bea/release-hive
1
0
Fork 0
Code Issues Pull Requests 1 Releases Activity

Compare commits

base: bea:5175cb89b5af2ab1b1f1da473cfb86d05c442d33
Branches Tags
bea:main bea:renovate/org.owasp-dependency-check-maven-12.x
...
compare: bea:renovate/org.owasp-dependency-check-maven-12.x
Branches Tags
bea:renovate/org.owasp-dependency-check-maven-12.x bea:main

67 Commits
5175cb89b5 ... renovate/o

Author SHA1 Message Date
Renovate Bot
dcd656606f Update dependency org.owasp:dependency-check-maven to v12.1.9
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
2025-11-11 13:02:55 +00:00
Beatrice Dellacà
2831f03ac1 Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-data-jpa to v3.5.7' (!12) from renovate/org.springframework.boot-spring-boot-starter-data-jpa-3.x into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #12
 2025-11-06 19:06:11 +01:00
Beatrice Dellacà
e5ffea3196 Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-json to v3.5.7' (!13) from renovate/org.springframework.boot-spring-boot-starter-json-3.x into main
Some checks failed
continuous-integration/drone/push Build was killed
Details 
Reviewed-on: #13
 2025-11-06 19:06:03 +01:00
Beatrice Dellacà
d0776d7f0b Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.7' (!14) from renovate/org.springframework.boot-spring-boot-starter-security-3.x into main
Some checks failed
continuous-integration/drone/push Build was killed
Details 
Reviewed-on: #14
 2025-11-06 19:05:56 +01:00
Beatrice Dellacà
2acafb87eb Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-web to v3.5.7' (!15) from renovate/org.springframework.boot-spring-boot-starter-web-3.x into main
Some checks failed
continuous-integration/drone/push Build was killed
Details 
Reviewed-on: #15
 2025-11-06 19:05:49 +01:00
Beatrice Dellacà
f733b03213 Merge pull request 'Update dependency org.apache.logging.log4j:log4j-api to v2.25.2' (!19) from renovate/org.apache.logging.log4j-log4j-api-2.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #19
 2025-11-06 19:04:39 +01:00
Beatrice Dellacà
2c3246660e Merge pull request 'Update dependency org.owasp:dependency-check-maven to v12.1.8' (!17) from renovate/org.owasp-dependency-check-maven-12.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #17
 2025-11-06 19:04:30 +01:00
Beatrice Dellacà
d98991c0a0 Merge pull request 'Update dependency org.apache.logging.log4j:log4j-core to v2.25.2' (!20) from renovate/org.apache.logging.log4j-log4j-core-2.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #20
 2025-11-06 19:04:22 +01:00
Beatrice Dellacà
d0f0e72eb2 Merge pull request 'Update dependency io.jsonwebtoken:jjwt-api to v0.13.0' (!21) from renovate/io.jsonwebtoken-jjwt-api-0.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #21
 2025-11-06 19:04:10 +01:00
Beatrice Dellacà
ad675f06f0 Merge pull request 'Update dependency io.jsonwebtoken:jjwt-impl to v0.13.0' (!22) from renovate/io.jsonwebtoken-jjwt-impl-0.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #22
 2025-11-06 19:04:00 +01:00
Beatrice Dellacà
90334d15f8 Merge pull request 'Update dependency io.jsonwebtoken:jjwt-jackson to v0.13.0' (!23) from renovate/io.jsonwebtoken-jjwt-jackson-0.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #23
 2025-11-06 19:03:52 +01:00
Renovate Bot
02be0a405e Update dependency io.jsonwebtoken:jjwt-jackson to v0.13.0
Some checks failed
continuous-integration/drone/pr Build was killed
Details
continuous-integration/drone/push Build is failing
Details
2025-11-06 18:02:14 +00:00
Beatrice Dellacà
574dd4c093 Merge pull request 'Update dependency org.postgresql:postgresql to v42.7.8' (!18) from renovate/org.postgresql-postgresql-42.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #18
 2025-11-06 18:56:16 +01:00
Renovate Bot
e69462be26 Update dependency org.springframework.boot:spring-boot-starter-web to v3.5.7 2025-11-06 13:45:20 +00:00
Renovate Bot
2024c356b0 Update dependency org.springframework.boot:spring-boot-starter-security to v3.5.7 2025-11-06 13:45:18 +00:00
Renovate Bot
66233827fd Update dependency org.springframework.boot:spring-boot-starter-json to v3.5.7 2025-11-06 13:45:16 +00:00
Renovate Bot
02bd377430 Update dependency org.springframework.boot:spring-boot-starter-data-jpa to v3.5.7 2025-11-06 13:45:14 +00:00
