diff --git a/.github/workflows/build-on-pull-request.yml b/.github/workflows/build-on-pull-request.yml index c77dd5e..bd108fe 100644 --- a/.github/workflows/build-on-pull-request.yml +++ b/.github/workflows/build-on-pull-request.yml @@ -13,10 +13,10 @@ jobs: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - - name: Setup JDK 8 + - name: Setup JDK 17 uses: actions/setup-java@v2 with: - java-version: 8 + java-version: 17 distribution: 'adopt' - name: Build with Maven run: mvn clean install diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml index de8550b..fb7679e 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/package.yml @@ -22,10 +22,10 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - - name: Setup JDK 8 + - name: Setup JDK 17 uses: actions/setup-java@v2 with: - java-version: 8 + java-version: 17 distribution: 'adopt' - name: Build with Maven @@ -35,7 +35,7 @@ jobs: run: mvn -B package --file pom.xml - name: Upload WAR file as artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: Helpline104-API path: target/104api-v1.0.war diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index 1b3793b..2f60297 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -37,10 +37,10 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v2 - - name: Setup JDK 8 + - name: Setup JDK 17 uses: actions/setup-java@v2 with: - java-version: 8 + java-version: 17 distribution: 'adopt' - name: Build with Maven diff --git a/src/main/java/com/iemr/helpline104/utils/http/HTTPRequestInterceptor.java b/src/main/java/com/iemr/helpline104/utils/http/HTTPRequestInterceptor.java index a14ae25..601c7a4 100644 --- a/src/main/java/com/iemr/helpline104/utils/http/HTTPRequestInterceptor.java +++ b/src/main/java/com/iemr/helpline104/utils/http/HTTPRequestInterceptor.java @@ -29,82 +29,72 @@ import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; -import com.iemr.helpline104.utils.redis.RedisStorage; import com.iemr.helpline104.utils.response.OutputResponse; import com.iemr.helpline104.utils.sessionobject.SessionObject; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import jakarta.ws.rs.core.MediaType; +import com.iemr.helpline104.utils.validator.Validator; + @Component public class HTTPRequestInterceptor implements HandlerInterceptor { - Logger logger = LoggerFactory.getLogger(this.getClass().getName()); - @Autowired - private RedisStorage redisStorage; + private final Validator validator; + + Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName()); + @Autowired + public HTTPRequestInterceptor(Validator validator) { + this.validator = validator; + } + private SessionObject sessionObject; + @Autowired + public void setSessionObject(SessionObject sessionObject) { + this.sessionObject = sessionObject; + } + @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception { - logger.info("http interceptor - pre Handle"); boolean status = true; - - if (request.getRequestURI().toLowerCase().contains("swagger-ui")) - return status; - - String authorization = null; - String preAuth = request.getHeader("Authorization"); - if(null != preAuth && preAuth.contains("Bearer ")) - authorization=preAuth.replace("Bearer ", ""); - else - authorization = preAuth; + logger.debug("In preHandle we are Intercepting the Request"); + String authorization = request.getHeader("Authorization"); + logger.debug("RequestURI:: {} || method :: {}", request.getRequestURI(), request.getMethod()); if (!request.getMethod().equalsIgnoreCase("OPTIONS")) { try { String[] requestURIParts = request.getRequestURI().split("/"); String requestAPI = requestURIParts[requestURIParts.length - 1]; switch (requestAPI) { - case "swagger-ui.html": - break; - case "index.html": + case "userAuthenticate", "userAuthenticateNew", "userAuthenticateV1", + "forgetPassword", "setForgetPassword", "changePassword", + "saveUserSecurityQuesAns", "swagger-ui.html", + "ui", "swagger-resources", "api-docs": break; - case "swagger-initializer.js": - break; - case "swagger-config": - break; - case "ui": - break; - case "swagger-resources": - break; - case "api-docs": - break; - case "error": status = false; break; default: - logger.debug("RequestURI::" + request.getRequestURI() + " || Authorization ::" + authorization); - if (authorization == null) - throw new Exception( - "Authorization key is NULL, please pass valid session key to proceed further. "); - String userRespFromRedis = sessionObject.getSessionObject(authorization); - if (userRespFromRedis == null) - throw new Exception("invalid Authorization key, please pass a valid key to proceed further. "); + String remoteAddress = request.getHeader("X-FORWARDED-FOR"); + if (remoteAddress == null || remoteAddress.trim().length() == 0) { + remoteAddress = request.getRemoteAddr(); + } + + validator.checkKeyExists(authorization, remoteAddress); break; } } catch (Exception e) { - logger.error(e.getLocalizedMessage()); - + logger.error("Error in preHandle method", e); OutputResponse output = new OutputResponse(); - output.setError(e); + output.setError("An unexpected error occurred."); + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); response.getOutputStream().print(output.toString()); response.setContentType(MediaType.APPLICATION_JSON); response.setContentLength(output.toString().length()); - response.setHeader("Access-Control-Allow-Origin", "*"); status = false; } } - return status; } @@ -113,12 +103,7 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response, throws Exception { try { logger.debug("In postHandle we are Intercepting the Request"); - String authorization = null; - String postAuth = request.getHeader("Authorization"); - if(null != postAuth && postAuth.contains("Bearer ")) - authorization=postAuth.replace("Bearer ", ""); - else - authorization = postAuth; + String authorization = request.getHeader("Authorization"); logger.debug("RequestURI::" + request.getRequestURI() + " || Authorization ::" + authorization); if (authorization != null) { sessionObject.updateSessionObject(authorization, sessionObject.getSessionObject(authorization)); @@ -131,7 +116,9 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response, @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception arg3) throws Exception { - logger.info("http interceptor - after completion"); - + logger.debug("In afterCompletion Request Completed"); } + + + } \ No newline at end of file diff --git a/src/main/java/com/iemr/helpline104/utils/response/OutputResponse.java b/src/main/java/com/iemr/helpline104/utils/response/OutputResponse.java index 94b9ccd..dec10d0 100644 --- a/src/main/java/com/iemr/helpline104/utils/response/OutputResponse.java +++ b/src/main/java/com/iemr/helpline104/utils/response/OutputResponse.java @@ -147,6 +147,11 @@ public void setError(int errorCode, String message) { setError(errorCode, message, message); } + + public void setError(String message) + { + setError(message); + } public boolean isSuccess() {