Skip to content

Commit

Permalink
#9 Added controller restriction based on the token verification. Impr…
Browse files Browse the repository at this point in the history 
…oved JSON error messaging with ErrorResult class. Version set as context on application.properties. Fixed some class headers with code license and improved class and method comments.
  • Loading branch information
@tigreped
tigreped committed Nov 23, 2015
1 parent 278a3dd commit 6e5466f
Show file tree
Hide file tree
Showing 15 changed files with 423 additions and 120 deletions.
39 changes: 32 additions & 7 deletions src/main/java/br/gov/sibbr/api/controller/InterfaceController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,16 @@
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import br.gov.sibbr.api.Application;
import br.gov.sibbr.api.model.LoginForm;
import br.gov.sibbr.api.service.AuthService;

@Controller
/**
* Controller for the general html templates.
*
* @author Pedro Guimarães
*
*/
@Controller
public class InterfaceController implements ErrorController {

private final String ERROR_PATH = "/erro";
Expand All @@ -41,14 +40,13 @@ public class InterfaceController implements ErrorController {
// Method responsible for managing occurrence requests
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(LoginForm loginForm, Model model) {
// TODO: receber e validar a lista de parâmetros, conectar ao banco de
// dados para verificar usuário e senha
String email = loginForm.getEmail();
String password = loginForm.getPassword();
if (email != null && password != null) {
String message = authService.checkPassword(email, password);
if (message == null) {
// Successful authentication with valid credentials, fetch user token:
// Successful authentication with valid credentials, fetch user
// token:
String token = authService.fetchToken(email);
if (token != null) {
model.addAttribute("token", token);
Expand All @@ -60,19 +58,46 @@ public String login(LoginForm loginForm, Model model) {
return "login_fail";
}

// Method responsible for managing occurrence requests
@RequestMapping(value = "/admin", method = RequestMethod.POST)
public String admin(LoginForm loginForm, Model model) {
String email = loginForm.getEmail();
String password = loginForm.getPassword();
if (email != null && password != null) {
String message = authService.checkPassword(email, password);
if (message == null) {
// Successful authentication with valid credentials, fetch user
// token:
String token = authService.fetchToken(email);
if (token != null) {
model.addAttribute("token", token);
return "admin_login_success";
}
}
model.addAttribute("message", message);
}
return "admin_login_fail";
}

@RequestMapping("/")
public String greeting(Model model) {
return "index";
}

// Method responsible for calling the login template
@RequestMapping(value ="/login", method = RequestMethod.GET)
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {
return "login";
}

// Method responsible for calling the login template
@RequestMapping(value = "/admin", method = RequestMethod.GET)
public String admin() {
return "admin";
}

// Method responsible for managing occurrence requests
@RequestMapping(value ="/stats", method = RequestMethod.GET)
@RequestMapping(value = "/stats", method = RequestMethod.GET)
public String stats() {
return "stats";
}
Expand Down
56 changes: 33 additions & 23 deletions src/main/java/br/gov/sibbr/api/controller/OccurrenceController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,51 +23,61 @@
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import br.gov.sibbr.api.model.ErrorResult;
import br.gov.sibbr.api.model.OccurrenceResult;
import br.gov.sibbr.api.service.AuthService;
import br.gov.sibbr.api.service.DatabaseService;

@RestController
/**
* Controller responsible for managing URL requests and calling for services to
* provide occurrence data
*
* @author Pedro Guimarães
*
*/
@RestController
public class OccurrenceController {

// Auxiliary service class
DatabaseService service = new DatabaseService();
// Auxiliary service classes
DatabaseService databaseService = new DatabaseService();
AuthService authService = new AuthService();

// Method responsible for managing occurrence requests
@Cacheable("occurrence")
@RequestMapping(value = "/ocorrencias", method = RequestMethod.GET)
public OccurrenceResult occurrence(
public Object occurrence(
@RequestParam(value = "scientificname", defaultValue = "null") String scientificname,
@RequestParam(value = "ignoreNullCoordinates", defaultValue = "false") String ignorenullcoordinates,
@RequestParam(value = "limit", defaultValue = "0") String limit,
@RequestParam(value = "fields", defaultValue = "0") String fields) {
@RequestParam(value = "fields", defaultValue = "0") String fields,
@RequestParam(value = "token", defaultValue = "null") String token) {
Long startTimeInMs = System.currentTimeMillis();
int intLimit = Integer.parseInt(limit);
int intFields = Integer.parseInt(fields);
// Avoid returning all records when no filter is provided
if (!scientificname.equalsIgnoreCase("null")) {
if (ignorenullcoordinates.equalsIgnoreCase("false")) {
ArrayList<?> occurrences = service.fetchOccurrences(
scientificname, false, intLimit, intFields);
Long totalTimeInMs = service.calculateTimeLapse(startTimeInMs,
System.currentTimeMillis());
return new OccurrenceResult(scientificname, occurrences,
totalTimeInMs);
} else if (ignorenullcoordinates.equalsIgnoreCase("true")) {
ArrayList<?> occurrences = service.fetchOccurrences(
scientificname, true, intLimit, intFields);
Long totalTimeInMs = service.calculateTimeLapse(startTimeInMs,
System.currentTimeMillis());
return new OccurrenceResult(scientificname, occurrences,
totalTimeInMs);
// Check of the user has proper access grant token
String tokenCheck = authService.checkToken(token);
// If user provided a valid token, proceed:
if (tokenCheck == null) {
// Avoid returning all records when no filter is provided
if (!scientificname.equalsIgnoreCase("null")) {
if (ignorenullcoordinates.equalsIgnoreCase("false")) {
ArrayList<?> occurrences = databaseService.fetchOccurrences(scientificname, false, intLimit,
intFields);
Long totalTimeInMs = databaseService.calculateTimeLapse(startTimeInMs, System.currentTimeMillis());
return new OccurrenceResult(scientificname, occurrences, totalTimeInMs);
} else if (ignorenullcoordinates.equalsIgnoreCase("true")) {
ArrayList<?> occurrences = databaseService.fetchOccurrences(scientificname, true, intLimit,
intFields);
Long totalTimeInMs = databaseService.calculateTimeLapse(startTimeInMs, System.currentTimeMillis());
return new OccurrenceResult(scientificname, occurrences, totalTimeInMs);
}
}
// No scientificname provided:
return new ErrorResult("No scientific name provided for the search");
}
return new OccurrenceResult();
// The user has bad token authentication, display error message:
else {
return new ErrorResult(tokenCheck);
}
}
}
}
69 changes: 45 additions & 24 deletions src/main/java/br/gov/sibbr/api/controller/ResourceController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,60 +18,81 @@
import java.util.ArrayList;

