From 0a6136fb5a5da9d0ddd68679f8499889d2f6b6e9 Mon Sep 17 00:00:00 2001
From: Raditss <raditya.naufal.a@gmail.com>
Date: Sun, 12 Nov 2023 22:48:06 +0700
Subject: [PATCH] api-key validation
---
db/toco_soap.sql | 157 +-----------------
pom.xml | 16 +-
.../java/org/toco/service/transaction.java | 56 +++++--
src/main/java/org/toco/service/userGems.java | 56 +++++--
4 files changed, 103 insertions(+), 182 deletions(-)
diff --git a/db/toco_soap.sql b/db/toco_soap.sql
index ec8391d..27b1a8b 100644
--- a/db/toco_soap.sql
+++ b/db/toco_soap.sql
@@ -15,155 +15,6 @@ CREATE TABLE `logging` (
`requested_at` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp()
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-
-INSERT INTO `logging` (`id`, `description`, `IP`, `endpoint`, `requested_at`) VALUES
-(1, '\"ini apa\"', '\"apaya\"', '\"ya\"', '2022-11-20 17:00:00'),
-(2, '\"ini apa\"', '\"127.0.0.1\"', '\"sokin\"', '2022-11-21 07:46:38'),
-(3, '\"aksjk\"', '\"kaskmksma\"', '\"maksmksma\"', '2022-11-22 14:42:47'),
-(4, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 08:54:00'),
-(5, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 09:09:40'),
-(6, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 11:11:04'),
-(7, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 11:11:08'),
-(8, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 11:11:42'),
-(9, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 11:59:32'),
-(10, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:04:19'),
-(11, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:04:19'),
-(12, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:04:26'),
-(13, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:04:35'),
-(14, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:04:36'),
-(15, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:04:52'),
-(16, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:04:57'),
-(17, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:05:08'),
-(18, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:05:08'),
-(19, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:06:21'),
-(20, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:06:21'),
-(21, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:10:23'),
-(22, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:10:25'),
-(23, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:10:27'),
-(24, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:10:33'),
-(25, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:10:41'),
-(26, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:10:44'),
-(27, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:10:45'),
-(28, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:10:45'),
-(29, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:11:43'),
-(30, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:11:49'),
-(31, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:11:49'),
-(32, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:12:23'),
-(33, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:12:26'),
-(34, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:12:47'),
-(35, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:13:01'),
-(36, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:13:03'),
-(37, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:13:06'),
-(38, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:13:29'),
-(39, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:13:48'),
-(40, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:14:17'),
-(41, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:14:17'),
-(42, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:14:18'),
-(43, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:15:03'),
-(44, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:15:03'),
-(45, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:15:56'),
-(46, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:16:27'),
-(47, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:16:30'),
-(48, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:16:34'),
-(49, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:16:40'),
-(50, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:16:48'),
-(51, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:16:53'),
-(52, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:17:00'),
-(53, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:17:12'),
-(54, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:17:18'),
-(55, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:17:32'),
-(56, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:17:44'),
-(57, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:17:51'),
-(58, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:17:51'),
-(59, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:18:07'),
-(60, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:18:08'),
-(61, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:18:08'),
-(62, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:18:15'),
-(63, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:18:16'),
-(64, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:18:16'),
-(65, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:18:41'),
-(66, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:18:42'),
-(67, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:18:43'),
-(68, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:19:13'),
-(69, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:19:20'),
-(70, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:19:32'),
-(71, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:19:35'),
-(72, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:19:40'),
-(73, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:19:42'),
-(74, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:19:45'),
-(75, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:19:48'),
-(76, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:21:32'),
-(77, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:21:44'),
-(78, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:22:29'),
-(79, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:22:50'),
