From 4716c84fdfda1d954c0806e11ae5d81c6f20cdc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20S=C3=A4ume?= Date: Sun, 19 May 2024 23:15:43 +0200 Subject: [PATCH] #8: Setup Model and DAO MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Dominik Säume --- src/main/java/de/hitec/nhplus/Main.java | 4 +- src/main/java/de/hitec/nhplus/login/User.java | 95 ++++++++ .../hitec/nhplus/login/database/UserDao.java | 202 ++++++++++++++++++ .../de/hitec/nhplus/login/database/User.sql | 2 +- .../nhplus/login/database/UserPermission.sql | 4 +- .../nhplus/login/database/UserToNurse.sql | 4 +- 6 files changed, 304 insertions(+), 7 deletions(-) create mode 100644 src/main/java/de/hitec/nhplus/login/User.java create mode 100644 src/main/java/de/hitec/nhplus/login/database/UserDao.java diff --git a/src/main/java/de/hitec/nhplus/Main.java b/src/main/java/de/hitec/nhplus/Main.java index f8a6e87..eb807a1 100644 --- a/src/main/java/de/hitec/nhplus/Main.java +++ b/src/main/java/de/hitec/nhplus/Main.java @@ -34,8 +34,8 @@ public class Main extends Application { @Override public void start(Stage primaryStage) { this.primaryStage = primaryStage; - executePassword(); - //executeMainApplication(); + //executePassword(); + executeMainApplication(); } private void executePassword() { diff --git a/src/main/java/de/hitec/nhplus/login/User.java b/src/main/java/de/hitec/nhplus/login/User.java new file mode 100644 index 0000000..5be9b6e --- /dev/null +++ b/src/main/java/de/hitec/nhplus/login/User.java @@ -0,0 +1,95 @@ +package de.hitec.nhplus.login; + +import de.hitec.nhplus.nurse.Nurse; + +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +public class User { + + private int id; + private String username; + private byte[] passwordSalt; + private byte[] passwordHash; + private int permissions = 0; + private Nurse nurse; + + public User( + int id, + String username, + byte[] passwordSalt, + byte[] passwordHash, + int permissions, + Nurse nurse + ) { + this.id = id; + this.username = username; + this.passwordSalt = passwordSalt; + this.passwordHash = passwordHash; + this.permissions = permissions; + this.nurse = nurse; + } + + public User( + String username, + byte[] passwordSalt, + byte[] passwordHash, + int permissions, + Nurse nurse, + boolean admin + ) { + this.username = username; + this.passwordSalt = passwordSalt; + this.passwordHash = passwordHash; + this.permissions = permissions; + this.nurse = nurse; + } + + public int getId() { + return id; + } + + public byte[] getPasswordSalt() { + return passwordSalt; + } + + public byte[] getPasswordHash() { + return passwordHash; + } + + public void setPassword(String password) throws NoSuchAlgorithmException { + SecureRandom random = new SecureRandom(); + byte[] salt = new byte[16]; + random.nextBytes(salt); + this.passwordSalt = salt; + MessageDigest md = MessageDigest.getInstance("SHA-512"); + md.update(salt); + this.passwordHash = md.digest(password.getBytes(StandardCharsets.UTF_8)); + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public int getPermissions() { + return permissions; + } + + public void setPermissions(int permissions) { + this.permissions = permissions; + } + + public Nurse getNurse() { + return nurse; + } + + public void setNurse(Nurse nurse) { + this.nurse = nurse; + } +} diff --git a/src/main/java/de/hitec/nhplus/login/database/UserDao.java b/src/main/java/de/hitec/nhplus/login/database/UserDao.java new file mode 100644 index 0000000..6ea36ce --- /dev/null +++ b/src/main/java/de/hitec/nhplus/login/database/UserDao.java @@ -0,0 +1,202 @@ +package de.hitec.nhplus.login.database; + +import de.hitec.nhplus.datastorage.Dao; +import de.hitec.nhplus.datastorage.DaoFactory; +import de.hitec.nhplus.login.User; +import de.hitec.nhplus.nurse.Nurse; + +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.ArrayList; +import java.util.List; + +public class UserDao implements Dao { + protected final Connection connection; + + public UserDao(Connection connection) { + this.connection = connection; + } + + public int readUserId(String username) throws SQLException { + final String SQL = "SELECT id FROM user WHERE username = ?"; + PreparedStatement statement = this.connection.prepareStatement(SQL); + statement.setString(1, username); + return statement.executeQuery().getInt(1); + } + + public byte[] readPasswordSalt(int id) throws SQLException { + final String SQL = "SELECT passwordSalt FROM user WHERE id = ?"; + PreparedStatement statement = this.connection.prepareStatement(SQL); + statement.setInt(1, id); + return statement.executeQuery().getBytes(1); + } + + public byte[] readPasswordHash(int id) throws SQLException { + final String SQL = "SELECT passwordHash FROM user WHERE id = ?"; + PreparedStatement statement = this.connection.prepareStatement(SQL); + statement.setInt(1, id); + return statement.executeQuery().getBytes(1); + } + + @Override + public User read(int id) throws SQLException { + final String SQL = """ + SELECT user.username, user.passwordSalt, user.passwordHash, user__permissions.permissions, user__nurse.nurseId + FROM user + LEFT JOIN user__permissions ON user.id = user__permissions.userId + LEFT JOIN user__nurse ON user.id = user__nurse.userId + WHERE user.id = ?; + """; + PreparedStatement statement = this.connection.prepareStatement(SQL); + statement.setInt(1, id); + ResultSet result = statement.executeQuery(); + int nurseId = result.getInt(5); + Nurse nurse = null; + if (!result.wasNull()) { + nurse = DaoFactory.getInstance().createNurseDAO().read(nurseId); + } + return new User( + id, + result.getString(1), + result.getBytes(2), + result.getBytes(3), + result.getInt(4), + nurse + ); + } + + @Override + public void create(User user) throws SQLException { + connection.setAutoCommit(false); //Switch to Manual Commit, to do an SQL Transaction + final String userSQL = """ + INSERT INTO user + (username, passwordSalt, passwordHash) + VALUES (?, ?, ?); + """; + PreparedStatement statement = this.connection.prepareStatement(userSQL); + statement.setString(1, user.getUsername()); + statement.setBytes(2, user.getPasswordSalt()); + statement.setBytes(3, user.getPasswordHash()); + statement.execute(); + + ResultSet generatedKeys = connection.createStatement().executeQuery("SELECT id FROM user"); + connection.commit(); //Finish SQL Transaction + connection.setAutoCommit(true); //Switch back Mode + + if (!generatedKeys.next()) { + return; + } + int newId = generatedKeys.getInt(1); + + final String permissionSQL = """ + INSERT INTO user__permissions + (userId, permissions) + VALUES (?, ?); + """; + PreparedStatement permissionStatement = this.connection.prepareStatement(permissionSQL); + permissionStatement.setInt(1, newId); + permissionStatement.setInt(2, user.getPermissions()); + permissionStatement.execute(); + + if (user.getNurse() == null) { + return; + } + final String nurseSQL = """ + INSERT INTO user__nurse + (userId, nurseId) + VALUES (?, ?); + + + """; + PreparedStatement nurseStatement = this.connection.prepareStatement(nurseSQL); + permissionStatement.setInt(1, newId); + permissionStatement.setInt(2, user.getNurse().getId()); + permissionStatement.execute(); + } + + @Override + public void update(User user) throws SQLException { + final String userSQL = """ + UPDATE user SET + username = ?, + passwordSalt = ?, + passwordHash = ? + WHERE id = ? + """; + PreparedStatement statement = this.connection.prepareStatement(userSQL); + statement.setString(1, user.getUsername()); + statement.setBytes(2, user.getPasswordSalt()); + statement.setBytes(3, user.getPasswordHash()); + statement.setInt(3, user.getId()); + statement.executeUpdate(); + + final String permissionSQL = """ + UPDATE user__permissions SET + permissions = ? + WHERE userId = ? + """; + PreparedStatement permissionStatement = this.connection.prepareStatement(permissionSQL); + permissionStatement.setInt(1, user.getPermissions()); + permissionStatement.setInt(2, user.getId()); + permissionStatement.executeUpdate(); + + if (user.getNurse() == null) { + final String nurseSQL = """ + DELETE FROM user__nurse WHERE userId = ? + """; + this.connection.prepareStatement(nurseSQL).executeUpdate(); + return; + } + + final String nurseSQL = """ + UPDATE user__nurse set + nurseId = ? + WHERE userId = ? + """; + PreparedStatement nurseStatement = this.connection.prepareStatement(nurseSQL); + nurseStatement.setInt(1, user.getNurse().getId()); + nurseStatement.setInt(2, user.getId()); + permissionStatement.executeUpdate(); + } + + @Override + public void delete(int id) throws SQLException { + final String SQL = """ + DELETE FROM user WHERE user.id = ?; + """; + PreparedStatement preparedStatement = this.connection.prepareStatement(SQL); + preparedStatement.setInt(1, id); + preparedStatement.executeUpdate(); + } + + @Override + public List readAll() throws SQLException { + final String SQL = """ + SELECT user.id, user.username, user.passwordSalt, user.passwordHash, user__permissions.permissions, user__nurse.nurseId + FROM user + LEFT JOIN user__permissions ON user.id = user__permissions.userId + LEFT JOIN user__nurse ON user.id = user__nurse.userId + """; + ResultSet result = connection.prepareStatement(SQL).executeQuery(); + + List users = new ArrayList<>(); + while (result.next()) { + int nurseId = result.getInt(6); + Nurse nurse = null; + if (!result.wasNull()) { + nurse = DaoFactory.getInstance().createNurseDAO().read(nurseId); + } + users.add(new User( + result.getInt(1), + result.getString(2), + result.getBytes(3), + result.getBytes(4), + result.getInt(5), + nurse + )); + } + return users; + } +} diff --git a/src/main/resources/de/hitec/nhplus/login/database/User.sql b/src/main/resources/de/hitec/nhplus/login/database/User.sql index b92a04a..8773d00 100644 --- a/src/main/resources/de/hitec/nhplus/login/database/User.sql +++ b/src/main/resources/de/hitec/nhplus/login/database/User.sql @@ -1,7 +1,7 @@ CREATE TABLE user ( id INTEGER PRIMARY KEY AUTOINCREMENT, - username TEXT NOT NULL, + username TEXT NOT NULL UNIQUE, passwordSalt BLOB NOT NULL, passwordHash BLOB NOT NULL ) \ No newline at end of file diff --git a/src/main/resources/de/hitec/nhplus/login/database/UserPermission.sql b/src/main/resources/de/hitec/nhplus/login/database/UserPermission.sql index 536dce0..4e968f2 100644 --- a/src/main/resources/de/hitec/nhplus/login/database/UserPermission.sql +++ b/src/main/resources/de/hitec/nhplus/login/database/UserPermission.sql @@ -1,6 +1,6 @@ CREATE TABLE user__permissions ( - userId INTEGER NOT NULL, - permissions INTEGER, -- Binary Bitmask for Permissions + userId INTEGER NOT NULL UNIQUE, + permissions INTEGER NOT NULL, -- Binary Bitmask for Permissions FOREIGN KEY (userId) REFERENCES user (id) ON DELETE CASCADE ) \ No newline at end of file diff --git a/src/main/resources/de/hitec/nhplus/login/database/UserToNurse.sql b/src/main/resources/de/hitec/nhplus/login/database/UserToNurse.sql index 4507f47..b46be11 100644 --- a/src/main/resources/de/hitec/nhplus/login/database/UserToNurse.sql +++ b/src/main/resources/de/hitec/nhplus/login/database/UserToNurse.sql @@ -1,7 +1,7 @@ CREATE TABLE user__nurse ( - userId INTEGER NOT NULL, - nurseId INTEGER NOT NULL, + userId INTEGER NOT NULL UNIQUE, + nurseId INTEGER NOT NULL UNIQUE, FOREIGN KEY (userId) REFERENCES user (id) ON DELETE CASCADE, FOREIGN KEY (nurseId) REFERENCES nurse (id) ON DELETE CASCADE ) \ No newline at end of file