Merge branch 'pollex-dev' into sit

wayne

2022-03-11 242fad1691917c4fd82c7f04b6190a7113628e93

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package com.pollex.pam.web.rest;
 
import java.util.Arrays;
import java.util.UUID;
 
import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
 
import com.pollex.pam.config.ApplicationProperties;
import com.pollex.pam.business.domain.Customer;
import com.pollex.pam.business.enums.OtpLoginTypeEnum;
import com.pollex.pam.business.repository.CustomerRepository;
import com.pollex.pam.security.jwt.JWTFilter;
import com.pollex.pam.security.jwt.TokenProvider;
import com.pollex.pam.service.CustomerAuthService;
import com.pollex.pam.service.CustomerService;
import com.pollex.pam.business.service.OtpTmpService;
import com.pollex.pam.service.OtpUtilService;
import com.pollex.pam.service.OtpWebService;
import com.pollex.pam.business.service.dto.CustomerRegisterDTO;
import com.pollex.pam.business.service.dto.OtpResponseDTO;
import com.pollex.pam.business.web.vm.OtpLoginVM;
import com.pollex.pam.business.web.vm.VerifyOtpVM;
 
import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;
 
@RestController
@RequestMapping("/api/otp")
public class OtpResource {
 
    private final static Logger log = LoggerFactory.getLogger(OtpResource.class);
 
    @Autowired
    ApplicationProperties applicationProperty;
 
    @Autowired
    OtpWebService otpWebService;
 
    @Autowired
    AuthenticationManagerBuilder authenticationManagerBuilder;
 
    @Autowired
    TokenProvider tokenProvider;
 
    @Autowired
    CustomerAuthService customerAuthService;
 
    @Autowired
    OtpTmpService otpTmpService;
 
    @Autowired
    CustomerService customerService;
 
    @Autowired
    OtpUtilService otpUtilService;
 
    @Autowired
    CustomerRepository customerRepository;
 
    @PostMapping("/sendOtp")
    public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login) {
        OtpResponseDTO otpResponse;
        if(applicationProperty.isMockLogin()) {
            otpResponse = getMockSendOtpResponse();
        }else if(login.getLoginType() == OtpLoginTypeEnum.SMS) {
            otpResponse = otpWebService.sendByPhone(login.getAccount());
        }
        else if(login.getLoginType() == OtpLoginTypeEnum.EMAIL) {
            otpResponse = otpWebService.sendByEmail(login.getAccount());
        }else {
            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name());
        }
        otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey());
        return new ResponseEntity<>(otpResponse, HttpStatus.OK);
    }
 
    @AuditLoggingInject(type = CUSTOMER_LOGIN)
    @PostMapping("/verify")
    public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) {
        otpUtilService.verifyOtp(verifyOtpParam);
 
        Customer customer = customerRepository
                            .findOneByEmailEqualsOrPhoneEquals(verifyOtpParam.getAccount())
                            .orElse(null);
 
        if (customer == null) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
        }
 
        String jwt = customerAuthService.authorize(customer, verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
        return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
    }
 
    private OtpResponseDTO getMockSendOtpResponse() {
        String indexKey = UUID.randomUUID().toString().substring(0, 8);
        return new OtpResponseDTO(Arrays.asList(indexKey, "0", "", ""));
    }
 
    @PostMapping("/register")
    public ResponseEntity<UserJWTController.JWTToken> registerAccount(@RequestBody CustomerRegisterDTO registDTO) {
        Customer account = customerService.registerCustomer(registDTO);
        String jwt = customerAuthService.authorize(account, registDTO.getIndexKey(), registDTO.getOtpCode());
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
        return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
    }
 
 
}