From 375fbe4826cac417a7f2de316277f035d0d55d60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20S=C3=A4ume?= <dominik.saeume@hmmh.de>
Date: Sun, 19 May 2024 23:15:43 +0200
Subject: [PATCH] #8: Setup Model, DAO & Fixtures
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Dominik Säume <Dominik.Saeume@hmmh.de>
---
 db/nursingHome.db                             | Bin 28672 -> 57344 bytes
 src/main/java/de/hitec/nhplus/Main.java       |   4 +-
 .../hitec/nhplus/datastorage/DaoFactory.java  |   9 +
 .../de/hitec/nhplus/fixtures/Fixtures.java    |   5 +
 .../de/hitec/nhplus/fixtures/UserFixture.java |  83 +++++++
 src/main/java/de/hitec/nhplus/login/User.java |  98 +++++++++
 .../hitec/nhplus/login/database/UserDao.java  | 202 ++++++++++++++++++
 .../de/hitec/nhplus/login/database/User.sql   |   2 +-
 .../nhplus/login/database/UserPermission.sql  |   4 +-
 .../nhplus/login/database/UserToNurse.sql     |   4 +-
 10 files changed, 404 insertions(+), 7 deletions(-)
 create mode 100644 src/main/java/de/hitec/nhplus/fixtures/UserFixture.java
 create mode 100644 src/main/java/de/hitec/nhplus/login/User.java
 create mode 100644 src/main/java/de/hitec/nhplus/login/database/UserDao.java

diff --git a/db/nursingHome.db b/db/nursingHome.db
index df596e05e2ebebaf5fb16a358f7204e2cf400f90..87428bb3d43c31c3f5bde0589499552b4549ff9d 100644
GIT binary patch
delta 1546
zcmb7E4{Q@v9KP$V*WR_)*SR%kHpm`XV67<*5KNGmtQ)scR$6E~bYfCZd+2TLwcK4d
zhJm9jLShyI=|nUnQ-%o{anW6jF-s6b3`_!vk!g%5AQ9sqbegcRp^5L>Zr%bKz2x0{
z@ArN0_rCYNKYOp?d(RMuY96RqjbWGzmAUWQVgD*GiaspA$+-T+80#$NI>np>m5wuX
zhI-BZK9#lg+EweUt;t5cn^&#cK4+het*^)X6Dt2~O2{dKoJdGHSur=6mM9m9b1)ug
z4sp=Lp}jOjpAiWrAq<A&TpJgK;Yb{YJ3=AY5e{zY;QU2WF)3m#AW`$I0?$;lr9?g$
z<yyHY7jEHV#oUE<CZ@FnVl9F79PL~4BFP5paZHqw!cJvJN>qgepHnl%e!`?KvC7n;
z*6jMP!&aJxx$?VuZERyBuJzZO9LfrET2vG<BPk`aDd4z|TPFDbcxD==Ei?}K=7-Cd
z!)8(9<vvuYX<q4u+cPrU{I|BE@vV_47i<f|cCHh84Yk4KJq|;!h=P$YT+f9#wA1ru
z2X>NdM<X&j^)GIlWG2eynL^I|qd6Pv@!<O+^9~v^?DzOownj`ABEYK|9End0FwQ-R
z&eQ$QRF+qi-i(}#@hKHHha%1Mw9=WI!#D8C3kz}D*U&?<>pcH_jGX8u6c<D1V`||T
zHHj;_OmD_<SwHLe9>=r#DJFr_ePr?S<x@Kf)nJOC>Fc`9eHXY-U{)|t16~CKU=-X0
z7xhY*0-CFdSc0d8r1%`KiWzDH!Q#bxK{(ooT0Dz_f~1n*G)7Uz@>M2C)ZwZu@M;<X
