aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org/traccar/api/resource
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2022-08-02 19:16:11 -0700
committerAnton Tananaev <anton@traccar.org>2022-08-02 19:16:11 -0700
commitab6970135850655313e257cf44fb68c67e9f1e80 (patch)
tree2327f3d05816fd7431b7a08aad4830041f2e3131 /src/main/java/org/traccar/api/resource
parent057262001dd933738fc070a57d51dc57518aa57b (diff)
downloadtrackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.gz
trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.bz2
trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.zip
New API token system
Diffstat (limited to 'src/main/java/org/traccar/api/resource')
-rw-r--r--src/main/java/org/traccar/api/resource/SessionResource.java30
1 files changed, 24 insertions, 6 deletions
diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index 8eabdc63c..f70b67cde 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2015 - 2021 Anton Tananaev (anton@traccar.org)
+ * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@ package org.traccar.api.resource;
import org.traccar.api.BaseResource;
import org.traccar.api.security.LoginService;
+import org.traccar.api.signature.TokenManager;
import org.traccar.helper.DataConverter;
import org.traccar.helper.ServletHelper;
import org.traccar.helper.LogAction;
@@ -40,12 +41,16 @@ import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import java.io.UnsupportedEncodingException;
+import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
+import java.security.GeneralSecurityException;
+import java.util.Date;
+import java.util.concurrent.TimeUnit;
@Path("session")
@Produces(MediaType.APPLICATION_JSON)
@@ -59,12 +64,15 @@ public class SessionResource extends BaseResource {
@Inject
private LoginService loginService;
- @javax.ws.rs.core.Context
+ @Inject
+ private TokenManager tokenManager;
+
+ @Context
private HttpServletRequest request;
@PermitAll
@GET
- public User get(@QueryParam("token") String token) throws StorageException, UnsupportedEncodingException {
+ public User get(@QueryParam("token") String token) throws StorageException, IOException, GeneralSecurityException {
if (token != null) {
User user = loginService.login(token);
@@ -84,11 +92,11 @@ public class SessionResource extends BaseResource {
for (Cookie cookie : cookies) {
if (cookie.getName().equals(USER_COOKIE_KEY)) {
byte[] emailBytes = DataConverter.parseBase64(
- URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII.name()));
+ URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII));
email = new String(emailBytes, StandardCharsets.UTF_8);
} else if (cookie.getName().equals(PASS_COOKIE_KEY)) {
byte[] passwordBytes = DataConverter.parseBase64(
- URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII.name()));
+ URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII));
password = new String(passwordBytes, StandardCharsets.UTF_8);
}
}
@@ -144,4 +152,14 @@ public class SessionResource extends BaseResource {
return Response.noContent().build();
}
+ @Path("token")
+ @POST
+ public String requestToken(
+ @FormParam("expiration") Date expiration) throws StorageException, GeneralSecurityException, IOException {
+ if (expiration == null) {
+ expiration = new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(7));
+ }
+ return tokenManager.generateToken(getUserId(), expiration);
+ }
+
}