Api to get user from token

2024-08-30 16:29:02 +05:30
parent 6318153300
commit 1184420f89
8 changed files with 80 additions and 13 deletions
--- a/src/main/java/net/gepafin/tendermanagement/config/jwt/TokenProvider.java
+++ b/src/main/java/net/gepafin/tendermanagement/config/jwt/TokenProvider.java
@@ -6,12 +6,18 @@ import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
 import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.HttpServletRequest;
+import net.gepafin.tendermanagement.config.Translator;
+import net.gepafin.tendermanagement.constants.GepafinConstant;
 import net.gepafin.tendermanagement.entities.UserEntity;
+import net.gepafin.tendermanagement.repositories.UserRepository;
 import net.gepafin.tendermanagement.util.Utils;
+import net.gepafin.tendermanagement.web.rest.api.errors.Status;
+import net.gepafin.tendermanagement.web.rest.api.errors.UnauthorizedAccessException;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.time.DateUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -40,23 +46,43 @@ public class TokenProvider {

    @Value("${security.authentication.jwt.token-validity-in-seconds}")
    private long tokenValidityInSeconds;
+    @Autowired
+    private UserRepository userRepository;

    private SecretKey key;

    private static final String AUTHORITIES_KEY = "auth";
    private static final String MERCHANTID="merchantId";

-    public static final String INVALID_USER = "invalid_user";
    static final  String AUTH_SECRET = "X-Api-Secret";
    private final Set<String> invalidatedTokens = new HashSet<>();
+    private static final String USER_ID = "userId";

+        public UserEntity validateUser(Map<String, Object> userInfo) {
+        if (userInfo == null || userInfo.get(USER_ID) == null) {
+            throw new UnauthorizedAccessException(Status.UNAUTHORIZED, Translator.toLocale(GepafinConstant.INVALID_USER));
+        }
+
+        Long userId = Long.valueOf(userInfo.get(USER_ID).toString());
+        UserEntity userEntity = userRepository.findById(userId).orElse(null);
+
+        if (userEntity == null) {
+            throw new UnauthorizedAccessException(Status.UNAUTHORIZED, Translator.toLocale(GepafinConstant.INVALID_USER));
+        }
+
+        if (!userEntity.getStatus().equals("ACTIVE")) {
+            throw new UnauthorizedAccessException(Status.UNAUTHORIZED, Translator.toLocale(GepafinConstant.INVALID_USER));
+        }
+
+        return userEntity;
+    }
    @PostConstruct
    public void init() {
        this.key = Keys.hmacShaKeyFor(secretKey.getBytes(StandardCharsets.UTF_8));
        log.info("JWT Secret Key initialized.");
    }

-     public String createToken(Authentication authentication, Boolean rememberMe, UserEntity user) {
+    public String createToken(Authentication authentication, Boolean rememberMe, UserEntity user) {
        String authorities = authentication.getAuthorities().stream()
                .map(GrantedAuthority::getAuthority)
                .collect(Collectors.joining(","));
@@ -72,11 +98,11 @@ public class TokenProvider {
            validity = new Date(now + (this.tokenValidityInSeconds * 1000));
            log.info("Creating token with standard validity of {} seconds.", this.tokenValidityInSeconds);
        }
-        
+
        String payload = authentication.getName();
        if(user != null) {
-           payload += ":"+user.getId();  
-       }
+            payload += ":"+user.getId();
+        }

        String token = Jwts.builder()
                .setSubject(payload)
@@ -160,7 +186,7 @@ public class TokenProvider {
 //            isSuperAdmin = true;
 //
 //        } else
-            if (!isEmpty(authSecretHeader)) {
+        if (!isEmpty(authSecretHeader)) {
            String secret = Utils.decodeBase64String(authSecretHeader);
            String[] tokenArr = secret.split("\\.", 2);
            String[] merchant = tokenArr[0].split("-");
@@ -175,12 +201,12 @@ public class TokenProvider {
        if (payload != null && !isSuperAdmin) {
            String[] payloadString = payload.split(":");{

-            if (payloadString.length > 1) {
+                if (payloadString.length > 1) {
 //                userInfo.put(MERCHANTID, payloadString[1]);
 //                userInfo.put("associatedTags", payloadString[2]);
-                userInfo.put("userId", payloadString[1]);
+                    userInfo.put("userId", payloadString[1]);
+                }
            }
-        }

            if (payloadString.length > 1) {
 //                userInfo.put(MERCHANTID, payloadString[1]);
@@ -203,7 +229,7 @@ public class TokenProvider {
        Gson g = new Gson();
        return g.fromJson(new String(decoder.decode(parts[1])), Map.class);
    }
-//    public String getSuperUserToken() {
+    //    public String getSuperUserToken() {
 //        return superUserToken;
 //    }
    public String getUserDetails(String token) {
@@ -218,4 +244,4 @@ public class TokenProvider {
        return null; // Return null if token is not found or not in Bearer format
    }

-}
+}