From 0d6f765367c14149a948b9a37c0595f960537142 Mon Sep 17 00:00:00 2001
From: Michael <mdietz@stud.hs-heilbronn.de>
Date: Thu, 28 Mar 2019 14:51:45 +0100
Subject: [PATCH] api methods use the user token instead of the userID now,
 also added a logout apit method

---
 .../bugageocaching/controller/Controller.java | 55 ++++++++++---------
 1 file changed, 28 insertions(+), 27 deletions(-)

diff --git a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
index b96905d..c87b18b 100644
--- a/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
+++ b/src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
@@ -50,18 +50,19 @@ public class Controller {
   @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
   @RequestMapping("/api/login")
   @ResponseBody
-  public ResponseEntity<Object> login(@RequestBody User user){
-    if(user.getUsername() == null || user.getPassword() == null){
+  public ResponseEntity<Object> login(@RequestBody User user) {
+    if (user.getUsername() == null || user.getPassword() == null) {
       System.out.println(user.getUsername());
       System.out.println(user.getPassword());
       return ResponseEntity.status(401).body(null);
     }
-    if(userRepository.findByUsername(user.getUsername()) == null){
+    if (userRepository.findByUsername(user.getUsername()) == null) {
       return ResponseEntity.status(401).body(null);
     }
 
-    if(BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())){
-      String token = BCrypt.hashpw(String.valueOf(System.currentTimeMillis() + counter.incrementAndGet()), BCrypt.gensalt());
+    if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
+      String token = user.getUsername() + BCrypt.hashpw(String.valueOf(System.currentTimeMillis() + counter.incrementAndGet()), BCrypt.gensalt());
+      System.out.println(token);
       String hashedToken = BCrypt.hashpw(token, BCrypt.gensalt());
       userRepository.findByUsername(user.getUsername()).setToken(hashedToken);
       userRepository.save(userRepository.findByUsername(user.getUsername()));
@@ -72,46 +73,35 @@ public class Controller {
 
   @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
   @RequestMapping("/api/startCache")
-  public @ResponseBody
-  String startCache(@RequestParam(value = "userID", defaultValue = "-1") String userID,
-                    @RequestParam String cacheID,
-                    @RequestParam String stationID) throws IllegalParameterException {
+  @ResponseBody
+  public String startCache(@RequestParam(value = "token", defaultValue = "-1") String token,
+                           @RequestParam String cacheID) throws IllegalParameterException {
 
-    if (!userID.equals("-1")) { // ein angemeldeter user startet den cache(es werden zwei parameter übergeben)
+    if (!token.equals("-1")) { // ein angemeldeter user startet den cache(es werden zwei parameter übergeben)
 
       Bearbeitet bearbeitet = new Bearbeitet();
 
-      Optional<User> userOptional = userRepository.findById(Integer.valueOf(userID));
-      if (userOptional.isPresent()) {
-        User user = userOptional.get();
-        bearbeitet.setUser(user);
-      } else {
-        throw new IllegalParameterException("There is no user with the ID " + userID);
-      }
+      User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+      bearbeitet.setUser(user);
 
       Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
       if (cacheOptional.isPresent()) {
         Cache cache = cacheOptional.get();
         bearbeitet.setCache(cache);
+
+        Station startStation = cache.getStartStation();
+        bearbeitet.setAktuelleStation(startStation);
       } else {
         throw new IllegalParameterException("There is no cache with the ID " + cacheID);
       }
 
-      Optional<Station> stationOptional = stationRepository.findById(Integer.valueOf(stationID));
-      if (stationOptional.isPresent()) {
-        Station station = stationOptional.get();
-        bearbeitet.setAktuelleStation(station);
-      } else {
-        throw new IllegalParameterException("There is no station with the ID " + stationID);
-      }
-
       Optional<CacheAccesDefinition> cacheAccesDefinitionOptional =
-          cacheAccesDefinitionRepository.findById(1); // bearbeitet
+          cacheAccesDefinitionRepository.findById(0); // bearbeitet
       if (cacheAccesDefinitionOptional.isPresent()) {
         CacheAccesDefinition cacheAccesDefinition = cacheAccesDefinitionOptional.get();
         bearbeitet.setCacheAccesDefinition(cacheAccesDefinition);
       } else {
-        throw new IllegalParameterException("There is no cacheAccesDefinition with the ID " + 1);
+        throw new IllegalParameterException("There is no cacheAccesDefinition with the ID " + 0);
       }
 
       bearbeitetRepository.save(bearbeitet);
@@ -128,4 +118,15 @@ public class Controller {
       }
     }
   }
+
+  @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
+  @RequestMapping("api/logout")
+  @ResponseBody
+  String logout(@RequestParam(value = "token", defaultValue = "-1") String token) {
+
+    User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
+    user.setToken("abgemeldet");
+    userRepository.save(user);
+    return new Gson().toJson(user);
+  }
 }