diff --git a/src/main/java/net/dancier/dancer/core/events/ApplicationEventListener.java b/src/main/java/net/dancier/dancer/core/events/ApplicationEventListener.java index da571f5..6d144b8 100644 --- a/src/main/java/net/dancier/dancer/core/events/ApplicationEventListener.java +++ b/src/main/java/net/dancier/dancer/core/events/ApplicationEventListener.java @@ -1,14 +1,11 @@ package net.dancier.dancer.core.events; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; import jakarta.transaction.Transactional; import lombok.RequiredArgsConstructor; import net.dancier.dancer.core.ScheduleMessagePort; import net.dancier.dancer.eventlog.service.EventlogService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.context.ApplicationContextException; import org.springframework.context.event.EventListener; import org.springframework.stereotype.Component; @@ -20,7 +17,7 @@ public class ApplicationEventListener { public static final Logger log = LoggerFactory.getLogger(ApplicationEventListener.class); - private static final URI FRONTEND_SOURCE = URI.create("http://dancier.net"); + public static final URI FRONTEND_SOURCE = URI.create("http://dancier.net"); private static final URI BACKEND_SOURCE = URI.create("http://dancer.dancier.net"); private final EventlogService eventlogService; @@ -29,8 +26,6 @@ public class ApplicationEventListener { private final ScheduleMessagePort scheduleMessagePort; - private final ObjectMapper objectMapper; - @EventListener @Transactional public void handle(ProfileUpdatedEvent profileUpdatedEvent) { @@ -44,7 +39,5 @@ public void handle(ProfileUpdatedEvent profileUpdatedEvent) { profileUpdatedEvent.getDancer().getId().toString(), BACKEND_SOURCE, "profile-updated"); - } - } diff --git a/src/main/java/net/dancier/dancer/eventlog/service/EventlogService.java b/src/main/java/net/dancier/dancer/eventlog/service/EventlogService.java index 64604e2..8a827ad 100644 --- a/src/main/java/net/dancier/dancer/eventlog/service/EventlogService.java +++ b/src/main/java/net/dancier/dancer/eventlog/service/EventlogService.java @@ -5,7 +5,9 @@ import lombok.Getter; import lombok.RequiredArgsConstructor; import net.dancier.dancer.authentication.model.Role; +import net.dancier.dancer.core.ScheduleMessagePort; import net.dancier.dancer.core.exception.ApplicationException; +import net.dancier.dancer.core.exception.BusinessException; import net.dancier.dancer.eventlog.model.Eventlog; import net.dancier.dancer.eventlog.repository.EventlogDAO; import org.slf4j.Logger; @@ -16,6 +18,9 @@ import java.time.Instant; import java.util.Set; import java.util.UUID; +import java.util.stream.Collectors; + +import static net.dancier.dancer.core.events.ApplicationEventListener.FRONTEND_SOURCE; @Service @RequiredArgsConstructor @@ -25,6 +30,7 @@ public class EventlogService { private final EventlogDAO eventlogDAO; + private final ScheduleMessagePort scheduleMessagePort; private final static Set DEFAULT_AUTHENTICATED = Set.of("ROLE_USER", "ROLE_ADMIN"); private final static Set AT_LEAST_HUMAN = Set.of("ROLE_HUMAN", "ROLE_USER", "ROLE_ADMIN"); private final static Set NO_SPECIAL_ROLE_NEEDED = Set.of(); @@ -33,7 +39,7 @@ public class EventlogService { EventlogConfig.of("navigated_to_page", NO_SPECIAL_ROLE_NEEDED), EventlogConfig.of("human_session_created", AT_LEAST_HUMAN), EventlogConfig.of("contact_message_sent", AT_LEAST_HUMAN), - EventlogConfig.of("profile_updated", DEFAULT_AUTHENTICATED) // will not go over the eventlog stuff in the future... + EventlogConfig.of("profile-updated", DEFAULT_AUTHENTICATED) // will not go over the eventlog stuff in the future... ); public void appendNew(Eventlog eventlog) { @@ -46,15 +52,37 @@ public void appendNew(Eventlog eventlog) { } catch (SQLException sqlException) { throw new ApplicationException("Unable to create new Eventlog-Entry.", sqlException); } + scheduleMessagePort.schedule( + eventlog, + eventlog.getId().toString(), + FRONTEND_SOURCE, + eventlog.getTopic()); } private void validateTopic(Eventlog eventlog) { String topic = eventlog.getTopic(); log.info("Validating Topic: {}", eventlog.getTopic()); + if (!allowedEvents.stream() + .map(EventlogConfig::getName) + .collect(Collectors.toSet()) + .contains(topic)) { + throw new BusinessException("this eventlog topic is not allowed at all: " + topic); + } + } private void authorize(Eventlog eventlog) { String topic = eventlog.getTopic(); + Set usedRoles = eventlog.getRoles(); + Set neededRoles = allowedEvents + .stream() + .filter(eventlogConfig -> eventlogConfig.name.equals(topic)) + .flatMap(eventlogConfig -> eventlogConfig.neededRoles.stream()) + .collect(Collectors.toSet()); log.info("Authorizing eventlog request: {}", topic); + Boolean authorized = usedRoles.stream().anyMatch(usedRole -> neededRoles.contains(usedRole)); + if (!authorized) { + throw new BusinessException("We got this roles: " + usedRoles + " but needed this:" + neededRoles); + } } @AllArgsConstructor(access = AccessLevel.PRIVATE)