Compare commits
23 Commits
0.1.0
...
19c7e1915f
| Author | SHA1 | Date | |
|---|---|---|---|
 Cedric
|
19c7e1915f | ||
|
Cedric
|
229a6a8a43 | ||
|
Cedric
|
76e878ff5c | ||
|
Cedric
|
477a5c3c70 | ||
|
Cedric
|
7bac694357 | ||
|
Cedric
|
f8407db3ac | ||
|
Cedric
|
374d91f0c9 | ||
|
Cedric
|
8f17e8d8a8 | ||
|
Cedric
|
8c8eccb35e | ||
|
Cedric
|
3656ccc941 | ||
|
Cedric
|
e9851ffea4 | ||
|
Cedric
|
38b5e0f740 | ||
|
Cedric
|
2ba7f8d5da | ||
|
Cedric
|
b46464cd32 | ||
|
Cedric
|
15792bad28 | ||
|
Cedric
|
814b2221c8 | ||
|
Cedric
|
011bb03d3f | ||
|
Cedric
|
5e0311971d | ||
|
Cedric
|
31566d1bd8 | ||
|
Cedric
|
b669855a56 | ||
|
Cedric
|
3830449377 | ||
|
Cedric
|
3db2806a04 | ||
|
Cedric
|
d26a9bffc5 |
@@ -2,8 +2,8 @@ name: Build and Deploy Versioned Spring Boot Server
|
||||
|
||||
on:
|
||||
push:
|
||||
tags: # Match all tags
|
||||
- "*"
|
||||
tags:
|
||||
- "*" # Match all tags
|
||||
|
||||
jobs:
|
||||
build:
|
||||
@@ -43,20 +43,42 @@ jobs:
|
||||
- name: Extract Tag Version
|
||||
id: extract_version
|
||||
run: |
|
||||
TAG_VERSION=${GITEA_REF#refs/tags/}
|
||||
TAG_VERSION=$(echo "${GITHUB_REF}" | sed 's#refs/tags/##')
|
||||
if [ -z "$TAG_VERSION" ]; then
|
||||
echo "Error: TAG_VERSION is empty."
|
||||
exit 1
|
||||
fi
|
||||
echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV
|
||||
|
||||
# Extract major and minor versions
|
||||
MAJOR_VERSION=$(echo "${TAG_VERSION}" | cut -d. -f1)
|
||||
MINOR_VERSION=$(echo "${TAG_VERSION}" | cut -d. -f1,2)
|
||||
echo "MAJOR_VERSION=$MAJOR_VERSION" >> $GITHUB_ENV
|
||||
echo "MINOR_VERSION=$MINOR_VERSION" >> $GITHUB_ENV
|
||||
|
||||
# 7. Build the Docker image with the tag
|
||||
- name: Build and Package Docker Image
|
||||
run: |
|
||||
docker build -t tea.zendric.de/cedric/xpensely-server:${{ env.TAG_VERSION }} .
|
||||
|
||||
# 8. Docker login
|
||||
# 8. Tag the image with Major Version (e.g., 0)
|
||||
- name: Tag with Major Version
|
||||
run: |
|
||||
docker tag tea.zendric.de/cedric/xpensely-server:${{ env.TAG_VERSION }} tea.zendric.de/cedric/xpensely-server:${{ env.MAJOR_VERSION }}
|
||||
|
||||
# 9. Tag the image with Minor Version (e.g., 0.1)
|
||||
- name: Tag with Minor Version
|
||||
run: |
|
||||
docker tag tea.zendric.de/cedric/xpensely-server:${{ env.TAG_VERSION }} tea.zendric.de/cedric/xpensely-server:${{ env.MINOR_VERSION }}
|
||||
|
||||
# 10. Docker login
|
||||
- name: Login to Docker Registry
|
||||
run: |
|
||||
echo "${{ secrets.TEAPASSWORD }}" | docker login tea.zendric.de -u ${{ secrets.TEAUSER }} --password-stdin
|
||||
|
||||
# 9. Push the Docker image with the tag
|
||||
# 11. Push the Docker images with the tags
|
||||
- name: Push the Docker Image to registry
|
||||
run: |
|
||||
docker push tea.zendric.de/cedric/xpensely-server:${{ env.TAG_VERSION }}
|
||||
docker push tea.zendric.de/cedric/xpensely-server:${{ env.MAJOR_VERSION }}
|
||||
docker push tea.zendric.de/cedric/xpensely-server:${{ env.MINOR_VERSION }}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
HELP.md
|
||||
target/
|
||||
/docs/superpowers
|
||||
!.mvn/wrapper/maven-wrapper.jar
|
||||
!**/src/main/**/target/
|
||||
!**/src/test/**/target/
|
||||
|
||||
+21
-20
@@ -1,42 +1,43 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
xpensely-server:
|
||||
image: tea.zendric.de/cedric/xpensely-server:latest
|
||||
container_name: xpensely-server
|
||||
ports:
|
||||
- 3636:8080
|
||||
restart: always
|
||||
environment:
|
||||
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
|
||||
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
|
||||
DB_PORT: 5434
|
||||
DB_NAME: ${DB_P_NAME}
|
||||
DB_USERNAME: ${DB_USERNAME}
|
||||
DB_PASSWORD: ${DB_PASSWORD}
|
||||
|
||||
DB_PORT: 5432
|
||||
DB_P_NAME: ${POSTGRES_DB}
|
||||
DB_USERNAME: ${POSTGRES_USER}
|
||||
DB_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
|
||||
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE}
|
||||
depends_on:
|
||||
postgresdb:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- xpensely-network
|
||||
|
||||
postgresdb:
|
||||
image: postgres:14
|
||||
container_name: postgresdb
|
||||
ports:
|
||||
- 5434:5432
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: ${DB_P_NAME}
|
||||
POSTGRES_USER: ${DB_USERNAME}
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
POSTGRES_DB: ${POSTGRES_DB}
|
||||
POSTGRES_USER: ${POSTGRES_USER}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
networks:
|
||||
- xpensely-network
|
||||
volumes:
|
||||
- db_data:/var/lib/postgresql/data
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U ${DB_USERNAME}"]
|
||||
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
volumes:
|
||||
db_data: null
|
||||
postgres_data:
|
||||
|
||||
networks:
|
||||
xpensely-network: null
|
||||
xpensely-network:
|
||||
driver: bridge
|
||||
|
||||
+2
-2
@@ -1,7 +1,7 @@
|
||||
FROM openjdk:17-jdk-slim
|
||||
FROM eclipse-temurin:17-jdk
|
||||
|
||||
COPY ./target/*.jar app.jar
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
ENTRYPOINT ["java", "-jar", "app.jar"]
|
||||
ENTRYPOINT ["java","-jar", "app.jar"]
|
||||
@@ -27,7 +27,7 @@
|
||||
<url/>
|
||||
</scm>
|
||||
<properties>
|
||||
<java.version>17</java.version>
|
||||
<java.version>21</java.version>
|
||||
</properties>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
@@ -38,6 +38,15 @@
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-validation</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.bucket4j</groupId>
|
||||
<artifactId>bucket4j-core</artifactId>
|
||||
<version>8.10.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
|
||||
@@ -71,6 +80,11 @@
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.h2database</groupId>
|
||||
<artifactId>h2</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-test</artifactId>
|
||||
|
||||
@@ -1,35 +1,35 @@
|
||||
package de.zendric.app.xpensely_server.controller;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import jakarta.validation.Valid;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.model.AppUserCreateRequest;
|
||||
import de.zendric.app.xpensely_server.model.UsernameAlreadyExistsException;
|
||||
import de.zendric.app.xpensely_server.model.Exception.UsernameAlreadyExistsException;
|
||||
import de.zendric.app.xpensely_server.security.AuthenticatedUserResolver;
|
||||
import de.zendric.app.xpensely_server.services.UserService;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/api/users")
|
||||
public class AppUserController {
|
||||
|
||||
private UserService userService;
|
||||
private final UserService userService;
|
||||
private final AuthenticatedUserResolver authenticatedUserResolver;
|
||||
|
||||
@Autowired
|
||||
public AppUserController(UserService userService) {
|
||||
public AppUserController(UserService userService, AuthenticatedUserResolver authenticatedUserResolver) {
|
||||
this.userService = userService;
|
||||
this.authenticatedUserResolver = authenticatedUserResolver;
|
||||
}
|
||||
|
||||
@GetMapping
|
||||
public AppUser getUser(@RequestParam Long id) {
|
||||
return userService.getUser(id);
|
||||
public ResponseEntity<AppUser> getUser(@RequestParam Long id, Authentication authentication) {
|
||||
AppUser self = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
assertSelf(self, id);
|
||||
return ResponseEntity.ok(userService.getUser(id));
|
||||
}
|
||||
|
||||
@GetMapping("/byName")
|
||||
@@ -38,23 +38,17 @@ public class AppUserController {
|
||||
}
|
||||
|
||||
@GetMapping("/byGoogleId")
|
||||
public ResponseEntity<AppUser> getUserByGoogleId(@RequestParam String id) {
|
||||
try {
|
||||
AppUser userByGoogleId = userService.getUserByGoogleId(id);
|
||||
return new ResponseEntity<>(userByGoogleId, HttpStatus.OK);
|
||||
|
||||
} catch (IllegalArgumentException e) {
|
||||
return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
|
||||
} catch (Exception e) {
|
||||
return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
public ResponseEntity<AppUser> getUserByGoogleId(@RequestParam String id, Authentication authentication) {
|
||||
AppUser self = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
if (!self.getGoogleId().equals(id))
|
||||
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
|
||||
return ResponseEntity.ok(self);
|
||||
}
|
||||
|
||||
@PostMapping("/createUser")
|
||||
public ResponseEntity<AppUser> createUser(@RequestBody AppUserCreateRequest userRequest) {
|
||||
public ResponseEntity<AppUser> createUser(@RequestBody @Valid AppUserCreateRequest userRequest) {
|
||||
try {
|
||||
AppUser convertedUser = userRequest.convertToAppUser();
|
||||
|
||||
AppUser nUser = userService.createUser(convertedUser);
|
||||
return new ResponseEntity<>(nUser, HttpStatus.CREATED);
|
||||
} catch (UsernameAlreadyExistsException e) {
|
||||
