fix warnings and security

b0c01673 · Vilem Gottwald · eb5a8728 · b0c01673 · b0c01673 · b0c01673
Commit b0c01673 authored 10 months ago by Vilem Gottwald
--- a/analytics-service/src/main/resources/application.yml
+++ b/analytics-service/src/main/resources/application.yml
 server:
  servlet:
    context-path: '/api/analytics-service'
-  port: 8085
+  port: 8084

 management:
  endpoints:

--- a/readme.md
+++ b/readme.md
@@ -7,13 +7,19 @@ NOTE: if this step fails you might not be running docker on your machine, it is
 3. Run `docker compose up --build` in the root directory
 NOTE: if this step fails you might have old volumes with false data, so please remove all volumes connected to this repository from docker and remove the online-banking-service container.
 NOTE-2: if some service does not start because of the flyway migration error, please drop the flyway schema migration table from the db and restart the container.
-Now all the services and the databases are running, and you can access them on the following ports:
- User-service: `localhost:8081/api/user-service`
- Transaction-service: `localhost:8082/api/transaction-service`
- Currency-service: `localhost:8083/currency-service`
- Analytics-service: `localhost:8084/api/analytics-service`
+   Now all the services and the databases are running, and you can access their swaggers using the following links:

-locust: we only defined the scenario of creating transactions in locust as it would be only API that the customers would
+- [Analytics-service](http://localhost:8084/api/analytics-service/swagger-ui/index.html)
+- [User-service](http://localhost:8083/api/user-service/swagger-ui/index.html)
+- [Transaction-service](http://localhost:8082/api/transaction-service/swagger-ui/index.html)
+- [Currency-service](http://localhost:8081/api/currency-service/swagger-ui/index.html)
+
+In order to use the secured serivices you will first need to obtain a token using the client:
+http://localhost:8080/
+
+## Locust
+
+We only defined the scenario of creating transactions in locust as it would be only API that the customers would
 use frequently
 there is defined a scenario when someone deposits money via ATM meaning in the scenario the customer deposits 1000 and
 it is deducted
@@ -23,6 +29,17 @@ analytics data is not seeded so just run after locust so you launch etl that wil
 normally it is run every day at 1 am to transform data from transaction service from previous day
 POST http://localhost:8080/api/analytics-service/v1/etl/execute

+## Grafana
+
+http://localhost:3000/
+
+Username: `admin`
+Password: `admin`
+
+## Prometheus
+
+http://localhost:9090/
+
 ## Use case:
 ![img_2.png](img_2.png)

@@ -65,7 +82,9 @@ calculates transaction amount.
 Service handles all currency related operation, it manages currencies so exchange rates are always up-to-date and
 provides needed services to the rest of the system.

-### Swagger Links
+## Links
+
+### Swagger

 - [Analytics-service](http://localhost:8084/api/analytics-service/swagger-ui/index.html)
 - [User-service](http://localhost:8083/api/user-service/swagger-ui/index.html)
@@ -81,21 +100,12 @@ Password: `changemelater`
 - [Transaction-service](http://localhost:8085/?pgsql=transaction-db&username=transaction_service&db=transaction_db&)
 - [Currency-service](http://localhost:8085/?pgsql=currency-db&username=currency_service&db=currency_db&)

+--- 

-### Grafana 
-http://localhost:3000/
-
-Username: `admin`
-Password: `admin`
-
-### Prometheus
-http://localhost:9090/
-
-### Entity relationship Diagram
-
+### Entity relationship diagram

 ![img_3.png](img_3.png)

-### System architecture
+### System architecture diagram

 ![img_4.png](img_4.png)
--- a/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/AccountDbo.java
+++ b/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/AccountDbo.java
@@ -4,12 +4,7 @@ import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.Id;
 import jakarta.persistence.Table;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.NoArgsConstructor;
-import lombok.Setter;
+import lombok.*;

