Merge branch 'develop' into 'master'

Added authentication system through API key.

See merge request !4

.gitignore

@@ -4,6 +4,7 @@ build/
 !gradle/wrapper/gradle-wrapper.jar
 !**/src/main/**/build/
 !**/src/test/**/build/
+src/main/resources/apikey.properties
 
 ### STS ###
 .apt_generated
@@ -45,7 +46,8 @@ dev.db
 .LSOverride
 
 # Icon must end with two \r
-Icon
+Icon
+
 
 # Thumbnails
 ._*

src/main/java/fr/unistra/sil/erp/back/Config.java

-/*
- * CONTRAT DE LICENCE DE LOGICIEL LIBRE CeCILL-B
- * https://cecill.info/licences/Licence_CeCILL-B_V1-fr.html
- */
-package fr.unistra.sil.erp.back;
-
-/**
- * Main configuration file for the application.
- * @author BEAUVAIS ANTOINE
- */
-public class Config {
-    
-    /**
-     * API version.
-     */
-    public static final String API_VERSION = "v1";
-    
-    /**
-     * Prefix for API calls.
-     */
-    public static final String URL_PREFIX = "/api/" + API_VERSION;
-    
-    /**
-     * API Mapping for retrieving all items.
-     */
-    public static final String MAPPING_RETRIEVEALL = URL_PREFIX +
-            "/retrieveAll";
-    
-    /**
-     * API Mapping for retrieving all categories.
-     */
-    public static final String MAPPING_GETCATEGORIES = URL_PREFIX +
-            "/retrieveCategories";
-    
-    /**
-     * API Mapping for submitting transactions.
-     */
-    public static final String MAPPING_SUBTRANSAC = URL_PREFIX +
-            "/submitTransaction";
-    
-    /**
-     * API Mapping for retrieving stocks.
-     */
-    public static final String MAPPING_GETSTOCKS = URL_PREFIX +
-            "/retrieveStocks";
-}

src/main/java/fr/unistra/sil/erp/back/WebMvcConfig.java

+/*
+ * CONTRAT DE LICENCE DE LOGICIEL LIBRE CeCILL-B
+ * https://cecill.info/licences/Licence_CeCILL-B_V1-fr.html
+ */
+package fr.unistra.sil.erp.back;
+
+import fr.unistra.sil.erp.back.interceptor.api.ApiAuthenticationInterceptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.context.annotation.PropertySources;
+import org.springframework.core.env.Environment;
+import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * Main configuration file for the application.
+ * @author BEAUVAIS ANTOINE
+ */
+@Configuration
+@EnableWebMvc
+@PropertySources(
+        @PropertySource("/apikey.properties")
+)
+public class WebMvcConfig implements WebMvcConfigurer {
+    
+    @Autowired
+    private Environment env;
+    
+    /**
+     * API version.
+     */
+    public static final String API_VERSION = "v1";
+    
+    /**
+     * API prefix.
+     */
+    public static final String API_PREFIX = "/api/";
+    
+    /**
+     * Prefix for API calls.
+     */
+    public static final String API_FULL_PREFIX = API_PREFIX + API_VERSION;
+    
+    /**
+     * API Mapping for retrieving all items.
+     */
+    public static final String MAPPING_RETRIEVEALL = API_FULL_PREFIX +
+            "/retrieveAll";
+    
+    /**
+     * API Mapping for retrieving all categories.
+     */
+    public static final String MAPPING_GETCATEGORIES = API_FULL_PREFIX +
+            "/retrieveCategories";
+    
+    /**
+     * API Mapping for submitting transactions.
+     */
+    public static final String MAPPING_SUBTRANSAC = API_FULL_PREFIX +
+            "/submitTransaction";
+    
+    /**
+     * API Mapping for retrieving stocks.
+     */
+    public static final String MAPPING_GETSTOCKS = API_FULL_PREFIX +
+            "/retrieveStocks";
+    
+    
+    /*
+    // TODO: Define default servlet.
+    @Override
+    public void configureDefaultServletHandling(
+            DefaultServletHandlerConfigurer configurer) {
+        configurer.enable();
+    }*/
+    
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        
+        registry.addInterceptor(new ApiAuthenticationInterceptor(
+                this.env.getProperty("api.key")))
+                .addPathPatterns(API_PREFIX + "**");
+        
+    }
+}

src/main/java/fr/unistra/sil/erp/back/controller/api/ApiRetrieveCategoriesController.java

@@ -4,7 +4,7 @@
  */
 package fr.unistra.sil.erp.back.controller.api;
 
-import static fr.unistra.sil.erp.back.Config.MAPPING_GETCATEGORIES;
+import static fr.unistra.sil.erp.back.WebMvcConfig.MAPPING_GETCATEGORIES;
 import fr.unistra.sil.erp.back.DatabaseSystem;
 import fr.unistra.sil.erp.back.controller.IRetrieveCategoriesController;
 import fr.unistra.sil.erp.back.model.Category;

src/main/java/fr/unistra/sil/erp/back/controller/api/ApiRetrieveInfoController.java