@@ -62,12 +56,18 @@ public class AppUserController {
|
||||
} catch (Exception e) {
|
||||
return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@DeleteMapping
|
||||
public String deleteUser(@RequestParam Long id) {
|
||||
public ResponseEntity<String> deleteUser(@RequestParam Long id, Authentication authentication) {
|
||||
AppUser self = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
assertSelf(self, id);
|
||||
AppUser user = userService.deleteUserById(id);
|
||||
return "User deleted : " + user.getUsername();
|
||||
return ResponseEntity.ok("User deleted: " + user.getUsername());
|
||||
}
|
||||
|
||||
private void assertSelf(AppUser authenticated, Long requestedId) {
|
||||
if (!authenticated.getId().equals(requestedId))
|
||||
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
|
||||
}
|
||||
}
|
||||
|
||||
+92
-112
@@ -1,117 +1,71 @@
|
||||
package de.zendric.app.xpensely_server.controller;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import jakarta.validation.Valid;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.PutMapping;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.model.Expense;
|
||||
import de.zendric.app.xpensely_server.model.ExpenseChangeRequest;
|
||||
import de.zendric.app.xpensely_server.model.ExpenseInput;
|
||||
import de.zendric.app.xpensely_server.model.ExpenseList;
|
||||
import de.zendric.app.xpensely_server.model.InviteRequest;
|
||||
import de.zendric.app.xpensely_server.model.*;
|
||||
import de.zendric.app.xpensely_server.security.AuthenticatedUserResolver;
|
||||
import de.zendric.app.xpensely_server.services.CategoryService;
|
||||
import de.zendric.app.xpensely_server.services.ExpenseListService;
|
||||
import de.zendric.app.xpensely_server.services.UserService;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/api/expenselist")
|
||||
class ExpenseListController {
|
||||
public class ExpenseListController {
|
||||
|
||||
private ExpenseListService expenseListService;
|
||||
private UserService userService;
|
||||
private final ExpenseListService expenseListService;
|
||||
private final UserService userService;
|
||||
private final CategoryService categoryService;
|
||||
private final AuthenticatedUserResolver authenticatedUserResolver;
|
||||
|
||||
@Autowired
|
||||
public ExpenseListController(ExpenseListService expenseListService, UserService userService) {
|
||||
public ExpenseListController(ExpenseListService expenseListService, UserService userService,
|
||||
CategoryService categoryService, AuthenticatedUserResolver authenticatedUserResolver) {
|
||||
this.expenseListService = expenseListService;
|
||||
this.userService = userService;
|
||||
this.categoryService = categoryService;
|
||||
this.authenticatedUserResolver = authenticatedUserResolver;
|
||||
}
|
||||
|
||||
@GetMapping("/all")
|
||||
public ResponseEntity<List<ExpenseList>> getAll() {
|
||||
try {
|
||||
List<ExpenseList> items = new ArrayList<>();
|
||||
|
||||
expenseListService.findAll().forEach(items::add);
|
||||
|
||||
if (items.isEmpty())
|
||||
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
|
||||
|
||||
return new ResponseEntity<>(items, HttpStatus.OK);
|
||||
} catch (Exception e) {
|
||||
return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
@GetMapping("/byUser")
|
||||
public ResponseEntity<List<ExpenseList>> getByUser(@RequestParam Long userId) {
|
||||
try {
|
||||
List<ExpenseList> items = expenseListService.findByUserId(userId);
|
||||
|
||||
if (items.isEmpty())
|
||||
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
|
||||
|
||||
return new ResponseEntity<>(items, HttpStatus.OK);
|
||||
} catch (Exception e) {
|
||||
return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
@GetMapping("/byUsername")
|
||||
public ResponseEntity<List<ExpenseList>> getByUser(@RequestParam String username) {
|
||||
try {
|
||||
List<ExpenseList> items = expenseListService.findByUsername(username);
|
||||
|
||||
if (items.isEmpty())
|
||||
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
|
||||
|
||||
return new ResponseEntity<>(items, HttpStatus.OK);
|
||||
} catch (Exception e) {
|
||||
return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
@GetMapping("/mine")
|
||||
public ResponseEntity<List<ExpenseList>> getMine(Authentication authentication) {
|
||||
AppUser user = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
List<ExpenseList> items = expenseListService.findByUserId(user.getId());
|
||||
if (items.isEmpty())
|
||||
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
|
||||
return new ResponseEntity<>(items, HttpStatus.OK);
|
||||
}
|
||||
|
||||
@GetMapping("/byId")
|
||||
public ResponseEntity<ExpenseList> getById(@RequestParam Long id) {
|
||||
public ResponseEntity<ExpenseList> getById(@RequestParam Long id, Authentication authentication) {
|
||||
AppUser user = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
Optional<ExpenseList> existingItemOptional = expenseListService.findById(id);
|
||||
|
||||
if (existingItemOptional.isPresent()) {
|
||||
return new ResponseEntity<>(existingItemOptional.get(), HttpStatus.OK);
|
||||
} else {
|
||||
if (existingItemOptional.isEmpty())
|
||||
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
|
||||
}
|
||||
assertMember(user, existingItemOptional.get());
|
||||
return new ResponseEntity<>(existingItemOptional.get(), HttpStatus.OK);
|
||||
}
|
||||
|
||||
@PostMapping("/create")
|
||||
public ResponseEntity<ExpenseList> create(@RequestBody ExpenseList expenseList) {
|
||||
public ResponseEntity<ExpenseList> create(@RequestBody ExpenseList expenseList,
|
||||
Authentication authentication) {
|
||||
try {
|
||||
if (expenseList.getOwner() != null) {
|
||||
AppUser existingOwner = userService.getUser(expenseList.getOwner().getId());
|
||||
if (existingOwner == null) {
|
||||
throw new IllegalArgumentException("Owner does not exist.");
|
||||
}
|
||||
expenseList.setOwner(existingOwner);
|
||||
} else {
|
||||
throw new IllegalArgumentException("Owner is required.");
|
||||
}
|
||||
|
||||
AppUser authenticatedUser = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
expenseList.setOwner(authenticatedUser);
|
||||
XpenselyStandardCategories standardCategories = categoryService.getDefaultCategories();
|
||||
expenseList.setXpenselyStandardCategories(standardCategories);
|
||||
expenseList.setSharedWith(null);
|
||||
|
||||
ExpenseList savedItem = expenseListService.createList(expenseList);
|
||||
return new ResponseEntity<>(savedItem, HttpStatus.CREATED);
|
||||
} catch (ResponseStatusException e) {
|
||||
throw e;
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
return new ResponseEntity<>(null, HttpStatus.EXPECTATION_FAILED);
|
||||
@@ -119,7 +73,12 @@ class ExpenseListController {
|
||||
}
|
||||
|
||||
@DeleteMapping("{id}")
|
||||
public ResponseEntity<HttpStatus> delete(@PathVariable("id") Long id) {
|
||||
public ResponseEntity<HttpStatus> delete(@PathVariable("id") Long id, Authentication authentication) {
|
||||
AppUser user = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
Optional<ExpenseList> listOpt = expenseListService.findById(id);
|
||||
if (listOpt.isEmpty())
|
||||
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
|
||||
assertOwner(user, listOpt.get());
|
||||
try {
|
||||
expenseListService.deleteById(id);
|
||||
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
|
||||
@@ -131,11 +90,16 @@ class ExpenseListController {
|
||||
@PostMapping("/{id}/add")
|
||||
public ResponseEntity<Expense> addExpenseToList(
|
||||
@PathVariable("id") Long expenseListId,
|
||||
@RequestBody ExpenseInput expenseInput) {
|
||||
@RequestBody @Valid ExpenseInput expenseInput,
|
||||
Authentication authentication) {
|
||||
AppUser user = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
Optional<ExpenseList> listOpt = expenseListService.findById(expenseListId);
|
||||
if (listOpt.isEmpty())
|
||||
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
|
||||
assertMember(user, listOpt.get());
|
||||
try {
|
||||
AppUser expenseOwner = userService.getUserByName(expenseInput.getOwner());
|
||||
Expense expense = expenseInput.convertToExpense(expenseOwner.getId());
|
||||
|
||||
Expense addedExpense = expenseListService.addExpenseToList(expenseListId, expense);
|
||||
return new ResponseEntity<>(addedExpense, HttpStatus.CREATED);
|
||||
} catch (Exception e) {
|
||||
@@ -146,18 +110,18 @@ class ExpenseListController {
|
||||
@PutMapping("/{id}/update")
|
||||
public ResponseEntity<Expense> updateExpenseInList(
|
||||
@PathVariable("id") Long expenseListId,
|
||||
@RequestBody ExpenseChangeRequest expenseChangeRequest) {
|
||||
@RequestBody @Valid ExpenseChangeRequest expenseChangeRequest,
|
||||
Authentication authentication) {
|
||||
AppUser user = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
Optional<ExpenseList> expenseListOpt = expenseListService.findById(expenseListId);
|
||||
if (expenseListOpt.isEmpty())
|
||||
return new ResponseEntity<>(null, HttpStatus.NOT_FOUND);
|
||||
assertMember(user, expenseListOpt.get());
|
||||
try {
|
||||
AppUser expenseOwner = userService.getUserByName(expenseChangeRequest.getOwnerName());
|
||||
Optional<ExpenseList> expenseList = expenseListService.findById(expenseListId);
|
||||
if (expenseList.isPresent()) {
|
||||
Expense expense = expenseChangeRequest.convertToExpense(expenseOwner.getId(), expenseList.get());
|
||||
|
||||
Expense addedExpense = expenseListService.updateExpense(expenseListId, expense);
|
||||
return new ResponseEntity<>(addedExpense, HttpStatus.CREATED);
|
||||
}
|
||||
return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
|
||||
|
||||
Expense expense = expenseChangeRequest.convertToExpense(expenseOwner.getId(), expenseListOpt.get());
|
||||
Expense updatedExpense = expenseListService.updateExpense(expenseListId, expense);
|
||||
return new ResponseEntity<>(updatedExpense, HttpStatus.OK);
|
||||
} catch (Exception e) {
|
||||
return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
|
||||
}
|
||||
@@ -166,7 +130,13 @@ class ExpenseListController {
|
||||
@DeleteMapping("/{id}/delete")
|
||||
public ResponseEntity<Expense> deleteExpenseFromList(
|
||||
@PathVariable("id") Long expenseListId,
|
||||
@RequestParam("expenseId") Long expenseId) {
|
||||
@RequestParam("expenseId") Long expenseId,
|
||||
Authentication authentication) {
|
||||
AppUser user = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
Optional<ExpenseList> listOpt = expenseListService.findById(expenseListId);
|
||||
if (listOpt.isEmpty())
|
||||
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
|
||||
assertMember(user, listOpt.get());
|
||||
try {
|
||||
expenseListService.deleteExpenseFromList(expenseListId, expenseId);
|
||||
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
|
||||
@@ -176,13 +146,20 @@ class ExpenseListController {
|
||||
}
|
||||
|
||||
@PostMapping("/{listId}/invite")
|
||||
public ResponseEntity<String> generateInvite(@PathVariable Long listId) {
|
||||
public ResponseEntity<String> generateInvite(@PathVariable Long listId, Authentication authentication) {
|
||||
AppUser user = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
Optional<ExpenseList> listOpt = expenseListService.findById(listId);
|
||||
if (listOpt.isEmpty())
|
||||
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
|
||||
assertOwner(user, listOpt.get());
|
||||
String inviteCode = expenseListService.generateInviteCode(listId);
|
||||
return ResponseEntity.ok(inviteCode);
|
||||
}
|
||||
|
||||
@PostMapping("/accept-invite")
|
||||
public ResponseEntity<?> acceptInvite(@RequestBody InviteRequest inviteRequest) {
|
||||
public ResponseEntity<?> acceptInvite(@RequestBody @Valid InviteRequest inviteRequest,
|
||||
Authentication authentication) {
|
||||
AppUser authenticatedUser = authenticatedUserResolver.resolveCurrentUser(authentication);
|
||||
ExpenseList list = expenseListService.findByInviteCode(inviteRequest.getInviteCode());
|
||||
|
||||
if (list == null || list.getInviteCodeExpiration() == null ||
|
||||
@@ -192,21 +169,24 @@ class ExpenseListController {
|
||||
if (list.getSharedWith() != null) {
|
||||
return ResponseEntity.status(HttpStatus.IM_USED).body("List has already been shared");
|
||||
}
|
||||
if (list.getOwner().getId() == inviteRequest.getUserId()) {
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("You cant join your own List");
|
||||
}
|
||||
AppUser user = null;
|
||||
try {
|
||||
user = userService.getUser(inviteRequest.getUserId());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("User not found");
|
||||
}
|
||||
if (user != null) {
|
||||
list.setSharedWith(user);
|
||||
expenseListService.save(list);
|
||||
} else {
|
||||
throw new RuntimeException("User not found");
|
||||
if (list.getOwner().getId().equals(authenticatedUser.getId())) {
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("You cannot join your own list");
|
||||
}
|
||||
list.setSharedWith(authenticatedUser);
|
||||
expenseListService.save(list);
|
||||
return ResponseEntity.ok("User added to the list");
|
||||
}
|
||||
|
||||
private void assertOwner(AppUser authenticated, ExpenseList list) {
|
||||
if (!list.getOwner().getId().equals(authenticated.getId()))
|
||||
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
|
||||
}
|
||||
|
||||
private void assertMember(AppUser authenticated, ExpenseList list) {
|
||||
boolean isOwner = list.getOwner().getId().equals(authenticated.getId());
|
||||
boolean isShared = list.getSharedWith() != null
|
||||
&& list.getSharedWith().getId().equals(authenticated.getId());
|
||||
if (!isOwner && !isShared)
|
||||
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
package de.zendric.app.xpensely_server.controller;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.validation.FieldError;
|
||||
import org.springframework.web.bind.MethodArgumentNotValidException;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
import org.springframework.web.bind.annotation.RestControllerAdvice;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@RestControllerAdvice
|
||||
public class GlobalExceptionHandler {
|
||||
|
||||
@ExceptionHandler(MethodArgumentNotValidException.class)
|
||||
public ResponseEntity<Map<String, String>> handleValidationErrors(MethodArgumentNotValidException ex) {
|
||||
Map<String, String> errors = new HashMap<>();
|
||||
for (FieldError fieldError : ex.getBindingResult().getFieldErrors()) {
|
||||
errors.put(fieldError.getField(), fieldError.getDefaultMessage());
|
||||
}
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(errors);
|
||||
}
|
||||
|
||||
@ExceptionHandler(IllegalArgumentException.class)
|
||||
public ResponseEntity<Map<String, String>> handleIllegalArgument(IllegalArgumentException ex) {
|
||||
return ResponseEntity.status(HttpStatus.BAD_REQUEST)
|
||||
.body(Map.of("error", ex.getMessage()));
|
||||
}
|
||||
}
|
||||
@@ -1,21 +1,25 @@
|
||||
package de.zendric.app.xpensely_server.model;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.validation.constraints.NotBlank;
|
||||
import jakarta.validation.constraints.Pattern;
|
||||
import jakarta.validation.constraints.Size;
|
||||
import lombok.Data;
|
||||
|
||||
@Data
|
||||
public class AppUserCreateRequest {
|
||||
|
||||
@Column(name = "username", nullable = false, unique = true)
|
||||
@NotBlank(message = "Username is required")
|
||||
@Size(min = 3, max = 30, message = "Username must be between 3 and 30 characters")
|
||||
@Pattern(regexp = "^[a-zA-Z0-9_.\\-]+$", message = "Username may only contain letters, digits, underscores, dots, and hyphens")
|
||||
private String username;
|
||||
|
||||
@NotBlank(message = "Google ID is required")
|
||||
private String googleId;
|
||||
|
||||
public AppUser convertToAppUser() {
|
||||
AppUser appUser = new AppUser();
|
||||
appUser.setGoogleId(googleId);
|
||||
appUser.setUsername(username);
|
||||
|
||||
return appUser;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
package de.zendric.app.xpensely_server.model.DTO;
|
||||
|
||||
public class ExpenseListDTO {
|
||||
|
||||
// TODO should combine the two categories to one;
|
||||
|
||||
// private List<CategoryDTO> availableCategories;
|
||||
}
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
package de.zendric.app.xpensely_server.model.Exception;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
|
||||
@ResponseStatus(HttpStatus.NOT_FOUND)
|
||||
public class ResourceNotFoundException extends RuntimeException {
|
||||
public ResourceNotFoundException(String message) {
|
||||
super(message);
|
||||
}
|
||||
}
|
||||
+1
-1
@@ -1,4 +1,4 @@
|
||||
package de.zendric.app.xpensely_server.model;
|
||||
package de.zendric.app.xpensely_server.model.Exception;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
@@ -34,7 +34,7 @@ public class Expense {
|
||||
private Double amount;
|
||||
private Double personalUseAmount;
|
||||
private Double otherPersonAmount;
|
||||
|
||||
private String category;
|
||||
private LocalDate date;
|
||||
|
||||
@ManyToOne
|
||||
|
||||
@@ -2,6 +2,10 @@ package de.zendric.app.xpensely_server.model;
|
||||
|
||||
import java.time.LocalDate;
|
||||
|
||||
import jakarta.validation.constraints.DecimalMin;
|
||||
import jakarta.validation.constraints.NotBlank;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import jakarta.validation.constraints.Size;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
@@ -12,13 +16,27 @@ import lombok.NoArgsConstructor;
|
||||
public class ExpenseChangeRequest {
|
||||
|
||||
private Long id;
|
||||
|
||||
@NotBlank(message = "Title is required")
|
||||