Renovate Bot
a2e69c6a57 Update dependency org.apache.logging.log4j:log4j-core to v2.25.2 2025-11-06 13:45:12 +00:00
Renovate Bot
bbbf34da6e Update dependency org.apache.logging.log4j:log4j-api to v2.25.2 2025-11-06 13:45:10 +00:00
Renovate Bot
e05e523c12 Update dependency io.jsonwebtoken:jjwt-impl to v0.13.0 2025-11-06 13:45:09 +00:00
Renovate Bot
8d6bb14fc1 Update dependency io.jsonwebtoken:jjwt-api to v0.13.0 2025-11-06 13:45:07 +00:00
Renovate Bot
91415bea5b Update dependency org.postgresql:postgresql to v42.7.8 2025-11-06 13:45:05 +00:00
Renovate Bot
18ca42a056 Update dependency org.owasp:dependency-check-maven to v12.1.8 2025-11-06 13:45:03 +00:00
Beatrice Dellacà
8029f2d931 Merge pull request 'Update dependency org.postgresql:postgresql to v42.7.6' (!16) from renovate/org.postgresql-postgresql-42.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #16
 2025-06-01 20:27:05 +02:00
Renovate Bot
d6ffe35d6e Update dependency org.postgresql:postgresql to v42.7.6
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-05-28 11:00:57 +00:00
Beatrice Dellacà
8b5ba88d24 Merge pull request 'Update dependency org.owasp:dependency-check-maven to v12.1.1' (!11) from renovate/org.owasp-dependency-check-maven-12.x into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #11
 2025-04-13 00:55:35 +02:00
Renovate Bot
86742f1f1a Update dependency org.owasp:dependency-check-maven to v12.1.1
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is passing
Details
2025-04-05 13:01:12 +00:00
Beatrice Dellacà
8acc7460a0 Merge pull request 'Update dependency org.apache.logging.log4j:log4j-api to v2.24.3' (!9) from renovate/org.apache.logging.log4j-log4j-api-2.x into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #9
 2025-03-23 15:29:10 +01:00
Beatrice Dellacà
656a337501 Merge pull request 'Update dependency org.apache.logging.log4j:log4j-core to v2.24.3' (!10) from renovate/org.apache.logging.log4j-log4j-core-2.x into main
Some checks failed
continuous-integration/drone/push Build was killed
Details 
Reviewed-on: #10
 2025-03-23 15:28:56 +01:00
Renovate Bot
8eaae7c659 Update dependency org.apache.logging.log4j:log4j-core to v2.24.3
Some checks failed
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/pr Build was killed
Details
2025-03-23 14:26:51 +00:00
Renovate Bot
6c077bce27 Update dependency org.apache.logging.log4j:log4j-api to v2.24.3
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build was killed
Details
2025-03-23 14:26:48 +00:00
Beatrice Dellacà
7a0ee4b438 Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-json to v3.4.4' (!5) from renovate/org.springframework.boot-spring-boot-starter-json-3.x into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #5
 2025-03-23 15:17:21 +01:00
Beatrice Dellacà
03ea142db2 Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-security to v3.4.4' (!6) from renovate/org.springframework.boot-spring-boot-starter-security-3.x into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #6
 2025-03-23 15:17:12 +01:00
Beatrice Dellacà
d285783fe7 fix build with new jsonwebtoken api
Some checks failed
continuous-integration/drone/push Build was killed
Details
2025-03-23 15:16:19 +01:00
Beatrice Dellacà
eced10976b Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-web to v3.4.4' (!7) from renovate/org.springframework.boot-spring-boot-starter-web-3.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #7
 2025-03-23 14:56:32 +01:00
Beatrice Dellacà
eadeb8c518 Merge pull request 'Update dependency io.jsonwebtoken:jjwt-api to v0.12.6' (!8) from renovate/io.jsonwebtoken-jjwt-api-0.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #8
 2025-03-23 14:56:19 +01:00
Renovate Bot
6ffa22d7b5 Update dependency io.jsonwebtoken:jjwt-api to v0.12.6
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-03-23 13:28:05 +00:00
Renovate Bot
dacdfd7935 Update dependency org.springframework.boot:spring-boot-starter-web to v3.4.4
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-03-23 13:28:03 +00:00
Renovate Bot
a728e376f2 Update dependency org.springframework.boot:spring-boot-starter-security to v3.4.4
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
