Neuanlage, und WebAPI für Tokengenerierung (WIP)

src/main/java/de/holarse/api/admin/ApiUsers.java

@@ -0,0 +1,32 @@
+package de.holarse.api.admin;
+
+
+import de.holarse.backend.api.admin.RandomToken;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.MediaType;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Secured({"ROLE_API_ADMIN", "ROLE_ADMIN"})
+@RestController
+@RequestMapping(value = "/admin/api/apiusers/")
+public class ApiUsers {
+
+    @Qualifier(value = "bcryptEncoder")
+    @Autowired
+    PasswordEncoder passwordEncoder;
+
+    @GetMapping(value = "token.json", produces = MediaType.APPLICATION_JSON_VALUE)
+    public RandomToken createRandomToken() {
+        final String randomToken = RandomStringUtils.randomAlphabetic(20);
+        final String hash = passwordEncoder.encode(randomToken);
+
+        return new RandomToken(randomToken, hash);
+    }
+
+}

src/main/java/de/holarse/backend/api/admin/RandomToken.java

@@ -0,0 +1,3 @@
+package de.holarse.backend.api.admin;
+
+public record RandomToken(String password, String token) {}

src/main/java/de/holarse/web/controller/admin/AdminApiUsers.java

@@ -43,7 +43,7 @@
  * @author comrad
  */
 @Controller
-@RequestMapping(value = "/admin/apiusers")
+@RequestMapping(value = "/admin/apiusers/")
 public class AdminApiUsers {
 
     private final static transient Logger log = LoggerFactory.getLogger(AdminApiUsers.class);
@@ -60,21 +60,29 @@ public ModelAndView index(@PageableDefault(sort={"login"}, value=ADMIN_USERS_DEF
         return mv;
     }
 
+    @GetMapping("new")
+    public ModelAndView create(final ModelAndView mv) {
+        makeAdminLayout(mv, "sites/admin/apiuser");
+        mv.addObject("apiuser", new ApiUserView());
+        return mv;
+    }
+
     @GetMapping("{apiUserId}")
     public ModelAndView show(@PathVariable("apiUserId") final Integer userId, final ModelAndView mv) {
         makeAdminLayout(mv, "sites/admin/apiuser");  
         mv.addObject("apiuser", apiUserRepository.findById(userId).map(ApiUserView::of).get());
         return mv;
     }
 
-    @PostMapping("{apiUserId}")
-    public RedirectView save(@Valid @ModelAttribute("apiuser") ApiUserView user, @PathVariable int apiUserId) {
-        if (apiUserId != user.getId()) {
-            log.error("Userid ({}) does not match form userid. Form: {}", apiUserId, user);
-            throw new IllegalArgumentException("userid does not match form userid");
+    @PostMapping
+    public RedirectView save(@Valid @ModelAttribute("apiuser") ApiUserView user) {
+        ApiUser backendUser;
+        if (user.getId() == null) {
+            backendUser = new ApiUser();
+            backendUser.setCreated(OffsetDateTime.now());
+        } else {
+            backendUser = apiUserRepository.findById(user.getId()).orElseThrow(EntityNotFoundException::new);            
         }
-
-        final ApiUser backendUser = apiUserRepository.findById(apiUserId).orElseThrow(EntityNotFoundException::new);
         backendUser.setLogin(user.getLogin());
         backendUser.setRoleName(user.getRoleName());
         backendUser.setToken(user.getToken());
@@ -84,7 +92,7 @@ public RedirectView save(@Valid @ModelAttribute("apiuser") ApiUserView user, @Pa
 
         apiUserRepository.saveAndFlush(backendUser);
 
-        return new RedirectView("../apiusers");
+        return new RedirectView("../apiusers/");
     }    
 
 

src/main/java/de/holarse/web/controller/admin/AdminDrückblick.java

@@ -33,20 +33,22 @@
 import org.springframework.web.servlet.ModelAndView;
 
 import static de.holarse.utils.ModelAndViewFactory.makeAdminLayout;
+import org.springframework.web.bind.annotation.RequestMapping;
 
