From 823a47d31bcd98e3037f7e7457de4a4e82827ece Mon Sep 17 00:00:00 2001
From: BrokenFire <seb6596@gmail.com>
Date: Wed, 14 Feb 2018 12:32:56 +0100
Subject: [PATCH] Finish token check

---
 .../Broken/DB/Repository/UserRepository.java  |  1 +
 .../Broken/RestApi/Data/CommandPostData.java  |  1 +
 .../RestApi/Data/CommandResponseData.java     |  7 ++++
 .../Broken/RestApi/MusicWebAPIController.java | 38 +++++++++++++++----
 .../Exceptions/UnknownTokenException.java     |  4 ++
 .../Tools/UserManager/UserRegister.java       | 18 ++++++---
 src/main/resources/static/index.html          |  2 +-
 src/main/resources/static/js/init.js          |  8 ++++
 src/main/resources/static/js/navabar.js       |  8 +++-
 src/main/resources/templates/music.html       |  5 ++-
 src/main/resources/templates/register.html    |  2 +-
 11 files changed, 77 insertions(+), 17 deletions(-)
 create mode 100644 src/main/java/net/Broken/Tools/UserManager/Exceptions/UnknownTokenException.java

diff --git a/src/main/java/net/Broken/DB/Repository/UserRepository.java b/src/main/java/net/Broken/DB/Repository/UserRepository.java
index 0d7ac63..86d05d5 100644
--- a/src/main/java/net/Broken/DB/Repository/UserRepository.java
+++ b/src/main/java/net/Broken/DB/Repository/UserRepository.java
@@ -8,4 +8,5 @@ import java.util.List;
 public interface UserRepository extends CrudRepository<UserEntity, Integer>{
     List<UserEntity> findByName(String name);
     List<UserEntity> findByJdaId(String jdaId);
+    List<UserEntity> findByApiToken(String apiToken);
 }
diff --git a/src/main/java/net/Broken/RestApi/Data/CommandPostData.java b/src/main/java/net/Broken/RestApi/Data/CommandPostData.java
index bb9a29f..1d73cc5 100644
--- a/src/main/java/net/Broken/RestApi/Data/CommandPostData.java
+++ b/src/main/java/net/Broken/RestApi/Data/CommandPostData.java
@@ -8,4 +8,5 @@ public class CommandPostData {
     public int playlistLimit;
     public String chanelId;
     public String name;
+    public String token;
 }
diff --git a/src/main/java/net/Broken/RestApi/Data/CommandResponseData.java b/src/main/java/net/Broken/RestApi/Data/CommandResponseData.java
index e78e8c2..ffea0d8 100644
--- a/src/main/java/net/Broken/RestApi/Data/CommandResponseData.java
+++ b/src/main/java/net/Broken/RestApi/Data/CommandResponseData.java
@@ -6,9 +6,16 @@ import com.fasterxml.jackson.annotation.JsonInclude;
 public class CommandResponseData {
     public String Commande;
     public String Message;
+    public String error;
 
     public CommandResponseData(String commande, String message) {
         Commande = commande;
         Message = message;
     }
+
+    public CommandResponseData(String commande, String message, String error) {
+        Commande = commande;
+        Message = message;
+        this.error = error;
+    }
 }
diff --git a/src/main/java/net/Broken/RestApi/MusicWebAPIController.java b/src/main/java/net/Broken/RestApi/MusicWebAPIController.java
index b693c4e..a0a6e5a 100644
--- a/src/main/java/net/Broken/RestApi/MusicWebAPIController.java
+++ b/src/main/java/net/Broken/RestApi/MusicWebAPIController.java
@@ -4,23 +4,29 @@ import com.sedmelluq.discord.lavaplayer.player.AudioPlayer;
 import com.sedmelluq.discord.lavaplayer.track.AudioTrack;
 import com.sedmelluq.discord.lavaplayer.track.AudioTrackInfo;
 import net.Broken.Commands.Music;
+import net.Broken.DB.Entity.UserEntity;
+import net.Broken.DB.Repository.UserRepository;
 import net.Broken.MainBot;
 import net.Broken.RestApi.Data.*;
 import net.Broken.RestApi.Data.UserManager.CheckResposeData;
 import net.Broken.RestApi.Data.UserManager.UserInfoData;
+import net.Broken.Tools.UserManager.Exceptions.UnknownTokenException;
 import net.Broken.Tools.UserManager.Exceptions.UserNotFoundException;
 import net.Broken.audio.NotConectedException;
 import net.Broken.audio.NullMusicManager;
 import net.dv8tion.jda.core.entities.VoiceChannel;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -32,6 +38,9 @@ public class MusicWebAPIController {
     Logger logger = LogManager.getLogger();
 //    @Autowired
 //    public SavedPlaylistRepository savedPlaylist;
+    @Autowired
+    UserRepository userRepository;
+
 