2025-03-23 12:27:16 +00:00
Renovate Bot
9890086810 Update dependency org.springframework.boot:spring-boot-starter-json to v3.4.4
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-03-23 12:27:14 +00:00
Beatrice Dellacà
2c3c2b783e Merge pull request 'Update dependency org.postgresql:postgresql to v42.7.5' (!3) from renovate/org.postgresql-postgresql-42.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #3
 2025-03-23 12:54:33 +01:00
Beatrice Dellacà
c5c76c77fa Merge pull request 'Update dependency org.springframework.boot:spring-boot-starter-data-jpa to v3.4.4' (!4) from renovate/org.springframework.boot-spring-boot-starter-data-jpa-3.x into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #4
 2025-03-23 12:54:16 +01:00
Renovate Bot
992e57a46b Update dependency org.springframework.boot:spring-boot-starter-data-jpa to v3.4.4
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-03-23 11:29:41 +00:00
Renovate Bot
638bdd9b7b Update dependency org.postgresql:postgresql to v42.7.5
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-03-23 11:29:37 +00:00
Beatrice Dellacà
d35063519e Merge pull request 'Configure Renovate' (!2) from renovate/configure into main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Reviewed-on: #2
 2025-03-23 11:58:57 +01:00
Renovate Bot
eb81f6b26a Add renovate.json
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2025-03-22 23:13:03 +00:00
Beatrice Dellacà
58d59f17e0 fix sonar warning
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2025-03-09 13:53:35 +01:00
Beatrice Dellacà
cce4d4a25d update pipe name
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-09 12:07:48 +01:00
Beatrice Dellacà
b23b6f0dbd add repository info
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is passing
Details
2025-03-09 11:55:33 +01:00
Beatrice Dellacà
62bf6229a7 add suppressions file
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is failing
Details
2025-03-09 11:33:20 +01:00
Beatrice Dellacà
cf297ffe94 update vulnerable deps
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-03-09 11:26:07 +01:00
Beatrice Dellacà
d27b2054eb add api key
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-03-09 11:20:19 +01:00
Beatrice Dellacà
178b77e868 fix dependency-check
Some checks failed
continuous-integration/drone/push Build was killed
Details
2025-03-09 11:04:44 +01:00
Beatrice Dellacà
23d46a28fb implement dependency-check step
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-03-09 10:58:55 +01:00
Beatrice Dellacà
dd156d3152 fix deploy pipe
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-09 10:57:30 +01:00
Beatrice Dellacà
cf1c3eefc8 implement deploy pipe
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is failing
Details
2025-03-09 10:54:53 +01:00
Beatrice Dellacà
920bddc0db Fix DroneCI
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-08 14:24:18 +01:00
Beatrice Dellacà
4887902516 Update DroneCI pipeline Java version
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-08 14:22:46 +01:00
Beatrice Dellacà
9012e61e61 Update Java version requirements
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-11-11 16:39:54 +01:00
Beatrice Dellacà
0f9816461f Fix duplication
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-11-11 16:35:10 +01:00
Beatrice Dellacà
ea3860391d Update version
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-11-11 16:33:24 +01:00
Beatrice Dellacà
17ba5b8b9d RLH-21 - Fix Sonar
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-11-11 16:29:59 +01:00
Beatrice Dellacà
9b3f43937f RLH-21 - Fix Sonar
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-11-11 16:25:48 +01:00
Beatrice Dellacà
7ffb02bbf0 RLH-21 - Fix Sonar
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-11-11 16:24:28 +01:00
Beatrice Dellacà
c51486751f RLH-21 - Fix Sonar
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-11-11 16:23:06 +01:00
Beatrice Dellacà
211aa26df1 RLH-19 - Use UserDto in init query
All checks were successful
continuous-integration/drone Build is passing
Details
2024-11-11 16:11:47 +01:00
Beatrice Dellacà
5a706e56ae RLH-19 - Implement UserDto 2024-11-11 16:11:37 +01:00
9 changed files with 145 additions and 37 deletions
Expand all files Collapse all files