 /**
  *
  * @author comrad
  */
 @Controller
+@RequestMapping(value="/admin/drückblick/")
 public class AdminDrückblick {
 
         private final static transient Logger log = LoggerFactory.getLogger(AdminDrückblick.class);
 
         @Autowired
         private DrückblickRepository drückblickRepository;
 
-        @GetMapping("/admin/drückblick")
+        @GetMapping
         public ModelAndView index(final ModelAndView mv) {
             makeAdminLayout(mv, "sites/admin/drückblick");
 
@@ -55,7 +57,7 @@ public ModelAndView index(final ModelAndView mv) {
             return mv;
         }
 
-        @PutMapping(value = "/admin/drückblick/{id}", consumes = MediaType.APPLICATION_JSON_VALUE)
+        @PutMapping(value = "{id}", consumes = MediaType.APPLICATION_JSON_VALUE)
         public ResponseEntity<String> update(@PathVariable(name = "id") final Integer id, @RequestBody final DrückblickEntry updatedEntry) {
             final DrückblickEntry entry = drückblickRepository.findById(id).orElseThrow(IllegalArgumentException::new);
             entry.setCategory(updatedEntry.getCategory());

src/main/java/de/holarse/web/controller/admin/AdminUsers.java

@@ -22,7 +22,7 @@
 import org.springframework.web.servlet.view.RedirectView;
 
 @Controller
-@RequestMapping(value = "/admin/users")
+@RequestMapping(value = "/admin/users/")
 public class AdminUsers {
 
     private final static transient Logger log = LoggerFactory.getLogger(AdminUsers.class);

src/main/resources/assets/js/admin.js

@@ -39,4 +39,17 @@ function dbl_get_dirty_marks() {
 
         }
     });
+}
+
+function admin_apiusers_get_token(event) {
+    event.preventDefault();
+    $.ajax({
+        url: "/admin/api/apiusers/token.json", 
+        method: "GET", 
+        headers: {
+        }, 
+        success: function(result) {
+            $("input#token").html(result.password);
+        }
+    });
 }

src/main/webapp/WEB-INF/templates/layouts/admin.html

@@ -54,7 +54,7 @@
                 <ul id="sideNavMenu" class="u-sidebar-navigation-v1-menu u-side-nav--top-level-menu g-min-height-100vh mb-0">
                     <!-- API-User -->
                     <li class="u-sidebar-navigation-v1-menu-item u-side-nav--second-level-menu-item">
-                        <a class="media u-side-nav--second-level-menu-link g-px-15 g-py-12 active" href="#" data-th-href="@{/admin/apiusers}">
+                        <a class="media u-side-nav--second-level-menu-link g-px-15 g-py-12 active" href="#" data-th-href="@{/admin/apiusers/}">
                             <span class="d-flex align-self-center g-mr-15 g-mt-minus-1">
                                 <i class="hs-admin-id-badge"></i>
                             </span>
@@ -65,7 +65,7 @@
 
                     <!-- Benutzer-->
                     <li class="u-sidebar-navigation-v1-menu-item u-side-nav--second-level-menu-item">
-                        <a class="media u-side-nav--second-level-menu-link g-px-15 g-py-12 active" href="#" data-th-href="@{/admin/users}">
+                        <a class="media u-side-nav--second-level-menu-link g-px-15 g-py-12 active" href="#" data-th-href="@{/admin/users/}">
                             <span class="d-flex align-self-center g-mr-15 g-mt-minus-1">
                                 <i class="hs-admin-id-badge"></i>
                             </span>
@@ -76,7 +76,7 @@
 
