2020-08-21 12:19:56 +02:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
|
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
|
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
|
|
|
<modelVersion>4.0.0</modelVersion>
|
|
|
|
|
|
|
|
<groupId>net.mindoverflow.webmarker</groupId>
|
|
|
|
<artifactId>WebMarker</artifactId>
|
2020-08-21 16:11:32 +02:00
|
|
|
<version>0.0.1-alpha</version>
|
2020-08-21 12:19:56 +02:00
|
|
|
<packaging>jar</packaging>
|
|
|
|
|
|
|
|
<dependencies>
|
Implement RESTful API, JWT auth, SQLite storage
This update brings a huge change to the whole system's structure.
A new RESTful API has been implemented, which allows users to register, login
and store data.
The API only supports HTTP POST, and can be accessed via /api/v1/. Requests must
contain a JSON body with the necessary entries, which are:
/api/v1/register AND /api/v1/login:
{
"username": "username",
"password": "password",
"encoding": "plaintext/base64"
}
(Note: passwords can be encoded via "base64" or "plaintext".)
/api/v1/store:
{
"jwt": "encrypted_key_here",
"url": "https://google.com/"
}
The flow is:
- register via /api/v1/register;
- login via /api/v1/login, listen for JWT token in response;
- store via /api/v1/store, by sending JWT and URL to store.
The SQLite database now has 2 tables, "users" and "history".
The "users" table is used to store user data:
- username;
- password, secured via bcrypt;
- random user UUID.
The "history" table is used to store browsing history:
- user UUID, to identify the user;
- browsed url.
The secret used to sign JWTs is stored in the config.yml file.
Other new features include SQL-injection protection,
multiple validity/security checks on usernames and passwords, etc.
Signed-off-by: Lorenzo Dellacà <lorenzo.dellaca@mind-overflow.net>
2020-08-22 12:51:33 +02:00
|
|
|
<!-- todo: clean up this mess -->
|
2020-08-21 12:19:56 +02:00
|
|
|
<dependency>
|
|
|
|
<groupId>ro.pippo</groupId>
|
|
|
|
<artifactId>pippo</artifactId>
|
|
|
|
<version>1.13.1</version>
|
|
|
|
<type>pom</type>
|
|
|
|
</dependency>
|
|
|
|
<dependency>
|
|
|
|
<groupId>ro.pippo</groupId>
|
|
|
|
<artifactId>pippo-controller</artifactId>
|
|
|
|
<version>1.13.1</version>
|
|
|
|
</dependency>
|
2020-08-21 16:11:32 +02:00
|
|
|
<dependency>
|
|
|
|
<groupId>org.slf4j</groupId>
|
|
|
|
<artifactId>slf4j-simple</artifactId>
|
|
|
|
<version>2.0.0-alpha1</version>
|
|
|
|
</dependency>
|
|
|
|
<dependency>
|
|
|
|
<groupId>org.xerial</groupId>
|
|
|
|
<artifactId>sqlite-jdbc</artifactId>
|
|
|
|
<version>3.32.3.2</version>
|
|
|
|
</dependency>
|
|
|
|
|
|
|
|
<dependency>
|
|
|
|
<groupId>org.yaml</groupId>
|
|
|
|
<artifactId>snakeyaml</artifactId>
|
|
|
|
<version>1.21</version>
|
|
|
|
</dependency>
|
2020-08-21 12:19:56 +02:00
|
|
|
|
Implement RESTful API, JWT auth, SQLite storage
This update brings a huge change to the whole system's structure.
A new RESTful API has been implemented, which allows users to register, login
and store data.
The API only supports HTTP POST, and can be accessed via /api/v1/. Requests must
contain a JSON body with the necessary entries, which are:
/api/v1/register AND /api/v1/login:
{
"username": "username",
"password": "password",
"encoding": "plaintext/base64"
}
(Note: passwords can be encoded via "base64" or "plaintext".)
/api/v1/store:
{
"jwt": "encrypted_key_here",
"url": "https://google.com/"
}
The flow is:
- register via /api/v1/register;
- login via /api/v1/login, listen for JWT token in response;
- store via /api/v1/store, by sending JWT and URL to store.
The SQLite database now has 2 tables, "users" and "history".
The "users" table is used to store user data:
- username;
- password, secured via bcrypt;
- random user UUID.
The "history" table is used to store browsing history:
- user UUID, to identify the user;
- browsed url.
The secret used to sign JWTs is stored in the config.yml file.
Other new features include SQL-injection protection,
multiple validity/security checks on usernames and passwords, etc.
Signed-off-by: Lorenzo Dellacà <lorenzo.dellaca@mind-overflow.net>
2020-08-22 12:51:33 +02:00
|
|
|
<dependency>
|
|
|
|
<groupId>commons-codec</groupId>
|
|
|
|
<artifactId>commons-codec</artifactId>
|
|
|
|
<version>1.14</version>
|
|
|
|
</dependency>
|
|
|
|
|
|
|
|
<dependency>
|
|
|
|
<groupId>at.favre.lib</groupId>
|
|
|
|
<artifactId>bcrypt</artifactId>
|
|
|
|
<version>0.9.0</version>
|
|
|
|
</dependency>
|
|
|
|
<dependency>
|
|
|
|
<groupId>com.auth0</groupId>
|
|
|
|
<artifactId>java-jwt</artifactId>
|
|
|
|
<version>3.10.3</version>
|
|
|
|
</dependency>
|
|
|
|
</dependencies>
|
2020-08-21 12:19:56 +02:00
|
|
|
<build>
|
|
|
|
<plugins>
|
|
|
|
<plugin>
|
|
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
|
|
<artifactId>maven-compiler-plugin</artifactId>
|
|
|
|
<version>3.8.1</version>
|
|
|
|
<configuration>
|
|
|
|
<release>11</release>
|
|
|
|
</configuration>
|
|
|
|
</plugin>
|
|
|
|
<plugin>
|
|
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
|
|
<artifactId>maven-assembly-plugin</artifactId>
|
|
|
|
<executions>
|
|
|
|
<execution>
|
|
|
|
<id>create-my-bundle</id>
|
|
|
|
<phase>package</phase>
|
|
|
|
<goals>
|
|
|
|
<goal>single</goal>
|
|
|
|
</goals>
|
|
|
|
<configuration>
|
|
|
|
<descriptorRefs>
|
|
|
|
<descriptorRef>jar-with-dependencies</descriptorRef>
|
|
|
|
</descriptorRefs>
|
|
|
|
<archive>
|
|
|
|
<manifest>
|
|
|
|
<mainClass>net.mindoverflow.webmarker.WebMarker</mainClass>
|
|
|
|
</manifest>
|
|
|
|
</archive>
|
|
|
|
</configuration>
|
|
|
|
</execution>
|
|
|
|
</executions>
|
|
|
|
</plugin>
|
|
|
|
</plugins>
|
|
|
|
</build>
|
|
|
|
|
|
|
|
</project>
|