53
.drone.yml
View File

@@ -1,27 +1,41 @@
kind: pipeline kind: pipeline
name: default name: verify
platform: platform:
os: linux os: linux
arch: arm64 arch: arm64
trigger:
event:
- push
- pull_request
steps: steps:
# test if it compiles correctly # test if it compiles correctly
- name: build - name: build
image: maven:3-eclipse-temurin-17 image: maven:3-eclipse-temurin-21
commands: commands:
- mvn verify --no-transfer-progress -DskipTests=true -Dmaven.javadoc.skip=true -B -V - mvn verify --no-transfer-progress -DskipTests=true -Dmaven.javadoc.skip=true -B -V
# run unit tests # run unit tests
- name: test - name: test
image: maven:3-eclipse-temurin-17 image: maven:3-eclipse-temurin-21
commands: commands:
- mvn test --no-transfer-progress -B -V - mvn test --no-transfer-progress -B -V
# check maven dependencies
- name: dependency-check
image: maven:3-eclipse-temurin-21
commands:
- mvn dependency-check:check --no-transfer-progress -B -V -DnvdApiKey=$NVD_API_KEY
environment:
NVD_API_KEY:
from_secret: nvd_api_key
# run code analysis # run code analysis
- name: code-analysis - name: code-analysis
image: maven:3-eclipse-temurin-17 image: maven:3-eclipse-temurin-21
commands: commands:
- mvn sonar:sonar --no-transfer-progress -Dsonar.projectKey=$SONAR_PROJECT_KEY -Dsonar.host.url=$SONAR_INSTANCE_URL -Dsonar.login=$SONAR_LOGIN_KEY -B -V - mvn sonar:sonar --no-transfer-progress -Dsonar.projectKey=$SONAR_PROJECT_KEY -Dsonar.host.url=$SONAR_INSTANCE_URL -Dsonar.token=$SONAR_LOGIN_KEY -B -V
environment: environment:
SONAR_PROJECT_KEY: SONAR_PROJECT_KEY:
from_secret: sonar_project_key from_secret: sonar_project_key
@@ -29,3 +43,32 @@ steps:
from_secret: sonar_instance_url from_secret: sonar_instance_url
SONAR_LOGIN_KEY: SONAR_LOGIN_KEY:
from_secret: sonar_login_key from_secret: sonar_login_key
---
kind: pipeline
name: deploy
type: docker
platform:
os: linux
arch: arm64
trigger:
event:
- promote
target:
- production
steps:
# skip all previous steps because they were already ran in the "build" phase; we don't need to re-analyze the code.
# upload to maven repository
- name: maven-deploy
image: maven:3-eclipse-temurin-21
commands:
- mvn deploy --no-transfer-progress -DskipTests=true -Dmaven.javadoc.skip=true -B -V -gs settings.xml -Dmaven.repo.username=$MAVEN_REPO_USERNAME -Dmaven.repo.password=$MAVEN_REPO_PASSWORD
environment:
MAVEN_REPO_USERNAME:
from_secret: maven_repo_username
MAVEN_REPO_PASSWORD:
from_secret: maven_repo_password