                     <!-- Drückblick -->
                     <li class="u-sidebar-navigation-v1-menu-item u-side-nav--second-level-menu-item">
-                        <a class="media u-side-nav--second-level-menu-link g-px-15 g-py-12 active" href="#" data-th-href="@{/admin/drückblick}">
+                        <a class="media u-side-nav--second-level-menu-link g-px-15 g-py-12 active" href="#" data-th-href="@{/admin/drückblick/}">
                             <span class="d-flex align-self-center g-mr-15 g-mt-minus-1">
                                 <i class="hs-admin-id-badge"></i>
                             </span>

src/main/webapp/WEB-INF/templates/sites/admin/apiuser.html

@@ -4,12 +4,12 @@
         <ul class="u-list-inline g-color-gray-dark-v6">
 
             <li class="list-inline-item g-mr-10">
-                <a class="u-link-v5 g-color-gray-dark-v6 g-color-lightblue-v3--hover g-valign-middle" href="#" data-th-href="@{/admin}">Admin</a>
+                <a class="u-link-v5 g-color-gray-dark-v6 g-color-lightblue-v3--hover g-valign-middle" href="#" data-th-href="@{/admin/}">Admin</a>
                 <i class="hs-admin-angle-right g-font-size-12 g-color-gray-light-v6 g-valign-middle g-ml-10"></i>
             </li>
 
             <li class="list-inline-item">
-                <span class="g-valign-middle"><a href="#" data-th-href="@{/admin/apiusers}">API-User</a></span>
+                <span class="g-valign-middle"><a href="#" data-th-href="@{/admin/apiusers/}">API-User</a></span>
             </li>
         </ul>
     </div>
@@ -21,14 +21,19 @@
             <div class="d-flex">
                 <div class="align-self-md-center">
                     <header>
-                        <h2 class="g-font-weight-400 g-font-size-16 g-color-black mb-0" data-th-text="'API-User ' + ${apiuser.login}">Benutzer</h2>
+                        <h2 class="g-font-weight-400 g-font-size-16 g-color-black mb-0" data-th-text="'API-User ' + ${apiuser.login ?: 'Neuer '}">Benutzer</h2>
                     </header>     
 
                     <div class="h-100 g-brd-around g-brd-gray-light-v7 g-rounded-4 g-pa-15 g-pa-20--md">
-                        <form action="#" data-th-action="@{/admin/apiusers/{id}(id=${apiuser.id})}" data-th-object="${apiuser}" method="post">
+                        <form action="#" data-th-action="@{/admin/apiusers/}" data-th-object="${apiuser}" method="post">
                             <input type="hidden" data-th-field="*{id}" />
                             <p>Login: <input type="text" data-th-field="*{login}" /></p>
-                            <p>Token: <input type="text" data-th-field="*{token}" /></p>
+                            <p>
+                                Token: <input type="text" data-th-field="*{token}" />
+                                <a href="#" class="btn btn-sm u-btn-primary g-mr-10 g-mb-15" data-th-href="@{/admin/api/apiusers/token.json}" onclick="admin_apiusers_get_token()">
+                                    <i class="fa fa-line-chart"></i>
+                                </a>
+                            </p>
                             <p>Rolename: <input type="text" data-th-field="*{roleName}" /></p>
                             <p>Valid Until: 
                                 <input type="text" class="u-datepicker-v1 js-datepicker" data-th-field="*{validUntil}">

src/main/webapp/WEB-INF/templates/sites/admin/apiusers.html

@@ -4,7 +4,7 @@
         <ul class="u-list-inline g-color-gray-dark-v6">
 
             <li class="list-inline-item g-mr-10">
-                <a class="u-link-v5 g-color-gray-dark-v6 g-color-lightblue-v3--hover g-valign-middle" href="#!">Admin</a>
+                <a class="u-link-v5 g-color-gray-dark-v6 g-color-lightblue-v3--hover g-valign-middle" href="#" data-th-href="@{/admin/}">Admin</a>
                 <i class="hs-admin-angle-right g-font-size-12 g-color-gray-light-v6 g-valign-middle g-ml-10"></i>
             </li>
 
@@ -18,6 +18,11 @@
     <div class="g-pa-20">
 
         <div class="table-responsive g-mb-40">
+            <div>
+                <a href="#" data-th-href="@{/admin/apiusers/new}" class="btn u-btn-primary g-mr-10 g-mb-15" alt="Neuer Eintrag">
+                    <i class="fa fa-plus"></i>
+                </a>
+            </div>
             <table class="table u-table--v3 g-color-black">
                 <thead>
                     <tr>