diff --git a/src/main/java/com/libraryman_api/security/config/WebConfiguration.java b/src/main/java/com/libraryman_api/security/config/WebConfiguration.java index a6a3883..75c966d 100644 --- a/src/main/java/com/libraryman_api/security/config/WebConfiguration.java +++ b/src/main/java/com/libraryman_api/security/config/WebConfiguration.java @@ -39,8 +39,8 @@ public SecurityFilterChain web(HttpSecurity http) throws Exception { // make sure it is in order to access the proper Url .requestMatchers("/api/signup").permitAll() - .requestMatchers("/api/signup/admin").permitAll() - .requestMatchers("/api/signup/librarian").permitAll() + .requestMatchers("/api/signup/admin/{secretKey}").permitAll() + .requestMatchers("/api/signup/librarian/{secretKey}").permitAll() .requestMatchers("/api/login").permitAll() .requestMatchers("/api/logout").permitAll() .anyRequest().authenticated() diff --git a/src/main/java/com/libraryman_api/security/controllers/SignupController.java b/src/main/java/com/libraryman_api/security/controllers/SignupController.java index 930e309..2d6244c 100644 --- a/src/main/java/com/libraryman_api/security/controllers/SignupController.java +++ b/src/main/java/com/libraryman_api/security/controllers/SignupController.java @@ -1,7 +1,6 @@ package com.libraryman_api.security.controllers; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; @@ -23,12 +22,12 @@ public void signup(@RequestBody Members members) { this.signupService.signup(members); } - @PostMapping("/api/signup/admin") - public void signupAdmin(@RequestBody Members members) { - this.signupService.signupAdmin(members); + @PostMapping("/api/signup/admin/{secretKey}") + public void signupAdmin(@RequestBody Members members,@PathVariable String secretKey) { + this.signupService.signupAdmin(members,secretKey); } - @PostMapping("/api/signup/librarian") - public void signupLibrarian(@RequestBody Members members) { - this.signupService.signupLibrarian(members); + @PostMapping("/api/signup/librarian/{secretKey}") + public void signupLibrarian(@RequestBody Members members,@PathVariable String secretKey) { + this.signupService.signupLibrarian(members,secretKey); } } diff --git a/src/main/java/com/libraryman_api/security/services/SignupService.java b/src/main/java/com/libraryman_api/security/services/SignupService.java index f00a263..c5f928f 100644 --- a/src/main/java/com/libraryman_api/security/services/SignupService.java +++ b/src/main/java/com/libraryman_api/security/services/SignupService.java @@ -3,7 +3,7 @@ import java.util.Date; import java.util.Optional; - +import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; @@ -20,6 +20,12 @@ public class SignupService { private PasswordEncoder passwordEncoder; + @Value("${admin.secretKey}") + private String adminSecretKey; + + @Value("${librarian.secretKey}") + private String librarianSecretKey; + public SignupService(MemberRepository memberRepository,PasswordEncoder passwordEncoder) { this.memberRepository=memberRepository; this.passwordEncoder=passwordEncoder; @@ -44,7 +50,7 @@ public void signup(Members members) { memberRepository.save(new_members); } - public void signupAdmin(Members members) { + public void signupAdmin(Members members,String secretKey) { Optional memberOptId=memberRepository.findById(members.getMemberId()); Optional memberOptUsername=memberRepository.findByUsername(members.getUsername()); if(memberOptId.isPresent()) { @@ -53,6 +59,9 @@ public void signupAdmin(Members members) { if(memberOptUsername.isPresent()) { throw new ResourceNotFoundException("User already Exists"); } + if(!adminSecretKey.equals(secretKey)) { + throw new ResourceNotFoundException("Secret Key does not match"); + } String encoded_password=passwordEncoder.bCryptPasswordEncoder().encode(members.getPassword()); Members new_members=new Members(); new_members.setEmail(members.getEmail()); @@ -64,7 +73,7 @@ public void signupAdmin(Members members) { memberRepository.save(new_members); } - public void signupLibrarian(Members members) { + public void signupLibrarian(Members members,String secretKey) { Optional memberOptId=memberRepository.findById(members.getMemberId()); Optional memberOptUsername=memberRepository.findByUsername(members.getUsername()); if(memberOptId.isPresent()) { @@ -73,6 +82,9 @@ public void signupLibrarian(Members members) { if(memberOptUsername.isPresent()) { throw new ResourceNotFoundException("User already Exists"); } + if(!librarianSecretKey.equals(secretKey)) { + throw new ResourceNotFoundException("secret key does not match"); + } String encoded_password=passwordEncoder.bCryptPasswordEncoder().encode(members.getPassword()); Members new_members=new Members(); new_members.setEmail(members.getEmail()); diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 3fce839..08f31b7 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,3 +1,5 @@ spring.application.name=libraryman-api spring.profiles.active=${ENV:dev} -jwt.secretKey=${YOUR_JWT_SECRET_KEY} \ No newline at end of file +jwt.secretKey=${YOUR_JWT_SECRET_KEY} +admin.secretKey=${ADMIN_SECRET_KEY} +librarian.secretKey=${LIBRARIAN_SECRET_KEY} \ No newline at end of file