Merge pull request #14 from Throyer/development

Development

Author: Throyer

src/main/java/com/github/throyer/common/springboot/configurations/SpringSecurityConfiguration.java

@@ -34,6 +34,7 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.stereotype.Component;
+import org.springframework.web.cors.CorsConfiguration;
 
 @Component
 @EnableWebSecurity
@@ -70,28 +71,34 @@ protected void configure(HttpSecurity http) throws Exception {
             http
                 .antMatcher("/api/**")
                     .authorizeRequests()
-                        .antMatchers(GET, "/api")
+                        .antMatchers(
+                            GET,
+                            "/api",
+                            "/api/documentation/**"
+                        )
                             .permitAll()
-                        .antMatchers(POST, "/api/users")
-                            .permitAll()
-                        .antMatchers(POST, "/api/sessions/**")
-                            .permitAll()
-                        .antMatchers(POST, "/api/recoveries/**")
-                            .permitAll()
-                        .antMatchers(GET, "/api/documentation/**")
+                        .antMatchers(
+                            POST,
+                            "/api/users",
+                            "/api/sessions/**",
+                            "/api/recoveries/**",
+                            "/api/documentation/**"
+                        )
                             .permitAll()
                         .anyRequest()
                             .authenticated()
                 .and()
                     .csrf()
-                        .disable()
+                    .disable()
                     .exceptionHandling()
-                        .authenticationEntryPoint((request, response, exception) -> forbidden(response))
+                    .authenticationEntryPoint((request, response, exception) -> forbidden(response))
                 .and()
                     .sessionManagement()
-                        .sessionCreationPolicy(STATELESS)
+                    .sessionCreationPolicy(STATELESS)
                 .and()
-                    .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
+                    .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class)
+                .cors()
+                    .configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());
         }
 
         @Override
@@ -124,29 +131,31 @@ protected void configure(HttpSecurity http) throws Exception {
             http
                 .antMatcher("/app/**")
                     .authorizeRequests()
-                        .antMatchers(GET, LOGIN_URL)
-                            .permitAll()
-                        .antMatchers(GET, "/app")
-                            .permitAll()
-                        .antMatchers(GET, "/app/register")
+                        .antMatchers(
+                            GET,
+                            LOGIN_URL,
+                            "/app",
+                            "/app/register",
+                            "/app/recovery/**"
+                        )
                             .permitAll()
-                        .antMatchers(POST, "/app/register")
-                            .permitAll()
-                        .antMatchers(GET, "/app/recovery/**")
-                            .permitAll()
-                        .antMatchers(POST, "/app/recovery/**")
+                        .antMatchers(
+                            POST,
+                            "/app/register",
+                            "/app/recovery/**"
+                        )
                             .permitAll()
                         .anyRequest()
                             .authenticated()
-                                .and()
-                                    .csrf()
-                                        .disable()
-                    .formLogin()
-                        .loginPage(LOGIN_URL)
-                            .failureUrl(LOGIN_ERROR_URL)
-                            .defaultSuccessUrl(HOME_URL)
-                        .usernameParameter(USERNAME_PARAMETER)
-                        .passwordParameter(PASSWORD_PARAMETER)
+                .and()
+                    .csrf()
+                        .disable()
+                            .formLogin()
+                                .loginPage(LOGIN_URL)
+                                    .failureUrl(LOGIN_ERROR_URL)
+                                    .defaultSuccessUrl(HOME_URL)
+                                .usernameParameter(USERNAME_PARAMETER)
+                                .passwordParameter(PASSWORD_PARAMETER)
                 .and()                    
                     .rememberMe()
                         .key(SECRET)

src/main/java/com/github/throyer/common/springboot/configurations/SpringWebConfiguration.java

@@ -10,11 +10,30 @@
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
 import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
+import io.swagger.v3.oas.annotations.info.Contact;
 import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.info.License;
 import io.swagger.v3.oas.annotations.security.SecurityScheme;
 
 @Configuration
-@OpenAPIDefinition(info = @Info(title = "Common API", version = "v1"))
+@OpenAPIDefinition(info = @Info(
+    title = "Common CRUD API",
+    version = "v3.0.4",
+    description = """
+        A complete user registry, with access permissions,
+        JWT token, integration and unit tests, using
+        the RESTful API pattern.
+    """,
+    license = @License(
+        name = "GNU General Public License v3.0",
+        url = "https://github.com/Throyer/springboot-api-crud/blob/master/LICENSE"
+    ),
+    contact = @Contact(
+        name = "Throyer",
+        email = "[email protected]",
+        url = "https://github.com/Throyer"
+    )
+))
 @SecurityScheme(
     name = "token",
     type = SecuritySchemeType.HTTP,

src/main/java/com/github/throyer/common/springboot/controllers/api/RolesController.java

@@ -6,6 +6,7 @@
 
 import com.github.throyer.common.springboot.domain.models.entity.Role;
 import com.github.throyer.common.springboot.domain.repositories.RoleRepository;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
@@ -16,6 +17,7 @@
 
 @RestController
 @RequestMapping("/api/roles")
+@SecurityRequirement(name = "token")
 @PreAuthorize("hasAnyAuthority('ADM')")
 public class RolesController {
 

src/main/java/com/github/throyer/common/springboot/controllers/api/UsersController.java

@@ -5,18 +5,19 @@
 
 import com.github.throyer.common.springboot.domain.models.entity.User;
 import com.github.throyer.common.springboot.domain.models.pagination.Page;
-import com.github.throyer.common.springboot.domain.models.pagination.Pagination;
+
 import com.github.throyer.common.springboot.domain.services.user.CreateUserService;
 import com.github.throyer.common.springboot.domain.services.user.FindUserService;
 import com.github.throyer.common.springboot.domain.services.user.RemoveUserService;
 import com.github.throyer.common.springboot.domain.services.user.UpdateUserService;
 import com.github.throyer.common.springboot.domain.services.user.dto.CreateUserApi;
-import com.github.throyer.common.springboot.domain.services.user.dto.SearchUser;
 import com.github.throyer.common.springboot.domain.services.user.dto.UpdateUser;
 import com.github.throyer.common.springboot.domain.services.user.dto.UserDetails;
+import static com.github.throyer.common.springboot.utils.Responses.ok;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import java.util.Optional;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.data.domain.Sort;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
@@ -47,12 +48,18 @@ public class UsersController {
     private FindUserService findService;
 
     @GetMapping
+    @SecurityRequirement(name = "token")
     @PreAuthorize("hasAnyAuthority('ADM')")
-    public ResponseEntity<Page<UserDetails>> index(Pagination pagination, Sort sort, SearchUser search) {
-        return findService.find(pagination, sort, search);
+    public ResponseEntity<Page<UserDetails>> index(
+        Optional<Integer> page,
+        Optional<Integer> size
+    ) {
+        var result = findService.findAll(page, size);
+        return ok(result);
     }
 
     @GetMapping("/{id}")
+    @SecurityRequirement(name = "token")
     @PreAuthorize("hasAnyAuthority('ADM', 'USER')")
     public ResponseEntity<UserDetails> show(@PathVariable Long id) {
         return findService.find(id);
@@ -65,6 +72,7 @@ public ResponseEntity<UserDetails> save(@Validated @RequestBody CreateUserApi bo
     }
 
     @PutMapping("/{id}")
+    @SecurityRequirement(name = "token")
     @PreAuthorize("hasAnyAuthority('ADM', 'USER')")
     public ResponseEntity<UserDetails> update(
         @PathVariable Long id,
@@ -75,6 +83,7 @@ public ResponseEntity<UserDetails> update(
 
     @DeleteMapping("/{id}")
     @ResponseStatus(NO_CONTENT)
+    @SecurityRequirement(name = "token")
     @PreAuthorize("hasAnyAuthority('ADM')")
     public ResponseEntity<User> destroy(@PathVariable Long id) {
         return removeService.remove(id);

src/main/java/com/github/throyer/common/springboot/controllers/app/UserController.java

@@ -1,14 +1,11 @@
 package com.github.throyer.common.springboot.controllers.app;
 
-import com.github.throyer.common.springboot.domain.models.pagination.Page;
-import com.github.throyer.common.springboot.domain.models.pagination.Pagination;
 import com.github.throyer.common.springboot.domain.models.shared.Type;
-import com.github.throyer.common.springboot.domain.repositories.UserRepository;
+import com.github.throyer.common.springboot.domain.services.user.FindUserService;
 import com.github.throyer.common.springboot.domain.services.user.RemoveUserService;
-import com.github.throyer.common.springboot.domain.services.user.dto.SearchUser;
 import com.github.throyer.common.springboot.utils.Toasts;
+import java.util.Optional;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.data.domain.Sort;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -24,17 +21,21 @@
 public class UserController {
 
     @Autowired
-    private UserRepository repository;
+    private FindUserService findService;
 
     @Autowired
     private RemoveUserService removeService;
 
     @GetMapping
-    public String index(Model model, Pagination pagination, Sort sort, SearchUser search) {
+    public String index(
+        Model model,
+        Optional<Integer> page,
+        Optional<Integer> size
+    ) {
 
-        var page = Page.of(repository.findSimplifiedUsers(pagination.build()));
+        var result = findService.findAll(page, size);
 
-        model.addAttribute("page", page);
+        model.addAttribute("page", result);
 
         return "app/users/index";
     }

src/main/java/com/github/throyer/common/springboot/domain/models/entity/Recovery.java

@@ -44,10 +44,6 @@ public Recovery(User user, Integer minutesToExpire) {
         this.code = code();
     }
 
-    public Recovery(String email, String password_recovery_code, String code) {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
-    }
-
     public Long getId() {
         return id;
     }

src/main/java/com/github/throyer/common/springboot/domain/models/entity/Role.java

@@ -10,10 +10,12 @@
 import javax.persistence.Table;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
+import lombok.Data;
 
 import org.hibernate.annotations.Where;
 import org.springframework.security.core.GrantedAuthority;
 
+@Data
 @Entity
 @Table(name = "role")
 @Where(clause = Auditable.NON_DELETED_CLAUSE)
@@ -57,55 +59,6 @@ public Role(Long id, String initials) {
         this.initials = initials;
     }
 
-    public Long getId() {
-        return id;
-    }
-
-    public void setId(Long id) {
-        this.id = id;
-    }
-
-    public String getName() {
-        return name;
-    }
-
-    public void setName(String name) {
-        this.name = name;
-    }
-
-    public String getDeletedName() {
-        return deletedName;
-    }
-
-    public String getInitials() {
-        return initials;
-    }
-
-    public void setInitials(String initials) {
-        this.initials = initials;
-    }
-
-    public String getDeletedInitials() {
-        return deletedInitials;
-    }
-
-    public String getDescription() {
-        return description;
-    }
-
-    public void setDescription(String description) {
-        this.description = description;
-    }
-
-    public Boolean compare(String search) {
-        if (Objects.nonNull(search)) {
-            return 
-                getName().toLowerCase().equals(search.toLowerCase()) ||
-                getInitials().toLowerCase().equals(search.toLowerCase());
-        }
-        return false;
-    }
-
     @Override
     public boolean equals(Object object) {
         if (object == this)