Adds JWT-based auth with refresh tokens
This commit is contained in:
@@ -0,0 +1,53 @@
|
||||
package net.halfbinary.scavengerhuntapi.controller
|
||||
|
||||
import jakarta.servlet.http.HttpServletResponse
|
||||
import jakarta.validation.Valid
|
||||
import net.halfbinary.scavengerhuntapi.config.JwtUtil
|
||||
import net.halfbinary.scavengerhuntapi.model.converter.toDomain
|
||||
import net.halfbinary.scavengerhuntapi.model.request.LoginRequest
|
||||
import net.halfbinary.scavengerhuntapi.model.request.LogoutRequest
|
||||
import net.halfbinary.scavengerhuntapi.model.request.RefreshRequest
|
||||
import net.halfbinary.scavengerhuntapi.model.response.LoginResponse
|
||||
import net.halfbinary.scavengerhuntapi.service.LoginService
|
||||
import net.halfbinary.scavengerhuntapi.service.RefreshTokenService
|
||||
import org.springframework.http.ResponseEntity
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority
|
||||
import org.springframework.security.core.userdetails.User
|
||||
import org.springframework.web.bind.annotation.PostMapping
|
||||
import org.springframework.web.bind.annotation.RequestBody
|
||||
import org.springframework.web.bind.annotation.RequestMapping
|
||||
import org.springframework.web.bind.annotation.RestController
|
||||
import java.util.Collections
|
||||
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/auth")
|
||||
class AuthController(private val loginService: LoginService, private val jwtUtils: JwtUtil, private val refreshTokenService: RefreshTokenService) {
|
||||
@PostMapping("/login")
|
||||
fun login(@Valid @RequestBody body: LoginRequest, response: HttpServletResponse): ResponseEntity<LoginResponse> {
|
||||
val result = loginService.login(body.toDomain())
|
||||
// TODO: Figure out how to use the authorities
|
||||
val hunterAuthorities =
|
||||
if (result.isAdmin) {
|
||||
SimpleGrantedAuthority("ROLE_ADMIN")
|
||||
} else {
|
||||
SimpleGrantedAuthority("ROLE_USER")
|
||||
}
|
||||
val user = User(result.email, result.password, Collections.singleton(hunterAuthorities))
|
||||
val accessToken = jwtUtils.generateToken(result.email)
|
||||
val refreshToken = refreshTokenService.generateRefreshToken(result.email)
|
||||
val loginResponse = LoginResponse(accessToken, refreshToken)
|
||||
return ResponseEntity.ok(loginResponse)
|
||||
}
|
||||
|
||||
@PostMapping("/refresh")
|
||||
fun refresh(@RequestBody body: RefreshRequest): String {
|
||||
return refreshTokenService.getAccessToken(body.refreshToken)
|
||||
}
|
||||
|
||||
@PostMapping("/logout")
|
||||
fun logout(@RequestBody body: LogoutRequest, response: HttpServletResponse): ResponseEntity<String> {
|
||||
refreshTokenService.removeToken(body.refreshToken)
|
||||
return ResponseEntity.ok().build()
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user