#8: Setup Model and DAO

Signed-off-by: Dominik Säume <Dominik.Saeume@hmmh.de>

src/main/java/de/hitec/nhplus/Main.java

@@ -34,8 +34,8 @@ public class Main extends Application {
     @Override
     public void start(Stage primaryStage) {
         this.primaryStage = primaryStage;
-        executePassword();
-        //executeMainApplication();
+        //executePassword();
+        executeMainApplication();
     }
 
     private void executePassword() {

src/main/java/de/hitec/nhplus/login/User.java

@@ -0,0 +1,95 @@
+package de.hitec.nhplus.login;
+
+import de.hitec.nhplus.nurse.Nurse;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+public class User {
+
+    private int id;
+    private String username;
+    private byte[] passwordSalt;
+    private byte[] passwordHash;
+    private int permissions = 0;
+    private Nurse nurse;
+
+    public User(
+            int id,
+            String username,
+            byte[] passwordSalt,
+            byte[] passwordHash,
+            int permissions,
+            Nurse nurse
+    ) {
+        this.id = id;
+        this.username = username;
+        this.passwordSalt = passwordSalt;
+        this.passwordHash = passwordHash;
+        this.permissions = permissions;
+        this.nurse = nurse;
+    }
+
+    public User(
+            String username,
+            byte[] passwordSalt,
+            byte[] passwordHash,
+            int permissions,
+            Nurse nurse,
+            boolean admin
+    ) {
+        this.username = username;
+        this.passwordSalt = passwordSalt;
+        this.passwordHash = passwordHash;
+        this.permissions = permissions;
+        this.nurse = nurse;
+    }
+
+    public int getId() {
+        return id;
+    }
+
+    public byte[] getPasswordSalt() {
+        return passwordSalt;
+    }
+
+    public byte[] getPasswordHash() {
+        return passwordHash;
+    }
+
+    public void setPassword(String password) throws NoSuchAlgorithmException {
+        SecureRandom random = new SecureRandom();
+        byte[] salt = new byte[16];
+        random.nextBytes(salt);
+        this.passwordSalt = salt;
+        MessageDigest md = MessageDigest.getInstance("SHA-512");
+        md.update(salt);
+        this.passwordHash = md.digest(password.getBytes(StandardCharsets.UTF_8));
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public int getPermissions() {
+        return permissions;
+    }
+
+    public void setPermissions(int permissions) {
+        this.permissions = permissions;
+    }
+
+    public Nurse getNurse() {
+        return nurse;
+    }
+
+    public void setNurse(Nurse nurse) {
+        this.nurse = nurse;
+    }
+}