@Size(max = 100, message = "Title must not exceed 100 characters")
|
||||
private String title;
|
||||
|
||||
@NotBlank(message = "Owner name is required")
|
||||
private String ownerName;
|
||||
|
||||
@NotNull(message = "Amount is required")
|
||||
@DecimalMin(value = "0.01", message = "Amount must be greater than zero")
|
||||
private Double amount;
|
||||
|
||||
private Double personalUseAmount;
|
||||
private Double otherPersonAmount;
|
||||
|
||||
@NotNull(message = "Date is required")
|
||||
private LocalDate date;
|
||||
|
||||
@NotBlank(message = "Category is required")
|
||||
private String category;
|
||||
|
||||
public Expense convertToExpense(Long userId, ExpenseList expenseList) {
|
||||
AppUser appUser = new AppUser();
|
||||
appUser.setId(userId);
|
||||
@@ -33,7 +51,8 @@ public class ExpenseChangeRequest {
|
||||
expense.setId(id);
|
||||
expense.setOwner(appUser);
|
||||
expense.setTitle(title);
|
||||
expense.setCategory(category);
|
||||
|
||||
return expense;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,9 +2,10 @@ package de.zendric.app.xpensely_server.model;
|
||||
|
||||
import java.time.LocalDate;
|
||||
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.GenerationType;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.validation.constraints.DecimalMin;
|
||||
import jakarta.validation.constraints.NotBlank;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import jakarta.validation.constraints.Size;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
@@ -16,20 +17,28 @@ import lombok.Setter;
|
||||
@NoArgsConstructor
|
||||
public class ExpenseInput {
|
||||
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
private Long id;
|
||||
|
||||
@NotBlank(message = "Title is required")
|
||||
@Size(max = 100, message = "Title must not exceed 100 characters")
|
||||
private String title;
|
||||
|
||||
@NotBlank(message = "Owner is required")
|
||||
private String owner;
|
||||
|
||||
@NotNull(message = "Amount is required")
|
||||
@DecimalMin(value = "0.01", message = "Amount must be greater than zero")
|
||||
private Double amount;
|
||||
|
||||
private Double personalUseAmount;
|
||||
private Double otherPersonAmount;
|
||||
|
||||
@NotNull(message = "Date is required")
|
||||
private LocalDate date;
|
||||
|
||||
@NotBlank(message = "Category is required")
|
||||
private String category;
|
||||
|
||||
private ExpenseList expenseList;
|
||||
|
||||
public Expense convertToExpense(Long userId) {
|
||||
@@ -46,6 +55,7 @@ public class ExpenseInput {
|
||||
expense.setId(id);
|
||||
expense.setOwner(appUser);
|
||||
expense.setTitle(title);
|
||||
expense.setCategory(category);
|
||||
|
||||
return expense;
|
||||
}
|
||||
|
||||
@@ -8,6 +8,7 @@ import com.fasterxml.jackson.annotation.JsonManagedReference;
|
||||
|
||||
import jakarta.persistence.CascadeType;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.GenerationType;
|
||||
import jakarta.persistence.Id;
|
||||
@@ -40,6 +41,14 @@ public class ExpenseList {
|
||||
@ManyToOne
|
||||
private AppUser sharedWith;
|
||||
|
||||
@ManyToOne(fetch = FetchType.EAGER)
|
||||
private XpenselyStandardCategories xpenselyStandardCategories;
|
||||
|
||||
@OneToMany(mappedBy = "expenseList", cascade = CascadeType.ALL, orphanRemoval = true)
|
||||
@JsonManagedReference
|
||||
@jakarta.persistence.OrderBy("name ASC")
|
||||
private List<XpenselyCustomCategory> customCategories;
|
||||
|
||||
@OneToMany(mappedBy = "expenseList", cascade = CascadeType.ALL, orphanRemoval = true)
|
||||
@JsonManagedReference
|
||||
@jakarta.persistence.OrderBy("date ASC, id ASC")
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
package de.zendric.app.xpensely_server.model;
|
||||
|
||||
import jakarta.validation.constraints.NotBlank;
|
||||
import jakarta.validation.constraints.Size;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
@@ -8,6 +10,8 @@ import lombok.NoArgsConstructor;
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class InviteRequest {
|
||||
|
||||
@NotBlank(message = "Invite code is required")
|
||||
@Size(min = 6, max = 6, message = "Invite code must be exactly 6 characters")
|
||||
private String inviteCode;
|
||||
private Long userId;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
package de.zendric.app.xpensely_server.model;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonBackReference;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.GenerationType;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.ManyToOne;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
|
||||
@Entity
|
||||
@Getter
|
||||
@Setter
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class XpenselyCustomCategory {
|
||||
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
private Long id;
|
||||
|
||||
private String name;
|
||||
|
||||
@Column(name = "color_code", length = 7, nullable = false)
|
||||
private String colorCode;
|
||||
|
||||
@ManyToOne
|
||||
@JoinColumn(name = "expense_list_id", nullable = false)
|
||||
@JsonBackReference
|
||||
private ExpenseList expenseList;
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
package de.zendric.app.xpensely_server.model;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import jakarta.persistence.CascadeType;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.OneToMany;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
|
||||
@Entity
|
||||
@Getter
|
||||
@Setter
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class XpenselyStandardCategories {
|
||||
|
||||
@Id
|
||||
private Long id;
|
||||
|
||||
@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER, orphanRemoval = true)
|
||||
@JoinColumn(name = "global_categories_id")
|
||||
private List<XpenselyStandardCategory> categories;
|
||||
}
|
||||
@@ -0,0 +1,27 @@
|
||||
package de.zendric.app.xpensely_server.model;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.GenerationType;
|
||||
import jakarta.persistence.Id;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
|
||||
@Entity
|
||||
@Getter
|
||||
@Setter
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class XpenselyStandardCategory {
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
private Long id;
|
||||
|
||||
private String name;
|
||||
|
||||
@Column(name = "color_code", length = 7, nullable = false)
|
||||
private String colorCode;
|
||||
}
|
||||
@@ -0,0 +1,40 @@
|
||||
package de.zendric.app.xpensely_server.preparation;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.CommandLineRunner;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.XpenselyStandardCategories;
|
||||
import de.zendric.app.xpensely_server.model.XpenselyStandardCategory;
|
||||
import de.zendric.app.xpensely_server.repo.XpenselyStandardCategoriesRepository;
|
||||
|
||||
@Component
|
||||
public class DataInitializer implements CommandLineRunner {
|
||||
|
||||
@Autowired
|
||||
private XpenselyStandardCategoriesRepository globalRepo;
|
||||
|
||||
@Override
|
||||
public void run(String... args) throws Exception {
|
||||
Optional<XpenselyStandardCategories> optional = globalRepo.findById(1L);
|
||||
|
||||
XpenselyStandardCategories global = optional.orElseGet(() -> {
|
||||
XpenselyStandardCategories g = new XpenselyStandardCategories();
|
||||
g.setId(1L);
|
||||
return g;
|
||||
});
|
||||
|
||||
List<XpenselyStandardCategory> categories = List.of(
|
||||
new XpenselyStandardCategory(null, "Food", "#FF5733"),
|
||||
new XpenselyStandardCategory(null, "Transportation", "#33C3FF"),
|
||||
new XpenselyStandardCategory(null, "Entertainment", "#33FF57"),
|
||||
new XpenselyStandardCategory(null, "Shopping", "#FF33A8"),
|
||||
new XpenselyStandardCategory(null, "Household", "#FFC733"),
|
||||
new XpenselyStandardCategory(null, "Other", "#9D33FF"));
|
||||
global.setCategories(categories);
|
||||
globalRepo.save(global);
|
||||
}
|
||||
}
|
||||
@@ -3,13 +3,22 @@ package de.zendric.app.xpensely_server.repo;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.query.Param;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.ExpenseList;
|
||||
|
||||
@Repository
|
||||
public interface ExpenseListRepository extends JpaRepository<ExpenseList, Long> {
|
||||
|
||||
List<ExpenseList> findByOwnerId(Long ownerId);
|
||||
|
||||
ExpenseList findByInviteCode(String inviteCode);
|
||||
}
|
||||
|
||||
@Query("SELECT el FROM ExpenseList el WHERE el.owner.id = :userId OR el.sharedWith.id = :userId")
|
||||
List<ExpenseList> findByOwnerIdOrSharedWithId(@Param("userId") Long userId);
|
||||
|
||||
@Query("SELECT el FROM ExpenseList el WHERE el.owner.username = :username OR el.sharedWith.username = :username")
|
||||
List<ExpenseList> findByOwnerUsernameOrSharedWithUsername(@Param("username") String username);
|
||||
}
|
||||
|
||||
+10
@@ -0,0 +1,10 @@
|
||||
package de.zendric.app.xpensely_server.repo;