     @RequestMapping("/currentMusicInfo")
     public CurrentMusicData getCurrentM(){
@@ -68,17 +77,32 @@ public class MusicWebAPIController {
     }
 
     @RequestMapping(value = "/command", method = RequestMethod.POST)
-    public ResponseEntity<CommandResponseData> command(@RequestBody CommandPostData data){
+    public ResponseEntity<CommandResponseData> command(@RequestBody CommandPostData data, HttpServletRequest request){
 
         if(data.command != null) {
-            logger.info("receive command: " + data.command);
-            Music musicCommande = (Music) MainBot.commandes.get("music");
+            if(data.token != null) {
+                try {
+                    UserEntity user = MainBot.userRegister.getUserWithApiToken(userRepository, data.token);
+                    logger.info("receive command " + data.command + " from " + request.getRemoteAddr() + " USER: " + user.getName());
+                    Music musicCommande = (Music) MainBot.commandes.get("music");
 
-            if(ApiCommandLoader.apiCommands.containsKey(data.command))
-                return ApiCommandLoader.apiCommands.get(data.command).action(musicCommande,data);
-            else
-                return new ResponseEntity<>(new CommandResponseData(data.command,"Unknown Command"), HttpStatus.BAD_REQUEST);
+                    if (ApiCommandLoader.apiCommands.containsKey(data.command))
+                        return ApiCommandLoader.apiCommands.get(data.command).action(musicCommande, data);
+                    else
+                        return new ResponseEntity<>(new CommandResponseData(data.command, "Unknown Command", "command"), HttpStatus.BAD_REQUEST);
 
+                } catch (UnknownTokenException e) {
+                    logger.warn("Command with unknown token from: "+request.getRemoteAddr());
+                    return new ResponseEntity<>(new CommandResponseData(data.command,"Unknown Token!\nPlease Re-connect.", "token"), HttpStatus.UNAUTHORIZED);
+
+                }
+
+            }
+            else{
+                logger.warn("Command without token! ip: "+ request.getRemoteAddr());
+                return new ResponseEntity<>(new CommandResponseData(data.command,"Missing token!\nPlease Re-connect.","token"), HttpStatus.UNAUTHORIZED);
+
+            }
         }
         else
             logger.info("Null");
diff --git a/src/main/java/net/Broken/Tools/UserManager/Exceptions/UnknownTokenException.java b/src/main/java/net/Broken/Tools/UserManager/Exceptions/UnknownTokenException.java
new file mode 100644
index 0000000..e72b52e
--- /dev/null
+++ b/src/main/java/net/Broken/Tools/UserManager/Exceptions/UnknownTokenException.java
@@ -0,0 +1,4 @@
+package net.Broken.Tools.UserManager.Exceptions;
+
+public class UnknownTokenException extends Exception{
+}
diff --git a/src/main/java/net/Broken/Tools/UserManager/UserRegister.java b/src/main/java/net/Broken/Tools/UserManager/UserRegister.java
index 9654f79..715a218 100644
--- a/src/main/java/net/Broken/Tools/UserManager/UserRegister.java
+++ b/src/main/java/net/Broken/Tools/UserManager/UserRegister.java
@@ -9,15 +9,13 @@ import net.Broken.RestApi.Data.UserManager.UserInfoData;
 import net.Broken.Tools.EmbedMessageUtils;
 import net.Broken.Tools.PrivateMessage;
 import net.Broken.Tools.ResourceLoader;
-import net.Broken.Tools.UserManager.Exceptions.PasswordNotMatchException;
-import net.Broken.Tools.UserManager.Exceptions.TokenNotMatch;
-import net.Broken.Tools.UserManager.Exceptions.UserAlreadyRegistered;
-import net.Broken.Tools.UserManager.Exceptions.UserNotFoundException;
+import net.Broken.Tools.UserManager.Exceptions.*;
 import net.dv8tion.jda.core.entities.MessageEmbed;
 import net.dv8tion.jda.core.entities.User;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
+import org.springframework.context.annotation.Bean;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 import java.security.SecureRandom;
@@ -126,11 +124,21 @@ public class UserRegister {
         }
     }
 
+    public UserEntity getUserWithApiToken(UserRepository userRepository, String token) throws UnknownTokenException {
+        List<UserEntity> users = userRepository.findByApiToken(token);
+        if(users.size() > 0){
+            return users.get(0);
+        }
+        else
+            throw new UnknownTokenException();
+
+    }
+
     public String generateApiToken(){
         return UUID.randomUUID().toString();
     }
 
