GameCreate request

- use HTTP POST request
- diable CSRF on server
This commit is contained in:
djmil 2023-10-29 21:45:48 +01:00
parent 7d4aaf10df
commit 3d9dbd2683
3 changed files with 65 additions and 28 deletions

View File

@ -2,9 +2,11 @@ package djmil.cordacheckers;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
@ -15,4 +17,22 @@ public class SecurityConfig {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.and()
.httpBasic();
http.csrf().disable();
// GiteaIssue #2: Enable CSRF
// .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
return http.build();
}
}

View File

@ -1,12 +1,10 @@
package djmil.cordacheckers.api;
import java.net.URI;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
@ -24,7 +22,6 @@ import djmil.cordacheckers.cordaclient.dao.flow.arguments.ReqGameProposalCreate;
import djmil.cordacheckers.user.HoldingIdentityResolver;
import djmil.cordacheckers.user.User;
@RestController
@RequestMapping("api/gameproposal")
public class GameProposalController {
@ -36,32 +33,31 @@ public class GameProposalController {
HoldingIdentityResolver holdingIdentityResolver;
@PostMapping()
public ResponseEntity<Void> createGameProposal(
public ResponseEntity<GameView> createGameProposal(
@AuthenticationPrincipal User sender,
@RequestBody ReqGameProposalCreate gpRequest,
UriComponentsBuilder ucb
) throws JsonMappingException, JsonProcessingException {
UriComponentsBuilder ucb) throws JsonMappingException, JsonProcessingException {
final HoldingIdentity gpSender = sender.getHoldingIdentity();
// TODO: throw execption with custom type
final HoldingIdentity gpReceiver = holdingIdentityResolver.getByUsername(gpRequest.opponentName());
final Stone.Color gpReceiverColor = gpRequest.opponentColor();
// TODO handle expectionns here
// GiteaIssue #4: Exception handling
GameView gameStateView = cordaClient.gameProposalCreate(
gpSender,
gpReceiver,
gpReceiverColor,
gpRequest.message()
);
// gpRequest.board() // GireaIssue #3: use provided board configuration
gpRequest.message());
URI locationOfNewGameProposal = ucb
.path("api/gameproposal/{id}")
.buildAndExpand(gameStateView)
.buildAndExpand(gameStateView.uuid())
.toUri();
return ResponseEntity
.created(locationOfNewGameProposal)
.build();
.body(gameStateView);
}
}

View File

@ -14,7 +14,11 @@ export default function Create() {
return alert("You must be one of the players");
const request = ctx.get_GameProposalRequest()
console.log("TODO: send GameCreateRequest to the server!", request)
postData("/api/gameproposal", request)
.then((responce) => {
console.log("responce", responce); // JSON data parsed by `data.json()` call
});
}
return (
@ -75,3 +79,20 @@ function get_Opponent(isCurrentUser, whitePlayerName, blackPlayerName) {
return ['', '']
}
async function postData(url = "", data = {}) {
console.log("POST", url, data)
const response = await fetch(url, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(data), // body data type must match "Content-Type" header
});
if (response.ok)
return response.json()// parses JSON response into native JavaScript objects
console.log("recponce", response)
return {}
}