Lesson4Controller.java

package no.ntnu.idatt2105.l4.demo.web;

import no.ntnu.idatt2105.l4.demo.aop.TokenRequired;
import no.ntnu.idatt2105.l4.demo.model.Meme;
import no.ntnu.idatt2105.l4.demo.service.Lesson4Service;
import no.ntnu.idatt2105.l4.demo.service.SecurityService;
import no.ntnu.idatt2105.l4.demo.service.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.server.ResponseStatusException;

import java.security.Key;
import java.util.*;

@CrossOrigin()
@RestController
public class Lesson4Controller {

    @Autowired
    private Lesson4Service service;

    @Autowired
    private SecurityService securityService;

    @Autowired
    private UserService userService;

    Logger logger = LoggerFactory.getLogger(Lesson4Controller.class);

    @GetMapping("/open")
    public List<Meme> openEndpoint() {
        System.out.println("request til /open motatt");
        return this.service.lesson4Message();
    }

    @TokenRequired
    @GetMapping("/restricted")
    public List<Meme> restrictedEndpoint() {
        System.out.println("request til /restricted mottatt");
        return this.service.lesson4Message();
    }

    @TokenRequired
    @GetMapping("/colors")
    public List<String> restrictedColors() {
        System.out.println("request til /colors mottatt");
        return Arrays.asList("Blue", "Green", "Our Red", "Yellow");
    }

    @ResponseBody
    @RequestMapping("/security/generate/token")
    public Map<String, Object> generateToken(@RequestParam(value="subject") String subject){

        String token = securityService.createToken(subject, (150 * 1000 * 60));

        Map<String, Object> map = new LinkedHashMap<>();
        map.put("result", token);

        return map;
    }

    // Intended to show a possible way of adding the JWT to the header of the response, in stead of just returning it in a map like in generateToken()
    @ResponseBody
    @PostMapping("/login")
    public ResponseEntity<Object> login(@RequestBody String username, @RequestBody String password) {
        System.out.println("request til login mottatt");
        if (userService.isValid(username, password)) {
            String token = "Bearer "+ securityService.createToken(username, 10*100);
            MultiValueMap<String, String> headers = new HttpHeaders(); //HttpHeaders headers = new HttpHeaders();
            headers.add("Authorization", token); // JWT should be in the header of the HTTP response
            headers.add("Access-Control-Expose-Headers", "Authorization");

            System.out.println("returnerer response-entity");
            return new ResponseEntity<Object>(headers, HttpStatus.OK);
        } else
        {
            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Not a valid username/password combo."); // will never occur, since isValid() only returns true
        }
    }
}