encrypt password

pom.xml

@@ -32,6 +32,11 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-validation</artifactId>
 		</dependency>
+		<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-crypto -->
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-crypto</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>com.mysql</groupId>
 			<artifactId>mysql-connector-j</artifactId>

src/main/java/com/devteria/identityservice/controller/AuthenticationController.java

+package com.devteria.identityservice.controller;
+
+import com.devteria.identityservice.dto.request.ApiResponse;
+import com.devteria.identityservice.dto.request.AuthenticationRequest;
+import com.devteria.identityservice.dto.response.AuthenticationResponse;
+import com.devteria.identityservice.service.AuthenticationService;
+import lombok.AccessLevel;
+import lombok.RequiredArgsConstructor;
+import lombok.experimental.FieldDefaults;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/auth")
+@RequiredArgsConstructor
+@FieldDefaults(level = AccessLevel.PRIVATE, makeFinal = true)
+public class AuthenticationController {
+    AuthenticationService authenticationService;
+
+    @PostMapping("/log-in")
+    ApiResponse<AuthenticationResponse> authenticate(@RequestBody AuthenticationRequest request){
+        boolean result = authenticationService.authenticate(request);
+        return ApiResponse.<AuthenticationResponse>builder()
+                .result(AuthenticationResponse.builder()
+                        .authenticated(result)
+                        .build())
+                .build();
+    }
+}

src/main/java/com/devteria/identityservice/controller/UserController.java

@@ -22,31 +22,37 @@ public class UserController {
 
     @PostMapping
     ApiResponse<UserResponse> createUser(@RequestBody @Valid UserCreationRequest request){
-        ApiResponse<UserResponse> apiResponse = new ApiResponse<>();
-
-        apiResponse.setResult(userService.createUser(request));
-
-        return apiResponse;
+        return ApiResponse.<UserResponse>builder()
+                .result(userService.createUser(request))
+                .build();
     }
 
     @GetMapping
-    List<UserResponse> getUsers(){
-        return userService.getUsers();
+    ApiResponse<List<UserResponse>> getUsers(){
+        return ApiResponse.<List<UserResponse>>builder()
+                .result(userService.getUsers())
+                .build();
     }
 
     @GetMapping("/{userId}")
-    UserResponse getUser(@PathVariable("userId") String userId){
-        return userService.getUser(userId);
+    ApiResponse<UserResponse> getUser(@PathVariable("userId") String userId){
+        return ApiResponse.<UserResponse>builder()
+                .result(userService.getUser(userId))
+                .build();
     }
 
     @PutMapping("/{userId}")
-    UserResponse updateUser(@PathVariable String userId, @RequestBody UserUpdateRequest request){
-        return userService.updateUser(userId, request);
+    ApiResponse<UserResponse> updateUser(@PathVariable String userId, @RequestBody UserUpdateRequest request){
+        return ApiResponse.<UserResponse>builder()
+                .result(userService.updateUser(userId, request))
+                .build();
     }
 
     @DeleteMapping("/{userId}")
-    String deleteUser(@PathVariable String userId){
+    ApiResponse<String> deleteUser(@PathVariable String userId){
         userService.deleteUser(userId);
-        return "User has been deleted";
+        return ApiResponse.<String>builder()
+                .result("User has been deleted")
+                .build();
     }
 }

src/main/java/com/devteria/identityservice/dto/request/ApiResponse.java

@@ -11,6 +11,7 @@ import lombok.experimental.FieldDefaults;
 @FieldDefaults(level = AccessLevel.PRIVATE)
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public class ApiResponse <T> {
+    @Builder.Default
     private int code = 1000;
     private String message;
     private T result;

src/main/java/com/devteria/identityservice/dto/request/AuthenticationRequest.java

+package com.devteria.identityservice.dto.request;
+
+import lombok.*;
+import lombok.experimental.FieldDefaults;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+@FieldDefaults(level = AccessLevel.PRIVATE)
+public class AuthenticationRequest {
+    String username;
+    String password;
+}

src/main/java/com/devteria/identityservice/dto/response/AuthenticationResponse.java

