From b0c0167366b3a76b251e449ec4cc2e87b2179400 Mon Sep 17 00:00:00 2001
From: Vilem Gottwald <xvigo.dev@gmail.com>
Date: Thu, 9 May 2024 14:49:43 +0200
Subject: [PATCH] fix warnings and security

---
 .../src/main/resources/application.yml        |  2 +-
 readme.md                                     | 48 +++++++++++--------
 .../cz/muni/fi/obs/data/dbo/AccountDbo.java   |  9 ++--
 .../muni/fi/obs/data/dbo/TransactionDbo.java  | 29 ++++-------
 .../obs/controller/UserControllerAdvice.java  |  6 +++
 .../cz/muni/fi/obs/security/Security.java     |  2 +-
 6 files changed, 50 insertions(+), 46 deletions(-)

diff --git a/analytics-service/src/main/resources/application.yml b/analytics-service/src/main/resources/application.yml
index 5505743..a0adb06 100644
--- a/analytics-service/src/main/resources/application.yml
+++ b/analytics-service/src/main/resources/application.yml
@@ -1,7 +1,7 @@
 server:
   servlet:
     context-path: '/api/analytics-service'
-  port: 8085
+  port: 8084
 
 management:
   endpoints:
diff --git a/readme.md b/readme.md
index be3c758..c18ba0a 100644
--- a/readme.md
+++ b/readme.md
@@ -7,13 +7,19 @@ NOTE: if this step fails you might not be running docker on your machine, it is
 3. Run `docker compose up --build` in the root directory
 NOTE: if this step fails you might have old volumes with false data, so please remove all volumes connected to this repository from docker and remove the online-banking-service container.
 NOTE-2: if some service does not start because of the flyway migration error, please drop the flyway schema migration table from the db and restart the container.
-Now all the services and the databases are running, and you can access them on the following ports:
-- User-service: `localhost:8081/api/user-service`
-- Transaction-service: `localhost:8082/api/transaction-service`
-- Currency-service: `localhost:8083/currency-service`
-- Analytics-service: `localhost:8084/api/analytics-service`
+   Now all the services and the databases are running, and you can access their swaggers using the following links:
 
-locust: we only defined the scenario of creating transactions in locust as it would be only API that the customers would
+- [Analytics-service](http://localhost:8084/api/analytics-service/swagger-ui/index.html)
+- [User-service](http://localhost:8083/api/user-service/swagger-ui/index.html)
+- [Transaction-service](http://localhost:8082/api/transaction-service/swagger-ui/index.html)
+- [Currency-service](http://localhost:8081/api/currency-service/swagger-ui/index.html)
+
+In order to use the secured serivices you will first need to obtain a token using the client:
+http://localhost:8080/
+
+## Locust
+
+We only defined the scenario of creating transactions in locust as it would be only API that the customers would
 use frequently
 there is defined a scenario when someone deposits money via ATM meaning in the scenario the customer deposits 1000 and
 it is deducted
@@ -23,6 +29,17 @@ analytics data is not seeded so just run after locust so you launch etl that wil
 normally it is run every day at 1 am to transform data from transaction service from previous day
 POST http://localhost:8080/api/analytics-service/v1/etl/execute
 
+## Grafana
+
+http://localhost:3000/
+
+Username: `admin`
+Password: `admin`
+
+## Prometheus
+
+http://localhost:9090/
+
 ## Use case:
 ![img_2.png](img_2.png)
 
@@ -65,7 +82,9 @@ calculates transaction amount.
 Service handles all currency related operation, it manages currencies so exchange rates are always up-to-date and
 provides needed services to the rest of the system.
 
-### Swagger Links
+## Links
+
+### Swagger
 
 - [Analytics-service](http://localhost:8084/api/analytics-service/swagger-ui/index.html)
 - [User-service](http://localhost:8083/api/user-service/swagger-ui/index.html)
@@ -81,21 +100,12 @@ Password: `changemelater`
 - [Transaction-service](http://localhost:8085/?pgsql=transaction-db&username=transaction_service&db=transaction_db&)
 - [Currency-service](http://localhost:8085/?pgsql=currency-db&username=currency_service&db=currency_db&)
 
+--- 
 
-### Grafana 
-http://localhost:3000/
-
-Username: `admin`
-Password: `admin`
-
-### Prometheus
-http://localhost:9090/
-
-### Entity relationship Diagram
-
+### Entity relationship diagram
 
 ![img_3.png](img_3.png)
 
-### System architecture
+### System architecture diagram
 
 ![img_4.png](img_4.png)
diff --git a/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/AccountDbo.java b/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/AccountDbo.java
index c5cf558..4ff9cbd 100644
--- a/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/AccountDbo.java
+++ b/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/AccountDbo.java
@@ -4,12 +4,7 @@ import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.Id;
 import jakarta.persistence.Table;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.NoArgsConstructor;
-import lombok.Setter;
+import lombok.*;
 
