From 823a47d31bcd98e3037f7e7457de4a4e82827ece Mon Sep 17 00:00:00 2001 From: BrokenFire Date: Wed, 14 Feb 2018 12:32:56 +0100 Subject: [PATCH] Finish token check --- .../Broken/DB/Repository/UserRepository.java | 1 + .../Broken/RestApi/Data/CommandPostData.java | 1 + .../RestApi/Data/CommandResponseData.java | 7 ++++ .../Broken/RestApi/MusicWebAPIController.java | 38 +++++++++++++++---- .../Exceptions/UnknownTokenException.java | 4 ++ .../Tools/UserManager/UserRegister.java | 18 ++++++--- src/main/resources/static/index.html | 2 +- src/main/resources/static/js/init.js | 8 ++++ src/main/resources/static/js/navabar.js | 8 +++- src/main/resources/templates/music.html | 5 ++- src/main/resources/templates/register.html | 2 +- 11 files changed, 77 insertions(+), 17 deletions(-) create mode 100644 src/main/java/net/Broken/Tools/UserManager/Exceptions/UnknownTokenException.java diff --git a/src/main/java/net/Broken/DB/Repository/UserRepository.java b/src/main/java/net/Broken/DB/Repository/UserRepository.java index 0d7ac63..86d05d5 100644 --- a/src/main/java/net/Broken/DB/Repository/UserRepository.java +++ b/src/main/java/net/Broken/DB/Repository/UserRepository.java @@ -8,4 +8,5 @@ import java.util.List; public interface UserRepository extends CrudRepository{ List findByName(String name); List findByJdaId(String jdaId); + List findByApiToken(String apiToken); } diff --git a/src/main/java/net/Broken/RestApi/Data/CommandPostData.java b/src/main/java/net/Broken/RestApi/Data/CommandPostData.java index bb9a29f..1d73cc5 100644 --- a/src/main/java/net/Broken/RestApi/Data/CommandPostData.java +++ b/src/main/java/net/Broken/RestApi/Data/CommandPostData.java @@ -8,4 +8,5 @@ public class CommandPostData { public int playlistLimit; public String chanelId; public String name; + public String token; } diff --git a/src/main/java/net/Broken/RestApi/Data/CommandResponseData.java b/src/main/java/net/Broken/RestApi/Data/CommandResponseData.java index e78e8c2..ffea0d8 100644 --- a/src/main/java/net/Broken/RestApi/Data/CommandResponseData.java +++ b/src/main/java/net/Broken/RestApi/Data/CommandResponseData.java @@ -6,9 +6,16 @@ import com.fasterxml.jackson.annotation.JsonInclude; public class CommandResponseData { public String Commande; public String Message; + public String error; public CommandResponseData(String commande, String message) { Commande = commande; Message = message; } + + public CommandResponseData(String commande, String message, String error) { + Commande = commande; + Message = message; + this.error = error; + } } diff --git a/src/main/java/net/Broken/RestApi/MusicWebAPIController.java b/src/main/java/net/Broken/RestApi/MusicWebAPIController.java index b693c4e..a0a6e5a 100644 --- a/src/main/java/net/Broken/RestApi/MusicWebAPIController.java +++ b/src/main/java/net/Broken/RestApi/MusicWebAPIController.java @@ -4,23 +4,29 @@ import com.sedmelluq.discord.lavaplayer.player.AudioPlayer; import com.sedmelluq.discord.lavaplayer.track.AudioTrack; import com.sedmelluq.discord.lavaplayer.track.AudioTrackInfo; import net.Broken.Commands.Music; +import net.Broken.DB.Entity.UserEntity; +import net.Broken.DB.Repository.UserRepository; import net.Broken.MainBot; import net.Broken.RestApi.Data.*; import net.Broken.RestApi.Data.UserManager.CheckResposeData; import net.Broken.RestApi.Data.UserManager.UserInfoData; +import net.Broken.Tools.UserManager.Exceptions.UnknownTokenException; import net.Broken.Tools.UserManager.Exceptions.UserNotFoundException; import net.Broken.audio.NotConectedException; import net.Broken.audio.NullMusicManager; import net.dv8tion.jda.core.entities.VoiceChannel; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; +import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; import java.util.List; @@ -32,6 +38,9 @@ public class MusicWebAPIController { Logger logger = LogManager.getLogger(); // @Autowired // public SavedPlaylistRepository savedPlaylist; + @Autowired + UserRepository userRepository; + @RequestMapping("/currentMusicInfo") public CurrentMusicData getCurrentM(){ @@ -68,17 +77,32 @@ public class MusicWebAPIController { } @RequestMapping(value = "/command", method = RequestMethod.POST) - public ResponseEntity command(@RequestBody CommandPostData data){ + public ResponseEntity command(@RequestBody CommandPostData data, HttpServletRequest request){ if(data.command != null) { - logger.info("receive command: " + data.command); - Music musicCommande = (Music) MainBot.commandes.get("music"); + if(data.token != null) { + try { + UserEntity user = MainBot.userRegister.getUserWithApiToken(userRepository, data.token); + logger.info("receive command " + data.command + " from " + request.getRemoteAddr() + " USER: " + user.getName()); + Music musicCommande = (Music) MainBot.commandes.get("music"); - if(ApiCommandLoader.apiCommands.containsKey(data.command)) - return ApiCommandLoader.apiCommands.get(data.command).action(musicCommande,data); - else - return new ResponseEntity<>(new CommandResponseData(data.command,"Unknown Command"), HttpStatus.BAD_REQUEST); + if (ApiCommandLoader.apiCommands.containsKey(data.command)) + return ApiCommandLoader.apiCommands.get(data.command).action(musicCommande, data); + else + return new ResponseEntity<>(new CommandResponseData(data.command, "Unknown Command", "command"), HttpStatus.BAD_REQUEST); + } catch (UnknownTokenException e) { + logger.warn("Command with unknown token from: "+request.getRemoteAddr()); + return new ResponseEntity<>(new CommandResponseData(data.command,"Unknown Token!\nPlease Re-connect.", "token"), HttpStatus.UNAUTHORIZED); + + } + + } + else{ + logger.warn("Command without token! ip: "+ request.getRemoteAddr()); + return new ResponseEntity<>(new CommandResponseData(data.command,"Missing token!\nPlease Re-connect.","token"), HttpStatus.UNAUTHORIZED); + + } } else logger.info("Null"); diff --git a/src/main/java/net/Broken/Tools/UserManager/Exceptions/UnknownTokenException.java b/src/main/java/net/Broken/Tools/UserManager/Exceptions/UnknownTokenException.java new file mode 100644 index 0000000..e72b52e --- /dev/null +++ b/src/main/java/net/Broken/Tools/UserManager/Exceptions/UnknownTokenException.java @@ -0,0 +1,4 @@ +package net.Broken.Tools.UserManager.Exceptions; + +public class UnknownTokenException extends Exception{ +} diff --git a/src/main/java/net/Broken/Tools/UserManager/UserRegister.java b/src/main/java/net/Broken/Tools/UserManager/UserRegister.java index 9654f79..715a218 100644 --- a/src/main/java/net/Broken/Tools/UserManager/UserRegister.java +++ b/src/main/java/net/Broken/Tools/UserManager/UserRegister.java @@ -9,15 +9,13 @@ import net.Broken.RestApi.Data.UserManager.UserInfoData; import net.Broken.Tools.EmbedMessageUtils; import net.Broken.Tools.PrivateMessage; import net.Broken.Tools.ResourceLoader; -import net.Broken.Tools.UserManager.Exceptions.PasswordNotMatchException; -import net.Broken.Tools.UserManager.Exceptions.TokenNotMatch; -import net.Broken.Tools.UserManager.Exceptions.UserAlreadyRegistered; -import net.Broken.Tools.UserManager.Exceptions.UserNotFoundException; +import net.Broken.Tools.UserManager.Exceptions.*; import net.dv8tion.jda.core.entities.MessageEmbed; import net.dv8tion.jda.core.entities.User; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties; +import org.springframework.context.annotation.Bean; import org.springframework.security.crypto.password.PasswordEncoder; import java.security.SecureRandom; @@ -126,11 +124,21 @@ public class UserRegister { } } + public UserEntity getUserWithApiToken(UserRepository userRepository, String token) throws UnknownTokenException { + List users = userRepository.findByApiToken(token); + if(users.size() > 0){ + return users.get(0); + } + else + throw new UnknownTokenException(); + + } + public String generateApiToken(){ return UUID.randomUUID().toString(); } - public String generateCheckToken(){ + private String generateCheckToken(){ SecureRandom random = new SecureRandom(); long longToken = Math.abs( random.nextLong() ); String randomStr = Long.toString( longToken, 16 ); diff --git a/src/main/resources/static/index.html b/src/main/resources/static/index.html index de10685..766b37c 100644 --- a/src/main/resources/static/index.html +++ b/src/main/resources/static/index.html @@ -22,7 +22,7 @@