62
pom.xml
View File

@@ -6,73 +6,107 @@
<groupId>wtf.beatrice</groupId> <groupId>wtf.beatrice</groupId>
<artifactId>release-hive</artifactId> <artifactId>release-hive</artifactId>
<version>0.0.1-SNAPSHOT</version> <version>0.0.2-SNAPSHOT</version>
<dependencies> <dependencies>
<!-- Logging Dependencies --> <!-- Logging Dependencies -->
<dependency> <dependency>
<groupId>org.apache.logging.log4j</groupId> <groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId> <artifactId>log4j-api</artifactId>
<version>2.23.1</version> <version>2.25.2</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.logging.log4j</groupId> <groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId> <artifactId>log4j-core</artifactId>
<version>2.23.1</version> <version>2.25.2</version>
</dependency> </dependency>
<!-- Web Dependencies --> <!-- Web Dependencies -->
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId> <artifactId>spring-boot-starter-web</artifactId>
<version>3.3.2</version> <version>3.5.7</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-json</artifactId> <artifactId>spring-boot-starter-json</artifactId>
<version>3.3.2</version> <version>3.5.7</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId> <artifactId>spring-boot-starter-data-jpa</artifactId>
<version>3.3.2</version> <version>3.5.7</version>
</dependency> </dependency>
<!-- Security and Auth --> <!-- Security and Auth -->
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId> <artifactId>spring-boot-starter-security</artifactId>
<version>3.3.2</version> <version>3.5.7</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>io.jsonwebtoken</groupId> <groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId> <artifactId>jjwt-api</artifactId>
<version>0.11.5</version> <version>0.13.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>io.jsonwebtoken</groupId> <groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId> <artifactId>jjwt-impl</artifactId>
<version>0.11.5</version> <version>0.13.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>io.jsonwebtoken</groupId> <groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId> <artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version> <version>0.13.0</version>
</dependency> </dependency>
<!-- Database Dependencies --> <!-- Database Dependencies -->
<dependency> <dependency>
<groupId>org.postgresql</groupId> <groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId> <artifactId>postgresql</artifactId>
<version>42.7.3</version> <version>42.7.8</version>
</dependency> </dependency>
</dependencies> </dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>12.1.9</version>
<configuration>
<failBuildOnCVSS>8</failBuildOnCVSS>
<nvdApiKey>${nvdApiKey}</nvdApiKey>
<formats>
<format>html</format>
<format>json</format>
</formats>
<suppressionFiles>
<suppressionFile>./suppressions.xml</suppressionFile>
</suppressionFiles>
</configuration>
</plugin>
</plugins>
</build>
<properties> <properties>
<maven.compiler.source>17</maven.compiler.source> <maven.compiler.source>21</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target> <maven.compiler.target>21</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<sonar.dependencyCheck.htmlReportPath>./target/dependency-check-report.html</sonar.dependencyCheck.htmlReportPath>
<sonar.dependencyCheck.jsonReportPath>./target/dependency-check-report.json</sonar.dependencyCheck.jsonReportPath>
<sonar.dependencyCheck.summarize>true</sonar.dependencyCheck.summarize>
</properties> </properties>
<distributionManagement>
<repository>
<id>nexus-releases</id>
<url>https://nexus.beatrice.wtf/repository/maven-releases/</url>
</repository>
<snapshotRepository>
<id>nexus-snapshots</id>
<url>https://nexus.beatrice.wtf/repository/maven-snapshots/</url>
</snapshotRepository>
</distributionManagement>
</project> </project>

