feat: Add Token Bearer!

Author: andrefelipebarros

pom.xml

@@ -70,12 +70,13 @@
 		    <artifactId>spring-boot-starter-data-jpa</artifactId>
 		</dependency>
 
+		<!-- JWT Dependencies -->
 		<dependency>
-		    <groupId>io.jsonwebtoken</groupId>
-		    <artifactId>jjwt</artifactId>
-		    <version>0.12.6</version>
+			<groupId>com.auth0</groupId>
+			<artifactId>java-jwt</artifactId>
+			<version>4.5.0</version>
 		</dependency>
-		
+
 		<dependency>
 		    <groupId>org.springframework.boot</groupId>
 		    <artifactId>spring-boot-starter-validation</artifactId>

src/main/java/com/helper/vavahelper/controllers/AuthenticationController.java

@@ -5,46 +5,56 @@
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.helper.vavahelper.models.User.AuthenticationDTO;
+import com.helper.vavahelper.infra.security.TokenService;
 import com.helper.vavahelper.models.User.User;
-import com.helper.vavahelper.models.User.UserRegisterDTO;
+import com.helper.vavahelper.models.User.UserRole;
+import com.helper.vavahelper.models.User.body.AuthenticationDTO;
+import com.helper.vavahelper.models.User.body.LoginResponseDTO;
+import com.helper.vavahelper.models.User.body.UserRegisterDTO;
 import com.helper.vavahelper.repositories.UserRepository;
 
 import jakarta.validation.Valid;
 
 @RestController
 @RequestMapping("auth")
+@CrossOrigin(origins = "*")
 public class AuthenticationController {
-    
-    @Autowired
-    public UserRepository userRepository;
+@Autowired
+    private AuthenticationManager authenticationManager;
 
     @Autowired
-    public AuthenticationManager authenticationManager;
-    
+    private TokenService tokenService;
+
+    @Autowired 
+    private UserRepository repository;
+
     @PostMapping("/login")
-    public ResponseEntity login(@RequestBody @Valid AuthenticationDTO data){
+    public ResponseEntity<LoginResponseDTO> postMethodLogin(@RequestBody @Valid AuthenticationDTO data) {
         var usernamePassword = new UsernamePasswordAuthenticationToken(data.login(), data.password());
         var auth = this.authenticationManager.authenticate(usernamePassword);
 
-        return ResponseEntity.ok().build();
+        var token = tokenService.generateToken((User)auth.getPrincipal());
+
+        return ResponseEntity.ok(new LoginResponseDTO(token));
     }
 
     @PostMapping("/register")
-    public ResponseEntity register(@RequestBody @Valid UserRegisterDTO data){
-        if(this.userRepository.findByLogin(data.login()) != null) return ResponseEntity.badRequest().build();
+    public ResponseEntity<String> postMethodRegister(@RequestBody @Valid UserRegisterDTO data){
 
-        String encryptedPassword = new BCryptPasswordEncoder().encode(data.password());
-        User newUser = new User(data.login(), encryptedPassword, data.role());
+        if(repository.findByLogin(data.login()) != null) return ResponseEntity
+        .badRequest().body("Username already taken.");
 
-        this.userRepository.save(newUser);
+        String encryptedPassword = new BCryptPasswordEncoder().encode(data.password());
+        UserRole role = (data.role() == null) ? UserRole.USER : data.role();
 
-        return ResponseEntity.ok().build();
+        User newUser = new User(data.login(), encryptedPassword, role);
+        this.repository.save(newUser);
+        return ResponseEntity.ok("User registered successfully.");
     }
 }

src/main/java/com/helper/vavahelper/infra/security/SecurityConfiguration.java

@@ -19,11 +19,11 @@ public class SecurityConfiguration {
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception{
         return httpSecurity
+                .cors(cors -> cors.and())
                 .csrf(csrf -> csrf.disable())
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(authorize -> authorize
-                    .requestMatchers(HttpMethod.POST, "/auth/login").permitAll()
-                    .requestMatchers(HttpMethod.POST, "/auth/register").permitAll()
+                    .requestMatchers(HttpMethod.POST, "auth/**").permitAll()
                     .requestMatchers("/h2/**").permitAll()
                     .anyRequest().authenticated()
                 )