-(80, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:22:50'),
-(81, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:23:17'),
-(82, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:23:18'),
-(83, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:23:18'),
-(84, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:34:16'),
-(85, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:34:16'),
-(86, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:34:53'),
-(87, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:35:05'),
-(88, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:35:24'),
-(89, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:35:24'),
-(90, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:14'),
-(91, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:15'),
-(92, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:17'),
-(93, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:17'),
-(94, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:19'),
-(95, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:19'),
-(96, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:36'),
-(97, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:36'),
-(98, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:49'),
-(99, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:49'),
-(100, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:52'),
-(101, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:36:52'),
-(102, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:37:02'),
-(103, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:37:10'),
-(104, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:37:14'),
-(105, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:37:14'),
-(106, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:37:16'),
-(107, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:37:16'),
-(108, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:37:50'),
-(109, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:38:36'),
-(110, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:38:36'),
-(111, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:38:49'),
-(112, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:38:49'),
-(113, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:38:53'),
-(114, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:38:58'),
-(115, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:38:58'),
-(116, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:44:05'),
-(117, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:44:05'),
-(118, 'add subscription', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:44:16'),
-(119, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:44:25'),
-(120, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:44:25'),
-(121, 'accept request', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:44:50'),
-(122, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:44:50'),
-(123, 'validate subscription', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:44:57'),
-(124, 'add subscription', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:45:06'),
-(125, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:45:14'),
-(126, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:45:14'),
-(127, 'reject request', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:45:19'),
-(128, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:45:19'),
-(129, 'add subscription', '127.0.0.1', '/Subscription_Service', '2022-12-01 12:48:58'),
-(130, 'validate subscription', '127.0.0.1', '/Subscription_Service', '2022-12-01 16:55:23'),
-(131, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 16:56:57'),
-(132, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-01 16:56:57'),
-(133, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:28:21'),
-(134, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:28:21'),
-(135, 'get subscriptions', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:30:04'),
-(136, 'add subscription', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:30:47'),
-(137, 'get subscriptions', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:30:47'),
-(138, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:31:16'),
-(139, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:31:16'),
-(140, 'accept request', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:31:35'),
-(141, 'getRequestList', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:31:35'),
-(142, 'get subscriptions', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:31:51'),
-(143, 'validate subscription', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:32:14'),
-(144, 'get subscriptions', '127.0.0.1', '/Subscription_Service', '2022-12-02 03:33:12');
-
-
-
CREATE TABLE `userGems` (
`uid` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int NOT NULL,
@@ -180,6 +31,14 @@ CREATE TABLE `transaction`(
PRIMARY KEY (`tid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+CREATE TABLE `api`(
+ api_id int(11) NOT NULL AUTO_INCREMENT,
+ api_key VARCHAR(255) NOT NULL,
+ service VARCHAR(255) NOT NULL,
+ PRIMARY KEY (`api_id`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+
diff --git a/pom.xml b/pom.xml
index a3e7389..1d2fd78 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,7 +38,21 @@
<artifactId>webservices-api</artifactId>
<version>4.0.2</version>
</dependency>
-
+ <dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.5-20081211</version>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jersey.containers</groupId>
+ <artifactId>jersey-container-servlet-core</artifactId>
+ <version>3.0.4</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-web</artifactId>
+ <version>6.0.13</version>
+ </dependency>
</dependencies>
diff --git a/src/main/java/org/toco/service/transaction.java b/src/main/java/org/toco/service/transaction.java
index 0f9e80f..295d3e5 100644
--- a/src/main/java/org/toco/service/transaction.java
+++ b/src/main/java/org/toco/service/transaction.java
@@ -22,29 +22,37 @@ public class transaction {
@WebMethod
public void createTransaction(Integer user_id, Integer amount, String image) {
