working on backend:

- started FileStore implementation - implemented placing cookies Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
2024-07-18 01:22:43 +02:00
parent 67606a80f4
commit c5352ac73b
18 changed files with 399 additions and 26 deletions
--- a/de.srsoftware.oidc.backend/build.gradle
+++ b/de.srsoftware.oidc.backend/build.gradle
@@ -13,6 +13,7 @@ dependencies {
    testImplementation platform('org.junit:junit-bom:5.10.0')
    testImplementation 'org.junit.jupiter:junit-jupiter'
    implementation project(':de.srsoftware.oidc.api')
+    implementation 'org.json:json:20240303'
 }

 test {
--- a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/Backend.java
+++ b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/Backend.java
@@ -1,28 +1,56 @@
 /* © SRSoftware 2024 */
 package de.srsoftware.oidc.backend;

+import static de.srsoftware.oidc.api.User.PASSWORD;
+import static de.srsoftware.oidc.api.User.USERNAME;
 import static java.net.HttpURLConnection.HTTP_NOT_FOUND;
 import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static java.util.jar.Attributes.Name.CONTENT_TYPE;

 import com.sun.net.httpserver.HttpExchange;
 import de.srsoftware.oidc.api.PathHandler;
+import de.srsoftware.oidc.api.SessionToken;
+import de.srsoftware.oidc.api.User;
+import de.srsoftware.oidc.api.UserService;
 import java.io.IOException;
 import java.util.Optional;
+import org.json.JSONObject;

 public class Backend extends PathHandler {
+	private final UserService users;
+
+	public Backend(UserService userService) {
+		users = userService;
+	}
+
+	private void doLogin(HttpExchange ex) throws IOException {
+		var body = json(ex);
+
+		var username = body.has(USERNAME) ? body.getString(USERNAME) : null;
+		var password = body.has(PASSWORD) ? body.getString(PASSWORD) : null;
+
+		Optional<User> user = users.load(username, password);
+		if (user.isPresent()) {
+			sendUserAndCookie(ex, user.get());
+			return;
+		}
+		sendEmptyResponse(HTTP_UNAUTHORIZED, ex);
+	}
+
 	@Override
 	public void handle(HttpExchange ex) throws IOException {
 		String path   = relativePath(ex);
 		String method = ex.getRequestMethod();
 		System.out.printf("%s %s…", method, path);

-		if ("login".equals(path)) {
-			doLogin(ex); // TODO: prevent brute force
+		if ("login".equals(path) && POST.equals(method)) {
+			doLogin(ex);  // TODO: prevent brute force
 			return;
 		}
 		var token = getAuthToken(ex);
 		if (token.isEmpty()) {
-			emptyResponse(HTTP_UNAUTHORIZED, ex);
+			sendEmptyResponse(HTTP_UNAUTHORIZED, ex);
 			System.err.println("unauthorized");
 			return;
 		}
@@ -31,14 +59,13 @@ public class Backend extends PathHandler {
 		ex.getResponseBody().close();
 	}

-	private void doLogin(HttpExchange ex) throws IOException {
-		Optional<String> user = getHeader(ex, "login-username");
-		Optional<String> pass = getHeader(ex, "login-password");
-		System.out.printf("%s : %s", user, pass);
-		emptyResponse(HTTP_UNAUTHORIZED, ex);
-	}
+	private void sendUserAndCookie(HttpExchange ex, User user) throws IOException {
+		var bytes   = new JSONObject(user.map(false)).toString().getBytes(UTF_8);
+		var headers = ex.getResponseHeaders();

-	private Optional<String> getAuthToken(HttpExchange ex) {
-		return getHeader(ex, "Authorization");
+		headers.add(CONTENT_TYPE, JSON);
+		new SessionToken("Test").addTo(headers);
+		ex.sendResponseHeaders(200, bytes.length);
+		ex.getResponseBody().write(bytes);
 	}
 }