import org.springframework.cache.annotation.Cacheable;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import br.gov.sibbr.api.model.ErrorResult;
import br.gov.sibbr.api.model.OccurrenceResult;
import br.gov.sibbr.api.model.Resource;
import br.gov.sibbr.api.model.ResourceResult;
import br.gov.sibbr.api.service.AuthService;
import br.gov.sibbr.api.service.DatabaseService;

@RestController
/**
* Controller class for the management of all resource related calls to the API
* @author Pedro Guimarães
*
*/
public class ResourceController {

// Auxiliary service class
DatabaseService service = new DatabaseService();
DatabaseService databaseService = new DatabaseService();
AuthService authService = new AuthService();

@RequestMapping(value = "/recursos", method = RequestMethod.GET)
public ResourceResult resources(Model model) {
Long startTimeInMs = System.currentTimeMillis();
ArrayList<Resource> resources = service.fetchResources();
Long totalTimeInMs = service.calculateTimeLapse(startTimeInMs, System.currentTimeMillis());
ResourceResult resourceResult = new ResourceResult(resources, totalTimeInMs);
return resourceResult;
public Object resources(@RequestParam(value = "token", defaultValue = "null") String token) {
// Check of the user has proper access grant token
String tokenCheck = authService.checkToken(token);
// If user provided a valid token, proceed:
if (tokenCheck == null) {

Long startTimeInMs = System.currentTimeMillis();
ArrayList<Resource> resources = databaseService.fetchResources();
Long totalTimeInMs = databaseService.calculateTimeLapse(startTimeInMs, System.currentTimeMillis());
ResourceResult resourceResult = new ResourceResult(resources, totalTimeInMs);
return resourceResult;
}
return new ErrorResult(tokenCheck);
}

// Method responsible for managing occurrence requests with resource
// filtering
@Cacheable("resource_occurrence")
@RequestMapping(value = "/recursos/{id}/ocorrencias", method = RequestMethod.GET)
public OccurrenceResult occurrencesByResource(
@PathVariable String id,
public Object occurrencesByResource(@PathVariable String id,
@RequestParam(value = "scientificname", defaultValue = "") String scientificname,
@RequestParam(value = "ignoreNullCoordinates", defaultValue = "false") String ignorenullcoordinates,
@RequestParam(value = "limit", defaultValue = "0") String limit,
@RequestParam(value = "fields", defaultValue = "0") String fields) {
@RequestParam(value = "fields", defaultValue = "0") String fields,
@RequestParam(value = "token", defaultValue = "null") String token) {
Long startTimeInMs = System.currentTimeMillis();
int intResourceId = Integer.parseInt(id);
int intLimit = Integer.parseInt(limit);
int intFields = Integer.parseInt(fields);
if (ignorenullcoordinates.equalsIgnoreCase("false")) {
ArrayList<?> occurrences = service.fetchOccurrencesByResource(scientificname, false,
intLimit, intFields, intResourceId);
Long totalTimeInMs = service.calculateTimeLapse(startTimeInMs, System.currentTimeMillis());
return new OccurrenceResult(scientificname, occurrences, totalTimeInMs
);
} else if (ignorenullcoordinates.equalsIgnoreCase("true")) {
ArrayList<?> occurrences = service.fetchOccurrencesByResource(scientificname, true,
intLimit, intFields, intResourceId);
Long totalTimeInMs = service.calculateTimeLapse(startTimeInMs, System.currentTimeMillis());
return new OccurrenceResult(scientificname, occurrences, totalTimeInMs
);
// Check of the user has proper access grant token
String tokenCheck = authService.checkToken(token);
// If user provided a valid token, proceed:
if (tokenCheck == null) {
if (ignorenullcoordinates.equalsIgnoreCase("false")) {
ArrayList<?> occurrences = databaseService.fetchOccurrencesByResource(scientificname, false, intLimit,
intFields, intResourceId);
Long totalTimeInMs = databaseService.calculateTimeLapse(startTimeInMs, System.currentTimeMillis());
return new OccurrenceResult(scientificname, occurrences, totalTimeInMs);
} else if (ignorenullcoordinates.equalsIgnoreCase("true")) {
ArrayList<?> occurrences = databaseService.fetchOccurrencesByResource(scientificname, true, intLimit,
intFields, intResourceId);
Long totalTimeInMs = databaseService.calculateTimeLapse(startTimeInMs, System.currentTimeMillis());
return new OccurrenceResult(scientificname, occurrences, totalTimeInMs);
}
}
// The user has bad token authentication, display error message:
else {
return new ErrorResult(tokenCheck);
}
return new OccurrenceResult();
return new ErrorResult("No scientific name provided for the search");
}
}
Loading

0 comments on commit 6e5466f

Please sign in to comment.