-// if the amount is higher than user gem then its rejected if the amount is lower then the status is accepted
- userGems_model userGemsModel = new userGems_model();
- Integer userGems = userGemsModel.getUserGems(user_id);
- if(userGems >= amount){
- userGemsModel.update(new userGems_Entity(user_id, userGems - amount));
- transaction_model transactionModel = new transaction_model();
- transactionModel.insert(new transaction_entity(user_id, amount, image, "accepted"));
- addLoggging("User with id " + user_id + " created a transaction with amount " + amount + " and description ACCEPTED");
+ if (validateApiKey()){
+ userGems_model userGemsModel = new userGems_model();
+ Integer userGems = userGemsModel.getUserGems(user_id);
+ if (userGems >= amount) {
+ userGemsModel.update(new userGems_Entity(user_id, userGems - amount));
+ transaction_model transactionModel = new transaction_model();
+ transactionModel.insert(new transaction_entity(user_id, amount, image, "accepted"));
+ addLoggging("User with id " + user_id + " created a transaction with amount " + amount + " and description ACCEPTED");
+ } else {
+ transaction_model transactionModel = new transaction_model();
+ transactionModel.insert(new transaction_entity(user_id, amount, image, "rejected"));
+ addLoggging("User with id " + user_id + " created a transaction with amount " + amount + " and description REJECTED");
+ }
}
- else{
- transaction_model transactionModel = new transaction_model();
- transactionModel.insert(new transaction_entity(user_id, amount, image, "rejected"));
- addLoggging("User with id " + user_id + " created a transaction with amount " + amount + " and description REJECTED");
+ else {
+ addLoggging("User with id " + user_id + " tried to create a transaction with amount " + amount + " but failed because of invalid api key");
}
}
-// get all transactions a user does
@WebMethod
public transaction_entity[] getTransactions(Integer user_id) {
- transaction_model transactionModel = new transaction_model();
- transaction_entity[] transactions = transactionModel.getTransaction(user_id);
- addLoggging("User with id " + user_id + " requested his transactions");
- return transactions;
+ if(validateApiKey()){
+ transaction_model transactionModel = new transaction_model();
+ transaction_entity[] transactions = transactionModel.getTransaction(user_id);
+ addLoggging("User with id " + user_id + " requested his transactions");
+ return transactions;
+ }
+ else {
+ addLoggging("User with id " + user_id + " tried to get his transactions but failed because of invalid api key");
+ return null;
+ }
}
@@ -61,4 +69,18 @@ public class transaction {
logging_service.addLogging(description, ip, endpoint);
}
+ public Boolean validateApiKey() {
+ String[] API_KEYS = { "toco_rest", "Postman", "toco_php"};
+ MessageContext mc = wsctx.getMessageContext();
+ HttpExchange exchange = (HttpExchange) mc.get("com.sun.xml.ws.http.exchange");
+ String apiKey = exchange.getRequestHeaders().getFirst("X-API-KEY");
+ if (apiKey == null) {
+ return false;
+ } else if (apiKey.equals(API_KEYS[0]) || apiKey.equals(API_KEYS[1]) || apiKey.equals(API_KEYS[2])) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
}
diff --git a/src/main/java/org/toco/service/userGems.java b/src/main/java/org/toco/service/userGems.java
index 114076f..52a7ccf 100644
--- a/src/main/java/org/toco/service/userGems.java
+++ b/src/main/java/org/toco/service/userGems.java
@@ -4,6 +4,7 @@ import org.toco.model.*;
import org.toco.entity.*;
+
import javax.jws.WebService;
import javax.jws.WebMethod;
import javax.annotation.Resource;
@@ -22,29 +23,40 @@ public class userGems {
@Resource
WebServiceContext wsctx;
+
+
@WebMethod
public void addGems(Integer user_id, Integer gem) {
- userGems_Entity userGems = new userGems_Entity(user_id, gem);
- userGems_model userGemsModel = new userGems_model();
-// check if the user already exists add the gem to his gems if user doesnt exist create new user
- if(userGemsModel.checkUser(user_id)){
- Integer currentGems = userGemsModel.getUserGems(user_id);
- userGems.setGem(currentGems + gem);
- userGemsModel.update(userGems);
- addLoggging("User with id " + user_id + " added " + gem + " gems");
+ if (validateApiKey()){
+ userGems_Entity userGems = new userGems_Entity(user_id, gem);
+ userGems_model userGemsModel = new userGems_model();
+ if (userGemsModel.checkUser(user_id)) {
+ Integer currentGems = userGemsModel.getUserGems(user_id);
+ userGems.setGem(currentGems + gem);
+ userGemsModel.update(userGems);
+ addLoggging("User with id " + user_id + " added " + gem + " gems");
+ } else {
+ userGemsModel.insert(userGems);
+ addLoggging("User with id " + user_id + " added " + gem + " gems");
+ }
}
- else{
- userGemsModel.insert(userGems);
- addLoggging("User with id " + user_id + " added " + gem + " gems");
+ else {
+ addLoggging("User with id " + user_id + " tried to add " + gem + " gems but failed because of invalid api key");
}
}
@WebMethod
public Integer getGems(Integer user_id) {
- userGems_model userGemsModel = new userGems_model();
- Integer gems = userGemsModel.getUserGems(user_id);
- addLoggging("User with id " + user_id + " requested his gems");
- return gems;
+ if(validateApiKey()){
+ userGems_model userGemsModel = new userGems_model();
+ Integer gems = userGemsModel.getUserGems(user_id);
+ addLoggging("User with id " + user_id + " requested his gems");
+ return gems;
+ }
+ else {
+ addLoggging("User with id " + user_id + " tried to get his gems but failed because of invalid api key");
+ return -1;
+ }
}
public void addLoggging(String description) {
@@ -58,5 +70,19 @@ public class userGems {
logging_service.addLogging(description, ip, endpoint);
}
+ public Boolean validateApiKey() {
+ String[] API_KEYS = { "toco_rest", "Postman", "toco_php"};
+ MessageContext mc = wsctx.getMessageContext();
+ HttpExchange exchange = (HttpExchange) mc.get("com.sun.xml.ws.http.exchange");
+ String apiKey = exchange.getRequestHeaders().getFirst("X-API-KEY");
+ if (apiKey == null) {
+ return false;
+ } else if (apiKey.equals(API_KEYS[0]) || apiKey.equals(API_KEYS[1]) || apiKey.equals(API_KEYS[2])) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
}
--
GitLab