package net.curisit.securis.services; import java.net.URI; import java.util.Date; import javax.inject.Inject; import javax.inject.Singleton; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.FormParam; import javax.ws.rs.GET; import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.UriBuilder; import net.curisit.integrity.commons.Utils; import net.curisit.securis.security.Securable; import net.curisit.securis.utils.TokenHelper; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; /** * Basic services for login and basic app wrkflow * * @author roberto */ @Path("/") @Singleton public class BasicServices { private static final Logger LOG = LogManager.getLogger(BasicServices.class); @Inject TokenHelper tokenHelper; @Inject public BasicServices() { } @GET @Path("/info") @Produces({ MediaType.TEXT_PLAIN }) public Response info(@Context HttpServletRequest request) { return Response.ok().entity("License server running OK. Date: " + new Date()).build(); } @GET @Path("/{module:(admin)|(login)|(licenses)}") @Produces({ MediaType.TEXT_HTML }) public Response init(@PathParam("module") String module, @Context HttpServletRequest request) { LOG.info("App index main.html"); String page = "/main.html"; URI uri = UriBuilder.fromUri(page).build(); return Response.seeOther(uri).build(); } @POST @Path("/login") @Produces({ MediaType.APPLICATION_JSON }) public Response login(@FormParam("username") String user, @FormParam("password") String password, @Context HttpServletRequest request) { LOG.info("index session: " + request.getSession()); LOG.info("user: {}, pass: {}", user, password); LOG.info("is user in role: {} == {} ? ", "advance", request.isUserInRole("advance")); if ("no".equals(password)) { // TODO: Code to text exception handling return Response.status(Status.UNAUTHORIZED).build(); } String tokenAuth = tokenHelper.generateToken(user); return Response.ok(Utils.createMap("success", true, "token", tokenAuth)).build(); } /** * Check if current token is valid * * @param user * @param password * @param request * @return */ @GET @Securable() @Path("/check") @Produces({ MediaType.APPLICATION_JSON }) public Response check(@HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token, @QueryParam("token") String token2) { if (token == null) { token = token2; } if (token == null) { return Response.status(Status.FORBIDDEN).build(); } boolean valid = tokenHelper.isTokenValid(token); if (!valid) { return Response.status(Status.UNAUTHORIZED).build(); } String user = tokenHelper.extractUserFromToken(token); Date date = tokenHelper.extractDateCreationFromToken(token); return Response.ok(Utils.createMap("valid", true, "user", user, "date", date)).build(); } @GET @POST @Path("/logout") @Produces({ MediaType.APPLICATION_JSON }) public Response logout(@HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) { if (token == null) { Response.status(Status.BAD_REQUEST).build(); } String user = tokenHelper.extractUserFromToken(token); LOG.info("User {} has logged out", user); return Response.ok().build(); } }