+package com.devteria.identityservice.dto.response;
+
+import lombok.*;
+import lombok.experimental.FieldDefaults;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+@FieldDefaults(level = AccessLevel.PRIVATE)
+public class AuthenticationResponse {
+    boolean authenticated;
+}

src/main/java/com/devteria/identityservice/exception/ErrorCode.java

@@ -5,7 +5,8 @@ public enum ErrorCode {
     INVALID_KEY(1001, "Uncategorized error"),
     USER_EXISTED(1002, "User existed"),
     USERNAME_INVALID(1003, "Username must be at least 3 characters"),
-    INVALID_PASSWORD(1004, "Password must be at least 8 characters")
+    INVALID_PASSWORD(1004, "Password must be at least 8 characters"),
+    USER_NOT_EXISTED(1005, "User not existed"),
     ;
 
     ErrorCode(int code, String message) {

src/main/java/com/devteria/identityservice/repository/UserRepository.java

@@ -4,7 +4,10 @@ import com.devteria.identityservice.entity.User;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
+import java.util.Optional;
+
 @Repository
 public interface UserRepository extends JpaRepository<User, String> {
     boolean existsByUsername(String username);
+    Optional<User> findByUsername(String username);
 }

src/main/java/com/devteria/identityservice/service/AuthenticationService.java

+package com.devteria.identityservice.service;
+
+import com.devteria.identityservice.dto.request.AuthenticationRequest;
+import com.devteria.identityservice.exception.AppException;
+import com.devteria.identityservice.exception.ErrorCode;
+import com.devteria.identityservice.repository.UserRepository;
+import lombok.AccessLevel;
+import lombok.RequiredArgsConstructor;
+import lombok.experimental.FieldDefaults;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+@FieldDefaults(level = AccessLevel.PRIVATE, makeFinal = true)
+public class AuthenticationService {
+    UserRepository userRepository;
+
+    public boolean authenticate(AuthenticationRequest request){
+        var user = userRepository.findByUsername(request.getUsername())
+                .orElseThrow(() -> new AppException(ErrorCode.USER_NOT_EXISTED));
+
+        PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(10);
+        return passwordEncoder.matches(request.getPassword(), user.getPassword());
+    }
+}

src/main/java/com/devteria/identityservice/service/UserService.java

@@ -11,6 +11,8 @@ import com.devteria.identityservice.repository.UserRepository;
 import lombok.AccessLevel;
 import lombok.RequiredArgsConstructor;
 import lombok.experimental.FieldDefaults;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
@@ -27,6 +29,8 @@ public class UserService {
             throw new AppException(ErrorCode.USER_EXISTED);
 
         User user = userMapper.toUser(request);
+        PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(10);
+        user.setPassword(passwordEncoder.encode(request.getPassword()));
 
         return userMapper.toUserResponse(userRepository.save(user));
     }

src/test/java/com/devteria/identityservice/IdentityServiceApplicationTests.java

 package com.devteria.identityservice;
 
+import jakarta.xml.bind.DatatypeConverter;
+import lombok.extern.slf4j.Slf4j;
 import org.junit.jupiter.api.Test;
-import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
-@SpringBootTest
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+@Slf4j
 class IdentityServiceApplicationTests {
 
 	@Test
-	void contextLoads() {
-	}
+	void hash() throws NoSuchAlgorithmException {
+		String password = "123456";
+
+		MessageDigest md = MessageDigest.getInstance("MD5");
+		md.update(password.getBytes());
+
+		byte[] digest = md.digest();
+		String md5Hash = DatatypeConverter.printHexBinary(digest);
+
+		log.info("MD5 round 1: {}", md5Hash);
 
+		md.update(password.getBytes());
+		digest = md.digest();
+		md5Hash = DatatypeConverter.printHexBinary(digest);
+
+		log.info("MD5 round 2: {}", md5Hash);
+
+		PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(10);
+
+		log.info("BCrypt round 1: {}", passwordEncoder.encode(password));
+		log.info("BCrypt round 2: {}", passwordEncoder.encode(password));
+	}
 }