Adicionando autenticacao de token

KevinAlvss · Nov 26, 2023 · d865688 · d865688
1 parent 149aa08
commit d865688
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 4 deletions.
diff --git a/pom.xml b/pom.xml
@@ -96,7 +96,6 @@
 			<artifactId>java-jwt</artifactId>
 			<version>4.2.1</version>
 		</dependency>
-
 	</dependencies>
 
 	<build>

diff --git a/src/main/java/pi/procurarteapi/app/auth/config/Configurations.java b/src/main/java/pi/procurarteapi/app/auth/config/Configurations.java
@@ -12,14 +12,18 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
 @EnableWebSecurity
 public class Configurations {
 
-    @Autowired
+    //@Autowired
     //private
 
+    @Autowired
+    private FilterToken filter;
+
     //Faz a liberação das paginas que podem ser acessadas com ou sem autenticação
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http)throws Exception{
@@ -30,9 +34,19 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http)throws Exceptio
               .permitAll()
               .antMatchers(HttpMethod.GET, "/musician")
               .permitAll()
+              .antMatchers(HttpMethod.GET, "/musician/{id}")
+              .permitAll()
               .antMatchers(HttpMethod.POST, "/musician")
               .permitAll()
-              .anyRequest().authenticated().and().build(); 
+              .antMatchers(HttpMethod.GET, "/musicstyle")
+              .permitAll()
+              .antMatchers(HttpMethod.GET, "/instrument")
+              .permitAll()
+              .anyRequest().authenticated()
+              .and().addFilterBefore(filter,UsernamePasswordAuthenticationFilter.class)
+              .build(); 
+
+
     }
 
     @Bean

diff --git a/src/main/java/pi/procurarteapi/app/auth/config/FilterToken.java b/src/main/java/pi/procurarteapi/app/auth/config/FilterToken.java
@@ -0,0 +1,49 @@
+package pi.procurarteapi.app.auth.config;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import pi.procurarteapi.app.auth.services.TokenService;
+import pi.procurarteapi.infra.repositories.IMusicianRepository;
+
+@Component
+public class FilterToken extends OncePerRequestFilter{
+
+    @Autowired
+    private TokenService tokenService;
+
+    @Autowired
+    private IMusicianRepository musicianRepository;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, 
+    HttpServletResponse response, FilterChain filterChain)
+    throws ServletException, IOException {
+
+        String token;
+        var authorizationHeader =  request.getHeader("Authorization");
+
+        if(authorizationHeader != null){
+            token =  authorizationHeader.replace("Bearer ", "");
+            var subject =  tokenService.getSubject(token);
+
+            var musician =  musicianRepository.findByEmail(subject);
+
+            var authentication = new UsernamePasswordAuthenticationToken(musician,null, musician.getAuthorities());
+
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        }
+
+        filterChain.doFilter(request, response);
+    }
+}
diff --git a/src/main/java/pi/procurarteapi/app/auth/services/TokenService.java b/src/main/java/pi/procurarteapi/app/auth/services/TokenService.java
@@ -23,9 +23,15 @@ public String gererToken(Musician musician) {
                 .withSubject(musician.getUsername())
                 .withClaim("id", musician.getId())
                 .withExpiresAt(LocalDateTime.now()
-                    .plusMinutes(10)
+                    .plusMinutes(30)
+                    //.plusSeconds(30)
                     .toInstant(ZoneOffset.of("-03:00"))
                 ).sign(Algorithm.HMAC256("secreta"));                
     }
+
+    public String getSubject(String token){
+        return JWT.require(Algorithm.HMAC256("secreta"))
+        .withIssuer("Musico").build().verify(token).getSubject();
+    }
 
 }