Skip to content
Snippets Groups Projects

Add functionality for an application to have an API

Files

/*
* Labracore - A connecting core service for Labrador products
* Copyright (C) 2020-2021 Delft University of Technology
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package nl.tudelft.labracore.app.controller;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;
import jakarta.servlet.http.HttpServletRequest;
import nl.tudelft.labracore.api.AppControllerApi;
import nl.tudelft.labracore.api.dto.ApiAuthenticationDTO;
import nl.tudelft.labracore.app.security.ApiAuthenticationDetails;
import nl.tudelft.labracore.app.security.token.ApiToken;
import nl.tudelft.labracore.app.security.token.ApiTokenGenerator;
import nl.tudelft.labracore.app.security.token.ApiTokenValidator;
@RestController
@RequestMapping("api")
public class DefaultApiController {
@Autowired
private AppControllerApi appApi;
@Autowired
private ApiTokenGenerator apiTokenGenerator;
@Autowired
private ApiTokenValidator apiTokenValidator;
/**
* Gets the status of this application. Will always be 200, unless the application is offline.
*/
@GetMapping("status")
public void checkStatus() {
// 200 OK
}
/**
* Attempts to authenticate the requester with Core. If this succeeds, registers and returns an API token.
*
* @return A valid API token iff the request comes from a valid Core application
* @throws ResponseStatusException 401 Unauthorized if the credentials are invalid
*/
@PostMapping("authenticate")
public ApiToken authenticate(HttpServletRequest request) {
ApiAuthenticationDetails details = new ApiAuthenticationDetails(request);
ApiAuthenticationDTO dto = new ApiAuthenticationDTO()
.auth(request.getHeader("Authorization"))
.timestamp(details.getTimestamp())
.method(details.getMethod())
.host(details.getHost())
.path(details.getPath())
.nonce(details.getNonce())
.userId(details.getUserId());
boolean isAuthenticated = Boolean.TRUE.equals(appApi.authenticateApp(dto).block());
if (isAuthenticated) {
ApiToken token = apiTokenGenerator.newApiToken();
apiTokenValidator.registerToken(token);
return token;
} else {
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED);
}
}
}
Loading