zGy$%b5t5cr0((2*!40Ct=t-oTLSk$vrE8;k9*HDLnzYCYEzl%`C?r^>+g8j1qfLMj
z3<;b7Bf6{U7^qlGkeEIii9)A=T7VA&uK*vCzZhs;783J>^3F6bi$^c)u@B~dIQ`W1
zZWlaK`{`)r!y8n0K6!rf%d^`)&b_>8TGl5nJ*2ZUb>|Y}bk|!GS3cuDKmP0Q=>yfv
zh7MeS7h_NN^!tZvyDzUj`gqfd8LeT`_a5l_=;!foUaHxDQp8ED3eA;EW_}BI4ZX8e
z(KJu5W5D{wW5mWgSBCw+1c$cozB#t??XTCan~?4detWg@{0E(5H+J)nEV<MZ&kk-~
zeamxeq<?&W_NVBcPUgta*x+~De*Eg(qE8Ms#OgxBmn*8@c;<C>>A_7jS}Eo>e#Ph1
zcv9zzVL}l`wf-O+0EZ8?R*^&%g>)Hl3z)*d6qrE<6%e*%ksWP`;g6+ED!F(Y19!pg
tGHEMYVIgokDg;H9l1yXZ4=`QEpKx0V9Jg2q1RKLKcNut|EGeDq{srXy<+%U=

delta 269
zcmZoTz})bFae|Z(({=_126iBZf&Pg)Mp8ggy`qJ@e193(IA=2Ot>#_9FUWm>E1z@b
zW<vo*PUgm7$H{XzuQEDpF5(JcWVGLWnEN>+qwVI^yzz`&j%;AF8guL>i|~J7=H}YB
znO)#FKi_5s7XBsN{IB@W^Dp7wzge+i3V$-M9<w}SNl|KINp5Oh2{->O1|G)T)RfHR
z#1cMzW<?k~Ge3`wQ<qtsF|V|!IF$uxJ|8Ds7atS14zo04L1IZJ&<u7qE;c5hA}%&w
rpfYxTmd)%2zxa9iS1~a2PiEkM#($E3@@77VIs70~<TtPL4^jXC1I<QL

diff --git a/src/main/java/de/hitec/nhplus/Main.java b/src/main/java/de/hitec/nhplus/Main.java
index f8a6e87..eb807a1 100644
--- a/src/main/java/de/hitec/nhplus/Main.java
+++ b/src/main/java/de/hitec/nhplus/Main.java
@@ -34,8 +34,8 @@ public class Main extends Application {
     @Override
     public void start(Stage primaryStage) {
         this.primaryStage = primaryStage;
-        executePassword();
-        //executeMainApplication();
+        //executePassword();
+        executeMainApplication();
     }
 
     private void executePassword() {
diff --git a/src/main/java/de/hitec/nhplus/datastorage/DaoFactory.java b/src/main/java/de/hitec/nhplus/datastorage/DaoFactory.java
index 955c88d..067101a 100644
--- a/src/main/java/de/hitec/nhplus/datastorage/DaoFactory.java
+++ b/src/main/java/de/hitec/nhplus/datastorage/DaoFactory.java
@@ -1,5 +1,6 @@
 package de.hitec.nhplus.datastorage;
 
+import de.hitec.nhplus.login.database.UserDao;
 import de.hitec.nhplus.medication.database.MedicationDao;
 import de.hitec.nhplus.nurse.database.NurseDao;
 import de.hitec.nhplus.patient.database.PatientDao;
@@ -63,4 +64,12 @@ public class DaoFactory {
     public MedicationDao createMedicationDAO() {
         return new MedicationDao(ConnectionBuilder.getConnection());
     }
+
+    /**
+     * @return A new {@link UserDao} instance with a database connection.