|
||||
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.XpenselyCustomCategory;
|
||||
|
||||
@Repository
|
||||
public interface XpenselyCustomCategoryRepository extends JpaRepository<XpenselyCustomCategory, Long> {
|
||||
}
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
package de.zendric.app.xpensely_server.repo;
|
||||
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.XpenselyStandardCategories;
|
||||
|
||||
@Repository
|
||||
public interface XpenselyStandardCategoriesRepository extends JpaRepository<XpenselyStandardCategories, Long> {
|
||||
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
package de.zendric.app.xpensely_server.security;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.services.UserService;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
@Component
|
||||
public class AuthenticatedUserResolver {
|
||||
|
||||
private final UserService userService;
|
||||
|
||||
public AuthenticatedUserResolver(UserService userService) {
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
public AppUser resolveCurrentUser(Authentication authentication) {
|
||||
if (authentication == null) {
|
||||
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Not authenticated");
|
||||
}
|
||||
Jwt jwt = (Jwt) authentication.getPrincipal();
|
||||
String googleId = jwt.getSubject();
|
||||
try {
|
||||
AppUser user = userService.getUserByGoogleId(googleId);
|
||||
if (user == null) {
|
||||
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "User not registered");
|
||||
}
|
||||
return user;
|
||||
} catch (IllegalArgumentException e) {
|
||||
throw new ResponseStatusException(HttpStatus.FORBIDDEN, "User not registered");
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,61 @@
|
||||
package de.zendric.app.xpensely_server.security;
|
||||
|
||||
import io.github.bucket4j.Bandwidth;
|
||||
import io.github.bucket4j.Bucket;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.time.Duration;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
public class RateLimitFilter extends OncePerRequestFilter {
|
||||
|
||||
private static final int REQUESTS_PER_MINUTE = 60;
|
||||
|
||||
private final Map<String, Bucket> buckets = new ConcurrentHashMap<>();
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
FilterChain filterChain) throws ServletException, IOException {
|
||||
String key = resolveKey(request);
|
||||
Bucket bucket = buckets.computeIfAbsent(key, k -> newBucket());
|
||||
|
||||
if (bucket.tryConsume(1)) {
|
||||
filterChain.doFilter(request, response);
|
||||
} else {
|
||||
response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
|
||||
response.getWriter().write("Rate limit exceeded");
|
||||
}
|
||||
}
|
||||
|
||||
private String resolveKey(HttpServletRequest request) {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth != null && auth.getPrincipal() instanceof Jwt jwt) {
|
||||
return "user:" + jwt.getSubject();
|
||||
}
|
||||
String ip = request.getHeader("X-Forwarded-For");
|
||||
if (ip != null && !ip.isBlank()) {
|
||||
return "ip:" + ip.split(",")[0].trim();
|
||||
}
|
||||
return "ip:" + request.getRemoteAddr();
|
||||
}
|
||||
|
||||
private Bucket newBucket() {
|
||||
return Bucket.builder()
|
||||
.addLimit(Bandwidth.builder()
|
||||
.capacity(REQUESTS_PER_MINUTE)
|
||||
.refillGreedy(REQUESTS_PER_MINUTE, Duration.ofMinutes(1))
|
||||
.build())
|
||||
.build();
|
||||
}
|
||||
}
|
||||
@@ -2,25 +2,29 @@ package de.zendric.app.xpensely_server.security;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig {
|
||||
// @Bean
|
||||
// public SecurityFilterChain securityFilterChain(HttpSecurity http) throws
|
||||
// Exception {
|
||||
// http.authorizeHttpRequests(auth -> auth
|
||||
// .anyRequest().permitAll()).csrf().disable();
|
||||
// ;
|
||||
@Bean
|
||||
@Profile("test") // Only enable this for testing
|
||||
public SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.anyRequest().permitAll())
|
||||
.csrf().disable();
|
||||
|
||||
// return http.build();
|
||||
// }
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Profile("!test")
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
@@ -28,6 +32,7 @@ public class SecurityConfig {
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(Customizer.withDefaults()))
|
||||
.oauth2Login(Customizer.withDefaults())
|
||||
.addFilterAfter(new RateLimitFilter(), BearerTokenAuthenticationFilter.class)
|
||||
.csrf().disable();
|
||||
|
||||
return http.build();
|
||||
|
||||
@@ -0,0 +1,24 @@
|
||||
package de.zendric.app.xpensely_server.services;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.XpenselyStandardCategories;
|
||||
import de.zendric.app.xpensely_server.repo.XpenselyStandardCategoriesRepository;
|
||||
|
||||
@Service
|
||||
public class CategoryService {
|
||||
|
||||
private final XpenselyStandardCategoriesRepository standardCategoriesRepo;
|
||||
|
||||
@Autowired
|
||||
public CategoryService(XpenselyStandardCategoriesRepository standardCategoriesRepo) {
|
||||
this.standardCategoriesRepo = standardCategoriesRepo;
|
||||
}
|
||||
|
||||
public XpenselyStandardCategories getDefaultCategories() {
|
||||
return standardCategoriesRepo.findById(1L)
|
||||
.orElseThrow(() -> new IllegalStateException("Standard categories not found"));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,37 +1,34 @@
|
||||
package de.zendric.app.xpensely_server.services;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.model.Expense;
|
||||
import de.zendric.app.xpensely_server.model.ExpenseList;
|
||||
import de.zendric.app.xpensely_server.model.Exception.ResourceNotFoundException;
|
||||
import de.zendric.app.xpensely_server.model.XpenselyCustomCategory;
|
||||
import de.zendric.app.xpensely_server.repo.ExpenseListRepository;
|
||||
import de.zendric.app.xpensely_server.repo.ExpenseRepository;
|
||||
import jakarta.persistence.EntityManager;
|
||||
import de.zendric.app.xpensely_server.repo.XpenselyCustomCategoryRepository;
|
||||
|
||||
@Service
|
||||
@Transactional
|
||||
public class ExpenseListService {
|
||||
|
||||
private ExpenseListRepository repository;
|
||||
private final ExpenseListRepository repository;
|
||||
private final ExpenseRepository expenseRepository;
|
||||
private final XpenselyCustomCategoryRepository customCategoryRepository;
|
||||
|
||||
@Autowired
|
||||
private EntityManager entityManager;
|
||||
|
||||
@Autowired
|
||||
public ExpenseListService(ExpenseListRepository repository, ExpenseRepository expenseRepository) {
|
||||
public ExpenseListService(ExpenseListRepository repository, ExpenseRepository expenseRepository,
|
||||
XpenselyCustomCategoryRepository customCategoryRepository) {
|
||||
this.repository = repository;
|
||||
this.expenseRepository = expenseRepository;
|
||||
this.customCategoryRepository = customCategoryRepository;
|
||||
}
|
||||
|
||||
public List<ExpenseList> getAllLists() {
|
||||
@@ -63,67 +60,24 @@ public class ExpenseListService {
|
||||
}
|
||||
|
||||
public List<ExpenseList> findByUserId(Long id) {
|
||||
List<ExpenseList> allLists = repository.findAll();
|
||||
List<ExpenseList> userSpecificList = new ArrayList<>();
|
||||
for (ExpenseList expenseList : allLists) {
|
||||
AppUser sharedWith = expenseList.getSharedWith();
|
||||
|
||||
if (expenseList.getOwner().getId().equals(id)) {
|
||||
userSpecificList.add(expenseList);
|
||||
} else {
|
||||
if (sharedWith != null && sharedWith.getId().equals(id)) {
|
||||
userSpecificList.add(expenseList);
|
||||
}
|
||||
}
|
||||
}
|
||||
return userSpecificList;
|
||||
return repository.findByOwnerIdOrSharedWithId(id);
|
||||
}
|
||||
|
||||
public List<ExpenseList> findByUsername(String username) {
|
||||
List<ExpenseList> allLists = repository.findAll();
|
||||
List<ExpenseList> userSpecificList = new ArrayList<>();
|
||||
for (ExpenseList expenseList : allLists) {
|
||||
AppUser sharedWith = expenseList.getSharedWith();
|
||||
|
||||
if (expenseList.getOwner().getUsername().equals(username)) {
|
||||
userSpecificList.add(expenseList);
|
||||
} else {
|
||||
if (sharedWith != null && sharedWith.getUsername().equals(username)) {
|
||||
userSpecificList.add(expenseList);
|
||||
}
|
||||
}
|
||||
}
|
||||
return userSpecificList;
|
||||
|
||||
return repository.findByOwnerUsernameOrSharedWithUsername(username);
|
||||
}
|
||||
|
||||
public Expense addExpenseToList(Long expenseListId, Expense expense) {
|
||||
// find expenseList
|
||||
ExpenseList expenseList = repository.findById(expenseListId)
|
||||
.orElseThrow(() -> new RuntimeException("ExpenseList not found with id: " + expenseListId));
|
||||
// get all added expenses
|
||||
HashSet<Long> existingId = new HashSet<>();
|
||||
for (Expense e : expenseList.getExpenses()) {
|
||||
existingId.add(e.getId());
|
||||
}
|
||||
// add the new expense
|
||||
.orElseThrow(() -> new ResourceNotFoundException("ExpenseList not found with id: " + expenseListId));
|
||||
expenseList.addExpense(expense);
|
||||
// save
|
||||
repository.save(expenseList);
|
||||
|
||||
Expense newExpense = new Expense();
|
||||
for (Expense e : expenseList.getExpenses()) {
|
||||
if (!existingId.contains(e.getId())) {
|
||||
newExpense = e;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return newExpense;
|
||||
return expense;
|
||||
}
|
||||
|
||||
public void deleteExpenseFromList(Long expenseListId, Long expenseId) {
|
||||
ExpenseList expenseList = repository.findById(expenseListId)
|
||||
.orElseThrow(() -> new RuntimeException("ExpenseList not found with id: " + expenseListId));
|
||||
.orElseThrow(() -> new ResourceNotFoundException("ExpenseList not found with id: " + expenseListId));
|
||||
Expense expenseToRemove = null;
|
||||
for (Expense expense : expenseList.getExpenses()) {
|
||||
if (expense.getId().equals(expenseId)) {
|
||||
@@ -134,14 +88,14 @@ public class ExpenseListService {
|
||||
if (expenseToRemove != null) {
|
||||
expenseList.removeExpense(expenseToRemove);
|
||||
} else {
|
||||
throw new RuntimeException("Expense not found with id: " + expenseId);
|
||||
throw new ResourceNotFoundException("Expense not found with id: " + expenseId);
|
||||
}
|
||||
repository.save(expenseList);
|
||||
}
|
||||
|
||||
public String generateInviteCode(Long listId) {
|
||||
ExpenseList list = repository.findById(listId)
|
||||
.orElseThrow(() -> new RuntimeException("List not found"));
|
||||
.orElseThrow(() -> new ResourceNotFoundException("List not found"));
|
||||
String inviteCode;
|
||||
if (list.getInviteCode() == null || list.getInviteCodeExpiration().isBefore(LocalDateTime.now())) {
|
||||
|
||||
@@ -163,7 +117,7 @@ public class ExpenseListService {
|
||||
|
||||
public Expense updateExpense(Long expenseListId, Expense updatedExpense) {
|
||||
ExpenseList expenseList = repository.findById(expenseListId)
|
||||
.orElseThrow(() -> new IllegalArgumentException("ExpenseList not found"));
|
||||
.orElseThrow(() -> new ResourceNotFoundException("ExpenseList not found with id: " + expenseListId));
|
||||
|
||||
if (!expenseList.getExpenses().stream()
|
||||
.anyMatch(expense -> expense.getId().equals(updatedExpense.getId()))) {
|
||||
@@ -171,14 +125,35 @@ public class ExpenseListService {
|
||||
}
|
||||
|
||||
Expense existingExpense = expenseRepository.findById(updatedExpense.getId())
|
||||
.orElseThrow(() -> new IllegalArgumentException("Expense not found"));
|
||||
.orElseThrow(() -> new ResourceNotFoundException("Expense not found with id: " + updatedExpense.getId()));
|
||||
existingExpense.setTitle(updatedExpense.getTitle());
|
||||
existingExpense.setAmount(updatedExpense.getAmount());
|
||||
existingExpense.setPersonalUseAmount(updatedExpense.getPersonalUseAmount());
|
||||
existingExpense.setOtherPersonAmount(updatedExpense.getOtherPersonAmount());
|
||||
existingExpense.setDate(updatedExpense.getDate());
|
||||
existingExpense.setOwner(updatedExpense.getOwner());
|
||||
existingExpense.setCategory(updatedExpense.getCategory());
|
||||
|
||||
return expenseRepository.save(existingExpense);
|
||||
}
|
||||
|
||||
// TODO implement API for this
|
||||
public XpenselyCustomCategory addCustomCategory(Long expenseListId, XpenselyCustomCategory customCategory) {
|
||||
ExpenseList expenseList = repository.findById(expenseListId)
|
||||
.orElseThrow(() -> new ResourceNotFoundException("Expense List not found"));
|
||||
customCategory.setExpenseList(expenseList);
|
||||
|
||||
return customCategoryRepository.save(customCategory);
|
||||
}
|
||||
|
||||
// TODO implement API for this
|
||||
public void deleteCustomCategory(Long expenseListId, Long categoryId) {
|
||||
XpenselyCustomCategory category = customCategoryRepository.findById(categoryId)
|
||||
.orElseThrow(() -> new ResourceNotFoundException("Custom Category not found"));
|
||||
if (!category.getExpenseList().getId().equals(expenseListId)) {
|
||||
throw new IllegalArgumentException("Category does not belong to the specified Expense List");
|
||||
}
|
||||
customCategoryRepository.delete(category);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,12 +1,12 @@
|
||||
package de.zendric.app.xpensely_server.services;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.model.UsernameAlreadyExistsException;
|
||||
import de.zendric.app.xpensely_server.model.Exception.ResourceNotFoundException;
|
||||
import de.zendric.app.xpensely_server.model.Exception.UsernameAlreadyExistsException;
|
||||
import de.zendric.app.xpensely_server.repo.UserRepository;
|
||||
|
||||
@Service
|
||||
@@ -29,36 +29,24 @@ public class UserService {
|
||||
}
|
||||
|
||||
public AppUser getUser(Long id) {
|
||||
Optional<AppUser> user = userRepository.findById(id);
|
||||
if (user.isPresent()) {
|
||||
return user.get();
|
||||
} else
|
||||
return null;
|
||||
return userRepository.findById(id)
|
||||
.orElseThrow(() -> new ResourceNotFoundException("User not found with id: " + id));
|
||||
}
|
||||
|
||||
public AppUser deleteUserById(Long id) {
|
||||
Optional<AppUser> user = userRepository.findById(id);
|
||||
if (user.isPresent()) {
|
||||
userRepository.deleteById(id);
|
||||
return user.get();
|
||||
} else
|
||||
return null;
|
||||
AppUser user = userRepository.findById(id)
|
||||
.orElseThrow(() -> new ResourceNotFoundException("User not found with id: " + id));
|
||||
userRepository.deleteById(id);
|
||||
return user;
|
||||
}
|
||||
|
||||
public AppUser getUserByName(String username) {
|
||||
Optional<AppUser> optUser = userRepository.findByUsername(username);
|
||||
if (optUser.isPresent()) {
|
||||
return optUser.get();
|
||||
} else
|
||||
return null;
|
||||
return userRepository.findByUsername(username)
|
||||
.orElseThrow(() -> new ResourceNotFoundException("User not found: " + username));
|
||||
}
|
||||
|
||||
public AppUser getUserByGoogleId(String id) {
|
||||
Optional<AppUser> optUser = userRepository.findByGoogleId(id);
|
||||
if (optUser.isPresent()) {
|
||||
return optUser.get();
|
||||
} else
|
||||
return null;
|
||||
return userRepository.findByGoogleId(id)
|
||||
.orElseThrow(() -> new ResourceNotFoundException("User not found with Google ID: " + id));
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 3.5 KiB |
@@ -0,0 +1,47 @@
|
||||
package de.zendric.app.xpensely_Server;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.ExpenseList;
|
||||
import de.zendric.app.xpensely_server.repo.ExpenseListRepository;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
|
||||
@DataJpaTest
|
||||
class ExpenseListRepositoryTest {
|
||||
|
||||
@Autowired
|
||||
private ExpenseListRepository expenseListRepository;
|
||||
|
||||
@Test
|
||||
void saveAndFindById_returnsExpenseList() {
|
||||
ExpenseList list = new ExpenseList();
|
||||
list.setName("Groceries");
|
||||
ExpenseList saved = expenseListRepository.save(list);
|
||||
|
||||
Optional<ExpenseList> found = expenseListRepository.findById(saved.getId());
|
||||
|
||||
assertTrue(found.isPresent());
|
||||
assertEquals("Groceries", found.get().getName());
|
||||
}
|
||||
|
||||
@Test
|
||||
void findById_nonExistentId_returnsEmpty() {
|
||||
Optional<ExpenseList> found = expenseListRepository.findById(999L);
|
||||
assertTrue(found.isEmpty());
|
||||
}
|
||||
|
||||
@Test
|
||||
void delete_removesFromRepository() {
|
||||
ExpenseList list = new ExpenseList();
|
||||
list.setName("To Delete");
|
||||
ExpenseList saved = expenseListRepository.save(list);
|
||||
|
||||
expenseListRepository.deleteById(saved.getId());
|
||||
|
||||
assertTrue(expenseListRepository.findById(saved.getId()).isEmpty());
|
||||
}
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
package de.zendric.app.xpensely_Server;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
|
||||
@SpringBootTest
|
||||
class XpenselyServerApplicationTests {
|
||||
|
||||
@Test
|
||||
void contextLoads() {
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,95 @@
|
||||
package de.zendric.app.xpensely_Server.controller;
|
||||
|
||||
import de.zendric.app.xpensely_server.controller.AppUserController;
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.security.AuthenticatedUserResolver;
|
||||
import de.zendric.app.xpensely_server.services.UserService;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
import org.springframework.test.context.bean.override.mockito.MockitoBean;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
||||
|
||||
@WebMvcTest(AppUserController.class)
|
||||
@AutoConfigureMockMvc(addFilters = false)
|
||||
@ActiveProfiles("test")
|
||||
class AppUserControllerTest {
|
||||
|
||||
@Autowired MockMvc mockMvc;
|
||||
@MockitoBean UserService userService;
