package org.shujito.ucs.controllers;
import javax.inject.Singleton;
import javax.ws.rs.BeanParam;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import org.shujito.ucs.ApiException;
import org.shujito.ucs.Constants;
import org.shujito.ucs.models.Session;
import org.shujito.ucs.models.User;
import org.shujito.ucs.models.User.Validation;
import org.shujito.ucs.models.UserPassword;
/**
* Register, login, list and do stuff with users here.
* @author shujito
*/
@Path("/users")
@Singleton
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public class Users
{
public static final String TAG = Users.class.getSimpleName();
/**
* List users
* @return
* @throws Exception
*/
@GET
public synchronized Response index() throws Exception
{
return Response.ok(User.getAll()).build();
}
/**
* Find a user by its uuid
* @param uuid of the user to look for
* @return the user object
* @throws Exception
*/
@GET
@Path("{uuid}")
public synchronized Response index(@PathParam("uuid") String uuid) throws Exception
{
return Response.ok(User.fromUuid(uuid)).build();
}
/**
* Get the current user info
* @param user
* @return a user object
* @throws Exception
*/
@GET
@Path("/me")
public synchronized Response me(@BeanParam User user) throws Exception
{
user.continueOrThrow();
return Response.ok(user).build();
}
/**
* Register a new user
* @param user data comes from POST request body
* @return a 201 response with the created user info
* @throws Exception
*/
@POST
@Path("/register")
public synchronized Response register(User user) throws Exception
{
if (user == null)
throw new ApiException(Constants.Strings.MISSING_CONTENT_BODY, Status.NOT_ACCEPTABLE.getStatusCode());
user.validate(new Validation(true, true, true));
user.save();
UserPassword up = new UserPassword(user.getPassword());
up.save(user.getUsername());
return Response.created(null).entity(user).build();
}
/**
* Logs a user in
* @param user data comes from POST request body
* @param userAgent
* @return a response with a {@link Session} object
* @throws Exception
*/
@POST
@Path("/login")
public synchronized Response login(User user, @HeaderParam("user-agent") String userAgent) throws Exception
{
if (user == null)
throw new ApiException(Constants.Strings.MISSING_CONTENT_BODY, Status.NOT_ACCEPTABLE.getStatusCode());
user.validate(new Validation(true, true, false));
UserPassword savedUserPassword = UserPassword.fromUsername(user.getUsername());
UserPassword originalUserPassword = new UserPassword(user.getPassword().getBytes(), savedUserPassword.salt);
if (!savedUserPassword.equals(originalUserPassword))
throw new ApiException(Constants.Strings.INVALID_CREDENTIALS, Status.FORBIDDEN.getStatusCode());
Session session = new Session(savedUserPassword.userUuid, userAgent);
session.save();
return Response.ok(session).build();
}
}