Ajout de l'API Rest

WEB-INF/src/controleurs/APIRest.java

+package controleurs;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import dao.FilDAO;
+import dao.MessageDAO;
+import dao.UtilisateurDAO;
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.*;
+import jakarta.servlet.annotation.WebServlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.nio.charset.StandardCharsets;
+import java.util.*;
+import java.util.Base64;
+
+import dto.Fil;
+import dto.Message;
+import dto.Utilisateur;
+
+
+@WebServlet("/filUser")
+public class APIRest extends HttpServlet {
+
+    private boolean verifToken(HttpServletRequest req){
+
+        String authorization = req.getHeader("Authorization");
+        if (authorization == null || !authorization.startsWith("Bearer")) {
+            return false;
+        }
+        System.out.println("Authorization Header: " + authorization);
+
+        String token = authorization.substring("Bearer".length()).trim();
+        try {
+            Claims claims = JwtManager.decodeJWT(token);
+            System.out.println("Token décodé : " + claims.toString());
+            System.out.println("Le login est : " + claims.getSubject());
+            req.setAttribute("login", claims.getSubject());
+            return true;
+        }catch (Exception e){
+            System.err.println("Token pas valide ! : " + e.getMessage());
+            return false;
+        }
+    }
+
+
+
+    public void doGet(HttpServletRequest req, HttpServletResponse res)
+            throws ServletException, IOException {
+        res.setContentType("application/json;charset=UTF-8");
+        PrintWriter out = res.getWriter();
+        if(!verifToken(req)){
+            res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            out.println("Erreur !! Le token n'est pas reconnu");
+        }else{
+            FilDAO filDAO = new FilDAO();
+            MessageDAO messageDAO = new MessageDAO();
+            UtilisateurDAO utilisateurDAO = new UtilisateurDAO();
+            out.println("La vérification à fonctionnée !! Le token existe");
+
+            res.setContentType("application/json;charset=UTF-8");
+            ObjectMapper objectMapper = new ObjectMapper();
+            String info = req.getPathInfo();
+            String login = (String) req.getAttribute("login");
+            int userId = utilisateurDAO.getUserIdByEmail(login);
+
+            Collection<Fil> fils = filDAO.getFilsByUser(userId);
+            List<Map<String, Object>> filsList = new ArrayList<>();
+
+            for (Fil fil : fils) {
+                List<Message> messages = messageDAO.getLastMessages(fil.getFid());
+                //  Construction du JSON
+                Map<String, Object> filData = new HashMap<>();
+                filData.put("id", fil.getFid());
+                filData.put("titre", fil.getTitre());
+
+                List<Map<String, Object>> messagesList = new ArrayList<>();
+                for (Message msg : messages) {
+                    Map<String, Object> msgData = new HashMap<>();
+                    msgData.put("id", msg.getMid());
+                    msgData.put("auteurId", msg.getUid());
+
+                    if (msg.isImage()) {
+                        //  Encodage en Base64 pour les images
+                        //msgData.put("message", Base64.getEncoder().encodeToString(msg.getMessageData()));
+                        Utilisateur user = utilisateurDAO.getUserById(msg.getUid());
+                        msgData.put("message", "Ceci est une image envoyé par " + user.getPrenom() + " " + user.getNom());
+                    } else {
+                        // Texte classique (UTF-8)
+                        msgData.put("message", new String(msg.getMessageData(), StandardCharsets.UTF_8));
+                    }
+
+                    msgData.put("is_image", msg.isImage());
+                    msgData.put("date", msg.getDateMessage().toString());
+
+                    messagesList.add(msgData);
+                }
+                filData.put("messages", messagesList);
+                filsList.add(filData);
+            }
+
+            String jsonstring = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(filsList); // Convertit la liste des fils en JSON
+            out.println(jsonstring); // Envoie la réponse en JSON au client
+            return;
+
+        }
+        out.close();
+    }
+}

