ApiTokenDAO.java

/*
 * Copyright 2015-Present Entando Inc. (http://www.entando.com) All rights reserved.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
package org.entando.entando.plugins.jptokenapi.aps.system.token;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

import org.apache.commons.codec.digest.DigestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.agiletec.aps.system.common.AbstractDAO;

/**
 * @author E.Santoboni
 */
public class ApiTokenDAO extends AbstractDAO implements IApiTokenDAO {

	private static final Logger _logger = LoggerFactory.getLogger(ApiTokenDAO.class);

	@Override
	public String updateToken(String username) {
		Connection conn = null;
		PreparedStatement stat = null;
		String token_data = username + System.nanoTime();
        String token = DigestUtils.md5Hex(token_data);
		try {
			conn = this.getConnection();
			conn.setAutoCommit(false);
			this.removeToken(username, conn);
			stat = conn.prepareStatement(INSERT_TOKEN);
			stat.setString(1, username);
			stat.setString(2, token);
			stat.executeUpdate();
			conn.commit();
		} catch (Throwable t) {
			this.executeRollback(conn);
			_logger.error("Error while updating token for user {}", username, t);
			throw new RuntimeException("Error while updating token", t);
		} finally {
			closeDaoResources(null, stat, conn);
		}
		return token;
	}
	
	@Override
	public void removeToken(String username) {
		Connection conn = null;
		try {
			conn = this.getConnection();
			conn.setAutoCommit(false);
			this.removeToken(username, conn);
			conn.commit();
		} catch (Throwable t) {
			this.executeRollback(conn);
			_logger.error("Error while deleting token by username {}", username,  t);
			throw new RuntimeException("Error while deleting token by username", t);
		} finally {
			closeConnection(conn);
		}
	}
	
	private void removeToken(String username, Connection conn) {
		PreparedStatement stat = null;
		try {
			stat = conn.prepareStatement(DELETE_TOKEN);
			stat.setString(1, username);
			stat.executeUpdate();
		} catch (Throwable t) {
			_logger.error("Error while deleting a token for user {}", username,  t);
			throw new RuntimeException("Error while deleting a token", t);
		} finally {
			closeDaoResources(null, stat);
		}
	}
	
	@Override
	public String getToken(String username) {
		String token = this.get(username, SELECT_TOKEN);
		if (null == token) {
			token = this.updateToken(username);
		}
		return token;
	}
	
	@Override
	public String getUser(String token) {
		return this.get(token, SELECT_USERNAME);
	}
	
	private String get(String field, String query) {
		Connection conn = null;
		PreparedStatement stat = null;
		ResultSet res = null;
		String data = null;
		try {
			conn = this.getConnection();
            stat = conn.prepareStatement(query);
            stat.setString(1, field);
            res = stat.executeQuery();
			if (res.next()) {
				data = res.getString(1);
			}
		} catch (Throwable t) {
			_logger.error("Error while loading data",  t);
			throw new RuntimeException("Error while loading data", t);
		} finally {
			closeDaoResources(res, stat, conn);
		}
		return data;
	}
	
	private static final String SELECT_TOKEN = "SELECT token FROM jptokenapi_usertokens WHERE username = ?";
	
	private static final String SELECT_USERNAME = "SELECT username FROM jptokenapi_usertokens WHERE token = ?";
	
	private static final String INSERT_TOKEN = "INSERT INTO jptokenapi_usertokens(username, token) VALUES (?, ?)";
	
	private static final String DELETE_TOKEN = "DELETE FROM jptokenapi_usertokens WHERE username = ?";
	
}