diff --git a/src/main/java/com/spotify/app/controller/AlbumController.java b/src/main/java/com/spotify/app/controller/AlbumController.java index 05fcb3a..8882f50 100644 --- a/src/main/java/com/spotify/app/controller/AlbumController.java +++ b/src/main/java/com/spotify/app/controller/AlbumController.java @@ -9,6 +9,8 @@ import com.spotify.app.security.auth.AuthUserDetails; import com.spotify.app.service.AlbumService; import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; import jakarta.validation.Valid; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -30,12 +32,20 @@ public class AlbumController { private final AlbumService albumService ; @GetMapping("/{id}") + @ApiResponses(value = { + @ApiResponse(responseCode = "404", description = "not found"), + @ApiResponse(responseCode = "200", description = "get album successfully"), + }) public AlbumDTO findById(@PathVariable("id") Long id) { return albumService.findById(id); } @PostMapping("/upload/image/{albumId}") + @ApiResponses(value = { + @ApiResponse(responseCode = "404", description = "album not found"), + @ApiResponse(responseCode = "200", description = "save album image successfully"), + }) public ResponseEntity uploadImage( @RequestParam("image") MultipartFile image, @PathVariable("albumId") Long albumId @@ -45,6 +55,10 @@ public ResponseEntity uploadImage( } @PostMapping("/upload/thumbnail/{albumId}") + @ApiResponses(value = { + @ApiResponse(responseCode = "404", description = "album not found"), + @ApiResponse(responseCode = "200", description = "save thumbnail successfully"), + }) public ResponseEntity uploadThumbnail( @RequestParam("thumbnail") MultipartFile thumbnail, @PathVariable("albumId") Long albumId @@ -54,6 +68,7 @@ public ResponseEntity uploadThumbnail( } @GetMapping("/{albumId}/add/{songId}") + @ApiResponse(responseCode = "404", description = "not found") public ResponseEntity addSongToAlbum( @PathVariable("albumId") Long albumId, @PathVariable("songId") Long songId @@ -63,6 +78,7 @@ public ResponseEntity addSongToAlbum( } @GetMapping("/{albumId}/remove/{songId}") + @ApiResponse(responseCode = "404", description = "not found") public ResponseEntity removeSongFromAlbum( @PathVariable("albumId") Long albumId, @PathVariable("songId") Long songId @@ -78,6 +94,10 @@ public List findAll(){ @PostMapping + @ApiResponses(value = { + @ApiResponse(responseCode = "404", description = "author not found"), + @ApiResponse(responseCode = "200", description = "save album successfully"), + }) public ResponseEntity saveAlbum( @Valid @RequestBody AlbumRequest request, @AuthenticationPrincipal AuthUserDetails authUserDetails @@ -88,6 +108,10 @@ public ResponseEntity saveAlbum( @PutMapping("/update/{albumId}") + @ApiResponses(value = { + @ApiResponse(responseCode = "404", description = "album not found"), + @ApiResponse(responseCode = "200", description = "update album successfully"), + }) public ResponseEntity updateAlbum( @PathVariable("albumId") