diff --git a/src/main/java/com/satwik/splitora/configuration/filter/SecurityFilter.java b/src/main/java/com/satwik/splitora/configuration/filter/SecurityFilter.java index 4ff934a..ca64667 100644 --- a/src/main/java/com/satwik/splitora/configuration/filter/SecurityFilter.java +++ b/src/main/java/com/satwik/splitora/configuration/filter/SecurityFilter.java @@ -7,6 +7,7 @@ import com.satwik.splitora.configuration.security.LoggedInUser; import com.satwik.splitora.constants.SecurityConstants; import com.satwik.splitora.constants.enums.ErrorCode; +import com.satwik.splitora.constants.enums.UserRole; import com.satwik.splitora.persistence.dto.ErrorDetails; import com.satwik.splitora.persistence.dto.ErrorResponseModel; import com.satwik.splitora.repository.UserRepository; @@ -19,6 +20,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; @@ -28,6 +30,9 @@ import java.io.IOException; import java.text.MessageFormat; +import java.util.Arrays; +import java.util.Collections; +import java.util.UUID; @Slf4j @Component @@ -76,6 +81,10 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse // get the user email using the token String userEmail = jwtUtil.getUserEmail(token); + // get the user id using the token + UUID userId = UUID.fromString(jwtUtil.getUserId(token)); + // get the user role using the token + String userRole = jwtUtil.getUserRole(token); // username should not be empty, cont-auth must be empty if (userEmail != null && SecurityContextHolder.getContext().getAuthentication() == null) { @@ -87,13 +96,16 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse boolean isValid = jwtUtil.validateToken(token, userDetails); if (isValid) { - UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(userEmail, null, userDetails.getAuthorities()); + + UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(userEmail, null, Collections.singletonList(new SimpleGrantedAuthority(userRole))); authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); SecurityContextHolder.getContext().setAuthentication(authToken); loggedInUser.setUserEmail(userEmail); + loggedInUser.setUserId(userId); + loggedInUser.setRole(UserRole.fromString(userRole)); } } } catch (Exception e) { diff --git a/src/main/java/com/satwik/splitora/configuration/jwt/JwtUtil.java b/src/main/java/com/satwik/splitora/configuration/jwt/JwtUtil.java index 90907ec..8f34270 100644 --- a/src/main/java/com/satwik/splitora/configuration/jwt/JwtUtil.java +++ b/src/main/java/com/satwik/splitora/configuration/jwt/JwtUtil.java @@ -4,8 +4,7 @@ import com.satwik.splitora.exception.RefreshTokenInvalidException; import com.satwik.splitora.persistence.entities.User; import io.jsonwebtoken.*; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; @@ -14,10 +13,10 @@ import java.util.HashMap; import java.util.Map; +@Slf4j @Component public class JwtUtil { - private static final Logger log = LoggerFactory.getLogger(JwtUtil.class); // secret key for access token @Value("${jwt.access.secretKey}") private String ACCESS_SECRET_KEY; @@ -33,33 +32,44 @@ public class JwtUtil { // generate access token method public String generateAccessToken(User user) { - Map extraClaims = new HashMap<>(); - extraClaims.put("role", "REGULAR_USER"); - return buildToken(user, extraClaims, ACCESS_SECRET_KEY, ACCESS_TOKEN_EXP_TIME); + return buildToken(user, ACCESS_SECRET_KEY, ACCESS_TOKEN_EXP_TIME); } - public String buildToken(User user, Map extraClaims, String secretKey, Long expirationTime) { - Date issuedAt = new Date(System.currentTimeMillis()); - extraClaims.put("userId", user.getId()); - return Jwts.builder() - .setSubject(user.getEmail()) - .setIssuedAt(issuedAt) - .addClaims(extraClaims) - .setIssuer("com.splitora.app") - .setExpiration(new Date((expirationTime * 60 * 1000) + issuedAt.getTime())) - .signWith(SignatureAlgorithm.HS512, secretKey) - .compact(); + public String buildToken(User user, String secretKey, Long expirationTime) { + try { + Date issuedAt = new Date(System.currentTimeMillis()); + Map extraClaims = new HashMap<>(); + extraClaims.put("userId", user.getId()); + extraClaims.put("role", user.getUserRole()); + return Jwts.builder() + .setSubject(user.getEmail()) + .setIssuedAt(issuedAt) + .addClaims(extraClaims) + .setIssuer("com.splitora.app") + .setExpiration(new Date((expirationTime * 60 * 1000) + issuedAt.getTime())) + .signWith(SignatureAlgorithm.HS512, secretKey) + .compact(); + } catch (Exception e) { + // Log the error message + log.info("Error while generating token: {}", e.getMessage()); + throw new RuntimeException("Error while generating token: " + e.getMessage()); + } } // generate refresh token method public String generateRefreshToken(User user) { - return buildToken(user, new HashMap<>(), REFRESH_SECRET_KEY, REFRESH_TOKEN_EXP_TIME); + return buildToken(user, REFRESH_SECRET_KEY, REFRESH_TOKEN_EXP_TIME); } // get claims private Claims getClaims(String token, String secretKey) { return Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody(); } + + public String getUserId(String token) { + return getClaims(token, ACCESS_SECRET_KEY).get("userId").toString(); + } + public Claims getClaimsOfAccessToken(String accessToken) { try { return getClaims(accessToken, ACCESS_SECRET_KEY); @@ -102,4 +112,8 @@ public boolean validateToken(String token, UserDetails userDetails) { String email = getUserEmail(token); return email != null && email.equals(userDetails.getUsername()) && !isTokenExp(token); } + + public String getUserRole(String token) { + return getClaimsOfAccessToken(token).get("role").toString(); + } } diff --git a/src/main/java/com/satwik/splitora/configuration/security/LoggedInUser.java b/src/main/java/com/satwik/splitora/configuration/security/LoggedInUser.java index c624e8f..b2e65b1 100644 --- a/src/main/java/com/satwik/splitora/configuration/security/LoggedInUser.java +++ b/src/main/java/com/satwik/splitora/configuration/security/LoggedInUser.java @@ -1,10 +1,13 @@ package com.satwik.splitora.configuration.security; +import com.satwik.splitora.constants.enums.UserRole; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; import org.springframework.stereotype.Component; +import java.util.UUID; + @Data @AllArgsConstructor @NoArgsConstructor @@ -12,6 +15,10 @@ public class LoggedInUser { private String userEmail; - private String userId; + private UUID userId; + private UserRole role; + public boolean hasRole(UserRole role) { + return this.role.equals(role); + } } diff --git a/src/main/java/com/satwik/splitora/configuration/security/SecurityConfiguration.java b/src/main/java/com/satwik/splitora/configuration/security/SecurityConfiguration.java index 7ae5e2e..073229a 100644 --- a/src/main/java/com/satwik/splitora/configuration/security/SecurityConfiguration.java +++ b/src/main/java/com/satwik/splitora/configuration/security/SecurityConfiguration.java @@ -10,6 +10,7 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -21,6 +22,7 @@ @Configuration @EnableWebSecurity +@EnableMethodSecurity(prePostEnabled = true) public class SecurityConfiguration { @Autowired @@ -54,6 +56,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .requestMatchers(HttpMethod.GET, "/api/v1/health/ping").permitAll() .requestMatchers(HttpMethod.GET, "/v3/api-docs/**").permitAll() .requestMatchers(HttpMethod.GET, "/swagger-ui/**").permitAll() + .requestMatchers(HttpMethod.GET, "/api/v1/admin**").hasAuthority("ADMIN") .anyRequest().authenticated() ).addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class); diff --git a/src/main/java/com/satwik/splitora/constants/enums/UserRole.java b/src/main/java/com/satwik/splitora/constants/enums/UserRole.java new file mode 100644 index 0000000..e1e6b17 --- /dev/null +++ b/src/main/java/com/satwik/splitora/constants/enums/UserRole.java @@ -0,0 +1,15 @@ +package com.satwik.splitora.constants.enums; + +public enum UserRole { + USER, + ADMIN, + TESTER; + + public static UserRole fromString(String role) { + try { + return UserRole.valueOf(role.toUpperCase()); + } catch (IllegalArgumentException e) { + throw new IllegalArgumentException("Invalid role: " + role); + } + } +} diff --git a/src/main/java/com/satwik/splitora/controller/AdminController.java b/src/main/java/com/satwik/splitora/controller/AdminController.java new file mode 100644 index 0000000..e9b246b --- /dev/null +++ b/src/main/java/com/satwik/splitora/controller/AdminController.java @@ -0,0 +1,18 @@ +package