feat: rest register added and refactors

back/src/main/java/net/daw/alist/controllers/rest/PostRestController.java

@@ -36,10 +36,10 @@ public class PostRestController {
 
   @Operation(summary = "Create new post")
   @ApiResponses(value = {
-    @ApiResponse(responseCode = "201", description = "Post created", content = {
-      @Content(mediaType = "application/json", array = @ArraySchema(schema = @Schema(implementation = Post.class)))
-    }),
-    @ApiResponse(responseCode = "403", description = "Can't create post if not registered", content = @Content)
+          @ApiResponse(responseCode = "201", description = "Post created", content = {
+            @Content(mediaType = "application/json", array = @ArraySchema(schema = @Schema(implementation = Post.class)))
+          }),
+          @ApiResponse(responseCode = "403", description = "Can't create post if not registered", content = @Content)
   })
   @PostMapping("/")
   @ResponseStatus(HttpStatus.CREATED)
@@ -53,10 +53,10 @@ public Post createPost(Authentication auth, Post post) {
 
   @Operation(summary = "Get specific post")
   @ApiResponses(value = {
-    @ApiResponse(responseCode = "200", description = "Post found", content = {
-      @Content(mediaType = "application/json", array = @ArraySchema(schema = @Schema(implementation = Post.class)))
-    }),
-    @ApiResponse(responseCode = "404", description = "Post not found", content = @Content)
+          @ApiResponse(responseCode = "200", description = "Post found", content = {
+            @Content(mediaType = "application/json", array = @ArraySchema(schema = @Schema(implementation = Post.class)))
+          }),
+          @ApiResponse(responseCode = "404", description = "Post not found", content = @Content)
   })
   @GetMapping("/{postId}")
   public ResponseEntity<Post> getPost(@PathVariable long postId) {
@@ -70,11 +70,11 @@ public ResponseEntity<Post> getPost(@PathVariable long postId) {
 
   @Operation(summary = "Delete specific post")
   @ApiResponses(value = {
-    @ApiResponse(responseCode = "200", description = "Post deleted", content = {
-      @Content(mediaType = "application/json", array = @ArraySchema(schema = @Schema(implementation = Post.class)))
-    }),
-    @ApiResponse(responseCode = "403", description = "Can't delete other one post", content = @Content),
-    @ApiResponse(responseCode = "404", description = "Post not found", content = @Content)
+          @ApiResponse(responseCode = "200", description = "Post deleted", content = {
+            @Content(mediaType = "application/json", array = @ArraySchema(schema = @Schema(implementation = Post.class)))
+          }),
+          @ApiResponse(responseCode = "403", description = "Can't delete other one post", content = @Content),
+          @ApiResponse(responseCode = "404", description = "Post not found", content = @Content)
   })
   @DeleteMapping("/{postId}")
   public ResponseEntity<Post> deletePost(Authentication auth, @PathVariable long postId) {
@@ -93,45 +93,45 @@ public ResponseEntity<Post> deletePost(Authentication auth, @PathVariable long p
 
   @Operation(summary = "Current user upvote a post")
   @ApiResponses(value = {
-          @ApiResponse(responseCode = "200", description = "User found and upvote the post", content = @Content),
+          @ApiResponse(responseCode = "200", description = "User found and upvoted the post", content = {
+                  @Content(mediaType = "application/json", array = @ArraySchema(schema = @Schema(implementation = Post.class)))
+          }),
           @ApiResponse(responseCode = "403", description = "Current user not logged in", content = @Content),
           @ApiResponse(responseCode = "404", description = "Post not found", content = @Content)
   })
   @PutMapping("/{postId}/upvotes")
-  public ResponseEntity<Post> upvoteAction(Authentication authentication, @PathVariable long postId) {
+  public ResponseEntity<Post> upvotePost(Authentication authentication, @PathVariable long postId) {
     Optional<Post> optionalPost = postService.findByID(postId);
-    if(!(authentication == null) && optionalPost.isPresent() ) {
+    if(optionalPost.isPresent()) {
       User userSession = (User) userService.loadUserByUsername(((User) authentication
               .getPrincipal())
               .getUsername());
       votesService.actionUpVote(postId, userSession);
-      return new ResponseEntity<>(HttpStatus.OK);
+      return new ResponseEntity<>(optionalPost.get(), HttpStatus.OK);
     }
-    else if (authentication==null)
-      return new ResponseEntity<>(HttpStatus.FORBIDDEN);
     else
       return new ResponseEntity<>(HttpStatus.NOT_FOUND);
 
   }
 
   @Operation(summary = "Current user downvote a post")
   @ApiResponses(value = {
-          @ApiResponse(responseCode = "200", description = "User found and downvoted the post", content = @Content),
+          @ApiResponse(responseCode = "200", description = "User found and downvoted the post", content = {
+                  @Content(mediaType = "application/json", array = @ArraySchema(schema = @Schema(implementation = Post.class)))
+          }),
           @ApiResponse(responseCode = "403", description = "Current user not logged in", content = @Content),
           @ApiResponse(responseCode = "404", description = "Post not found", content = @Content)
   })
   @PutMapping("/{postId}/downvotes")
-  public ResponseEntity<Post> downvoteAction(Authentication authentication, @PathVariable long postId) {
+  public ResponseEntity<Post> downvotePost(Authentication authentication, @PathVariable long postId) {
     Optional<Post> optionalPost = postService.findByID(postId);
-    if(!(authentication == null) && optionalPost.isPresent() ) {
+    if(optionalPost.isPresent()) {
       User userSession = (User) userService.loadUserByUsername(((User) authentication
               .getPrincipal())
               .getUsername());
       votesService.actionDownVote(postId, userSession);
-      return new ResponseEntity<>(HttpStatus.OK);
+      return new ResponseEntity<>(optionalPost.get(), HttpStatus.OK);
     }
-    else if (authentication==null)
-      return new ResponseEntity<>(HttpStatus.FORBIDDEN);
     else
       return new ResponseEntity<>(HttpStatus.NOT_FOUND);
   }

back/src/main/java/net/daw/alist/controllers/rest/UserRestController.java

@@ -6,6 +6,8 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import net.daw.alist.models.User;
+import net.daw.alist.security.RegistrationRequest;
+import net.daw.alist.services.RegistrationService;
 import net.daw.alist.services.UserService;
 import net.daw.alist.utils.Utils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -14,6 +16,8 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 
+import java.io.IOException;
+import java.sql.SQLException;
 import java.util.Optional;
 
 @RestController
@@ -26,6 +30,32 @@ public class UserRestController {
   @Autowired
   private Utils utils;
 
+  @Autowired
+  private RegistrationService registrationService;
+
+  @Operation(summary = "Register a new user")
+  @ApiResponses(value = {
+          @ApiResponse(responseCode = "201", description = "User created", content = {
+                  @Content(mediaType = "application/json", schema = @Schema(implementation = User.class))}),
+          @ApiResponse(responseCode = "403", description = "Username already taken", content = @Content),
+          @ApiResponse(responseCode = "400", description = "Username/password is shorter than 4 characters or invalid email address", content = @Content)
+  })
+  @PostMapping("/")
+  public ResponseEntity<User> register(@RequestBody RegistrationRequest request) throws SQLException, IOException {
+    Optional<User> optionalUser = userService.findByUsername(request.getUsername());
+    if (optionalUser.isEmpty()) {
+      String response = registrationService.register(request);
+      if (response.startsWith("Success")){
+        User user = userService.findByUsername(request.getUsername()).orElseThrow();
+        return new ResponseEntity<>(user, HttpStatus.CREATED);
+      } else{
+        return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+      }
+    } else {
+      return new ResponseEntity<>(HttpStatus.FORBIDDEN);
+    }
+  }
+
   @Operation(summary = "Get a user by its username")
   @ApiResponses(value = {
           @ApiResponse(responseCode = "200", description = "User found", content = {
@@ -69,24 +99,24 @@ public ResponseEntity<User> banUser(Authentication authentication, @PathVariable
 
   @Operation(summary = "Current user follows another user by its name")
   @ApiResponses(value = {
-          @ApiResponse(responseCode = "200", description = "User found and followed/unfollowed state changed", content = @Content),
+          @ApiResponse(responseCode = "200", description = "User found and followed/unfollowed state changed", content = {
+                  @Content(mediaType = "application/json", schema = @Schema(implementation = User.class))}),
           @ApiResponse(responseCode = "403", description = "Current user not logged in", content = @Content),
           @ApiResponse(responseCode = "404", description = "User not found", content = @Content)
   })
   @PutMapping("/{username}/follows")
   public ResponseEntity<User> follow(Authentication authentication, @PathVariable String username){
     Optional<User> optionalUser =  userService.findByUsername(username);
-    if(authentication == null)
-      return  new ResponseEntity<>(HttpStatus.FORBIDDEN);
-    User userSession = (User) authentication;
-    if( optionalUser.isPresent()) {
+    User userSession = (User) authentication.getPrincipal();
+    userSession  = userService.findByID(userSession.getId()).orElseThrow();
+    if(optionalUser.isPresent()) {
       User userProfile = optionalUser.get();
       if (userProfile.getFollowers().contains(userSession))
         userSession.unFollow(userProfile);
       else
         userSession.follow(userProfile);
       userService.saveUser(userSession);
-      return new ResponseEntity<>(HttpStatus.OK);
+      return new ResponseEntity<>(userProfile, HttpStatus.OK);
     }
     return new ResponseEntity<>(HttpStatus.NOT_FOUND);
   }

back/src/main/java/net/daw/alist/security/RestSecurityConfig.java

@@ -50,14 +50,15 @@ protected void configure(HttpSecurity http) throws Exception {
     // URLs that need authentication to access to it
     http
         .authorizeRequests()
-        .antMatchers(HttpMethod.GET, "/api/ajax/followed-users/posts").hasAnyRole("ADMIN", "USER")
+          .antMatchers(HttpMethod.GET, "/api/ajax/followed-users/posts").hasAnyRole("ADMIN", "USER")
           .antMatchers(HttpMethod.POST, "/api/comments/**").hasAnyRole("ADMIN", "USER")
           .antMatchers(HttpMethod.DELETE, "/api/comments/**").hasAnyRole("ADMIN", "USER")
           .antMatchers(HttpMethod.POST, "/api/posts/**").hasAnyRole("ADMIN", "USER")
           .antMatchers(HttpMethod.DELETE, "/api/posts/**").hasAnyRole("ADMIN", "USER")
+          .antMatchers(HttpMethod.PUT, "/api/posts/**").hasAnyRole("ADMIN", "USER")
           .antMatchers(HttpMethod.POST, "/api/topics/**").hasRole("ADMIN")
           .antMatchers(HttpMethod.DELETE, "/api/topics/**").hasRole("ADMIN")
-          .antMatchers(HttpMethod.PUT, "/api/users/**").hasRole("ADMIN");
+          .antMatchers(HttpMethod.PUT, "/api/users/**").hasAnyRole("ADMIN", "USER");
 
 
     // Other URLs can be accessed without authentication