Secure route needing login and update some http errors codes

2023-04-09 17:10:49 +02:00 · 2023-04-09 17:10:49 +02:00 · 87c4fd8bc1
commit 87c4fd8bc1
parent 109ab984b3
8 changed files with 23 additions and 15 deletions
--- a/src/be/jeffcheasey88/peeratcode/routes/BadgeDetails.java
+++ b/src/be/jeffcheasey88/peeratcode/routes/BadgeDetails.java
@ -22,10 +22,9 @@ public class BadgeDetails implements Response {
 		this.databaseRepo = databaseRepo;
 	}

-	@Route(path = "^\\/badge\\/([0-9]+)$")
+	@Route(path = "^\\/badge\\/([0-9]+)$", needLogin = true)
 	@Override
 	public void exec(Matcher matcher, User user, HttpReader reader, HttpWriter writer) throws Exception {
-		HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *");
 		if (matcher.groupCount() > 0) {
 			int badgeId = Integer.parseInt(matcher.group(1));
 			Badge badge = databaseRepo.getBadge(badgeId);
@ -36,6 +35,7 @@ public class BadgeDetails implements Response {
 					badgeJSON.put("logo", Base64.getEncoder().encodeToString(badge.getLogo()));
 				badgeJSON.put("level", badge.getLevel());
 			}
+			HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *");
 			writer.write(badgeJSON.toJSONString().replace("\\", ""));
 		} else {
 			HttpUtil.responseHeaders(writer, 400, "Access-Control-Allow-Origin: *");
--- a/src/be/jeffcheasey88/peeratcode/routes/ChapterElement.java
+++ b/src/be/jeffcheasey88/peeratcode/routes/ChapterElement.java
@ -23,10 +23,9 @@ public class ChapterElement implements Response {
 		this.databaseRepo = databaseRepo;
 	}

-	@Route(path = "^\\/chapter\\/([0-9]+)$")
+	@Route(path = "^\\/chapter\\/([0-9]+)$", needLogin = true)
 	@Override
 	public void exec(Matcher matcher, User user, HttpReader reader, HttpWriter writer) throws Exception {
-		HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *");
 		Chapter chapter = databaseRepo.getChapter(extractId(matcher));
 		if (chapter != null) {
 			JSONObject chapterJSON = new JSONObject();
@ -46,7 +45,10 @@ public class ChapterElement implements Response {
 				puzzles.add(puzzleJSON);
 			}
 			chapterJSON.put("puzzles", puzzles);
+			HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *");
 			writer.write(chapterJSON.toJSONString());
+		} else {
+			HttpUtil.responseHeaders(writer, 400, "Access-Control-Allow-Origin: *");
 		}
 	}

--- a/src/be/jeffcheasey88/peeratcode/routes/ChapterList.java
+++ b/src/be/jeffcheasey88/peeratcode/routes/ChapterList.java
@ -23,10 +23,9 @@ public class ChapterList implements Response {
 		this.databaseRepo = databaseRepo;
 	}

-	@Route(path = "^\\/chapters$")
+	@Route(path = "^\\/chapters$", needLogin = true)
 	@Override
 	public void exec(Matcher matcher, User user, HttpReader reader, HttpWriter writer) throws Exception {
-		HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *");
 		List<Chapter> allChapters = databaseRepo.getAllChapters();
 		if (allChapters != null) {
 			JSONArray chaptersJSON = new JSONArray();
@ -40,7 +39,10 @@ public class ChapterList implements Response {
 					chapterJSON.put("endDate", chapter.getEndDate().toString());
 				chaptersJSON.add(chapterJSON);
 			}
+			HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *");
 			writer.write(chaptersJSON.toJSONString());
+		} else {
+			HttpUtil.responseHeaders(writer, 400, "Access-Control-Allow-Origin: *");
 		}
 	}

--- a/src/be/jeffcheasey88/peeratcode/routes/Login.java
+++ b/src/be/jeffcheasey88/peeratcode/routes/Login.java
@ -39,10 +39,10 @@ public class Login implements Response {
 				HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *",
 						"Access-Control-Expose-Headers: Authorization",
 						"Authorization: Bearer " + this.router.createAuthUser(id));
-				return;
 			}
+		} else {
+			HttpUtil.responseHeaders(writer, 400, "Access-Control-Allow-Origin: *");
 		}
-		HttpUtil.responseHeaders(writer, 403, "Access-Control-Allow-Origin: *");
 	}

