argos/dmp-backend/web/src/main/java/eu/eudat/logic/handlers/PrincipalArgumentResolver.java

package eu.eudat.logic.handlers;

import eu.eudat.exceptions.security.UnauthorisedException;
import eu.eudat.logic.security.claims.ClaimedAuthorities;
import eu.eudat.logic.services.operations.AuthenticationService;
import eu.eudat.models.data.security.Principal;
import eu.eudat.types.Authorities;
import org.springframework.core.MethodParameter;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;

import java.lang.annotation.Annotation;
import java.util.*;


public final class PrincipalArgumentResolver implements HandlerMethodArgumentResolver {

    private AuthenticationService authenticationService;

    @Override
    public boolean supportsParameter(MethodParameter methodParameter) {
        return methodParameter.getParameterType().equals(Principal.class);
    }

    @Override
    public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) throws Exception {
        String token = nativeWebRequest.getHeader("AuthToken");
        Optional<Annotation> claimsAnnotation = Arrays.stream(methodParameter.getParameterAnnotations()).filter(annotation -> annotation.annotationType().equals(ClaimedAuthorities.class)).findAny();
        List<Authorities> claimList = claimsAnnotation.map(annotation -> Arrays.asList(((ClaimedAuthorities) annotation).claims())).orElse(Authorities.all());
        if (token == null && claimList.size() == 1 && claimList.get(0).equals(Authorities.ANONYMOUS))
            return new Principal();
        if (token == null) throw new UnauthorisedException("Authentication Information Is Missing");
        UUID authToken;
        try {
            authToken = UUID.fromString(token);
        } catch (IllegalArgumentException ex) {
            throw new UnauthorisedException("Authentication Information Is Missing");
        }

        Principal principal = this.authenticationService.Touch(authToken);
        if (principal == null) throw new UnauthorisedException("Authentication Information Missing");
        if (!claimList.contains(Authorities.ANONYMOUS) && !principal.isAuthorized(claimList))
            throw new UnauthorisedException("You are not Authorized For this Action");
        /*Principal principal1 = new Principal();
        principal1.setId(UUID.fromString("46366b8a-a712-4e0c-a499-1a3a0f209325"));
        principal1.setToken(UUID.fromString("19031e80-6534-4aa5-b68a-78e97042c968"));
        principal1.setName("Ioannis Kalyvas");
        principal1.setAvatarUrl("https://lh5.googleusercontent.com/-X65vX1QO_Ew/AAAAAAAAAAI/AAAAAAAAAAA/AAN31DU5lFIOwD_fZiYW96D410pn6v4E-Q/s96-c/photo.jpg");
        principal1.setAuthorities(new HashSet<>(Arrays.asList(Authorities.ADMIN, Authorities.USER)));
        principal1.setExpiresAt(addADay(new Date()));*/
        return principal;
    }

    public PrincipalArgumentResolver(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    private Date addADay(Date date) {
        Date dt = new Date();
        Calendar c = Calendar.getInstance();
        c.setTime(dt);
        c.add(Calendar.DATE, 1);
        dt = c.getTime();
        return dt;
    }

}