank(message = "Name must not be blank, empty or null")
+  @Size(min = 3, max = 64, message = "Name size must be between 3 and 64")
+  @Pattern(regexp = "^(?!.*__)[A-Za-z0-9_]*$", message = NAME_PATTERN_VALIDATION_MSG)
   private String name;
 
-  @NotEmpty
-  @Pattern(regexp = EMAIL_PATTERN_REGEX, message = EMAIL_VALIDATION_MSG)
+  @NotBlank(message = "Email must not be blank, empty or null")
+  @Pattern(
+      regexp = "^[a-zA-Z0-9_!#$%&'*+/=?`{|}~^.-]+@[a-zA-Z0-9.-]+$",
+      message = "Email must be valid")
   private String email;
+
+  @NotBlank(message = "Password must not be blank, empty or null")
+  @Size(min = 8, message = "Size must be at least 8 characters")
+  @Pattern(
+      regexp = "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=])(?=\\S+$).{8,}$",
+      message = PWD_PATTERN_VALIDATION_MSG)
+  private String password;
 }
diff --git a/src/main/java/jewellery/inventory/dto/response/UserAuthDetailsDto.java b/src/main/java/jewellery/inventory/dto/response/UserAuthDetailsDto.java
@@ -0,0 +1,11 @@
+package jewellery.inventory.dto.response;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+@AllArgsConstructor
+public class UserAuthDetailsDto {
+    String token;
+    UserResponseDto user;
+}
diff --git a/src/main/java/jewellery/inventory/exception/GlobalExceptionHandler.java b/src/main/java/jewellery/inventory/exception/GlobalExceptionHandler.java
@@ -1,5 +1,6 @@
 package jewellery.inventory.exception;
 
+import io.jsonwebtoken.security.SignatureException;
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
@@ -10,8 +11,10 @@
 import jewellery.inventory.exception.invalid_resource_quantity.InvalidResourceQuantityException;
 import jewellery.inventory.exception.not_found.NotFoundException;
 import jewellery.inventory.exception.not_found.ResourceInUserNotFoundException;
+import jewellery.inventory.exception.security.InvalidSecretKeyException;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.validation.FieldError;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
@@ -46,6 +49,16 @@ public ResponseEntity<Object> handleBadDataExceptions(RuntimeException ex) {
     return createErrorResponse(HttpStatus.BAD_REQUEST, ex.getMessage());
   }
 
+  @ExceptionHandler({SignatureException.class, AuthenticationException.class})
+  public ResponseEntity<Object> handleAuthenticationException(AuthenticationException ex) {
+    return createErrorResponse(HttpStatus.UNAUTHORIZED, ex.getMessage());
+  }
+
+  @ExceptionHandler({ InvalidSecretKeyException.class })
+  public ResponseEntity<Object> handleBadSecretKey(RuntimeException ex) {
+    return createErrorResponse(HttpStatus.BAD_REQUEST, ex.getMessage());
+  }
+
   private ResponseEntity<Object> createErrorResponse(HttpStatus status, Object error) {
     Map<String, Object> body = new HashMap<>();
     String date = LocalDateTime.now().format(DateTimeFormatter.ofPattern(DATE_TIME_FORMAT_PATTERN));

diff --git a/src/main/java/jewellery/inventory/exception/not_found/UserNotFoundException.java b/src/main/java/jewellery/inventory/exception/not_found/UserNotFoundException.java
@@ -6,4 +6,8 @@ public class UserNotFoundException extends NotFoundException {
   public UserNotFoundException(UUID id) {
     super("User with id " + id + " was not found");
   }
+
+  public UserNotFoundException(String email) {
+    super("User with email " + email + " was not found");
+  }
 }
diff --git a/src/main/java/jewellery/inventory/exception/security/InvalidCredentialsException.java b/src/main/java/jewellery/inventory/exception/security/InvalidCredentialsException.java
@@ -0,0 +1,10 @@
+package jewellery.inventory.exception.security;
+
+import jewellery.inventory.exception.security.jwt.JwtAuthenticationBaseException;
+
+
+public class InvalidCredentialsException extends JwtAuthenticationBaseException {
+    public InvalidCredentialsException() {
+        super("Invalid credentials");
+    }
+}
diff --git a/src/main/java/jewellery/inventory/exception/security/InvalidSecretKeyException.java b/src/main/java/jewellery/inventory/exception/security/InvalidSecretKeyException.java
@@ -0,0 +1,9 @@
+package jewellery.inventory.exception.security;
+
+import io.jsonwebtoken.security.WeakKeyException;
+
+public class InvalidSecretKeyException extends RuntimeException {
+  public InvalidSecretKeyException(WeakKeyException e) {
+    super("Invalid secret key: " + e.getMessage(), e.getCause());
+  }
+}
diff --git a/src/main/java/jewellery/inventory/exception/security/jwt/JwtAuthenticationBaseException.java b/src/main/java/jewellery/inventory/exception/security/jwt/JwtAuthenticationBaseException.java
@@ -0,0 +1,13 @@
+package jewellery.inventory.exception.security.jwt;
+
+import org.springframework.security.core.AuthenticationException;
+
+public class JwtAuthenticationBaseException extends AuthenticationException {
+  public JwtAuthenticationBaseException(String msg) {
+    super(msg);
+  }
+
+  public JwtAuthenticationBaseException(String msg, Throwable cause) {
+    super(msg, cause);
+  }
+}
diff --git a/src/main/java/jewellery/inventory/exception/security/jwt/JwtExpiredException.java b/src/main/java/jewellery/inventory/exception/security/jwt/JwtExpiredException.java
@@ -0,0 +1,8 @@
+package jewellery.inventory.exception.security.jwt;
+
+public class JwtExpiredException extends JwtAuthenticationBaseException {
+
+  public JwtExpiredException() {
+    super("JWT token has expired");
+  }
+}
diff --git a/src/main/java/jewellery/inventory/exception/security/jwt/JwtIsNotValidException.java b/src/main/java/jewellery/inventory/exception/security/jwt/JwtIsNotValidException.java
@@ -0,0 +1,11 @@
+package jewellery.inventory.exception.security.jwt;
+
+public class JwtIsNotValidException extends JwtAuthenticationBaseException {
+  public JwtIsNotValidException() {
+    super("Invalid JWT token");
+  }
+
+  public JwtIsNotValidException(Exception e) {
+    super("Invalid JWT token: " + e.getMessage(), e.getCause());
+  }
+}
diff --git a/src/main/java/jewellery/inventory/exception/security/jwt/JwtTokenNotFoundException.java b/src/main/java/jewellery/inventory/exception/security/jwt/JwtTokenNotFoundException.java
@@ -0,0 +1,7 @@
+package jewellery.inventory.exception.security.jwt;
+
+public class JwtTokenNotFoundException extends JwtAuthenticationBaseException {
+  public JwtTokenNotFoundException() {
+    super("No JWT token found in request.");
+  }
+}
diff --git a/src/main/java/jewellery/inventory/model/Role.java b/src/main/java/jewellery/inventory/model/Role.java
@@ -0,0 +1,6 @@
+package jewellery.inventory.model;
+
+public enum Role {
+  USER,
+  ADMIN
+}