+     * @see de.hitec.nhplus.login.User User
+     */
+    public UserDao createUserDAO() {
+        return new UserDao(ConnectionBuilder.getConnection());
+    }
 }
diff --git a/src/main/java/de/hitec/nhplus/fixtures/Fixtures.java b/src/main/java/de/hitec/nhplus/fixtures/Fixtures.java
index 51719a3..0ea398b 100644
--- a/src/main/java/de/hitec/nhplus/fixtures/Fixtures.java
+++ b/src/main/java/de/hitec/nhplus/fixtures/Fixtures.java
@@ -46,6 +46,11 @@ public class Fixtures {
             medicationFixture.setupTable(connection);
             medicationFixture.load();
 
+            UserFixture userFixture = new UserFixture();
+            userFixture.dropTable(connection);
+            userFixture.setupTable(connection);
+            userFixture.load();
+
         } catch (Exception exception) {
             System.out.println(exception.getMessage());
         }
diff --git a/src/main/java/de/hitec/nhplus/fixtures/UserFixture.java b/src/main/java/de/hitec/nhplus/fixtures/UserFixture.java
new file mode 100644
index 0000000..2fff14f
--- /dev/null
+++ b/src/main/java/de/hitec/nhplus/fixtures/UserFixture.java
@@ -0,0 +1,83 @@
+package de.hitec.nhplus.fixtures;
+
+import de.hitec.nhplus.Main;
+import de.hitec.nhplus.datastorage.DaoFactory;
+import de.hitec.nhplus.login.User;
+import de.hitec.nhplus.login.database.UserDao;
+import de.hitec.nhplus.medication.Medication;
+
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.util.*;
+
+public class UserFixture implements Fixture<User>{
+    private static final String SCHEMA = "/de/hitec/nhplus/login/database/User.sql";
+    private static final String PERMISSION_SCHEMA = "/de/hitec/nhplus/login/database/UserPermission.sql";
+    private static final String TO_NURSE_SCHEMA = "/de/hitec/nhplus/login/database/UserToNurse.sql";
+    @Override
+    public void dropTable(Connection connection) throws SQLException {
+        connection.createStatement().execute("DROP TABLE IF EXISTS user");
+        connection.createStatement().execute("DROP TABLE IF EXISTS user__permissions");
+        connection.createStatement().execute("DROP TABLE IF EXISTS user__nurse");
+    }
+
+    @Override
+    public void setupTable(Connection connection) throws SQLException {
+        final InputStream schema = Main.class.getResourceAsStream(SCHEMA);
+        final InputStream permissionSchema = Main.class.getResourceAsStream(PERMISSION_SCHEMA);
+        final InputStream toNurseSchema = Main.class.getResourceAsStream(TO_NURSE_SCHEMA);
+
+        assert schema != null;
+        assert permissionSchema != null;
+        assert toNurseSchema != null;
+
+        String SQL = new Scanner(schema, StandardCharsets.UTF_8)
+                .useDelimiter("\\A")
+                .next();
+        String permissionSQL = new Scanner(permissionSchema, StandardCharsets.UTF_8)
+                .useDelimiter("\\A")
+                .next();
+        String toNurseSQL = new Scanner(toNurseSchema, StandardCharsets.UTF_8)
+                .useDelimiter("\\A")
+                .next();
+
+        connection.createStatement().execute(SQL);
+        connection.createStatement().execute(permissionSQL);
+        connection.createStatement().execute(toNurseSQL);
+    }
+
+    @Override
+    public Map<String, User> load() throws SQLException {
+        List<User> users = new ArrayList<>();
+
+        User udo = new User(
+                "udo",
+                null,
+                null,
+                Integer.parseInt("00000001", 2),
+                null
+        );
+        udo.setPassword("uD0_187!");
+        users.add(udo);
+
+        User maria = new User(
+                "maria",
+                null,
+                null,
+                0,
+                null
+        );
+        maria.setPassword("H!mm3lf4hrt");
+        users.add(maria);
+
+        UserDao dao = DaoFactory.getInstance().createUserDAO();
+        Map<String, User> usersByUsername = new HashMap<>();
+        for (User user : users){
+            dao.create(user);
+            usersByUsername.put(user.getUsername(), user);
+        }
+        return usersByUsername;
+    }
+}
diff --git a/src/main/java/de/hitec/nhplus/login/User.java b/src/main/java/de/hitec/nhplus/login/User.java
new file mode 100644
index 0000000..0621b9d
--- /dev/null