2
readme.md
View File

@@ -16,7 +16,7 @@ this is currently the only supported database backend.
## building ## building
### required tools ### required tools
- java 17+ sdk - java 21+ sdk
- git - git
- maven - maven

3
renovate.json Normal file
View File

@@ -0,0 +1,3 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}

20
settings.xml Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd">
<servers>
<server>
<id>nexus-snapshots</id>
<username>${maven.repo.username}</username>
<password>${maven.repo.password}</password>
</server>
<server>
<id>nexus-releases</id>
<username>${maven.repo.username}</username>
<password>${maven.repo.password}</password>
</server>
</servers>
</settings>

1
src/main/java/wtf/beatrice/releasehive/resources/UserResource.java
View File

@@ -11,7 +11,6 @@ import wtf.beatrice.releasehive.models.User;
import wtf.beatrice.releasehive.services.UserService; import wtf.beatrice.releasehive.services.UserService;
import java.util.List; import java.util.List;
import java.util.UUID;
@RestController @RestController
@RequestMapping("/api/v1/users") @RequestMapping("/api/v1/users")

23
src/main/java/wtf/beatrice/releasehive/services/JWTService.java
View File

@@ -2,14 +2,13 @@ package wtf.beatrice.releasehive.services;
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders; import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys; import io.jsonwebtoken.security.Keys;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import wtf.beatrice.releasehive.models.User; import wtf.beatrice.releasehive.models.User;
import java.security.Key; import javax.crypto.SecretKey;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@@ -52,11 +51,11 @@ public class JWTService
) { ) {
return Jwts return Jwts
.builder() .builder()
.setClaims(extraClaims) .claims(extraClaims)
.setSubject(userDetails.getEmail()) .subject(userDetails.getEmail())
.setIssuedAt(new Date(System.currentTimeMillis())) .issuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + expiration)) .expiration(new Date(System.currentTimeMillis() + expiration))
.signWith(getSignInKey(), SignatureAlgorithm.HS256) .signWith(getSignInKey(), Jwts.SIG.HS256)
.compact(); .compact();
} }
@@ -75,14 +74,14 @@ public class JWTService
private Claims extractAllClaims(String token) { private Claims extractAllClaims(String token) {
return Jwts return Jwts
.parserBuilder() .parser()
.setSigningKey(getSignInKey()) .verifyWith(getSignInKey())
.build() .build()
.parseClaimsJws(token) .parseSignedClaims(token)
.getBody(); .getPayload();
} }
private Key getSignInKey() { private SecretKey getSignInKey() {
byte[] keyBytes = Decoders.BASE64.decode(secretKey); byte[] keyBytes = Decoders.BASE64.decode(secretKey);
return Keys.hmacShaKeyFor(keyBytes); return Keys.hmacShaKeyFor(keyBytes);
} }

8
src/main/java/wtf/beatrice/releasehive/services/UserServiceImpl.java
View File

@@ -35,10 +35,10 @@ public class UserServiceImpl implements UserService
@Override @Override
public boolean deleteUser(UUID id) { public boolean deleteUser(UUID id) {
if (userRepository.findById(id).isEmpty()) { userRepository.delete(userRepository
throw new UsernameNotFoundException(id.toString()); .findById(id)
} .orElseThrow(() -> new UsernameNotFoundException("User not found")));
userRepository.delete(userRepository.findById(id).get());
return true; return true;
} }
} }

10
suppressions.xml Normal file
View File

@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: snakeyaml-1.33.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
<cve>CVE-2021-4235</cve>
</suppress>
</suppressions>