GameCreate request

- use HTTP POST request - diable CSRF on server
2023-10-29 21:45:48 +01:00 · 2023-10-29 21:45:48 +01:00 · 3d9dbd2683
commit 3d9dbd2683
parent 7d4aaf10df
3 changed files with 65 additions and 28 deletions
--- a/backend/src/main/java/djmil/cordacheckers/SecurityConfig.java
+++ b/backend/src/main/java/djmil/cordacheckers/SecurityConfig.java
@ -2,9 +2,11 @@ package djmil.cordacheckers;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
@ -15,4 +17,22 @@ public class SecurityConfig {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

+    @Bean
+    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .formLogin()
+                .and()
+                .httpBasic();
+
+        http.csrf().disable();
+        // GiteaIssue #2: Enable CSRF
+        // .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
+
+        return http.build();
+    }
+
 }
--- a/backend/src/main/java/djmil/cordacheckers/api/GameProposalController.java
+++ b/backend/src/main/java/djmil/cordacheckers/api/GameProposalController.java
@ -1,12 +1,10 @@
 package djmil.cordacheckers.api;

 import java.net.URI;
-import java.util.List;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
-import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@ -24,7 +22,6 @@ import djmil.cordacheckers.cordaclient.dao.flow.arguments.ReqGameProposalCreate;
 import djmil.cordacheckers.user.HoldingIdentityResolver;
 import djmil.cordacheckers.user.User;

-
@RestController
@RequestMapping("api/gameproposal")
 public class GameProposalController {
@ -36,32 +33,31 @@ public class GameProposalController {
    HoldingIdentityResolver holdingIdentityResolver;

    @PostMapping()
-    public ResponseEntity<Void> createGameProposal(
-        @AuthenticationPrincipal User sender,
-        @RequestBody ReqGameProposalCreate gpRequest,
-        UriComponentsBuilder ucb
-    ) throws JsonMappingException, JsonProcessingException {
+    public ResponseEntity<GameView> createGameProposal(
+            @AuthenticationPrincipal User sender,
+            @RequestBody ReqGameProposalCreate gpRequest,
+            UriComponentsBuilder ucb) throws JsonMappingException, JsonProcessingException {
+
        final HoldingIdentity gpSender = sender.getHoldingIdentity();
-        // TODO: throw execption with custom type
        final HoldingIdentity gpReceiver = holdingIdentityResolver.getByUsername(gpRequest.opponentName());
        final Stone.Color gpReceiverColor = gpRequest.opponentColor();

-        // TODO handle expectionns here
+        // GiteaIssue #4: Exception handling
        GameView gameStateView = cordaClient.gameProposalCreate(
-            gpSender,
-            gpReceiver,
-            gpReceiverColor,
-            gpRequest.message()
-        );
+                gpSender,
+                gpReceiver,
+                gpReceiverColor,
+                // gpRequest.board() // GireaIssue #3: use provided board configuration
+                gpRequest.message());

        URI locationOfNewGameProposal = ucb
-            .path("api/gameproposal/{id}")
-            .buildAndExpand(gameStateView)
-            .toUri();
+                .path("api/gameproposal/{id}")
+                .buildAndExpand(gameStateView.uuid())
+                .toUri();

        return ResponseEntity
-            .created(locationOfNewGameProposal)
-            .build();
+                .created(locationOfNewGameProposal)
+                .body(gameStateView);
    }

 }
--- a/webapp/src/components/Game/GameAction/Create.jsx
+++ b/webapp/src/components/Game/GameAction/Create.jsx
@ -14,7 +14,11 @@ export default function Create() {
            return alert("You must be one of the players");

        const request = ctx.get_GameProposalRequest()
-        console.log("TODO: send GameCreateRequest to the server!", request)
+
+        postData("/api/gameproposal", request)
+            .then((responce) => {
+                console.log("responce", responce); // JSON data parsed by `data.json()` call
+            });
    }

    return (
@ -75,3 +79,20 @@ function get_Opponent(isCurrentUser, whitePlayerName, blackPlayerName) {
    return ['', '']
 }

+async function postData(url = "", data = {}) {
+    console.log("POST", url, data)
+    
+    const response = await fetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify(data), // body data type must match "Content-Type" header
+    });
+
+    if (response.ok)
+        return response.json()// parses JSON response into native JavaScript objects
+
+    console.log("recponce", response)
+    return {}
+}