refactor api endpoints

Took 1 minute

Author: gribanoveu

src/main/java/com/github/gribanoveu/cuddle/config/SecurityConfig.java

@@ -53,10 +53,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
 
                         // authenticated scope
-                        .requestMatchers("*/users/**").hasAnyAuthority(ADMIN.scope(), MODERATOR.scope())
                         .requestMatchers("*/moderator/**").hasAnyAuthority(ADMIN.scope(), MODERATOR.scope())
                         .requestMatchers("*/role/**").hasAnyAuthority(ADMIN.scope())
-
                         .anyRequest().authenticated()
                 )
                 .sessionManagement(manager -> manager

src/main/java/com/github/gribanoveu/cuddle/config/SwaggerConfig.java

@@ -13,11 +13,11 @@
  */
 @Configuration
 @OpenAPIDefinition(info = @Info(
-        title = "Spring Api",
-        description = "Описание Api", version = "0.1.0",
+        title = "Spring auth backend service",
+        description = "Сервис авторизации и управления пользователями для мобильного приложения", version = "1.0.0",
         contact = @Contact(
                 name = "Evgeny Gribanov",
-                email = "egribanov@yandex.com",
+                email = "gribanoveu@yandex.com",
                 url = "https://codecow.pw"
         )
 ))

src/main/java/com/github/gribanoveu/cuddle/constants/Constants.java

@@ -10,4 +10,6 @@
 public class Constants {
     public static final DateTimeFormatter DEFAULT_TIME_FORMAT =
             DateTimeFormatter.ofPattern("dd MMM yyyy HH:mm", Locale.forLanguageTag("ru"));
+
+    public static final String USER_DISABLED_MESSAGE = "Пользователь отключен";
 }

src/main/java/com/github/gribanoveu/cuddle/constants/EmailMessages.java

@@ -23,6 +23,7 @@ public class EmailMessages {
 
     public static final String deleteSubject = "Ваш аккаунт удален";
     public static final String deleteModerTemplate = "user-deleted-moder";
+    public static final String deleteSelfTemplate = "user-deleted";
 
     public static final String disabledSubject = "Действие вашего аккаунта приостановлено";
     public static final String disabledTemplate = "account-disabled";

src/main/java/com/github/gribanoveu/cuddle/controllers/anonymous/PublicAccountControllerImpl.java

@@ -74,6 +74,7 @@ public ResponseEntity<StatusResponse> registerUser(RegisterDto request) {
 	public ResponseEntity<StatusResponse> changeEmail(ChangeEmailDto request, Authentication authentication) {
 		var user = userService.findUserByEmail(authentication.getName());
 		var oldEmail = user.getEmail();
+        if (request.email().equals(oldEmail)) throw new CredentialEx(ResponseCode.EMAIL_ALREADY_EXIST);
 		userService.updateEmail(user, request.email());
 		emailService.sendMail(EmailTemplates.emailChanged(oldEmail, request.email()));
 		log.info("Email change old email: {}, new email: {}", oldEmail, request.email());

src/main/java/com/github/gribanoveu/cuddle/controllers/secure/ModeratorControllerImpl.java

@@ -35,9 +35,9 @@ public ResponseEntity<?> getAllUsersList(Pageable pageable) {
         return ResponseEntity.ok(UsersResponse.create(OK, userService.getAllUsers(pageable)));
     }
 
-    public ResponseEntity<?> deleteUser(Long userId) {
-        var user = userService.findUserById(userId);
-        userService.deleteUserById(userId);
+    public ResponseEntity<?> deleteUser(String email) {
+        var user = userService.findUserByEmail(email);
+        userService.deleteUserByEmail(email);
         emailService.sendMail(EmailTemplates.simpleEmail(user.getEmail(),
                 EmailMessages.deleteSubject, EmailMessages.deleteModerTemplate));
         return ResponseEntity.ok(StatusResponse.create(ResponseCode.USER_DELETED, StatusLevel.SUCCESS));

src/main/java/com/github/gribanoveu/cuddle/controllers/secure/UserControllerImpl.java

@@ -1,10 +1,13 @@
 package com.github.gribanoveu.cuddle.controllers.secure;
 
+import com.github.gribanoveu.cuddle.constants.EmailMessages;
 import com.github.gribanoveu.cuddle.dtos.enums.ResponseCode;
 import com.github.gribanoveu.cuddle.dtos.enums.StatusLevel;
 import com.github.gribanoveu.cuddle.dtos.response.StatusResponse;
+import com.github.gribanoveu.cuddle.entities.services.email.EmailService;
 import com.github.gribanoveu.cuddle.entities.services.user.UserService;
 import com.github.gribanoveu.cuddle.entities.tables.User;
+import com.github.gribanoveu.cuddle.utils.emails.EmailTemplates;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
@@ -20,6 +23,7 @@
 @RequiredArgsConstructor
 public class UserControllerImpl {
     private final UserService userService;
+    private final EmailService emailService;
 
     public ResponseEntity<User> getUserData(Authentication authentication) {
         var userData = userService.findUserByEmail(authentication.getName());
@@ -28,6 +32,8 @@ public ResponseEntity<User> getUserData(Authentication authentication) {
 
     public ResponseEntity<StatusResponse> deleteUser(Authentication authentication) {
         userService.deleteUserByEmail(authentication.getName());
+        emailService.sendMail(EmailTemplates.simpleEmail(authentication.getName(),
+                EmailMessages.deleteSubject, EmailMessages.deleteSelfTemplate));
         return ResponseEntity.ok(StatusResponse.create(ResponseCode.USER_DELETED, StatusLevel.SUCCESS));
     }
 }

src/main/java/com/github/gribanoveu/cuddle/controllers/secure/UserRoleControllerImpl.java

@@ -6,6 +6,7 @@
 import com.github.gribanoveu.cuddle.dtos.response.ResponseDetails;
 import com.github.gribanoveu.cuddle.dtos.response.StatusResponse;
 import com.github.gribanoveu.cuddle.entities.services.user.UserService;
+import com.github.gribanoveu.cuddle.exeptions.CredentialEx;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
@@ -21,21 +22,23 @@
 public class UserRoleControllerImpl {
     private final UserService userService;
 
-    public ResponseEntity<?> getUserRole(Long userId) {
-        var userRole = userService.findUserById(userId).getRole().getAuthority();
+    public ResponseEntity<?> getUserRole(String email) {
+        var userRole = userService.findUserByEmail(email).getRole().getAuthority();
         return ResponseEntity.ok(StatusResponse.create(
                 new ResponseDetails(userRole), StatusLevel.SUCCESS));
     }
 
-    public ResponseEntity<?> updateToModerator(Long userId) {
-        var user = userService.findUserById(userId);
+    public ResponseEntity<?> updateToModerator(String email) {
+        var user = userService.findUserByEmail(email);
+        if (user.getRole().equals(Role.ADMIN)) throw new CredentialEx(ResponseCode.ACCESS_DENIED);
         userService.updateRole(user, Role.MODERATOR);
         return ResponseEntity.ok(StatusResponse.create(
                 ResponseCode.PERMISSION_UPDATED_MODERATOR, StatusLevel.SUCCESS));
     }
 
-    public ResponseEntity<?> updateToUser(Long userId) {
-        var user = userService.findUserById(userId);
+    public ResponseEntity<?> updateToUser(String email) {
+        var user = userService.findUserByEmail(email);
+        if (user.getRole().equals(Role.ADMIN)) throw new CredentialEx(ResponseCode.ACCESS_DENIED);
         userService.updateRole(user, Role.USER);
         return ResponseEntity.ok(StatusResponse.create(
                 ResponseCode.PERMISSION_UPDATED_USER, StatusLevel.SUCCESS));

src/main/java/com/github/gribanoveu/cuddle/endpoints/secure/ModeratorController.java

@@ -31,9 +31,9 @@ public ResponseEntity<?> getAllUsersList(@PageableDefault Pageable pageable) {
 
     @Operation(summary = "Удалить пользователя")
     @SecurityRequirement(name = "JWT")
-    @DeleteMapping("/{userId}") // only admin can delete user
-    public ResponseEntity<?> deleteUser(@PathVariable Long userId) {
-        return moderatorControllerImpl.deleteUser(userId);
+    @DeleteMapping("/delete")
+    public ResponseEntity<?> deleteUser(@RequestParam String email) {
+        return moderatorControllerImpl.deleteUser(email);
     }
 
     @Operation(summary = "Отключить пользователя")

src/main/java/com/github/gribanoveu/cuddle/endpoints/secure/UserRoleController.java