WEB-INF/src/controleurs/JwtManager.java

+package controleurs;
+
+// code pompé ici : https://developer.okta.com/blog/2018/10/31/jwts-with-java
+// lui-même inspiré par : https://www.baeldung.com/java-json-web-tokens-jjwt
+// et sinon la doc : https://github.com/jwtk/jjwt/blob/master/README.md
+
+// et réadapté grace à https://www.appsdeveloperblog.com/add-and-validate-custom-claims-in-jwt/
+
+import java.nio.charset.StandardCharsets;
+import java.time.Instant;
+import java.util.Date;
+import java.util.UUID;
+
+import javax.crypto.SecretKey;
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.security.Keys;
+
+public class JwtManager {
+    // pour SHA256 : 256 bits mini
+    private static final String SECRET_KEY = "bachibouzoukbachibouzoukbachibouzoukbachibouzouk";
+
+    public static String createJWT(String login) {
+
+        byte[] keyBytes = SECRET_KEY.getBytes(StandardCharsets.UTF_8);
+        SecretKey signingKey = Keys.hmacShaKeyFor(keyBytes);
+
+        Instant now = Instant.now();
+        Instant expiration = now.plusSeconds(1200); // 20 mn
+        Date expDate = Date.from(expiration);
+
+        // Let's set the JWT Claims
+        String token = Jwts.builder()
+                .id(UUID.randomUUID().toString().replace("-", ""))
+                .issuedAt(Date.from(now))
+                .subject(login)
+                .issuer("tom.dequesnes.etu@univ-lille.fr")
+                .expiration(expDate)
+                .signWith(signingKey)
+                .compact();
+
+        return token;
+    }
+
+    public static Claims decodeJWT(String jwt) throws Exception {
+        // This line will throw an exception if it is not a signed JWS (as expected)
+
+        byte[] keyBytes = SECRET_KEY.getBytes(StandardCharsets.UTF_8);
+        SecretKey signingKey = Keys.hmacShaKeyFor(keyBytes);
+
+        JwtParser parser = Jwts.parser()
+                .verifyWith(signingKey)
+                .build();
+
+        Claims claims = parser.parseSignedClaims(jwt).getPayload();
+        return claims;
+    }
+
+    // Exemple de fonctionnement
+    public static void main(String args[]) {
+        System.out.println(JwtManager.SECRET_KEY);
+        String token = JwtManager.createJWT("Toto");
+        /*
+        try {
+            Thread.sleep(10000);
+        } catch (InterruptedException e) {
+            e.printStackTrace();
+        }
+        */
+        System.out.println(token);
+
+        Claims claims = null;
+        try {
+            claims = JwtManager.decodeJWT(token);
+        } catch (Exception e) {
+            System.out.println("jeton invalide " + e.getMessage());
+            System.exit(1);
+        }
+
+        System.out.println(claims.toString());
+    }
+}

WEB-INF/src/controleurs/UserInfo.java

@@ -27,6 +27,9 @@ public class UserInfo extends HttpServlet {
         req.setAttribute("nom", StringEscapeUtils.escapeHtml4(utilisateur.getNom()));
         req.setAttribute("prenom", StringEscapeUtils.escapeHtml4(utilisateur.getPrenom()));
 
+        String token = JwtManager.createJWT(utilisateur.getEmail());
+        req.setAttribute("token", token);
+
         req.getRequestDispatcher("user.jsp").forward(req, res);
     }
 

user.jsp

@@ -28,6 +28,10 @@
             <label for="mdp" class="form-label">Mot de passe</label>
             <input type="password" class="form-control" id="mdp" name="mdp">
         </div>
+        <div class="mb-3">
+            <label for="token" class="form-label">Token</label>
+            <input type="text" class="form-control" id="token" name="token" value=<%= request.getAttribute("token") %>>
+        </div>
         <button type="submit" class="btn btn-primary">Modifier mes infos</button>
     </form>
         <div class="mt-3">