TokenService.java

package auth;

import auth.models.Token;
import auth.modules.TokenException;
import auth.types.PermissionType;
import com.avaje.ebean.Ebean;
import com.avaje.ebean.SqlUpdate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import play.mvc.Http;

public class TokenService {
  private static Logger logger = LoggerFactory.getLogger(TokenService.class);

  public Token findByTokenValue(String tokenUID) {
    return Token.findByTokenValue(tokenUID);
  }

  public void validateToken(Token token) {
    if(token==null){
      throw new TokenException(Http.Status.UNAUTHORIZED, "Token not found");
    }
    if(!token.isActive()){
      throw new TokenException(Http.Status.UNAUTHORIZED, "Token expired");
    }
  }

  public void validateUser(Token token) {
    if(token.user==null){
      throw new TokenException(Http.Status.UNAUTHORIZED, "User missing in token");
    }
    MDC.put("userid", token.user.username);
  }

  public void validateUserPermission(Token token, PermissionType permissionType) {
    if (null != permissionType) {
      logger.debug("Permission required: " + permissionType);
      if(null == token.user.role){
        throw new TokenException(Http.Status.FORBIDDEN, "User missing role");
      }
      logger.debug("User Permission: " + token.user.role.getPermissions());
      if (token.user.role.getPermissions().contains(permissionType)) {
        logger.debug("User is authorized");
      }else {
        String msg = "User not Authorized, missing required permission :" + permissionType;
        logger.info(msg);
        throw new TokenException(Http.Status.FORBIDDEN, msg);
      }
    }

  }

  public void cleanOldExpiredTokens() {
    Token.deleteOldExpiredTokens();
  }
}