com.satwik.splitora.controller; + +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequestMapping("/api/v1/admin") +public class AdminController { + + // TODO : work is needed for admin + + @GetMapping + public ResponseEntity getAdminPage() { + return ResponseEntity.ok("Welcome to the admin page!"); + } +} diff --git a/src/main/java/com/satwik/splitora/exception/ApiExceptionHandler.java b/src/main/java/com/satwik/splitora/exception/ApiExceptionHandler.java index 409aaf8..915fe7c 100644 --- a/src/main/java/com/satwik/splitora/exception/ApiExceptionHandler.java +++ b/src/main/java/com/satwik/splitora/exception/ApiExceptionHandler.java @@ -7,11 +7,10 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.AccessDeniedException; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RestControllerAdvice; -import java.nio.file.AccessDeniedException; - @Slf4j @RestControllerAdvice public class ApiExceptionHandler { @@ -60,7 +59,7 @@ public ResponseEntity handleFailedToSaveException(FailedToSa } @ExceptionHandler(AccessDeniedException.class) - public ResponseEntity handleAccessDeniedException(FailedToSaveException ex) { + public ResponseEntity handleAccessDeniedException(AccessDeniedException ex) { log.info("AccessDeniedException occurred: ", ex); ErrorResponseModel errorResponse = ResponseUtil.error("Access Denied", HttpStatus.FORBIDDEN, new ErrorDetails( ErrorCode.ACCESS_DENIED.getCode(), diff --git a/src/main/java/com/satwik/splitora/persistence/entities/User.java b/src/main/java/com/satwik/splitora/persistence/entities/User.java index 8deb76b..a44ef7f 100644 --- a/src/main/java/com/satwik/splitora/persistence/entities/User.java +++ b/src/main/java/com/satwik/splitora/persistence/entities/User.java @@ -1,6 +1,7 @@ package com.satwik.splitora.persistence.entities; import com.satwik.splitora.constants.enums.RegistrationMethod; +import com.satwik.splitora.constants.enums.UserRole; import jakarta.persistence.*; import lombok.*; @@ -12,7 +13,9 @@ @NoArgsConstructor @AllArgsConstructor @Entity -@Table(name = "user") +@Table(name = "user", uniqueConstraints = { + @UniqueConstraint(columnNames = {"phone_country_code", "phone_number"}) +}) public class User extends BaseEntity { @Column(name = "username", unique = true) @@ -34,6 +37,10 @@ public class User extends BaseEntity { @Column(name = "registrationMethod") private RegistrationMethod registrationMethod; + @Enumerated(EnumType.STRING) + @Column(name = "user_role", nullable = false, length = 20) + private UserRole userRole; + @OneToMany(mappedBy = "payer", fetch = FetchType.LAZY, cascade = CascadeType.ALL, orphanRemoval = true) private List expenseList; diff --git a/src/main/java/com/satwik/splitora/service/implementations/AuthorizationService.java b/src/main/java/com/satwik/splitora/service/implementations/AuthorizationService.java index 4a9bf17..356311b 100644 --- a/src/main/java/com/satwik/splitora/service/implementations/AuthorizationService.java +++ b/src/main/java/com/satwik/splitora/service/implementations/AuthorizationService.java @@ -1,13 +1,20 @@ package com.satwik.splitora.service.implementations; import com.satwik.splitora.configuration.security.LoggedInUser; +import com.satwik.splitora.constants.enums.UserRole; import com.satwik.splitora.exception.DataNotFoundException; +import com.satwik.splitora.persistence.entities.Expense; +import com.satwik.splitora.persistence.entities.Group; import com.satwik.splitora.persistence.entities.User; +import com.satwik.splitora.repository.ExpenseRepository; +import com.satwik.splitora.repository.GroupRepository; import com.satwik.splitora.repository.UserRepository; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; -@Service +import java.util.UUID; + +@Component("authorizationService") public class AuthorizationService { @Autowired @@ -16,8 +23,33 @@ public class AuthorizationService { @Autowired UserRepository userRepository; + @Autowired + GroupRepository groupRepository; + + @Autowired + ExpenseRepository expenseRepository; + public User getAuthorizedUser() { return userRepository.findByEmail(loggedInUser.getUserEmail()).orElseThrow(() -> new DataNotFoundException("User not found")); } + + public boolean isGroupOwner(UUID groupId) { + if (loggedInUser.hasRole(UserRole.ADMIN)) + return true; + + Group group = groupRepository.findById(groupId).orElseThrow(() -> new DataNotFoundException("Group not found")); + UUID ownerId = group.getUser().getId(); + return loggedInUser.getUserId().equals(ownerId); + } + + public boolean isExpenseOwner(UUID expenseId) { + if (loggedInUser.hasRole(UserRole.ADMIN)) + return true; + + Expense expense = expenseRepository.findById(expenseId).orElseThrow(() -> new DataNotFoundException("Expense not found")); + UUID ownerId = expense.getPayer().getId(); + return loggedInUser.getUserId().equals(ownerId); + } + } diff --git a/src/main/java/com/satwik/splitora/service/implementations/CustomUserDetailsService.java b/src/main/java/com/satwik/splitora/service/implementations/CustomUserDetailsService.java index b902b59..b4cc175 100644 --- a/src/main/java/com/satwik/splitora/service/implementations/CustomUserDetailsService.java +++ b/src/main/java/com/satwik/splitora/service/implementations/CustomUserDetailsService.java @@ -20,7 +20,7 @@ public UserDetails loadUserByUsername(String email) throws UsernameNotFoundExcep return org.springframework.security.core.userdetails.User.builder() .username(user.getEmail()) .password(user.getPassword()) - .roles("USER") + .roles(user.getUserRole().toString()) .build(); } } diff --git a/src/main/java/com/satwik/splitora/service/implementations/ExpenseServiceImpl.java b/src/main/java/com/satwik/splitora/service/implementations/ExpenseServiceImpl.java index f397c34..e6cc4eb 100644 --- a/src/main/java/com/satwik/splitora/service/implementations/ExpenseServiceImpl.java +++ b/src/main/java/com/satwik/splitora/service/implementations/ExpenseServiceImpl.java @@ -9,6 +9,7 @@ import com.satwik.splitora.service.interfaces.ExpenseService; import jakarta.transaction.Transactional; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Service; import java.util.ArrayList; @@ -39,6 +40,7 @@ public class ExpenseServiceImpl implements ExpenseService { @Override @Transactional + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public ExpenseDTO createGroupedExpense(UUID groupId, ExpenseDTO expenseDTO) { User payer = expenseDTO.getPayerId() != null ? userRepository.findById(expenseDTO.getPayerId()).orElseThrow(() -> new DataNotFoundException("Payer not found!")) : authorizationService.getAuthorizedUser(); @@ -92,6 +94,7 @@ public ExpenseDTO createNonGroupedExpense(ExpenseDTO expenseDTO) { @Override @Transactional + @PreAuthorize("@authorizationService.isExpenseOwner(#expenseId)") public String deleteExpenseById(UUID expenseId) { expenseRepository.deleteById(expenseId); return "Expense is deleted successfully!"; @@ -99,6 +102,7 @@ public String deleteExpenseById(UUID expenseId) { @Override @Transactional + @PreAuthorize("@authorizationService.isExpenseOwner(#expenseId)") public String addUserToExpense(UUID expenseId, UUID owerId) { Expense expense = expenseRepository.findById(expenseId).orElseThrow(() -> new DataNotFoundException("Expense not found")); @@ -122,6 +126,7 @@ public String addUserToExpense(UUID expenseId, UUID owerId) { @Override @Transactional + @PreAuthorize("@authorizationService.isExpenseOwner(#expenseId)") public String removeUserFromExpense(UUID expenseId, UUID owerId) { Expense expense = expenseRepository.findById(expenseId).orElseThrow(() -> new DataNotFoundException("Expense not found")); User ower = userRepository.findById(owerId).orElseThrow(() -> new DataNotFoundException("Ower not found")); @@ -138,6 +143,7 @@ public String removeUserFromExpense(UUID expenseId, UUID owerId) { } @Override + @PreAuthorize("@authorizationService.isExpenseOwner(#expenseId)") public ExpenseDTO findExpenseById(UUID expenseId) { Expense expense = expenseRepository.findById(expenseId).orElseThrow(() -> new DataNotFoundException("Expense not found")); ExpenseDTO expenseDTO = new ExpenseDTO(); @@ -153,6 +159,7 @@ public ExpenseDTO findExpenseById(UUID expenseId) { } @Override + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public List findAllExpense(UUID groupId) { Group group = groupRepository.findById(groupId).orElseThrow(() -> new DataNotFoundException("Group not found")); List expenses = expenseRepository.findByGroupId(group.getId()); diff --git a/src/main/java/com/satwik/splitora/service/implementations/GroupServiceImpl.java b/src/main/java/com/satwik/splitora/service/implementations/GroupServiceImpl.java index 58331fd..7221ee4 100644 --- a/src/main/java/com/satwik/splitora/service/implementations/GroupServiceImpl.java +++ b/src/main/java/com/satwik/splitora/service/implementations/GroupServiceImpl.java @@ -16,6 +16,8 @@ import com.satwik.splitora.service.interfaces.GroupService; import jakarta.transaction.Transactional; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Service; import java.util.