 @Entity
 @Builder
@@ -27,6 +22,8 @@ public class AccountDbo {
 	private String customerId;
 	@Column(name = "currency_code", nullable = false)
 	private String currencyCode;
+
+	@Builder.Default
 	@Column(name = "bank_account", nullable = false)
 	private boolean isBankAccount = false;
 }
--- a/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/TransactionDbo.java
+++ b/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/TransactionDbo.java
 package cz.muni.fi.obs.data.dbo;

+import jakarta.persistence.*;
+import lombok.*;
+
 import java.math.BigDecimal;
 import java.time.Instant;
 import java.util.UUID;

-import jakarta.persistence.Column;
-import jakarta.persistence.Entity;
-import jakarta.persistence.EnumType;
-import jakarta.persistence.Enumerated;
-import jakarta.persistence.Id;
-import jakarta.persistence.JoinColumn;
-import jakarta.persistence.ManyToOne;
-import jakarta.persistence.Table;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.NoArgsConstructor;
-import lombok.Setter;
-
 @Entity
 @Builder
 @Setter
@@ -28,8 +16,9 @@ import lombok.Setter;
 @EqualsAndHashCode(of = "id")
 @Table(name = "transactions")
 public class TransactionDbo {
-	@Id
-	private String id = UUID.randomUUID().toString();
+	@Builder.Default
+	@Column(name = "transaction_time", updatable = false, nullable = false)
+	private final Instant transactionTime = Instant.now();
 	@Column(name = "conversion_rate")
 	private Double conversionRate;
 	@ManyToOne
@@ -46,9 +35,11 @@ public class TransactionDbo {
 	private String note;
 	@Column(name = "variable_symbol")
 	private String variableSymbol;
+	@Builder.Default
+	@Id
+	private String id = UUID.randomUUID().toString();
+	@Builder.Default
 	@Enumerated(EnumType.STRING)
 	@Column(name = "transaction_state", nullable = false)
 	private TransactionState transactionState = TransactionState.PENDING;
-	@Column(name = "transaction_time", updatable = false, nullable = false)
-	private final Instant transactionTime = Instant.now();
 }
--- a/user-service/src/main/java/cz/muni/fi/obs/controller/UserControllerAdvice.java
+++ b/user-service/src/main/java/cz/muni/fi/obs/controller/UserControllerAdvice.java
@@ -6,6 +6,7 @@ import cz.muni.fi.obs.api.ValidationErrors;
 import cz.muni.fi.obs.api.ValidationFailedResponse;
 import cz.muni.fi.obs.exceptions.ExternalServiceException;
 import cz.muni.fi.obs.exceptions.UserNotFoundException;
+import cz.muni.fi.obs.security.exceptions.AccessDeniedException;
 import feign.FeignException;
 import org.postgresql.util.PSQLException;
 import org.springframework.http.HttpStatus;
@@ -110,6 +111,11 @@ public class UserControllerAdvice {
        return new ResponseEntity<>(new ErrorResponse(ex.getMessage()), HttpStatus.INTERNAL_SERVER_ERROR);
    }

+    @ExceptionHandler(AccessDeniedException.class)
+    public ResponseEntity<ErrorResponse> handleAccessDeniedException(AccessDeniedException ex) {
+        return new ResponseEntity<>(new ErrorResponse(ex.getMessage()), HttpStatus.FORBIDDEN);
+    }
+
    @ExceptionHandler(FeignException.BadRequest.class)
    public ResponseEntity<String> handleBadRequestExceptions(FeignException.BadRequest ex) {
        return new ResponseEntity<>(ex.contentUTF8(), HttpStatus.BAD_REQUEST);

--- a/user-service/src/main/java/cz/muni/fi/obs/security/Security.java
+++ b/user-service/src/main/java/cz/muni/fi/obs/security/Security.java
@@ -22,7 +22,7 @@ public class Security {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

        if (!authentication.getName().equals(oauthId)) {
-            throw new AccessDeniedException("You are not owner of this resource");
+            throw new AccessDeniedException("You are not owner of this account");
        }
    }