Cedric/XpenselyServer
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases 5 Wiki Activity

security hardening #12

Merged
Cedric merged 15 commits from feature/security-hardening into main 2026-05-05 17:13:54 +02:00
Conversation 0 Commits 15 Files Changed 23
+43 -10
4 changed files with 43 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 3bea06fead - Show all commits
src/main/java/de/zendric/app/xpensely_server/model/AppUserCreateRequest.java
+7 -3
View File
@@ -1,21 +1,25 @@
package de.zendric.app.xpensely_server.model; package de.zendric.app.xpensely_server.model;
import jakarta.persistence.Column; import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Pattern;
import jakarta.validation.constraints.Size;
import lombok.Data; import lombok.Data;
@Data @Data
public class AppUserCreateRequest { public class AppUserCreateRequest {
@Column(name = "username", nullable = false, unique = true) @NotBlank(message = "Username is required")
@Size(min = 3, max = 30, message = "Username must be between 3 and 30 characters")
@Pattern(regexp = "^[a-zA-Z0-9_.\\-]+$", message = "Username may only contain letters, digits, underscores, dots, and hyphens")
private String username; private String username;
@NotBlank(message = "Google ID is required")
private String googleId; private String googleId;
public AppUser convertToAppUser() { public AppUser convertToAppUser() {
AppUser appUser = new AppUser(); AppUser appUser = new AppUser();
appUser.setGoogleId(googleId); appUser.setGoogleId(googleId);
appUser.setUsername(username); appUser.setUsername(username);
return appUser; return appUser;
} }
} }
src/main/java/de/zendric/app/xpensely_server/model/ExpenseChangeRequest.java
+18 -1
View File
@@ -2,6 +2,10 @@ package de.zendric.app.xpensely_server.model;
import java.time.LocalDate; import java.time.LocalDate;
import jakarta.validation.constraints.DecimalMin;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import jakarta.validation.constraints.Size;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Data; import lombok.Data;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
@@ -12,12 +16,25 @@ import lombok.NoArgsConstructor;
public class ExpenseChangeRequest { public class ExpenseChangeRequest {
private Long id; private Long id;
@NotBlank(message = "Title is required")
@Size(max = 100, message = "Title must not exceed 100 characters")
private String title; private String title;
@NotBlank(message = "Owner name is required")
private String ownerName; private String ownerName;
@NotNull(message = "Amount is required")
@DecimalMin(value = "0.01", message = "Amount must be greater than zero")
private Double amount; private Double amount;
private Double personalUseAmount; private Double personalUseAmount;
private Double otherPersonAmount; private Double otherPersonAmount;
@NotNull(message = "Date is required")
private LocalDate date; private LocalDate date;
@NotBlank(message = "Category is required")
private String category; private String category;
public Expense convertToExpense(Long userId, ExpenseList expenseList) { public Expense convertToExpense(Long userId, ExpenseList expenseList) {
@@ -38,4 +55,4 @@ public class ExpenseChangeRequest {
return expense; return expense;
} }
} }
src/main/java/de/zendric/app/xpensely_server/model/ExpenseInput.java
+13 -5
View File
@@ -2,9 +2,10 @@ package de.zendric.app.xpensely_server.model;
import java.time.LocalDate; import java.time.LocalDate;
import jakarta.persistence.GeneratedValue; import jakarta.validation.constraints.DecimalMin;
import jakarta.persistence.GenerationType; import jakarta.validation.constraints.NotBlank;
import jakarta.persistence.Id; import jakarta.validation.constraints.NotNull;
import jakarta.validation.constraints.Size;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Getter; import lombok.Getter;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
@@ -16,19 +17,26 @@ import lombok.Setter;
@NoArgsConstructor @NoArgsConstructor
public class ExpenseInput { public class ExpenseInput {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id; private Long id;
@NotBlank(message = "Title is required")
@Size(max = 100, message = "Title must not exceed 100 characters")
private String title; private String title;
@NotBlank(message = "Owner is required")
private String owner; private String owner;
@NotNull(message = "Amount is required")
@DecimalMin(value = "0.01", message = "Amount must be greater than zero")
private Double amount; private Double amount;
private Double personalUseAmount; private Double personalUseAmount;
private Double otherPersonAmount; private Double otherPersonAmount;
@NotNull(message = "Date is required")
private LocalDate date; private LocalDate date;
@NotBlank(message = "Category is required")
private String category; private String category;
private ExpenseList expenseList; private ExpenseList expenseList;
src/main/java/de/zendric/app/xpensely_server/model/InviteRequest.java
+5 -1
View File
@@ -1,5 +1,7 @@
package de.zendric.app.xpensely_server.model; package de.zendric.app.xpensely_server.model;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Size;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Data; import lombok.Data;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
@@ -8,6 +10,8 @@ import lombok.NoArgsConstructor;
@AllArgsConstructor @AllArgsConstructor
@NoArgsConstructor @NoArgsConstructor
public class InviteRequest { public class InviteRequest {
@NotBlank(message = "Invite code is required")
@Size(min = 6, max = 6, message = "Invite code must be exactly 6 characters")
private String inviteCode; private String inviteCode;
private Long userId;
} }