src/main/java/com/helper/vavahelper/infra/security/SecurityFilter.java

@@ -0,0 +1,44 @@
+package com.helper.vavahelper.infra.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import com.helper.vavahelper.repositories.UserRepository;
+
+import java.io.IOException;
+@Component
+public class SecurityFilter extends OncePerRequestFilter{
+    @Autowired
+    TokenService tokenService;
+    
+    @Autowired
+    UserRepository userRepository;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        var token = this.recoverToken(request);
+        if(token != null){
+            var login = tokenService.validateToken(token);
+            UserDetails user = userRepository.findByLogin(login);
+
+            var authentication = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    private String recoverToken(HttpServletRequest request){
+        var authHeader = request.getHeader("Authorization");
+        if(authHeader == null) return null;
+        return authHeader.replace("Bearer ", "");
+    }
+}
+

src/main/java/com/helper/vavahelper/infra/security/TokenService.java

@@ -0,0 +1,56 @@
+package com.helper.vavahelper.infra.security;
+
+import java.time.Instant;
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+
+import org.springframework.beans.factory.annotation.Value;
+
+import org.springframework.stereotype.Service;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.JWTCreationException;
+import com.auth0.jwt.exceptions.JWTVerificationException;
+import com.helper.vavahelper.models.User.User;
+
+
+
+@Service
+public class TokenService {
+
+    @Value("${api.security.token.secret}")
+    private String secret;
+
+
+    public String generateToken(User user){
+        try {
+            Algorithm algorithm = Algorithm.HMAC256(secret);
+            String token = JWT.create()
+            .withIssuer("auth-api")
+            .withSubject(user.getUsername())
+            .withExpiresAt(getExpirationDate())
+            .sign(algorithm);
+        return token;
+        } catch (JWTCreationException e) {
+            throw new RuntimeException("Error while generating token.", e);
+        }
+    }
+
+    public String validateToken(String token){
+        try {
+            Algorithm algorithm = Algorithm.HMAC256(secret);
+            return JWT.require(algorithm)
+                    .withIssuer("auth-api")
+                    .build()
+                    .verify(token)
+                    .getSubject();
+        } catch (JWTVerificationException exception){
+            return "";
+        }
+    }
+
+    private Instant getExpirationDate(){
+        return LocalDateTime.now().plusHours(2).toInstant(ZoneOffset.of("-03:00"));
+    }
+}

src/main/java/com/helper/vavahelper/models/User/User.java

@@ -24,10 +24,10 @@ public class User implements UserDetails {
     @Id
     @GeneratedValue(strategy = GenerationType.UUID)
     private String id;
+    private UserRole role;
     private String login;
     private String password;
-    private UserRole role;
-
+    
     //Constructor
     public User(String login, String password, UserRole role){
         this.login = login;

src/main/java/com/helper/vavahelper/models/User/UserRegisterDTO.java

@@ -1,4 +1,4 @@
-package com.helper.vavahelper.models.User;
+package com.helper.vavahelper.models.User.body;
 
 public record AuthenticationDTO(String login, String password) {
 

…elper/models/User/AuthenticationDTO.java …/models/User/body/AuthenticationDTO.javasrc/main/java/com/helper/vavahelper/models/User/AuthenticationDTO.java renamed to src/main/java/com/helper/vavahelper/models/User/body/AuthenticationDTO.java src/main/java/com/helper/vavahelper/models/User/AuthenticationDTO.java renamed to src/main/java/com/helper/vavahelper/models/User/body/AuthenticationDTO.java

@@ -0,0 +1,4 @@
+package com.helper.vavahelper.models.User.body;
+
+//Token Response:
+public record LoginResponseDTO(String token) {}

src/main/java/com/helper/vavahelper/models/User/body/LoginResponseDTO.java

@@ -0,0 +1,7 @@
+package com.helper.vavahelper.models.User.body;
+
+import com.helper.vavahelper.models.User.UserRole;
+
+public record UserRegisterDTO(String login, String password, UserRole role) {
+    
+}