Added basic password validation

2025-08-17 16:34:25 -04:00
parent d993f31329
commit 31195f678f
1 changed files with 18 additions and 12 deletions
--- a/src/main/kotlin/routes/LoginRoutes.kt
+++ b/src/main/kotlin/routes/LoginRoutes.kt
@@ -1,6 +1,8 @@
 package codes.kalar.routes

+import codes.kalar.exception.DbElementNotFoundException
 import codes.kalar.model.User
+import codes.kalar.service.PatronService
 import com.auth0.jwt.JWT
 import com.auth0.jwt.algorithms.Algorithm
 import io.ktor.http.HttpStatusCode
@@ -9,14 +11,16 @@ import io.ktor.server.request.receive
 import io.ktor.server.response.respond
 import io.ktor.server.routing.post
 import io.ktor.server.routing.routing
+import java.sql.Connection
 import java.util.Date

-fun Application.configureLoginRoutes() {
+fun Application.configureLoginRoutes(dbConnection: Connection) {
    val secret = environment.config.property("jwt.secret").getString()
    val issuer = environment.config.property("jwt.issuer").getString()
    val audience = environment.config.property("jwt.audience").getString()
    val myRealm = environment.config.property("jwt.realm").getString()

+    val patronService = PatronService(dbConnection)
    routing {
        post("/login") {
            try {
@@ -24,17 +28,19 @@ fun Application.configureLoginRoutes() {
                val name = user.name
                val password = user.password

-                // TODO Check is username exists and password matches
-
-                val token = JWT.create()
-                    .withAudience(audience)
-                    .withIssuer(issuer)
-                    .withClaim("name", name)
-                    .withExpiresAt(Date(System.currentTimeMillis() + 160000))
-                    .sign(Algorithm.HMAC256(secret))
-                call.respond(hashMapOf("token" to token))
-            } catch (e: Exception) {
-                call.respond(HttpStatusCode.BadRequest, e.message ?: "Something went wrong")
+                if (patronService.loginPatronByLoginUsername(name, password)) {
+                    val token = JWT.create()
+                        .withAudience(audience)
+                        .withIssuer(issuer)
+                        .withClaim("name", name)
+                        .withExpiresAt(Date(System.currentTimeMillis() + 160000))
+                        .sign(Algorithm.HMAC256(secret))
+                    call.respond(hashMapOf("token" to token))
+                } else {
+                    call.respond(HttpStatusCode.Unauthorized, "Invalid login")
+                }
+            } catch (cause: DbElementNotFoundException) {
+                call.respond(HttpStatusCode.BadRequest, cause.message ?: "Something went wrong")
            }

        }