package net.mindoverflow.webmarker.webserver.controllers; import com.google.gson.JsonObject; import net.mindoverflow.webmarker.utils.FileUtils; import net.mindoverflow.webmarker.utils.security.EncryptionUtils; import net.mindoverflow.webmarker.utils.security.SafetyCheck; import net.mindoverflow.webmarker.utils.sql.MarkerSQLUtils; import ro.pippo.controller.Controller; import ro.pippo.controller.POST; import ro.pippo.controller.Path; import ro.pippo.core.route.RouteContext; import java.util.UUID; @Path("/api/v1/register") public class RegisterController extends Controller { @POST public void register() { RouteContext routeContext = getRouteContext(); String body = routeContext.getRequest().getBody(); JsonObject jsonObject = FileUtils.stringToJson(body); String username = jsonObject.get("username").getAsString(); String encodedPassword = jsonObject.get("password").getAsString(); String encoding = jsonObject.get("encoding").getAsString(); if(!SafetyCheck.isValidEncoding(encoding)) { routeContext.send("Invalid encoding: '" + encoding + "'!"); return; } String password = EncryptionUtils.handleEncoding(encoding, encodedPassword); if(!SafetyCheck.isSafeUsername(username)) { routeContext.send("Invalid username!"); return; } if(!SafetyCheck.isSafePassword(password)) { routeContext.send("Invalid password!"); return; } if(MarkerSQLUtils.userExists(username)) { routeContext.send("User exists!"); return; } // generate a random UUID, to identify same user in different tables UUID randomId = UUID.randomUUID(); // check if the UUID is already taken by another user while(MarkerSQLUtils.uuidTaken(randomId)) { randomId = UUID.randomUUID(); } if(MarkerSQLUtils.addUser(randomId, username, EncryptionUtils.bcrypt(password))) routeContext.send("Added user!"); } }