+++ b/src/main/java/de/hitec/nhplus/login/User.java
@@ -0,0 +1,98 @@
+package de.hitec.nhplus.login;
+
+import de.hitec.nhplus.nurse.Nurse;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+public class User {
+
+    private int id;
+    private String username;
+    private byte[] passwordSalt;
+    private byte[] passwordHash;
+    private int permissions = 0;
+    private Nurse nurse;
+
+    public User(
+            int id,
+            String username,
+            byte[] passwordSalt,
+            byte[] passwordHash,
+            int permissions,
+            Nurse nurse
+    ) {
+        this.id = id;
+        this.username = username;
+        this.passwordSalt = passwordSalt;
+        this.passwordHash = passwordHash;
+        this.permissions = permissions;
+        this.nurse = nurse;
+    }
+
+    public User(
+            String username,
+            byte[] passwordSalt,
+            byte[] passwordHash,
+            int permissions,
+            Nurse nurse
+    ) {
+        this.username = username;
+        this.passwordSalt = passwordSalt;
+        this.passwordHash = passwordHash;
+        this.permissions = permissions;
+        this.nurse = nurse;
+    }
+
+    public int getId() {
+        return id;
+    }
+
+    public byte[] getPasswordSalt() {
+        return passwordSalt;
+    }
+
+    public byte[] getPasswordHash() {
+        return passwordHash;
+    }
+
+    public void setPassword(String password) {
+        try {
+            SecureRandom random = new SecureRandom();
+            byte[] salt = new byte[32];
+            random.nextBytes(salt);
+            this.passwordSalt = salt;
+            MessageDigest md = MessageDigest.getInstance("SHA-512");
+            md.update(salt);
+            this.passwordHash = md.digest(password.getBytes(StandardCharsets.UTF_8));
+        }catch (NoSuchAlgorithmException exception){
+            exception.printStackTrace();
+        }
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public int getPermissions() {
+        return permissions;
+    }
+
+    public void setPermissions(int permissions) {
+        this.permissions = permissions;
+    }
+
+    public Nurse getNurse() {
+        return nurse;
+    }
+
+    public void setNurse(Nurse nurse) {
+        this.nurse = nurse;
+    }
+}
diff --git a/src/main/java/de/hitec/nhplus/login/database/UserDao.java b/src/main/java/de/hitec/nhplus/login/database/UserDao.java
new file mode 100644
index 0000000..6ea36ce
--- /dev/null
+++ b/src/main/java/de/hitec/nhplus/login/database/UserDao.java
@@ -0,0 +1,202 @@
+package de.hitec.nhplus.login.database;
+
+import de.hitec.nhplus.datastorage.Dao;
+import de.hitec.nhplus.datastorage.DaoFactory;
+import de.hitec.nhplus.login.User;
+import de.hitec.nhplus.nurse.Nurse;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class UserDao implements Dao<User> {
+    protected final Connection connection;
+
+    public UserDao(Connection connection) {
+        this.connection = connection;
+    }
+
+    public int readUserId(String username) throws SQLException {
+        final String SQL = "SELECT id FROM user WHERE username = ?";
+        PreparedStatement statement = this.connection.prepareStatement(SQL);
+        statement.setString(1, username);
+        return statement.executeQuery().getInt(1);
+    }
+
+    public byte[] readPasswordSalt(int id) throws SQLException {
+        final String SQL = "SELECT passwordSalt FROM user WHERE id = ?";
+        PreparedStatement statement = this.connection.prepareStatement(SQL);
+        statement.setInt(1, id);
+        return statement.executeQuery().getBytes(1);
+    }
+
+    public byte[] readPasswordHash(int id) throws SQLException {
+        final String SQL = "SELECT passwordHash FROM user WHERE id = ?";
+        PreparedStatement statement = this.connection.prepareStatement(SQL);
+        statement.setInt(1, id);
+        return statement.executeQuery().getBytes(1);
+    }
+
+    @Override
+    public User read(int id) throws SQLException {
+        final String SQL = """
+                        SELECT user.username, user.passwordSalt, user.passwordHash, user__permissions.permissions, user__nurse.nurseId
+                        FROM user
+                        LEFT JOIN user__permissions ON user.id = user__permissions.userId