-    public String generateCheckToken(){
+    private String generateCheckToken(){
         SecureRandom random = new SecureRandom();
         long longToken = Math.abs( random.nextLong() );
         String randomStr = Long.toString( longToken, 16 );
diff --git a/src/main/resources/static/index.html b/src/main/resources/static/index.html
index de10685..766b37c 100644
--- a/src/main/resources/static/index.html
+++ b/src/main/resources/static/index.html
@@ -22,7 +22,7 @@
 <!--__________________________________________________________-->
 <nav class="blue-grey darken-4 z-depth-3" role="navigation">
     <div class="nav-wrapper container">
-        <a id="logo-container" href="#" class="brand-logo">Discord Bot</a>
+        <a id="logo-container" href="/" class="brand-logo">Discord Bot</a>
         <ul class="right hide-on-med-and-down">
 
             <li class="active">
diff --git a/src/main/resources/static/js/init.js b/src/main/resources/static/js/init.js
index b608bce..99fde47 100644
--- a/src/main/resources/static/js/init.js
+++ b/src/main/resources/static/js/init.js
@@ -31,6 +31,8 @@ $(document).ready(function() {
             case "PAUSE":
                 sendCommand({ command: "PLAY"})
                 break;
+            default:
+                sendCommand({command: "PLAY"})
         }
         
     });
@@ -419,6 +421,7 @@ function updateControl(data){
 
 function sendCommand(command){
     command["token"] = Cookies.get('token');
+    console.log(command)
     $.ajax({
         type: "POST",
         dataType: 'json',
@@ -432,6 +435,11 @@ function sendCommand(command){
     }).fail(function (data) {
         console.log(data);
         alert(data.responseJSON.Message);
+        if(data.responseJSON.error === "token"){
+            Cookies.remove('token');
+            Cookies.remove('name');
+            location.reload();
+        }
     });
 }
 
diff --git a/src/main/resources/static/js/navabar.js b/src/main/resources/static/js/navabar.js
index 38e7067..408c1ff 100644
--- a/src/main/resources/static/js/navabar.js
+++ b/src/main/resources/static/js/navabar.js
@@ -1,6 +1,6 @@
 var nav_bar_account_link;
 var connected_link = "<a class=\"dropdown-account\" data-activates=\"dropdown_connected\"><i class=\"material-icons green-text\">account_box</i></a>";
-var disconnected_link = "<a class=\"waves-effect waves-light modal-trigger\" href=\".modal_connection\"><i class=\"material-icons red-text\">account_box</i></a>";
+var disconnected_link = "<a class=\"waves-effect waves-light modal-trigger\" href=\"#modal_connection\"><i class=\"material-icons red-text\">account_box</i></a>";
 var input_name;
 var input_psw;
 var btn_submit;
@@ -66,7 +66,11 @@ function connected(){
 function disconnected() {
     console.log("Disconnected");
     nav_bar_account_link.html(disconnected_link);
-    $('.modal').modal();
+    var modalConnection = $('#modal_connection');
+    modalConnection.modal();
+    if(needLogin !== undefined){
+        modalConnection.modal('open');
+    }
 
 }
 
diff --git a/src/main/resources/templates/music.html b/src/main/resources/templates/music.html
index 779b695..3cdb65a 100644
--- a/src/main/resources/templates/music.html
+++ b/src/main/resources/templates/music.html
@@ -23,7 +23,7 @@
 <!--__________________________________________________________-->
 <nav class="blue-grey darken-4 z-depth-3" role="navigation">
     <div class="nav-wrapper container">
-        <a id="logo-container" href="#" class="brand-logo">Discord Bot</a>
+        <a id="logo-container" href="/" class="brand-logo">Discord Bot</a>
         <ul class="right hide-on-med-and-down">
 
             <li class="">
@@ -292,6 +292,9 @@
 <script src="https://code.jquery.com/jquery-2.1.1.min.js"></script>
 <script src="js/materialize.js"></script>
 <script src="js/init.js"></script>
+<script>
+    var needLogin = true;
+</script>
 <script src="js/navabar.js"></script>
 <script src="js/js.cookie.js"></script>
 
diff --git a/src/main/resources/templates/register.html b/src/main/resources/templates/register.html
index b00a940..13d5b1d 100644
--- a/src/main/resources/templates/register.html
+++ b/src/main/resources/templates/register.html
@@ -21,7 +21,7 @@
     <!--__________________________________________________________-->
     <nav class="blue-grey darken-4 z-depth-3" role="navigation">
         <div class="nav-wrapper container">
-            <a id="logo-container" href="#" class="brand-logo">Discord Bot</a>
+            <a id="logo-container" href="/" class="brand-logo">Discord Bot</a>
             <ul class="right hide-on-med-and-down">
 
                 <li class="">