 @Entity
 @Builder
@@ -27,6 +22,8 @@ public class AccountDbo {
 	private String customerId;
 	@Column(name = "currency_code", nullable = false)
 	private String currencyCode;
+
+	@Builder.Default
 	@Column(name = "bank_account", nullable = false)
 	private boolean isBankAccount = false;
 }
diff --git a/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/TransactionDbo.java b/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/TransactionDbo.java
index 14157eb..bc676a7 100644
--- a/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/TransactionDbo.java
+++ b/transaction-service/src/main/java/cz/muni/fi/obs/data/dbo/TransactionDbo.java
@@ -1,24 +1,12 @@
 package cz.muni.fi.obs.data.dbo;
 
+import jakarta.persistence.*;
+import lombok.*;
+
 import java.math.BigDecimal;
 import java.time.Instant;
 import java.util.UUID;
 
-import jakarta.persistence.Column;
-import jakarta.persistence.Entity;
-import jakarta.persistence.EnumType;
-import jakarta.persistence.Enumerated;
-import jakarta.persistence.Id;
-import jakarta.persistence.JoinColumn;
-import jakarta.persistence.ManyToOne;
-import jakarta.persistence.Table;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.NoArgsConstructor;
-import lombok.Setter;
-
 @Entity
 @Builder
 @Setter
@@ -28,8 +16,9 @@ import lombok.Setter;
 @EqualsAndHashCode(of = "id")
 @Table(name = "transactions")
 public class TransactionDbo {
-	@Id
-	private String id = UUID.randomUUID().toString();
+	@Builder.Default
+	@Column(name = "transaction_time", updatable = false, nullable = false)
+	private final Instant transactionTime = Instant.now();
 	@Column(name = "conversion_rate")
 	private Double conversionRate;
 	@ManyToOne
@@ -46,9 +35,11 @@ public class TransactionDbo {
 	private String note;
 	@Column(name = "variable_symbol")
 	private String variableSymbol;
+	@Builder.Default
+	@Id
+	private String id = UUID.randomUUID().toString();
+	@Builder.Default
 	@Enumerated(EnumType.STRING)
 	@Column(name = "transaction_state", nullable = false)
 	private TransactionState transactionState = TransactionState.PENDING;
-	@Column(name = "transaction_time", updatable = false, nullable = false)
-	private final Instant transactionTime = Instant.now();
 }
diff --git a/user-service/src/main/java/cz/muni/fi/obs/controller/UserControllerAdvice.java b/user-service/src/main/java/cz/muni/fi/obs/controller/UserControllerAdvice.java
index eec87cc..cbd2d96 100644
--- a/user-service/src/main/java/cz/muni/fi/obs/controller/UserControllerAdvice.java
+++ b/user-service/src/main/java/cz/muni/fi/obs/controller/UserControllerAdvice.java
@@ -6,6 +6,7 @@ import cz.muni.fi.obs.api.ValidationErrors;
 import cz.muni.fi.obs.api.ValidationFailedResponse;
 import cz.muni.fi.obs.exceptions.ExternalServiceException;
 import cz.muni.fi.obs.exceptions.UserNotFoundException;
+import cz.muni.fi.obs.security.exceptions.AccessDeniedException;
 import feign.FeignException;
 import org.postgresql.util.PSQLException;
 import org.springframework.http.HttpStatus;
@@ -110,6 +111,11 @@ public class UserControllerAdvice {
         return new ResponseEntity<>(new ErrorResponse(ex.getMessage()), HttpStatus.INTERNAL_SERVER_ERROR);
     }
 
+    @ExceptionHandler(AccessDeniedException.class)
+    public ResponseEntity<ErrorResponse> handleAccessDeniedException(AccessDeniedException ex) {
+        return new ResponseEntity<>(new ErrorResponse(ex.getMessage()), HttpStatus.FORBIDDEN);
+    }
+
     @ExceptionHandler(FeignException.BadRequest.class)
     public ResponseEntity<String> handleBadRequestExceptions(FeignException.BadRequest ex) {
         return new ResponseEntity<>(ex.contentUTF8(), HttpStatus.BAD_REQUEST);
diff --git a/user-service/src/main/java/cz/muni/fi/obs/security/Security.java b/user-service/src/main/java/cz/muni/fi/obs/security/Security.java
index 525a5f1..499fc73 100644
--- a/user-service/src/main/java/cz/muni/fi/obs/security/Security.java
+++ b/user-service/src/main/java/cz/muni/fi/obs/security/Security.java
@@ -22,7 +22,7 @@ public class Security {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
         if (!authentication.getName().equals(oauthId)) {
-            throw new AccessDeniedException("You are not owner of this resource");
+            throw new AccessDeniedException("You are not owner of this account");
         }
     }
 
-- 
GitLab