 }
--- a/src/be/jeffcheasey88/peeratcode/routes/PlayerDetails.java
+++ b/src/be/jeffcheasey88/peeratcode/routes/PlayerDetails.java
@ -22,7 +22,7 @@ public class PlayerDetails implements Response {
 		this.databaseRepo = databaseRepo;
 	}

-	@Route(path = "^\\/player\\/?(.+)?$")
+	@Route(path = "^\\/player\\/?(.+)?$", needLogin = true)
 	@Override
 	public void exec(Matcher matcher, User user, HttpReader reader, HttpWriter writer) throws Exception {
 		Player player;
@ -33,7 +33,6 @@ public class PlayerDetails implements Response {
 		}
 		JSONObject playerJSON = new JSONObject();
 		if (player != null) {
-			HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *");
 			playerJSON.put("pseudo", player.getPseudo());
 			playerJSON.put("email", player.getEmail());
 			playerJSON.put("firstname", player.getFirstname());
@ -49,6 +48,7 @@ public class PlayerDetails implements Response {
 				playerJSON.put("badges", player.getJsonBadges());
 			if (player.getAvatar() != null)
 				playerJSON.put("avatar", Base64.getEncoder().encodeToString(player.getAvatar()));
+			HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *");
 			writer.write(playerJSON.toJSONString().replace("\\", ""));
 		} else {
 			HttpUtil.responseHeaders(writer, 400, "Access-Control-Allow-Origin: *");
--- a/src/be/jeffcheasey88/peeratcode/routes/PuzzleElement.java
+++ b/src/be/jeffcheasey88/peeratcode/routes/PuzzleElement.java
@ -21,10 +21,9 @@ public class PuzzleElement implements Response {
 		this.databaseRepo = databaseRepo;
 	}

-	@Route(path = "^\\/puzzle\\/([0-9]+)$")
+	@Route(path = "^\\/puzzle\\/([0-9]+)$", needLogin = true)
 	@Override
 	public void exec(Matcher matcher, User user, HttpReader reader, HttpWriter writer) throws Exception {
-		HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *", "Content-Type: application/json");
 		Puzzle puzzle = databaseRepo.getPuzzle(extractId(matcher));
 		if (puzzle != null) {
 			JSONObject puzzleJSON = new JSONObject();
@ -35,8 +34,12 @@ public class PuzzleElement implements Response {
 				puzzleJSON.put("tags", puzzle.getJsonTags());
 			if (puzzle.getDepend() > 0)
 				puzzleJSON.put("depend", puzzle.getDepend());
+			HttpUtil.responseHeaders(writer, 200, "Access-Control-Allow-Origin: *", "Content-Type: application/json");
 			writer.write(puzzleJSON.toJSONString());
 		}
+		else {
+			HttpUtil.responseHeaders(writer, 400, "Access-Control-Allow-Origin: *");
+		}
 	}

 	private int extractId(Matcher matcher) {
--- a/src/be/jeffcheasey88/peeratcode/routes/PuzzleResponse.java
+++ b/src/be/jeffcheasey88/peeratcode/routes/PuzzleResponse.java
@ -47,7 +47,7 @@ public class PuzzleResponse implements Response {
 			HttpUtil.responseHeaders(writer, 406, "Access-Control-Allow-Origin: *", "Content-Type: application/json");
 			responseJSON.put("tries", completion.getTries());
 		} else {
-			HttpUtil.responseHeaders(writer, 403, "Access-Control-Allow-Origin: *");
+			HttpUtil.responseHeaders(writer, 400, "Access-Control-Allow-Origin: *");
 			return;
 		}
 		writer.write(responseJSON.toJSONString());
--- a/src/be/jeffcheasey88/peeratcode/routes/Register.java
+++ b/src/be/jeffcheasey88/peeratcode/routes/Register.java
@ -67,15 +67,16 @@ public class Register implements Response {
 					return;
 				}
 			} else {
-				HttpUtil.responseHeaders(writer, 403, "Access-Control-Allow-Origin: *");
+				HttpUtil.responseHeaders(writer, 400, "Access-Control-Allow-Origin: *");
 				JSONObject error = new JSONObject();
 				error.put("username_valid", pseudoAvailable);
 				error.put("email_valid", emailAvailable);
 				writer.write(error.toJSONString());
 				return;
 			}
+		} else {
+			HttpUtil.responseHeaders(writer, 400, "Access-Control-Allow-Origin: *");
 		}
-		HttpUtil.responseHeaders(writer, 403, "Access-Control-Allow-Origin: *");
 	}

 	private void createFolderToSaveSourceCode(String pseudo) throws IOException {