*; @@ -67,8 +69,9 @@ public GroupListDTO findAllGroup() { return groupListDTO; } - @Transactional @Override + @Transactional + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public String addGroupMembers(UUID groupId, UUID memberId) { Group group = groupRepository.findById(groupId).orElseThrow(() -> new DataNotFoundException("Group not found!")); User member = userRepository.findById(memberId).orElseThrow(() -> new DataNotFoundException("User not found to add as member!")); @@ -81,6 +84,7 @@ public String addGroupMembers(UUID groupId, UUID memberId) { } @Override + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public List findMembers(UUID groupId) { Group group = groupRepository.findById(groupId).orElseThrow(() -> new DataNotFoundException("Group not found!")); List groupMembersList = groupMembersRepository.findByGroupId(group.getId()); @@ -95,8 +99,9 @@ public List findMembers(UUID groupId) { return userDTOS; } - @Transactional @Override + @Transactional + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public String deleteMembers(UUID groupId, UUID groupMemberId) { groupMembersRepository.deleteById(groupMemberId); return "Member successfully removed from the group!"; @@ -104,18 +109,20 @@ public String deleteMembers(UUID groupId, UUID groupMemberId) { @Override @Transactional + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public String deleteGroupByGroupId(UUID groupId) { Group group = groupRepository.findById(groupId).orElseThrow(() -> new DataNotFoundException("Group not found!")); if(!group.isDefaultGroup()) groupRepository.deleteById(groupId); else - throw new RuntimeException("This group is default so can't be delete"); + throw new AccessDeniedException("This group is default so can't be delete"); return "Successfully deleted the group - %s.".formatted(groupId); } @Override + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public GroupDTO findGroupByGroupId(UUID groupId) { Group group = groupRepository.findById(groupId).orElseThrow(() -> new DataNotFoundException("Group not found!")); GroupDTO groupDTO = new GroupDTO(); @@ -124,6 +131,16 @@ public GroupDTO findGroupByGroupId(UUID groupId) { groupDTO.setOwner(group.getUser().getUsername()); List expenseList = expenseRepository.findByGroupId(groupId); + List expenseDTOList = getExpenseListDTOS(expenseList); + groupDTO.setExpenses(expenseDTOList); + + List groupMemberDTOS = getGroupMemberDTOS(group); + groupDTO.setGroupMembers(groupMemberDTOS); + + return groupDTO; + } + + private static List getExpenseListDTOS(List expenseList) { List expenseDTOList = new ArrayList<>(); for (Expense expense : expenseList) { ExpenseListDTO expenseListDTO = new ExpenseListDTO(); @@ -133,12 +150,7 @@ public GroupDTO findGroupByGroupId(UUID groupId) { expenseListDTO.setExpenseCreatedAt(String.valueOf(expense.getCreatedOn())); expenseDTOList.add(expenseListDTO); } - groupDTO.setExpenses(expenseDTOList); - - List groupMemberDTOS = getGroupMemberDTOS(group); - groupDTO.setGroupMembers(groupMemberDTOS); - - return groupDTO; + return expenseDTOList; } private static List getGroupMemberDTOS(Group group) { @@ -158,6 +170,7 @@ private static List getGroupMemberDTOS(Group group) { @Override @Transactional + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public String updateGroup(GroupUpdateRequest groupUpdateRequest, UUID groupId) { Group group = groupRepository.findById(groupId).orElseThrow(() -> new DataNotFoundException("Group not found")); group.setGroupName(groupUpdateRequest.getGroupName()); diff --git a/src/main/java/com/satwik/splitora/service/implementations/OAuthServiceImpl.java