Tue, 03 Aug 2021 13:41:32 +0200
#21 adds input validation mechanism
Also upgrades to Kotlin 1.5.21
universe@184 | 1 | /* |
universe@184 | 2 | * Copyright 2021 Mike Becker. All rights reserved. |
universe@184 | 3 | * |
universe@184 | 4 | * Redistribution and use in source and binary forms, with or without |
universe@184 | 5 | * modification, are permitted provided that the following conditions are met: |
universe@184 | 6 | * |
universe@184 | 7 | * 1. Redistributions of source code must retain the above copyright |
universe@184 | 8 | * notice, this list of conditions and the following disclaimer. |
universe@184 | 9 | * |
universe@184 | 10 | * 2. Redistributions in binary form must reproduce the above copyright |
universe@184 | 11 | * notice, this list of conditions and the following disclaimer in the |
universe@184 | 12 | * documentation and/or other materials provided with the distribution. |
universe@184 | 13 | * |
universe@184 | 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
universe@184 | 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
universe@184 | 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
universe@184 | 17 | * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE |
universe@184 | 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
universe@184 | 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
universe@184 | 20 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
universe@184 | 21 | * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
universe@184 | 22 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
universe@184 | 23 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
universe@184 | 24 | */ |
universe@184 | 25 | |
universe@184 | 26 | package de.uapcore.lightpit.servlet |
universe@184 | 27 | |
universe@209 | 28 | import de.uapcore.lightpit.* |
universe@184 | 29 | import de.uapcore.lightpit.dao.DataAccessObject |
universe@184 | 30 | import de.uapcore.lightpit.entities.User |
universe@184 | 31 | import de.uapcore.lightpit.viewmodel.UserEditView |
universe@184 | 32 | import de.uapcore.lightpit.viewmodel.UsersView |
universe@184 | 33 | import javax.servlet.annotation.WebServlet |
universe@184 | 34 | |
universe@184 | 35 | @WebServlet(urlPatterns = ["/users/*"]) |
universe@184 | 36 | class UsersServlet : AbstractServlet(), LoggingTrait { |
universe@184 | 37 | |
universe@184 | 38 | init { |
universe@184 | 39 | get("/", this::index) |
universe@184 | 40 | get("/-/create", this::create) |
universe@184 | 41 | get("/%userid/edit", this::edit) |
universe@184 | 42 | post("/-/commit", this::commit) |
universe@184 | 43 | } |
universe@184 | 44 | |
universe@184 | 45 | private val list = "users" |
universe@184 | 46 | private val form = "user-form" |
universe@184 | 47 | |
universe@209 | 48 | private fun index(http: HttpRequest, dao: DataAccessObject) { |
universe@184 | 49 | with(http) { |
universe@184 | 50 | view = UsersView(dao.listUsers()) |
universe@184 | 51 | render(list) |
universe@184 | 52 | } |
universe@184 | 53 | } |
universe@184 | 54 | |
universe@209 | 55 | private fun create(http: HttpRequest, dao: DataAccessObject) { |
universe@184 | 56 | with(http) { |
universe@184 | 57 | view = UserEditView(User(-1)) |
universe@184 | 58 | render(form) |
universe@184 | 59 | } |
universe@184 | 60 | } |
universe@184 | 61 | |
universe@209 | 62 | private fun edit(http: HttpRequest, dao: DataAccessObject) { |
universe@184 | 63 | val id = http.pathParams["userid"]?.toIntOrNull() |
universe@184 | 64 | if (id == null) { |
universe@184 | 65 | http.response.sendError(404) |
universe@184 | 66 | } else { |
universe@184 | 67 | val user = dao.findUser(id) |
universe@184 | 68 | if (user == null) { |
universe@184 | 69 | http.response.sendError(404) |
universe@184 | 70 | } else { |
universe@184 | 71 | with(http) { |
universe@184 | 72 | view = UserEditView(user) |
universe@184 | 73 | render(form) |
universe@184 | 74 | } |
universe@184 | 75 | } |
universe@184 | 76 | } |
universe@184 | 77 | } |
universe@184 | 78 | |
universe@209 | 79 | private fun commit(http: HttpRequest, dao: DataAccessObject) { |
universe@184 | 80 | val id = http.param("userid")?.toIntOrNull() |
universe@184 | 81 | if (id == null) { |
universe@184 | 82 | http.response.sendError(400) |
universe@184 | 83 | return |
universe@184 | 84 | } |
universe@184 | 85 | |
universe@184 | 86 | val user = User(id) |
universe@184 | 87 | with(user) { |
universe@184 | 88 | givenname = http.param("givenname") |
universe@184 | 89 | lastname = http.param("lastname") |
universe@184 | 90 | mail = http.param("mail") |
universe@184 | 91 | } |
universe@184 | 92 | |
universe@209 | 93 | if (user.id > 0) { |
universe@209 | 94 | logger().info("Update user with id ${user.id}.") |
universe@209 | 95 | dao.updateUser(user) |
universe@209 | 96 | http.renderCommit("users/") |
universe@209 | 97 | } else { |
universe@209 | 98 | val errorMessages = mutableListOf<String>() |
universe@209 | 99 | val username = http.param("username", { |
universe@209 | 100 | if (it == null) ValidationError("validation.username.null") |
universe@209 | 101 | else if (dao.findUserByName(it) != null) ValidationError("validation.username.unique") |
universe@209 | 102 | else ValidatedValue(it) |
universe@209 | 103 | }, errorMessages) |
universe@209 | 104 | |
universe@209 | 105 | if (username != null) { |
universe@209 | 106 | logger().info("Insert user ${username}.") |
universe@209 | 107 | user.username = username |
universe@209 | 108 | dao.insertUser(user) |
universe@209 | 109 | http.renderCommit("users/") |
universe@209 | 110 | } else { |
universe@209 | 111 | http.view = UserEditView(user).apply { this.errorMessages = errorMessages } |
universe@209 | 112 | http.render(form) |
universe@184 | 113 | } |
universe@184 | 114 | } |
universe@184 | 115 | } |
universe@184 | 116 | } |