UserController.java
package com.example.restapi.controller;
import com.example.restapi.model.Book;
import com.example.restapi.model.User;
import com.example.restapi.repository.UserRepository;
import com.example.restapi.service.UserService;
import io.swagger.v3.oas.annotations.Hidden;
import jakarta.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
@RestController
@RequestMapping("/api/users")
@Hidden // This will hide the entire UserController from Swagger
public class UserController {
private final UserService userService;
@Autowired
private UserRepository userRepository;
@Autowired
public UserController(UserService userService) {
this.userService = userService;
}
@GetMapping("/{id}")
public ResponseEntity<User> getUserById(@PathVariable Long id) {
Optional<User> user = userRepository.findById(id);
return user.map(ResponseEntity::ok)
.orElseGet(() -> ResponseEntity.status(HttpStatus.NOT_FOUND).body(null));
}
@GetMapping("/{username}")
public ResponseEntity<User> getUserByUsername(@PathVariable String username) {
Optional<User> user = userService.findByUsername(username);
return user.map(ResponseEntity::ok)
.orElseGet(() -> ResponseEntity.status(HttpStatus.NOT_FOUND).body(null));
}
@GetMapping
public List<User> getAllUsers() {
return userRepository.findAll();
}
@PostMapping
public ResponseEntity<User> createUser(@RequestBody User user) {
return ResponseEntity.ok(userRepository.save(user));
}
@PostMapping("/register")
public ResponseEntity<?> register(@RequestBody User user) {
if (userService.existsByUsername(user.getUsername())) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(Map.of("error", "Username already taken"));
}
User savedUser = userService.saveUser(user);
return ResponseEntity.status(HttpStatus.CREATED).body(savedUser);
}
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody User user, HttpSession session) { // Inject HttpSession here
Optional<User> foundUser = userService.findByUsername(user.getUsername());
if (foundUser.isPresent() && foundUser.get().getPassword().equals(user.getPassword())) { // Use hashing in real case
session.setAttribute("user", foundUser.get()); // Now session is accessible
return ResponseEntity.ok(foundUser.get()); // Return user object
}
Map<String, String> response = new HashMap<>();
response.put("message", "Invalid credentials");
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(response);
}
@GetMapping("/session")
public ResponseEntity<?> checkSession(HttpSession session) {
User user = (User) session.getAttribute("user");
if (user != null) {
return ResponseEntity.ok(user);
}
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("No active session");
}
@PostMapping("/logout")
public ResponseEntity<String> logout(HttpSession session) {
session.invalidate();
return ResponseEntity.ok("Logged out successfully");
}
@DeleteMapping("/{id}")
public ResponseEntity<Void> deleteUser(@PathVariable Long id) {
Optional<User> user = userService.getUserById(id);
if (user.isPresent()) {
userService.deleteUser(id);
return ResponseEntity.noContent().build();
} else {
return ResponseEntity.notFound().build();
}
}
}