From 89aa262830dd1db6c3888ba5a05de6c0928b1f63 Mon Sep 17 00:00:00 2001
From: Snoweuph <snow+git@euph.email>
Date: Tue, 11 Feb 2025 13:32:36 +0100
Subject: [PATCH 1/2] TD-3: Player Test Data and CSRF Fix
---
.../towerdefence/server/auth/AuthConfig.java | 4 +--
.../de/towerdefence/server/player/Player.java | 1 +
.../server/player/PlayerTestData.java | 32 +++++++++++++++++++
src/main/resources/application.properties | 1 +
4 files changed, 36 insertions(+), 2 deletions(-)
create mode 100644 src/main/java/de/towerdefence/server/player/PlayerTestData.java
diff --git a/src/main/java/de/towerdefence/server/auth/AuthConfig.java b/src/main/java/de/towerdefence/server/auth/AuthConfig.java
index 8bf7f7f..a3c920f 100644
--- a/src/main/java/de/towerdefence/server/auth/AuthConfig.java
+++ b/src/main/java/de/towerdefence/server/auth/AuthConfig.java
@@ -2,10 +2,10 @@ package de.towerdefence.server.auth;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.SecurityFilterChain;
@@ -45,7 +45,7 @@ public class AuthConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
- .csrf(Customizer.withDefaults())
+ .csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/" + API_VERSION + "/admin/**")
.authenticated()
diff --git a/src/main/java/de/towerdefence/server/player/Player.java b/src/main/java/de/towerdefence/server/player/Player.java
index 79a7fd3..1d84ec9 100644
--- a/src/main/java/de/towerdefence/server/player/Player.java
+++ b/src/main/java/de/towerdefence/server/player/Player.java
@@ -19,6 +19,7 @@ public class Player {
public static final int PASSWORD_HASH_BYTE_LENGTH = 64;
@Id
+ @GeneratedValue(strategy=GenerationType.IDENTITY)
private Long id;
@NotNull
diff --git a/src/main/java/de/towerdefence/server/player/PlayerTestData.java b/src/main/java/de/towerdefence/server/player/PlayerTestData.java
new file mode 100644
index 0000000..b7db6ac
--- /dev/null
+++ b/src/main/java/de/towerdefence/server/player/PlayerTestData.java
@@ -0,0 +1,32 @@
+package de.towerdefence.server.player;
+
+import jakarta.annotation.PostConstruct;
+import lombok.AllArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+
+import java.security.NoSuchAlgorithmException;
+
+@AllArgsConstructor
+@Configuration
+@Profile("dev")
+public class PlayerTestData {
+ @Autowired
+ private PlayerRepository playerRepository;
+ @Autowired
+ private PlayerService playerService;
+
+ @PostConstruct
+ public void loadFixtures() throws NoSuchAlgorithmException {
+ Player player1 = new Player();
+ player1.setUsername("Player1");
+ playerService.setPassword(player1, "1234");
+ this.playerRepository.save(player1);
+
+ Player player2 = new Player();
+ player2.setUsername("Player2");
+ playerService.setPassword(player2, "1234");
+ this.playerRepository.save(player2);
+ }
+}
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 88e9b20..eb3a310 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,4 +1,5 @@
# General
+spring.profiles.active=dev
spring.application.name=Tower Defence Server
server.port=8080
--
2.45.3
From 721ad39cb97e5dc090dce6a401e2081072c14091 Mon Sep 17 00:00:00 2001
From: Snoweuph <snow+git@euph.email>
Date: Tue, 11 Feb 2025 13:34:36 +0100
Subject: [PATCH 2/2] TD-3: Add Player Registration Endpoint
---
api/api.yml | 40 +++++++++++++++++++
.../server/player/PlayerRepository.java | 1 +
.../server/server/ServerApiController.java | 29 ++++++++++++++
3 files changed, 70 insertions(+)
diff --git a/api/api.yml b/api/api.yml
index b0cc553..17a79e2 100644
--- a/api/api.yml
+++ b/api/api.yml
@@ -25,6 +25,20 @@ components:
format: uuid
example: f0981749-f550-46cd-b9ce-b6ca7cd0251f
#############################################
+ # PlayerRegistrationData #
+ #############################################
+ PlayerRegistrationData:
+ description: Data needed to create a new player
+ type: object
+ properties:
+ username:
+ type: string
+ password:
+ type: string
+ required:
+ - username
+ - password
+ #############################################
# AdminAuthInfo #
#############################################
ServerHealth:
@@ -45,6 +59,8 @@ components:
required:
- username
responses:
+ 201PlayerCreated:
+ description: "201 - Player Created"
401Unauthorized:
description: "401 - Unauthorized"
404NotFound:
@@ -53,6 +69,12 @@ components:
text/plain:
schema:
type: string
+ 409UsernameTaken:
+ description: "409 - Username Taken"
+ content:
+ text/plain:
+ schema:
+ type: string
409Conflict:
description: "409 - Conflict"
content:
@@ -72,6 +94,24 @@ components:
schema:
type: string
paths:
+ /player/register:
+ post:
+ operationId: "PlayerRegister"
+ tags:
+ - server
+ description: "Endpoint for registering a new Player"
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: "#/components/schemas/PlayerRegistrationData"
+ responses:
+ 201:
+ $ref: "#/components/responses/201PlayerCreated"
+ 409:
+ $ref: "#/components/responses/409UsernameTaken"
+ 500:
+ $ref: "#/components/responses/500InternalError"
/server/health:
get:
operationId: "ServerGetHealthcheck"
diff --git a/src/main/java/de/towerdefence/server/player/PlayerRepository.java b/src/main/java/de/towerdefence/server/player/PlayerRepository.java
index 39b7d04..5ca4c19 100644
--- a/src/main/java/de/towerdefence/server/player/PlayerRepository.java
+++ b/src/main/java/de/towerdefence/server/player/PlayerRepository.java
@@ -4,4 +4,5 @@ import org.springframework.data.jpa.repository.JpaRepository;
public interface PlayerRepository extends JpaRepository<Player, Long> {
Player findByUsername(String username);
+ boolean existsByUsername(String username);
}
diff --git a/src/main/java/de/towerdefence/server/server/ServerApiController.java b/src/main/java/de/towerdefence/server/server/ServerApiController.java
index 01f966e..447660f 100644
--- a/src/main/java/de/towerdefence/server/server/ServerApiController.java
+++ b/src/main/java/de/towerdefence/server/server/ServerApiController.java
@@ -2,17 +2,30 @@ package de.towerdefence.server.server;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.towerdefence.server.oas.ServerApi;
+import de.towerdefence.server.oas.models.PlayerRegistrationData;
import de.towerdefence.server.oas.models.ServerHealth;
+import de.towerdefence.server.player.Player;
+import de.towerdefence.server.player.PlayerRepository;
+import de.towerdefence.server.player.PlayerService;
import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
+import java.security.NoSuchAlgorithmException;
import java.util.Optional;
@Controller
@RequestMapping("${openapi.api.base-path:/api/v1}")
public class ServerApiController implements ServerApi {
+
+ @Autowired
+ private PlayerRepository playerRepository;
+ @Autowired
+ private PlayerService playerService;
+
@Override
public Optional<ObjectMapper> getObjectMapper() {
return Optional.empty();
@@ -23,6 +36,22 @@ public class ServerApiController implements ServerApi {
return Optional.empty();
}
+ @Override
+ public ResponseEntity<Void> playerRegister(PlayerRegistrationData body) {
+ if(playerRepository.existsByUsername(body.getUsername())){
+ return new ResponseEntity<>(HttpStatus.CONFLICT);
+ }
+ Player newPlayer = new Player();
+ newPlayer.setUsername(body.getUsername());
+ try{
+ playerService.setPassword(newPlayer, body.getPassword());
+ } catch (NoSuchAlgorithmException exception){
+ return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+ }
+ playerRepository.save(newPlayer);
+ return new ResponseEntity<>(HttpStatus.CREATED);
+ }
+
@Override
public ResponseEntity<ServerHealth> serverGetHealthcheck() {
ServerHealth health = new ServerHealth();
--
2.45.3