|
||||
@MockitoBean AuthenticatedUserResolver authenticatedUserResolver;
|
||||
|
||||
@Test
|
||||
void createUser_blankUsername_returns400WithFieldError() throws Exception {
|
||||
mockMvc.perform(post("/api/users/createUser")
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content("{\"username\":\"\",\"googleId\":\"gid123\"}"))
|
||||
.andExpect(status().isBadRequest())
|
||||
.andExpect(jsonPath("$.username").exists());
|
||||
}
|
||||
|
||||
@Test
|
||||
void createUser_invalidUsernamePattern_returns400() throws Exception {
|
||||
mockMvc.perform(post("/api/users/createUser")
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content("{\"username\":\"hello world!\",\"googleId\":\"gid123\"}"))
|
||||
.andExpect(status().isBadRequest())
|
||||
.andExpect(jsonPath("$.username").exists());
|
||||
}
|
||||
|
||||
@Test
|
||||
void createUser_usernameTooShort_returns400() throws Exception {
|
||||
mockMvc.perform(post("/api/users/createUser")
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content("{\"username\":\"ab\",\"googleId\":\"gid123\"}"))
|
||||
.andExpect(status().isBadRequest())
|
||||
.andExpect(jsonPath("$.username").exists());
|
||||
}
|
||||
|
||||
@Test
|
||||
void createUser_blankGoogleId_returns400() throws Exception {
|
||||
mockMvc.perform(post("/api/users/createUser")
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content("{\"username\":\"validuser\",\"googleId\":\"\"}"))
|
||||
.andExpect(status().isBadRequest())
|
||||
.andExpect(jsonPath("$.googleId").exists());
|
||||
}
|
||||
|
||||
// --- Authorization tests ---
|
||||
|
||||
@Test
|
||||
void getUser_differentUser_returns403() throws Exception {
|
||||
AppUser self = new AppUser(); self.setId(1L);
|
||||
when(authenticatedUserResolver.resolveCurrentUser(any())).thenReturn(self);
|
||||
|
||||
mockMvc.perform(get("/api/users").param("id", "99"))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@Test
|
||||
void getUser_sameUser_returns200() throws Exception {
|
||||
AppUser self = new AppUser(); self.setId(1L);
|
||||
when(authenticatedUserResolver.resolveCurrentUser(any())).thenReturn(self);
|
||||
when(userService.getUser(1L)).thenReturn(self);
|
||||
|
||||
mockMvc.perform(get("/api/users").param("id", "1"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
void deleteUser_differentUser_returns403() throws Exception {
|
||||
AppUser self = new AppUser(); self.setId(1L);
|
||||
when(authenticatedUserResolver.resolveCurrentUser(any())).thenReturn(self);
|
||||
|
||||
mockMvc.perform(delete("/api/users").param("id", "99"))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
}
|
||||
+135
@@ -0,0 +1,135 @@
|
||||
package de.zendric.app.xpensely_Server.controller;
|
||||
|
||||
import de.zendric.app.xpensely_server.controller.ExpenseListController;
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.model.ExpenseList;
|
||||
import de.zendric.app.xpensely_server.security.AuthenticatedUserResolver;
|
||||
import de.zendric.app.xpensely_server.services.CategoryService;
|
||||
import de.zendric.app.xpensely_server.services.ExpenseListService;
|
||||
import de.zendric.app.xpensely_server.services.UserService;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
import org.springframework.test.context.bean.override.mockito.MockitoBean;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
||||
|
||||
@WebMvcTest(ExpenseListController.class)
|
||||
@AutoConfigureMockMvc(addFilters = false)
|
||||
@ActiveProfiles("test")
|
||||
class ExpenseListControllerTest {
|
||||
|
||||
@Autowired MockMvc mockMvc;
|
||||
@MockitoBean ExpenseListService expenseListService;
|
||||
@MockitoBean UserService userService;
|
||||
@MockitoBean CategoryService categoryService;
|
||||
@MockitoBean AuthenticatedUserResolver authenticatedUserResolver;
|
||||
|
||||
// --- Validation tests ---
|
||||
|
||||
@Test
|
||||
void addExpense_blankTitle_returns400() throws Exception {
|
||||
mockMvc.perform(post("/api/expenselist/1/add")
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content("{\"title\":\"\",\"owner\":\"alice\",\"amount\":10.0,\"date\":\"2026-05-04\",\"category\":\"Food\"}"))
|
||||
.andExpect(status().isBadRequest())
|
||||
.andExpect(jsonPath("$.title").exists());
|
||||
}
|
||||
|
||||
@Test
|
||||
void addExpense_negativeAmount_returns400() throws Exception {
|
||||
mockMvc.perform(post("/api/expenselist/1/add")
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content("{\"title\":\"Lunch\",\"owner\":\"alice\",\"amount\":-5.0,\"date\":\"2026-05-04\",\"category\":\"Food\"}"))
|
||||
.andExpect(status().isBadRequest())
|
||||
.andExpect(jsonPath("$.amount").exists());
|
||||
}
|
||||
|
||||
@Test
|
||||
void addExpense_nullDate_returns400() throws Exception {
|
||||
mockMvc.perform(post("/api/expenselist/1/add")
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content("{\"title\":\"Lunch\",\"owner\":\"alice\",\"amount\":10.0,\"category\":\"Food\"}"))
|
||||
.andExpect(status().isBadRequest())
|
||||
.andExpect(jsonPath("$.date").exists());
|
||||
}
|
||||
|
||||
@Test
|
||||
void acceptInvite_blankCode_returns400() throws Exception {
|
||||
mockMvc.perform(post("/api/expenselist/accept-invite")
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content("{\"inviteCode\":\"\"}"))
|
||||
.andExpect(status().isBadRequest())
|
||||
.andExpect(jsonPath("$.inviteCode").exists());
|
||||
}
|
||||
|
||||
@Test
|
||||
void acceptInvite_wrongCodeLength_returns400() throws Exception {
|
||||
mockMvc.perform(post("/api/expenselist/accept-invite")
|
||||
.contentType(MediaType.APPLICATION_JSON)
|
||||
.content("{\"inviteCode\":\"ABC\"}"))
|
||||
.andExpect(status().isBadRequest())
|
||||
.andExpect(jsonPath("$.inviteCode").exists());
|
||||
}
|
||||
|
||||
// --- Authorization tests ---
|
||||
|
||||
@Test
|
||||
void getById_authenticatedUserNotMember_returns403() throws Exception {
|
||||
AppUser owner = new AppUser(); owner.setId(1L);
|
||||
AppUser requester = new AppUser(); requester.setId(2L);
|
||||
ExpenseList list = new ExpenseList(); list.setId(1L); list.setOwner(owner);
|
||||
|
||||
when(expenseListService.findById(1L)).thenReturn(Optional.of(list));
|
||||
when(authenticatedUserResolver.resolveCurrentUser(any())).thenReturn(requester);
|
||||
|
||||
mockMvc.perform(get("/api/expenselist/byId").param("id", "1"))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@Test
|
||||
void getById_authenticatedUserIsOwner_returns200() throws Exception {
|
||||
AppUser owner = new AppUser(); owner.setId(1L);
|
||||
ExpenseList list = new ExpenseList(); list.setId(1L); list.setOwner(owner);
|
||||
|
||||
when(expenseListService.findById(1L)).thenReturn(Optional.of(list));
|
||||
when(authenticatedUserResolver.resolveCurrentUser(any())).thenReturn(owner);
|
||||
|
||||
mockMvc.perform(get("/api/expenselist/byId").param("id", "1"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
void deleteList_nonOwner_returns403() throws Exception {
|
||||
AppUser owner = new AppUser(); owner.setId(1L);
|
||||
AppUser nonOwner = new AppUser(); nonOwner.setId(2L);
|
||||
ExpenseList list = new ExpenseList(); list.setId(5L); list.setOwner(owner);
|
||||
|
||||
when(expenseListService.findById(5L)).thenReturn(Optional.of(list));
|
||||
when(authenticatedUserResolver.resolveCurrentUser(any())).thenReturn(nonOwner);
|
||||
|
||||
mockMvc.perform(delete("/api/expenselist/5"))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@Test
|
||||
void getMine_returnsCurrentUserLists() throws Exception {
|
||||
AppUser user = new AppUser(); user.setId(3L);
|
||||
|
||||
when(authenticatedUserResolver.resolveCurrentUser(any())).thenReturn(user);
|
||||
when(expenseListService.findByUserId(3L)).thenReturn(List.of(new ExpenseList()));
|
||||
|
||||
mockMvc.perform(get("/api/expenselist/mine"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
}
|
||||
+78
@@ -0,0 +1,78 @@
|
||||
package de.zendric.app.xpensely_Server.security;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.security.AuthenticatedUserResolver;
|
||||
import de.zendric.app.xpensely_server.services.UserService;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
class AuthenticatedUserResolverTest {
|
||||
|
||||
UserService userService;
|
||||
AuthenticatedUserResolver resolver;
|
||||
|
||||
@BeforeEach
|
||||
void setUp() {
|
||||
userService = mock(UserService.class);
|
||||
resolver = new AuthenticatedUserResolver(userService);
|
||||
}
|
||||
|
||||
@Test
|
||||
void resolveCurrentUser_validJwt_returnsAppUser() {
|
||||
Jwt jwt = Jwt.withTokenValue("token")
|
||||
.header("alg", "RS256")
|
||||
.subject("google-id-123")
|
||||
.build();
|
||||
JwtAuthenticationToken auth = new JwtAuthenticationToken(jwt);
|
||||
|
||||
AppUser user = new AppUser();
|
||||
user.setId(1L);
|
||||
