package net.curisit.securis.services; import java.net.URI; import java.util.Date; import javax.inject.Inject; import javax.inject.Singleton; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.FormParam; import javax.ws.rs.GET; import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.UriBuilder; import net.curisit.integrity.commons.Utils; import net.curisit.securis.security.Securable; import net.curisit.securis.utils.TokenHelper; import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.LogManager; /** * Basic services for login and basic app wrkflow * * @author roberto */ @Path("/") @Singleton public class BasicServices { private static final Logger log = LogManager.getLogger(BasicServices.class); @Inject TokenHelper tokenHelper; @Inject public BasicServices() { } @GET @Path("/info") @Produces( { MediaType.TEXT_PLAIN }) public Response info(@Context HttpServletRequest request) { return Response.ok().entity("License server running OK. Date: " + new Date()).build(); } @GET @Path("/{module:(admin)|(login)|(licenses)}") @Produces( { MediaType.TEXT_HTML }) public Response init(@PathParam("module") String module, @Context HttpServletRequest request) { log.info("App index main.html"); String page = "/main.html"; URI uri = UriBuilder.fromUri(page).build(); return Response.seeOther(uri).build(); } @POST @Path("/login") @Produces( { MediaType.APPLICATION_JSON }) public Response login(@FormParam("username") String user, @FormParam("password") String password, @Context HttpServletRequest request) { log.info("index session: " + request.getSession()); log.info("user: {}, pass: {}", user, password); log.info("is user in role: {} == {} ? ", "advance", request.isUserInRole("advance")); if ("no".equals(password)) return Response.status(Status.UNAUTHORIZED).build(); String tokenAuth = tokenHelper.generateToken(user); return Response.ok(Utils.createMap("success", true, "token", tokenAuth)).build(); } /** * Check if current token is valid * * @param user * @param password * @param request * @return */ @GET @Securable() @Path("/check") @Produces( { MediaType.APPLICATION_JSON }) public Response check(@HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token, @QueryParam("token") String token2) { if (token == null) token = token2; if (token == null) return Response.status(Status.FORBIDDEN).build(); boolean valid = tokenHelper.isTokenValid(token); if (!valid) return Response.status(Status.UNAUTHORIZED).build(); // log.info("Token : " + token); String user = tokenHelper.extractUserFromToken(token); // log.info("Token user: " + user); Date date = tokenHelper.extractDateCreationFromToken(token); // log.info("Token date: " + date); return Response.ok(Utils.createMap("valid", true, "user", user, "date", date)).build(); } @GET @POST @Path("/logout") @Produces( { MediaType.APPLICATION_JSON }) public Response logout(@HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) { if (token == null) Response.status(Status.BAD_REQUEST).build(); String user = tokenHelper.extractUserFromToken(token); log.info("User {} has logged out", user); return Response.ok().build(); } }