@@ -21,22 +21,22 @@ public class UserRoleController {
 
     @SecurityRequirement(name = "JWT")
     @Operation(summary = "Получить роль пользователя")
-    @GetMapping("/{userId}")
-    public ResponseEntity<?> getUserRole(@PathVariable Long userId) {
-        return userRoleControllerImpl.getUserRole(userId);
+    @GetMapping
+    public ResponseEntity<?> getUserRole(@RequestParam String email) {
+        return userRoleControllerImpl.getUserRole(email);
     }
 
     @SecurityRequirement(name = "JWT")
     @Operation(summary = "Обновить роль до модератора")
-    @PatchMapping("/{userId}")
-    public ResponseEntity<?> updateToModerator(@PathVariable Long userId) {
-        return userRoleControllerImpl.updateToModerator(userId);
+    @PatchMapping
+    public ResponseEntity<?> updateToModerator(@RequestParam String email) {
+        return userRoleControllerImpl.updateToModerator(email);
     }
 
     @SecurityRequirement(name = "JWT")
     @Operation(summary = "Обновить роль до пользователя")
-    @DeleteMapping("/{userId}")
-    public ResponseEntity<?> updateToUser(@PathVariable Long userId) {
-        return userRoleControllerImpl.updateToUser(userId);
+    @DeleteMapping
+    public ResponseEntity<?> updateToUser(@RequestParam String email) {
+        return userRoleControllerImpl.updateToUser(email);
     }
 }

src/main/java/com/github/gribanoveu/cuddle/entities/repositories/UserRepository.java

@@ -24,11 +24,4 @@ public interface UserRepository extends CrudRepository<User, Long> {
 
     @Query("SELECT u FROM User u WHERE u.accountNonLocked = false AND u.banExpiration < :now")
     List<User> findBannedUsersWithExpiredBan(LocalDateTime now);
-
-    @Query("""
-    SELECT u.banExpiration, u.accountNonLocked, u.id
-    FROM User u
-    WHERE u.accountNonLocked = false AND u.banExpiration < :now
-    """)
-    List<User> findBannedUsers(LocalDateTime now);
 }

src/main/java/com/github/gribanoveu/cuddle/exeptions/GlobalExceptionHandler.java

@@ -8,6 +8,7 @@
 import com.github.gribanoveu.cuddle.utils.aspects.LogResponse;
 import jakarta.validation.ConstraintViolationException;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.dao.InvalidDataAccessApiUsageException;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.converter.HttpMessageNotReadableException;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -102,4 +103,12 @@ public ResponseEntity<StatusResponse> handleMissingParamException(MissingServlet
         return ResponseEntity.badRequest().body(details);
     }
 
+    @LogResponse
+    @ExceptionHandler(InvalidDataAccessApiUsageException.class) // query param handler
+    public ResponseEntity<StatusResponse> handleInvalidDataAccessApiUsageException(InvalidDataAccessApiUsageException e) {
+        log.error(e.getMessage());
+        var details = StatusResponse.create(ResponseCode.MISSING_PARAM, StatusLevel.ERROR);
+        return ResponseEntity.badRequest().body(details);
+    }
+
 }

src/main/java/com/github/gribanoveu/cuddle/exeptions/entrypoint/AuthenticationFailureEntryPoint.java

@@ -1,5 +1,6 @@
 package com.github.gribanoveu.cuddle.exeptions.entrypoint;
 
+import com.github.gribanoveu.cuddle.constants.Constants;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -28,7 +29,7 @@ public void onAuthenticationFailure(
             AuthenticationException exception
     ) throws IOException, ServletException {
         if (exception instanceof DisabledException) {
-            response.sendError(HttpStatus.UNAUTHORIZED.value(), "User is disabled");
+            response.sendError(HttpStatus.UNAUTHORIZED.value(), Constants.USER_DISABLED_MESSAGE);
         } else {
             response.sendError(HttpStatus.UNAUTHORIZED.value(), exception.getMessage());
         }

src/main/java/com/github/gribanoveu/cuddle/security/CustomUserDetailsService.java

@@ -16,7 +16,7 @@
 @Service
 @RequiredArgsConstructor
 public class CustomUserDetailsService implements UserDetailsService {
-    private static final String USER_NOT_FOUND = "User '%s' not found";
+    private static final String USER_NOT_FOUND = "Пользователь '%s' не найден";
     private final UserRepository userRepository;
 
     @Override

src/main/resources/application.yml

@@ -21,7 +21,7 @@ spring:
   mvc:
     throw-exception-if-no-handler-found: true
   jackson:
-    default-property-inclusion: non_null
+#    default-property-inclusion: non_null
     serialization:
       write-dates-as-timestamps: false
   datasource: