2020-08-21 12:19:56 +02:00
|
|
|
package net.mindoverflow.webmarker;
|
|
|
|
|
2020-08-21 16:11:32 +02:00
|
|
|
import net.mindoverflow.webmarker.utils.Cached;
|
|
|
|
import net.mindoverflow.webmarker.utils.config.ConfigEntries;
|
|
|
|
import net.mindoverflow.webmarker.utils.config.ConfigManager;
|
|
|
|
import net.mindoverflow.webmarker.utils.messaging.Messenger;
|
Implement RESTful API, JWT auth, SQLite storage
This update brings a huge change to the whole system's structure.
A new RESTful API has been implemented, which allows users to register, login
and store data.
The API only supports HTTP POST, and can be accessed via /api/v1/. Requests must
contain a JSON body with the necessary entries, which are:
/api/v1/register AND /api/v1/login:
{
"username": "username",
"password": "password",
"encoding": "plaintext/base64"
}
(Note: passwords can be encoded via "base64" or "plaintext".)
/api/v1/store:
{
"jwt": "encrypted_key_here",
"url": "https://google.com/"
}
The flow is:
- register via /api/v1/register;
- login via /api/v1/login, listen for JWT token in response;
- store via /api/v1/store, by sending JWT and URL to store.
The SQLite database now has 2 tables, "users" and "history".
The "users" table is used to store user data:
- username;
- password, secured via bcrypt;
- random user UUID.
The "history" table is used to store browsing history:
- user UUID, to identify the user;
- browsed url.
The secret used to sign JWTs is stored in the config.yml file.
Other new features include SQL-injection protection,
multiple validity/security checks on usernames and passwords, etc.
Signed-off-by: Lorenzo Dellacà <lorenzo.dellaca@mind-overflow.net>
2020-08-22 12:51:33 +02:00
|
|
|
import net.mindoverflow.webmarker.utils.sql.SQLiteManager;
|
|
|
|
import net.mindoverflow.webmarker.webserver.WebApplication;
|
2020-08-21 12:19:56 +02:00
|
|
|
import ro.pippo.core.Pippo;
|
|
|
|
|
2020-08-22 18:32:46 +02:00
|
|
|
import java.time.ZonedDateTime;
|
|
|
|
import java.time.format.DateTimeFormatter;
|
|
|
|
|
2020-08-21 12:19:56 +02:00
|
|
|
public class WebMarker {
|
|
|
|
|
2020-08-21 16:11:32 +02:00
|
|
|
private static final Messenger msg = new Messenger();
|
|
|
|
|
2020-08-21 12:19:56 +02:00
|
|
|
public static void main(String[] args)
|
|
|
|
{
|
2020-08-21 16:11:32 +02:00
|
|
|
ConfigManager.checkFiles();
|
|
|
|
ConfigManager.loadFiles();
|
|
|
|
Cached.sqlManager = new SQLiteManager();
|
|
|
|
Cached.sqlManager.initialize();
|
|
|
|
|
|
|
|
msg.info("Loading Pippo framework...");
|
2020-08-21 12:19:56 +02:00
|
|
|
final Pippo pippo = new Pippo(new WebApplication());
|
2020-08-21 16:11:32 +02:00
|
|
|
msg.info("Loaded Pippo framework.");
|
|
|
|
|
|
|
|
msg.info("Starting webserver...");
|
|
|
|
int port = (int) ConfigEntries.WEBSERVER_PORT.getValue();
|
|
|
|
pippo.start(port);
|
|
|
|
msg.info("Started webserver.");
|
|
|
|
|
2020-08-22 18:32:46 +02:00
|
|
|
ZonedDateTime now = ZonedDateTime.now();
|
|
|
|
DateTimeFormatter formatter = DateTimeFormatter.ISO_OFFSET_DATE_TIME;
|
|
|
|
String nowStr = formatter.format(now);
|
|
|
|
msg.info("Startup timestamp: " + nowStr);
|
Implement RESTful API, JWT auth, SQLite storage
This update brings a huge change to the whole system's structure.
A new RESTful API has been implemented, which allows users to register, login
and store data.
The API only supports HTTP POST, and can be accessed via /api/v1/. Requests must
contain a JSON body with the necessary entries, which are:
/api/v1/register AND /api/v1/login:
{
"username": "username",
"password": "password",
"encoding": "plaintext/base64"
}
(Note: passwords can be encoded via "base64" or "plaintext".)
/api/v1/store:
{
"jwt": "encrypted_key_here",
"url": "https://google.com/"
}
The flow is:
- register via /api/v1/register;
- login via /api/v1/login, listen for JWT token in response;
- store via /api/v1/store, by sending JWT and URL to store.
The SQLite database now has 2 tables, "users" and "history".
The "users" table is used to store user data:
- username;
- password, secured via bcrypt;
- random user UUID.
The "history" table is used to store browsing history:
- user UUID, to identify the user;
- browsed url.
The secret used to sign JWTs is stored in the config.yml file.
Other new features include SQL-injection protection,
multiple validity/security checks on usernames and passwords, etc.
Signed-off-by: Lorenzo Dellacà <lorenzo.dellaca@mind-overflow.net>
2020-08-22 12:51:33 +02:00
|
|
|
/* todo: enable to track ram usage
|
2020-08-21 16:11:32 +02:00
|
|
|
ScheduledExecutorService exec = Executors.newSingleThreadScheduledExecutor();
|
|
|
|
exec.scheduleAtFixedRate(new StatsRunnable(), 0, 5, TimeUnit.SECONDS);
|
Implement RESTful API, JWT auth, SQLite storage
This update brings a huge change to the whole system's structure.
A new RESTful API has been implemented, which allows users to register, login
and store data.
The API only supports HTTP POST, and can be accessed via /api/v1/. Requests must
contain a JSON body with the necessary entries, which are:
/api/v1/register AND /api/v1/login:
{
"username": "username",
"password": "password",
"encoding": "plaintext/base64"
}
(Note: passwords can be encoded via "base64" or "plaintext".)
/api/v1/store:
{
"jwt": "encrypted_key_here",
"url": "https://google.com/"
}
The flow is:
- register via /api/v1/register;
- login via /api/v1/login, listen for JWT token in response;
- store via /api/v1/store, by sending JWT and URL to store.
The SQLite database now has 2 tables, "users" and "history".
The "users" table is used to store user data:
- username;
- password, secured via bcrypt;
- random user UUID.
The "history" table is used to store browsing history:
- user UUID, to identify the user;
- browsed url.
The secret used to sign JWTs is stored in the config.yml file.
Other new features include SQL-injection protection,
multiple validity/security checks on usernames and passwords, etc.
Signed-off-by: Lorenzo Dellacà <lorenzo.dellaca@mind-overflow.net>
2020-08-22 12:51:33 +02:00
|
|
|
*/
|
2020-08-21 12:19:56 +02:00
|
|
|
}
|
|
|
|
}
|