From 4f73169f53b50cf967fb495a46ffab210371a39a Mon Sep 17 00:00:00 2001 From: Vlasosik <128188585+Vlasosik@users.noreply.github.com> Date: Sun, 21 Apr 2024 18:02:49 +0300 Subject: [PATCH 1/3] added ElementType.PARAMETER for use UrlShortValidator. --- .../com/linkurlshorter/urlshortener/link/UrlShortValidator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/linkurlshorter/urlshortener/link/UrlShortValidator.java b/src/main/java/com/linkurlshorter/urlshortener/link/UrlShortValidator.java index e301473..f736d97 100644 --- a/src/main/java/com/linkurlshorter/urlshortener/link/UrlShortValidator.java +++ b/src/main/java/com/linkurlshorter/urlshortener/link/UrlShortValidator.java @@ -12,7 +12,7 @@ */ @Documented @Retention(RetentionPolicy.RUNTIME) -@Target({ElementType.FIELD, ElementType.METHOD, ElementType.ANNOTATION_TYPE}) +@Target({ElementType.FIELD, ElementType.METHOD, ElementType.PARAMETER, ElementType.ANNOTATION_TYPE}) @Constraint(validatedBy = UrlShortValidatorImpl.class) public @interface UrlShortValidator { From 387b3b46a89494f2a073b42354a8fec63c588975 Mon Sep 17 00:00:00 2001 From: Vlasosik <128188585+Vlasosik@users.noreply.github.com> Date: Sun, 21 Apr 2024 21:01:55 +0300 Subject: [PATCH 2/3] added custom annotation ShortenedLinkOwnerValidation. --- .../user/ShortenedLinkOwnerValidation.java | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 src/main/java/com/linkurlshorter/urlshortener/user/ShortenedLinkOwnerValidation.java diff --git a/src/main/java/com/linkurlshorter/urlshortener/user/ShortenedLinkOwnerValidation.java b/src/main/java/com/linkurlshorter/urlshortener/user/ShortenedLinkOwnerValidation.java new file mode 100644 index 0000000..41b6767 --- /dev/null +++ b/src/main/java/com/linkurlshorter/urlshortener/user/ShortenedLinkOwnerValidation.java @@ -0,0 +1,41 @@ +package com.linkurlshorter.urlshortener.user; + +import jakarta.validation.Constraint; +import jakarta.validation.Payload; + +import java.lang.annotation.*; + +/** + * The annotation used to validate user ownership of the shortened link. + * The validation is performed using {@link ShortenedLinkOwnerValidationImpl}. + * + * @author Vlas Potoskyi + */ +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.FIELD, ElementType.METHOD, ElementType.PARAMETER, ElementType.ANNOTATION_TYPE}) +@Constraint(validatedBy = ShortenedLinkOwnerValidationImpl.class) +public @interface ShortenedLinkOwnerValidation { + /** + * The message to be used to inform about the failed validation. + * Default: "". + * + * @return Error message. + */ + String message() default ""; + + /** + * Groups to which this constraint belongs. Default: empty array. + * + * @return Constraint groups. + */ + Class[] groups() default {}; + + /** + * Parameters that can be used to configure the constraint. + * Default: an empty array. + * + * @return The parameters of the constraint. + */ + Class[] payload() default {}; +} From 56ea377aa8525c5f2b34016b2e7cd67784dad1b8 Mon Sep 17 00:00:00 2001 From: Vlasosik <128188585+Vlasosik@users.noreply.github.com> Date: Sun, 21 Apr 2024 21:02:54 +0300 Subject: [PATCH 3/3] added implementation custom annotation ShortenedLinkOwnerValidationImpl --- .../ShortenedLinkOwnerValidationImpl.java | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 src/main/java/com/linkurlshorter/urlshortener/user/ShortenedLinkOwnerValidationImpl.java diff --git a/src/main/java/com/linkurlshorter/urlshortener/user/ShortenedLinkOwnerValidationImpl.java b/src/main/java/com/linkurlshorter/urlshortener/user/ShortenedLinkOwnerValidationImpl.java new file mode 100644 index 0000000..2cbf7ab --- /dev/null +++ b/src/main/java/com/linkurlshorter/urlshortener/user/ShortenedLinkOwnerValidationImpl.java @@ -0,0 +1,54 @@ +package com.linkurlshorter.urlshortener.user; + +import com.linkurlshorter.urlshortener.link.LinkService; +import jakarta.validation.ConstraintValidator; +import jakarta.validation.ConstraintValidatorContext; +import lombok.RequiredArgsConstructor; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; + +import java.util.Objects; +import java.util.UUID; + +/** + * Implementation of user ownership verification for a shortened link. + * The check is performed using the link service {@link LinkService} and the user service {@link UserService}. + */ +@RequiredArgsConstructor +public class ShortenedLinkOwnerValidationImpl implements ConstraintValidator { + private final LinkService linkService; + private final UserService userService; + + /** + * Checks user ownership of the shortened link. + * + * @param shortLink The shortened link to check ownership for. + * @param context The context of the constraint check. + * @return true if the current user owns the link; false otherwise. + */ + @Override + public boolean isValid(String shortLink, ConstraintValidatorContext context) { + if (shortLink == null || shortLink.isEmpty()) { + context.buildConstraintViolationWithTemplate("Invalid short link!"); + return false; + } + UUID currentUserId = getCurrentUserId(); + UUID linkUserId = linkService.findByShortLink(shortLink).getId(); + if (!Objects.equals(currentUserId, linkUserId)) { + context.buildConstraintViolationWithTemplate("You cannot do this!"); + return false; + } + return true; + } + + /** + * Gets the ID of the current user. + * + * @return The ID of the current user. + */ + private UUID getCurrentUserId() { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + String userEmail = authentication.getName(); + return userService.findByEmail(userEmail).getId(); + } +}