@@ -4,7 +4,7 @@
  */
 package fr.unistra.sil.erp.back.controller.api;
 
-import static fr.unistra.sil.erp.back.Config.MAPPING_RETRIEVEALL;
+import static fr.unistra.sil.erp.back.WebMvcConfig.MAPPING_RETRIEVEALL;
 import fr.unistra.sil.erp.back.DatabaseSystem;
 import fr.unistra.sil.erp.back.controller.IRetrieveInfoController;
 import fr.unistra.sil.erp.back.model.Item;

src/main/java/fr/unistra/sil/erp/back/controller/api/ApiRetrieveStocks.java

@@ -4,7 +4,7 @@
  */
 package fr.unistra.sil.erp.back.controller.api;
 
-import static fr.unistra.sil.erp.back.Config.MAPPING_GETSTOCKS;
+import static fr.unistra.sil.erp.back.WebMvcConfig.MAPPING_GETSTOCKS;
 import fr.unistra.sil.erp.back.DatabaseSystem;
 import fr.unistra.sil.erp.back.controller.IRetrieveStocks;
 import fr.unistra.sil.erp.back.db.DatabaseConnectionException;

src/main/java/fr/unistra/sil/erp/back/controller/api/ApiSubmitTransactionController.java

@@ -6,7 +6,7 @@ package fr.unistra.sil.erp.back.controller.api;
 
 import com.google.gson.Gson;
 import com.google.gson.JsonParseException;
-import static fr.unistra.sil.erp.back.Config.MAPPING_SUBTRANSAC;
+import static fr.unistra.sil.erp.back.WebMvcConfig.MAPPING_SUBTRANSAC;
 import fr.unistra.sil.erp.back.DatabaseSystem;
 import fr.unistra.sil.erp.back.controller.ISubmitTransactionController;
 import fr.unistra.sil.erp.back.db.DatabaseConnectionException;

src/main/java/fr/unistra/sil/erp/back/interceptor/api/ApiAuthenticationInterceptor.java

+/*
+ * CONTRAT DE LICENCE DE LOGICIEL LIBRE CeCILL-B
+ * https://cecill.info/licences/Licence_CeCILL-B_V1-fr.html
+ */
+package fr.unistra.sil.erp.back.interceptor.api;
+
+import com.google.gson.Gson;
+import fr.unistra.sil.erp.back.model.ErrorMessage;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+/**
+ * API Authentication Interceptor.
+ * 
+ * Each request going through an API call will be processed
+ * by this interceptor first.
+ * @author BEAUVAIS ANTOINE
+ */
+public class ApiAuthenticationInterceptor implements HandlerInterceptor {
+    
+    /**
+     * API key.
+     */
+    private final String apikey;
+    
+    public ApiAuthenticationInterceptor(String apikey)
+    {
+        this.apikey = apikey;
+    }
+    
+    @Override
+    public boolean preHandle(HttpServletRequest request,
+            HttpServletResponse response, Object handler)
+    {
+        if(this.apikey == null)
+        {
+            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            Gson gson = new Gson();
+            ErrorMessage errMsg = new ErrorMessage("Missing API key on server");
+            String responseBody = gson.toJson(errMsg);
+            
+            response.setContentType("application/json");
+            response.setCharacterEncoding("UTF-8");
+            try {
+                PrintWriter printBody = response.getWriter();
+                printBody.print(responseBody);
+            } catch (IOException ex) {
+                Logger.getLogger(ApiAuthenticationInterceptor.class.getName())
+                        .log(Level.SEVERE, "Failed to write body.", ex);
+            }
+            return false;
+        }
+        
+        String login = request.getHeader("apikey");
+        if(login == null)
+        {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            Gson gson = new Gson();
+            ErrorMessage errMsg = new ErrorMessage("Missing API key.");
+            String responseBody = gson.toJson(errMsg);
+            
+            response.setContentType("application/json");
+            response.setCharacterEncoding("UTF-8");
+            try {
+                PrintWriter printBody = response.getWriter();
+                printBody.print(responseBody);
+            } catch (IOException ex) {
+                Logger.getLogger(ApiAuthenticationInterceptor.class.getName())
+                        .log(Level.SEVERE, "Failed to write body.", ex);
+            }
+            return false;
+        }
+        
+        if(! login.equals(this.apikey) )
+        {
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+            Gson gson = new Gson();
+            ErrorMessage errMsg = new ErrorMessage("Invalid API key.");
+            String responseBody = gson.toJson(errMsg);
+            
+            response.setContentType("application/json");
+            response.setCharacterEncoding("UTF-8");
+            try {
+                PrintWriter printBody = response.getWriter();
+                printBody.print(responseBody);
+            } catch (IOException ex) {
+                Logger.getLogger(ApiAuthenticationInterceptor.class.getName())
+                        .log(Level.SEVERE, "Failed to write body.", ex);
+            }
+            return false;
+        }
+        
+        return true;
+    }
+    
+}