Finish implementation of protected routes but passwords must still be encrypted

2025-12-05 08:54:45 +01:00
parent 46b5e6d1e2
commit 1b0fd5f840
2 changed files with 16 additions and 12 deletions
--- a/assets/pages/index.html
+++ b/assets/pages/index.html
@@ -32,6 +32,18 @@

 <script>

+    function redirectToProtectedRoute(route) {
+        let data = JSON.parse(localStorage.getItem("creds"));
+
+        fetch(route, {
+            headers: {
+                "Authorization": `Basic ${data.username}:${data.password}`
+            }
+        })
+            .then(r => r.text())
+            .then(html => document.body.innerHTML = html);
+    }
+
    let btn = document.getElementById("connect-button");
    btn.addEventListener("click", async () => {
        let username = document.getElementById("username-field").value;
@@ -50,7 +62,8 @@
            body: JSON.stringify(data)})
            .then(response => {
                if(response.ok) {
-                    window.location.href = "/payment";
+                    localStorage.setItem("creds", JSON.stringify(data));
+                    redirectToProtectedRoute("/payment");
                } else {
                    throw new Error("Authentication request failed")
                }
--- a/src/main/java/httpsServer/httpServer/src/interceptors/RequestInterceptor.java
+++ b/src/main/java/httpsServer/httpServer/src/interceptors/RequestInterceptor.java
@@ -5,28 +5,20 @@ import com.sun.net.httpserver.HttpExchange;
 import httpsServer.httpServer.src.annotations.AllowedVerb;
 import httpsServer.httpServer.src.annotations.OnlyAuthorizedClients;
 import httpsServer.httpServer.src.authorization.AuthorizedClients;
-import httpsServer.httpServer.src.authorization.Client;
 import httpsServer.httpServer.src.exceptions.NoSuchVerbException;
 import httpsServer.httpServer.src.exceptions.ClientAuthorisationException;

-import java.io.BufferedReader;
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
 import java.lang.reflect.*;
-import java.nio.Buffer;
-import java.nio.charset.StandardCharsets;
 import java.util.Base64;

 public class RequestInterceptor implements InvocationHandler {

    private final AuthorizedClients authorizedClients;
-    private final ObjectMapper mapper;
    private final Object target;

    public RequestInterceptor(Object target) {
        authorizedClients = new AuthorizedClients();
-        mapper = new ObjectMapper();
        this.target = target;
    }

@@ -71,9 +63,8 @@ public class RequestInterceptor implements InvocationHandler {
            throw new ClientAuthorisationException("Unable to read body");
        }

-        String base64Credentials = authHeader.substring("Basic ".length());
-        String credentials = new String(Base64.getDecoder().decode(base64Credentials));
-        String[] values = credentials.split(":", 1);
+        String credentials = authHeader.substring("Basic ".length());
+        String[] values = credentials.split(":", 2);
        String username = values[0];
        String password = values[1];