b/src/main/java/com/satwik/splitora/service/implementations/OAuthServiceImpl.java index 84ab62a..c46be66 100644 --- a/src/main/java/com/satwik/splitora/service/implementations/OAuthServiceImpl.java +++ b/src/main/java/com/satwik/splitora/service/implementations/OAuthServiceImpl.java @@ -117,7 +117,7 @@ public AuthenticationResponse handleCallback(String code, String state) { // Get profile information from payload String email = payload.getEmail(); - boolean emailVerified = Boolean.valueOf(payload.getEmailVerified()); + boolean emailVerified = payload.getEmailVerified(); String name = (String) payload.get("name"); String pictureUrl = (String) payload.get("picture"); String locale = (String) payload.get("locale"); diff --git a/src/main/java/com/satwik/splitora/service/implementations/ReportServiceImpl.java b/src/main/java/com/satwik/splitora/service/implementations/ReportServiceImpl.java index 928b91c..b3ac627 100644 --- a/src/main/java/com/satwik/splitora/service/implementations/ReportServiceImpl.java +++ b/src/main/java/com/satwik/splitora/service/implementations/ReportServiceImpl.java @@ -16,6 +16,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Service; import java.io.FileOutputStream; @@ -43,6 +44,7 @@ public class ReportServiceImpl implements ReportService { private String REPORT_FILE_PATH; @Override + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public List generateReport(UUID groupId) { Group group = groupRepository.findById(groupId).orElseThrow(() -> new DataNotFoundException("Group not found")); @@ -67,6 +69,7 @@ public List generateReport(UUID groupId) { } @Override + @PreAuthorize("@authorizationService.isGroupOwner(#groupId)") public String exportReport(UUID groupId, String fileType) { User user = authorizationService.getAuthorizedUser(); Group group = groupRepository.findById(groupId).orElseThrow(() -> new DataNotFoundException("Group not found")); @@ -163,6 +166,4 @@ private void exportToXLSX(UUID groupId) { } } - - } diff --git a/src/main/java/com/satwik/splitora/service/implementations/UserServiceImpl.java b/src/main/java/com/satwik/splitora/service/implementations/UserServiceImpl.java index 53ca98e..8b8a767 100644 --- a/src/main/java/com/satwik/splitora/service/implementations/UserServiceImpl.java +++ b/src/main/java/com/satwik/splitora/service/implementations/UserServiceImpl.java @@ -1,6 +1,7 @@ package com.satwik.splitora.service.implementations; import com.satwik.splitora.constants.enums.RegistrationMethod; +import com.satwik.splitora.constants.enums.UserRole; import com.satwik.splitora.persistence.dto.user.PhoneDTO; import com.satwik.splitora.persistence.dto.user.RegisterUserRequest; import com.satwik.splitora.persistence.dto.user.UserDTO; @@ -37,6 +38,7 @@ public String saveUser(RegisterUserRequest request) { User user = new User(); user.setUsername(request.getUsername()); user.setEmail(request.getEmail()); + user.setUserRole(UserRole.USER); user.setCountryCode(request.getPhone().getCountryCode()); user.setPhoneNumber(request.getPhone().getPhoneNumber()); user.setPassword(pwdEncoder.encode(request.getPassword())); diff --git a/src/main/java/com/satwik/splitora/util/ResponseUtil.java b/src/main/java/com/satwik/splitora/util/ResponseUtil.java index 5c282bf..cd8f7b0 100644 --- a/src/main/java/com/satwik/splitora/util/ResponseUtil.java +++ b/src/main/java/com/satwik/splitora/util/ResponseUtil.java @@ -11,7 +11,7 @@ public class ResponseUtil { public static ResponseModel success(T data, HttpStatus status, String message) { return ResponseModel.builder() - .status(HttpStatus.OK.name()) + .status(status.name()) .message(message) .timestamp(LocalDateTime.now()) .data(data) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 3b902b9..60b7ffa 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -19,8 +19,8 @@ server.port=8081 # JWT security-- jwt.access.secretKey=SuP9ErKeY jwt.refresh.secretKey=wUP89ErKie -jwt.access.expirationTimeInMinutes=15 -jwt.refresh.expirationTimeInMinutes=200 +jwt.access.expirationTimeInMinutes=150 +jwt.refresh.expirationTimeInMinutes=2000 # Google authentication properties spring.security.oauth2.client.registration.google.client-id=abc123