2020-08-21 16:11:32 +02:00
|
|
|
package net.mindoverflow.webmarker.utils.sql;
|
|
|
|
|
|
|
|
import net.mindoverflow.webmarker.utils.sql.primitives.SQLColumn;
|
|
|
|
import net.mindoverflow.webmarker.utils.sql.primitives.SQLDataType;
|
|
|
|
|
Implement RESTful API, JWT auth, SQLite storage
This update brings a huge change to the whole system's structure.
A new RESTful API has been implemented, which allows users to register, login
and store data.
The API only supports HTTP POST, and can be accessed via /api/v1/. Requests must
contain a JSON body with the necessary entries, which are:
/api/v1/register AND /api/v1/login:
{
"username": "username",
"password": "password",
"encoding": "plaintext/base64"
}
(Note: passwords can be encoded via "base64" or "plaintext".)
/api/v1/store:
{
"jwt": "encrypted_key_here",
"url": "https://google.com/"
}
The flow is:
- register via /api/v1/register;
- login via /api/v1/login, listen for JWT token in response;
- store via /api/v1/store, by sending JWT and URL to store.
The SQLite database now has 2 tables, "users" and "history".
The "users" table is used to store user data:
- username;
- password, secured via bcrypt;
- random user UUID.
The "history" table is used to store browsing history:
- user UUID, to identify the user;
- browsed url.
The secret used to sign JWTs is stored in the config.yml file.
Other new features include SQL-injection protection,
multiple validity/security checks on usernames and passwords, etc.
Signed-off-by: Lorenzo Dellacà <lorenzo.dellaca@mind-overflow.net>
2020-08-22 12:51:33 +02:00
|
|
|
public enum MDatabaseColumn
|
2020-08-21 16:11:32 +02:00
|
|
|
{
|
|
|
|
|
|
|
|
ALL(new SQLColumn("*"), null),
|
|
|
|
USERNAME(new SQLColumn("username"), SQLDataType.VARCHAR_128),
|
|
|
|
PASSWORD(new SQLColumn("password"), SQLDataType.VARCHAR_128),
|
Implement RESTful API, JWT auth, SQLite storage
This update brings a huge change to the whole system's structure.
A new RESTful API has been implemented, which allows users to register, login
and store data.
The API only supports HTTP POST, and can be accessed via /api/v1/. Requests must
contain a JSON body with the necessary entries, which are:
/api/v1/register AND /api/v1/login:
{
"username": "username",
"password": "password",
"encoding": "plaintext/base64"
}
(Note: passwords can be encoded via "base64" or "plaintext".)
/api/v1/store:
{
"jwt": "encrypted_key_here",
"url": "https://google.com/"
}
The flow is:
- register via /api/v1/register;
- login via /api/v1/login, listen for JWT token in response;
- store via /api/v1/store, by sending JWT and URL to store.
The SQLite database now has 2 tables, "users" and "history".
The "users" table is used to store user data:
- username;
- password, secured via bcrypt;
- random user UUID.
The "history" table is used to store browsing history:
- user UUID, to identify the user;
- browsed url.
The secret used to sign JWTs is stored in the config.yml file.
Other new features include SQL-injection protection,
multiple validity/security checks on usernames and passwords, etc.
Signed-off-by: Lorenzo Dellacà <lorenzo.dellaca@mind-overflow.net>
2020-08-22 12:51:33 +02:00
|
|
|
USER_UUID(new SQLColumn("userid"), SQLDataType.VARCHAR_128),
|
2020-08-22 18:32:46 +02:00
|
|
|
WEB_DOMAIN(new SQLColumn("domain"), SQLDataType.TEXT),
|
|
|
|
TIMESTAMP_UTC(new SQLColumn("timestamp_utc"), SQLDataType.DATETIME),
|
2020-08-21 16:11:32 +02:00
|
|
|
|
|
|
|
|
|
|
|
;
|
|
|
|
|
|
|
|
private final SQLColumn column;
|
|
|
|
private final SQLDataType type;
|
|
|
|
|
Implement RESTful API, JWT auth, SQLite storage
This update brings a huge change to the whole system's structure.
A new RESTful API has been implemented, which allows users to register, login
and store data.
The API only supports HTTP POST, and can be accessed via /api/v1/. Requests must
contain a JSON body with the necessary entries, which are:
/api/v1/register AND /api/v1/login:
{
"username": "username",
"password": "password",
"encoding": "plaintext/base64"
}
(Note: passwords can be encoded via "base64" or "plaintext".)
/api/v1/store:
{
"jwt": "encrypted_key_here",
"url": "https://google.com/"
}
The flow is:
- register via /api/v1/register;
- login via /api/v1/login, listen for JWT token in response;
- store via /api/v1/store, by sending JWT and URL to store.
The SQLite database now has 2 tables, "users" and "history".
The "users" table is used to store user data:
- username;
- password, secured via bcrypt;
- random user UUID.
The "history" table is used to store browsing history:
- user UUID, to identify the user;
- browsed url.
The secret used to sign JWTs is stored in the config.yml file.
Other new features include SQL-injection protection,
multiple validity/security checks on usernames and passwords, etc.
Signed-off-by: Lorenzo Dellacà <lorenzo.dellaca@mind-overflow.net>
2020-08-22 12:51:33 +02:00
|
|
|
MDatabaseColumn(SQLColumn column, SQLDataType type)
|
2020-08-21 16:11:32 +02:00
|
|
|
{
|
|
|
|
this.column = column;
|
|
|
|
this.type = type;
|
|
|
|
}
|
|
|
|
|
|
|
|
public SQLColumn getColumn()
|
|
|
|
{ return column; }
|
|
|
|
|
|
|
|
public SQLDataType getDataType()
|
|
|
|
{ return type; }
|
|
|
|
}
|