src/main/java/de/hitec/nhplus/login/database/UserDao.java

@@ -0,0 +1,202 @@
+package de.hitec.nhplus.login.database;
+
+import de.hitec.nhplus.datastorage.Dao;
+import de.hitec.nhplus.datastorage.DaoFactory;
+import de.hitec.nhplus.login.User;
+import de.hitec.nhplus.nurse.Nurse;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class UserDao implements Dao<User> {
+    protected final Connection connection;
+
+    public UserDao(Connection connection) {
+        this.connection = connection;
+    }
+
+    public int readUserId(String username) throws SQLException {
+        final String SQL = "SELECT id FROM user WHERE username = ?";
+        PreparedStatement statement = this.connection.prepareStatement(SQL);
+        statement.setString(1, username);
+        return statement.executeQuery().getInt(1);
+    }
+
+    public byte[] readPasswordSalt(int id) throws SQLException {
+        final String SQL = "SELECT passwordSalt FROM user WHERE id = ?";
+        PreparedStatement statement = this.connection.prepareStatement(SQL);
+        statement.setInt(1, id);
+        return statement.executeQuery().getBytes(1);
+    }
+
+    public byte[] readPasswordHash(int id) throws SQLException {
+        final String SQL = "SELECT passwordHash FROM user WHERE id = ?";
+        PreparedStatement statement = this.connection.prepareStatement(SQL);
+        statement.setInt(1, id);
+        return statement.executeQuery().getBytes(1);
+    }
+
+    @Override
+    public User read(int id) throws SQLException {
+        final String SQL = """
+                        SELECT user.username, user.passwordSalt, user.passwordHash, user__permissions.permissions, user__nurse.nurseId
+                        FROM user
+                        LEFT JOIN user__permissions ON user.id = user__permissions.userId
+                        LEFT JOIN user__nurse ON user.id = user__nurse.userId
+                        WHERE user.id = ?;
+                """;
+        PreparedStatement statement = this.connection.prepareStatement(SQL);
+        statement.setInt(1, id);
+        ResultSet result = statement.executeQuery();
+        int nurseId = result.getInt(5);
+        Nurse nurse = null;
+        if (!result.wasNull()) {
+            nurse = DaoFactory.getInstance().createNurseDAO().read(nurseId);
+        }
+        return new User(
+                id,
+                result.getString(1),
+                result.getBytes(2),
+                result.getBytes(3),
+                result.getInt(4),
+                nurse
+        );
+    }
+
+    @Override
+    public void create(User user) throws SQLException {
+        connection.setAutoCommit(false); //Switch to Manual Commit, to do an SQL Transaction
+        final String userSQL = """
+                    INSERT INTO user
+                    (username, passwordSalt, passwordHash)
+                    VALUES (?, ?, ?);
+                """;
+        PreparedStatement statement = this.connection.prepareStatement(userSQL);
+        statement.setString(1, user.getUsername());
+        statement.setBytes(2, user.getPasswordSalt());
+        statement.setBytes(3, user.getPasswordHash());
+        statement.execute();
+
+        ResultSet generatedKeys = connection.createStatement().executeQuery("SELECT id FROM user");
+        connection.commit(); //Finish SQL Transaction
+        connection.setAutoCommit(true); //Switch back Mode
+
+        if (!generatedKeys.next()) {
+            return;
+        }
+        int newId = generatedKeys.getInt(1);
+
+        final String permissionSQL = """
+                    INSERT INTO user__permissions
+                    (userId, permissions)
+                    VALUES (?, ?);
+                """;
+        PreparedStatement permissionStatement = this.connection.prepareStatement(permissionSQL);
+        permissionStatement.setInt(1, newId);
+        permissionStatement.setInt(2, user.getPermissions());
+        permissionStatement.execute();
+
+        if (user.getNurse() == null) {
+            return;
+        }
+        final String nurseSQL = """
+                    INSERT INTO user__nurse
+                    (userId, nurseId)
+                    VALUES (?, ?);
+                                
+                               
+                """;
+        PreparedStatement nurseStatement = this.connection.prepareStatement(nurseSQL);
+        permissionStatement.setInt(1, newId);
+        permissionStatement.setInt(2, user.getNurse().getId());
+        permissionStatement.execute();
+    }
+
+    @Override
+    public void update(User user) throws SQLException {
+        final String userSQL = """
+                    UPDATE user SET
+                    username = ?,
+                    passwordSalt = ?,
+                    passwordHash = ?
+                    WHERE id = ?
+                """;
+        PreparedStatement statement = this.connection.prepareStatement(userSQL);
+        statement.setString(1, user.getUsername());
+        statement.setBytes(2, user.getPasswordSalt());
+        statement.setBytes(3, user.getPasswordHash());
+        statement.setInt(3, user.getId());
+        statement.executeUpdate();
+
+        final String permissionSQL = """
+                    UPDATE user__permissions SET
+                    permissions = ?
+                    WHERE userId = ?
+                """;
+        PreparedStatement permissionStatement = this.connection.prepareStatement(permissionSQL);
+        permissionStatement.setInt(1, user.getPermissions());
+        permissionStatement.setInt(2, user.getId());
+        permissionStatement.executeUpdate();
+
+        if (user.getNurse() == null) {
+            final String nurseSQL = """
+                        DELETE FROM user__nurse WHERE userId = ?
+                    """;
+            this.connection.prepareStatement(nurseSQL).executeUpdate();
+            return;
+        }
+
+        final String nurseSQL = """
+                    UPDATE user__nurse set
+                    nurseId = ?
+                    WHERE userId = ?
+                """;
+        PreparedStatement nurseStatement = this.connection.prepareStatement(nurseSQL);
+        nurseStatement.setInt(1, user.getNurse().getId());
+        nurseStatement.setInt(2, user.getId());
+        permissionStatement.executeUpdate();
+    }
+
+    @Override
+    public void delete(int id) throws SQLException {
+        final String SQL = """
+                    DELETE FROM user WHERE user.id = ?;
+                """;
+        PreparedStatement preparedStatement = this.connection.prepareStatement(SQL);
+        preparedStatement.setInt(1, id);
+        preparedStatement.executeUpdate();
+    }
+
+    @Override
+    public List<User> readAll() throws SQLException {
+        final String SQL = """
+                        SELECT user.id, user.username, user.passwordSalt, user.passwordHash, user__permissions.permissions, user__nurse.nurseId
+                        FROM user
+                        LEFT JOIN user__permissions ON user.id = user__permissions.userId
+                        LEFT JOIN user__nurse ON user.id = user__nurse.userId
+                """;
+        ResultSet result = connection.prepareStatement(SQL).executeQuery();
+
+        List<User> users = new ArrayList<>();
+        while (result.next()) {
+            int nurseId = result.getInt(6);
+            Nurse nurse = null;
+            if (!result.wasNull()) {
+                nurse = DaoFactory.getInstance().createNurseDAO().read(nurseId);
+            }
+            users.add(new User(
+                    result.getInt(1),
+                    result.getString(2),
+                    result.getBytes(3),
+                    result.getBytes(4),
+                    result.getInt(5),
+                    nurse
+            ));
+        }
+        return users;
+    }
+}

src/main/resources/de/hitec/nhplus/login/database/User.sql

@@ -1,7 +1,7 @@
 CREATE TABLE user
 (
     id INTEGER PRIMARY KEY AUTOINCREMENT,
-    username TEXT NOT NULL,
+    username TEXT NOT NULL UNIQUE,
     passwordSalt BLOB NOT NULL,
     passwordHash BLOB NOT NULL
 )

src/main/resources/de/hitec/nhplus/login/database/UserPermission.sql

@@ -1,6 +1,6 @@
 CREATE TABLE user__permissions
 (
-    userId  INTEGER NOT NULL,
-    permissions INTEGER, -- Binary Bitmask for Permissions
+    userId  INTEGER NOT NULL UNIQUE,
+    permissions INTEGER NOT NULL, -- Binary Bitmask for Permissions
     FOREIGN KEY (userId) REFERENCES user (id) ON DELETE CASCADE
 )

src/main/resources/de/hitec/nhplus/login/database/UserToNurse.sql

@@ -1,7 +1,7 @@
 CREATE TABLE user__nurse
 (
-    userId  INTEGER NOT NULL,
-    nurseId INTEGER NOT NULL,
+    userId  INTEGER NOT NULL UNIQUE,
+    nurseId INTEGER NOT NULL UNIQUE,
     FOREIGN KEY (userId) REFERENCES user (id) ON DELETE CASCADE,
     FOREIGN KEY (nurseId) REFERENCES nurse (id) ON DELETE CASCADE
 )