+                        LEFT JOIN user__nurse ON user.id = user__nurse.userId
+                        WHERE user.id = ?;
+                """;
+        PreparedStatement statement = this.connection.prepareStatement(SQL);
+        statement.setInt(1, id);
+        ResultSet result = statement.executeQuery();
+        int nurseId = result.getInt(5);
+        Nurse nurse = null;
+        if (!result.wasNull()) {
+            nurse = DaoFactory.getInstance().createNurseDAO().read(nurseId);
+        }
+        return new User(
+                id,
+                result.getString(1),
+                result.getBytes(2),
+                result.getBytes(3),
+                result.getInt(4),
+                nurse
+        );
+    }
+
+    @Override
+    public void create(User user) throws SQLException {
+        connection.setAutoCommit(false); //Switch to Manual Commit, to do an SQL Transaction
+        final String userSQL = """
+                    INSERT INTO user
+                    (username, passwordSalt, passwordHash)
+                    VALUES (?, ?, ?);
+                """;
+        PreparedStatement statement = this.connection.prepareStatement(userSQL);
+        statement.setString(1, user.getUsername());
+        statement.setBytes(2, user.getPasswordSalt());
+        statement.setBytes(3, user.getPasswordHash());
+        statement.execute();
+
+        ResultSet generatedKeys = connection.createStatement().executeQuery("SELECT id FROM user");
+        connection.commit(); //Finish SQL Transaction
+        connection.setAutoCommit(true); //Switch back Mode
+
+        if (!generatedKeys.next()) {
+            return;
+        }
+        int newId = generatedKeys.getInt(1);
+
+        final String permissionSQL = """
+                    INSERT INTO user__permissions
+                    (userId, permissions)
+                    VALUES (?, ?);
+                """;
+        PreparedStatement permissionStatement = this.connection.prepareStatement(permissionSQL);
+        permissionStatement.setInt(1, newId);
+        permissionStatement.setInt(2, user.getPermissions());
+        permissionStatement.execute();
+
+        if (user.getNurse() == null) {
+            return;
+        }
+        final String nurseSQL = """
+                    INSERT INTO user__nurse
+                    (userId, nurseId)
+                    VALUES (?, ?);
+                                
+                               
+                """;
+        PreparedStatement nurseStatement = this.connection.prepareStatement(nurseSQL);
+        permissionStatement.setInt(1, newId);
+        permissionStatement.setInt(2, user.getNurse().getId());
+        permissionStatement.execute();
+    }
+
+    @Override
+    public void update(User user) throws SQLException {
+        final String userSQL = """
+                    UPDATE user SET
+                    username = ?,
+                    passwordSalt = ?,
+                    passwordHash = ?
+                    WHERE id = ?
+                """;
+        PreparedStatement statement = this.connection.prepareStatement(userSQL);
+        statement.setString(1, user.getUsername());
+        statement.setBytes(2, user.getPasswordSalt());
+        statement.setBytes(3, user.getPasswordHash());
+        statement.setInt(3, user.getId());
+        statement.executeUpdate();
+
+        final String permissionSQL = """
+                    UPDATE user__permissions SET
+                    permissions = ?
+                    WHERE userId = ?
+                """;
+        PreparedStatement permissionStatement = this.connection.prepareStatement(permissionSQL);
+        permissionStatement.setInt(1, user.getPermissions());
+        permissionStatement.setInt(2, user.getId());
+        permissionStatement.executeUpdate();
+
+        if (user.getNurse() == null) {
+            final String nurseSQL = """
+                        DELETE FROM user__nurse WHERE userId = ?
+                    """;
+            this.connection.prepareStatement(nurseSQL).executeUpdate();
+            return;
+        }
+
+        final String nurseSQL = """
+                    UPDATE user__nurse set
+                    nurseId = ?
+                    WHERE userId = ?