user.setGoogleId("google-id-123");
|
||||
when(userService.getUserByGoogleId("google-id-123")).thenReturn(user);
|
||||
|
||||
AppUser result = resolver.resolveCurrentUser(auth);
|
||||
assertEquals(user, result);
|
||||
}
|
||||
|
||||
@Test
|
||||
void resolveCurrentUser_userNotFound_throws403() {
|
||||
Jwt jwt = Jwt.withTokenValue("token")
|
||||
.header("alg", "RS256")
|
||||
.subject("unknown-id")
|
||||
.build();
|
||||
JwtAuthenticationToken auth = new JwtAuthenticationToken(jwt);
|
||||
when(userService.getUserByGoogleId("unknown-id")).thenReturn(null);
|
||||
|
||||
ResponseStatusException ex = assertThrows(ResponseStatusException.class,
|
||||
() -> resolver.resolveCurrentUser(auth));
|
||||
assertEquals(HttpStatus.FORBIDDEN, ex.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
void resolveCurrentUser_userServiceThrows_throws403() {
|
||||
Jwt jwt = Jwt.withTokenValue("token")
|
||||
.header("alg", "RS256")
|
||||
.subject("gone-id")
|
||||
.build();
|
||||
JwtAuthenticationToken auth = new JwtAuthenticationToken(jwt);
|
||||
when(userService.getUserByGoogleId("gone-id")).thenThrow(new IllegalArgumentException("not found"));
|
||||
|
||||
ResponseStatusException ex = assertThrows(ResponseStatusException.class,
|
||||
() -> resolver.resolveCurrentUser(auth));
|
||||
assertEquals(HttpStatus.FORBIDDEN, ex.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
void resolveCurrentUser_nullAuthentication_throws403() {
|
||||
ResponseStatusException ex = assertThrows(ResponseStatusException.class,
|
||||
() -> resolver.resolveCurrentUser(null));
|
||||
assertEquals(HttpStatus.FORBIDDEN, ex.getStatusCode());
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,89 @@
|
||||
package de.zendric.app.xpensely_Server.security;
|
||||
|
||||
import de.zendric.app.xpensely_server.security.RateLimitFilter;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
class RateLimitFilterTest {
|
||||
|
||||
RateLimitFilter filter;
|
||||
FilterChain chain;
|
||||
|
||||
@BeforeEach
|
||||
void setUp() {
|
||||
filter = new RateLimitFilter();
|
||||
chain = mock(FilterChain.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
void allowsRequestUnderLimit() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRemoteAddr("1.2.3.4");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
|
||||
verify(chain, times(1)).doFilter(request, response);
|
||||
assertEquals(200, response.getStatus());
|
||||
}
|
||||
|
||||
@Test
|
||||
void blocksRequestOverLimit() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRemoteAddr("5.6.7.8");
|
||||
|
||||
for (int i = 0; i < 60; i++) {
|
||||
filter.doFilter(request, new MockHttpServletResponse(), chain);
|
||||
}
|
||||
|
||||
MockHttpServletResponse blockedResponse = new MockHttpServletResponse();
|
||||
filter.doFilter(request, blockedResponse, chain);
|
||||
|
||||
assertEquals(429, blockedResponse.getStatus());
|
||||
verify(chain, times(60)).doFilter(eq(request), any());
|
||||
}
|
||||
|
||||
@Test
|
||||
void differentIpsBucketedSeparately() throws Exception {
|
||||
MockHttpServletRequest req1 = new MockHttpServletRequest();
|
||||
req1.setRemoteAddr("10.0.0.1");
|
||||
MockHttpServletRequest req2 = new MockHttpServletRequest();
|
||||
req2.setRemoteAddr("10.0.0.2");
|
||||
|
||||
for (int i = 0; i < 60; i++) {
|
||||
filter.doFilter(req1, new MockHttpServletResponse(), chain);
|
||||
}
|
||||
|
||||
MockHttpServletResponse response2 = new MockHttpServletResponse();
|
||||
filter.doFilter(req2, response2, chain);
|
||||
|
||||
assertEquals(200, response2.getStatus());
|
||||
}
|
||||
|
||||
@Test
|
||||
void prefersXForwardedForHeader() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRemoteAddr("192.168.1.1");
|
||||
request.addHeader("X-Forwarded-For", "203.0.113.5, 10.0.0.1");
|
||||
|
||||
for (int i = 0; i < 60; i++) {
|
||||
filter.doFilter(request, new MockHttpServletResponse(), chain);
|
||||
}
|
||||
|
||||
MockHttpServletResponse blocked = new MockHttpServletResponse();
|
||||
filter.doFilter(request, blocked, chain);
|
||||
assertEquals(429, blocked.getStatus());
|
||||
|
||||
MockHttpServletRequest directRequest = new MockHttpServletRequest();
|
||||
directRequest.setRemoteAddr("192.168.1.1");
|
||||
MockHttpServletResponse directResponse = new MockHttpServletResponse();
|
||||
filter.doFilter(directRequest, directResponse, chain);
|
||||
assertEquals(200, directResponse.getStatus());
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,57 @@
|
||||
package de.zendric.app.xpensely_Server.services;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.model.ExpenseList;
|
||||
import de.zendric.app.xpensely_server.repo.ExpenseListRepository;
|
||||
import de.zendric.app.xpensely_server.repo.ExpenseRepository;
|
||||
import de.zendric.app.xpensely_server.repo.XpenselyCustomCategoryRepository;
|
||||
import de.zendric.app.xpensely_server.services.ExpenseListService;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.mockito.Mockito.never;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class ExpenseListServiceTest {
|
||||
|
||||
@Mock ExpenseListRepository repository;
|
||||
@Mock ExpenseRepository expenseRepository;
|
||||
@Mock XpenselyCustomCategoryRepository customCategoryRepository;
|
||||
|
||||
@InjectMocks
|
||||
ExpenseListService service;
|
||||
|
||||
@Test
|
||||
void findByUserId_usesRepositoryQuery_notFindAll() {
|
||||
AppUser owner = new AppUser(); owner.setId(1L);
|
||||
ExpenseList list = new ExpenseList(); list.setId(10L); list.setOwner(owner);
|
||||
when(repository.findByOwnerIdOrSharedWithId(1L)).thenReturn(List.of(list));
|
||||
|
||||
List<ExpenseList> result = service.findByUserId(1L);
|
||||
|
||||
assertThat(result).hasSize(1);
|
||||
verify(repository).findByOwnerIdOrSharedWithId(1L);
|
||||
verify(repository, never()).findAll();
|
||||
}
|
||||
|
||||
@Test
|
||||
void findByUsername_usesRepositoryQuery_notFindAll() {
|
||||
AppUser owner = new AppUser(); owner.setId(1L); owner.setUsername("alice");
|
||||
ExpenseList list = new ExpenseList(); list.setId(10L); list.setOwner(owner);
|
||||
when(repository.findByOwnerUsernameOrSharedWithUsername("alice")).thenReturn(List.of(list));
|
||||
|
||||
List<ExpenseList> result = service.findByUsername("alice");
|
||||
|
||||
assertThat(result).hasSize(1);
|
||||
verify(repository).findByOwnerUsernameOrSharedWithUsername("alice");
|
||||
verify(repository, never()).findAll();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
package de.zendric.app.xpensely_Server.services;
|
||||
|
||||
import de.zendric.app.xpensely_server.model.AppUser;
|
||||
import de.zendric.app.xpensely_server.model.Exception.ResourceNotFoundException;
|
||||
import de.zendric.app.xpensely_server.repo.UserRepository;
|
||||
import de.zendric.app.xpensely_server.services.UserService;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class UserServiceTest {
|
||||
|
||||
@Mock
|
||||
UserRepository userRepository;
|
||||
|
||||
@InjectMocks
|
||||
UserService userService;
|
||||
|
||||
@Test
|
||||
void getUserByName_throwsResourceNotFound_whenUserMissing() {
|
||||
when(userRepository.findByUsername("ghost")).thenReturn(Optional.empty());
|
||||
|
||||
assertThatThrownBy(() -> userService.getUserByName("ghost"))
|
||||
.isInstanceOf(ResourceNotFoundException.class)
|
||||
.hasMessageContaining("ghost");
|
||||
}
|
||||
|
||||
@Test
|
||||
void getUserByName_returnsUser_whenFound() {
|
||||
AppUser user = new AppUser();
|
||||
user.setId(1L);
|
||||
user.setUsername("alice");
|
||||
when(userRepository.findByUsername("alice")).thenReturn(Optional.of(user));
|
||||
|
||||
AppUser result = userService.getUserByName("alice");
|
||||
|
||||
assertThat(result.getUsername()).isEqualTo("alice");
|
||||
}
|
||||
|
||||
@Test
|
||||
void getUser_throwsResourceNotFound_whenIdMissing() {
|
||||
when(userRepository.findById(99L)).thenReturn(Optional.empty());
|
||||
|
||||
assertThatThrownBy(() -> userService.getUser(99L))
|
||||
.isInstanceOf(ResourceNotFoundException.class)
|
||||
.hasMessageContaining("99");
|
||||
}
|
||||
|
||||
@Test
|
||||
void deleteUserById_throwsResourceNotFound_whenIdMissing() {
|
||||
when(userRepository.findById(99L)).thenReturn(Optional.empty());
|
||||
|
||||
assertThatThrownBy(() -> userService.deleteUserById(99L))
|
||||
.isInstanceOf(ResourceNotFoundException.class)
|
||||
.hasMessageContaining("99");
|
||||
}
|
||||
|
||||
@Test
|
||||
void getUserByGoogleId_throwsResourceNotFound_whenMissing() {
|
||||
when(userRepository.findByGoogleId("gid-404")).thenReturn(Optional.empty());
|
||||
|
||||
assertThatThrownBy(() -> userService.getUserByGoogleId("gid-404"))
|
||||
.isInstanceOf(ResourceNotFoundException.class)
|
||||
.hasMessageContaining("gid-404");
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user