+                """;
+        PreparedStatement nurseStatement = this.connection.prepareStatement(nurseSQL);
+        nurseStatement.setInt(1, user.getNurse().getId());
+        nurseStatement.setInt(2, user.getId());
+        permissionStatement.executeUpdate();
+    }
+
+    @Override
+    public void delete(int id) throws SQLException {
+        final String SQL = """
+                    DELETE FROM user WHERE user.id = ?;
+                """;
+        PreparedStatement preparedStatement = this.connection.prepareStatement(SQL);
+        preparedStatement.setInt(1, id);
+        preparedStatement.executeUpdate();
+    }
+
+    @Override
+    public List<User> readAll() throws SQLException {
+        final String SQL = """
+                        SELECT user.id, user.username, user.passwordSalt, user.passwordHash, user__permissions.permissions, user__nurse.nurseId
+                        FROM user
+                        LEFT JOIN user__permissions ON user.id = user__permissions.userId
+                        LEFT JOIN user__nurse ON user.id = user__nurse.userId
+                """;
+        ResultSet result = connection.prepareStatement(SQL).executeQuery();
+
+        List<User> users = new ArrayList<>();
+        while (result.next()) {
+            int nurseId = result.getInt(6);
+            Nurse nurse = null;
+            if (!result.wasNull()) {
+                nurse = DaoFactory.getInstance().createNurseDAO().read(nurseId);
+            }
+            users.add(new User(
+                    result.getInt(1),
+                    result.getString(2),
+                    result.getBytes(3),
+                    result.getBytes(4),
+                    result.getInt(5),
+                    nurse
+            ));
+        }
+        return users;
+    }
+}
diff --git a/src/main/resources/de/hitec/nhplus/login/database/User.sql b/src/main/resources/de/hitec/nhplus/login/database/User.sql
index b92a04a..8773d00 100644
--- a/src/main/resources/de/hitec/nhplus/login/database/User.sql
+++ b/src/main/resources/de/hitec/nhplus/login/database/User.sql
@@ -1,7 +1,7 @@
 CREATE TABLE user
 (
     id INTEGER PRIMARY KEY AUTOINCREMENT,
-    username TEXT NOT NULL,
+    username TEXT NOT NULL UNIQUE,
     passwordSalt BLOB NOT NULL,
     passwordHash BLOB NOT NULL
 )
\ No newline at end of file
diff --git a/src/main/resources/de/hitec/nhplus/login/database/UserPermission.sql b/src/main/resources/de/hitec/nhplus/login/database/UserPermission.sql
index 536dce0..4e968f2 100644
--- a/src/main/resources/de/hitec/nhplus/login/database/UserPermission.sql
+++ b/src/main/resources/de/hitec/nhplus/login/database/UserPermission.sql
@@ -1,6 +1,6 @@
 CREATE TABLE user__permissions
 (
-    userId  INTEGER NOT NULL,
-    permissions INTEGER, -- Binary Bitmask for Permissions
+    userId  INTEGER NOT NULL UNIQUE,
+    permissions INTEGER NOT NULL, -- Binary Bitmask for Permissions
     FOREIGN KEY (userId) REFERENCES user (id) ON DELETE CASCADE
 )
\ No newline at end of file
diff --git a/src/main/resources/de/hitec/nhplus/login/database/UserToNurse.sql b/src/main/resources/de/hitec/nhplus/login/database/UserToNurse.sql
index 4507f47..b46be11 100644
--- a/src/main/resources/de/hitec/nhplus/login/database/UserToNurse.sql
+++ b/src/main/resources/de/hitec/nhplus/login/database/UserToNurse.sql
@@ -1,7 +1,7 @@
 CREATE TABLE user__nurse
 (
-    userId  INTEGER NOT NULL,
-    nurseId INTEGER NOT NULL,
+    userId  INTEGER NOT NULL UNIQUE,
+    nurseId INTEGER NOT NULL UNIQUE,
     FOREIGN KEY (userId) REFERENCES user (id) ON DELETE CASCADE,
     FOREIGN KEY (nurseId) REFERENCES nurse (id) ON DELETE CASCADE
 )
\ No newline at end of file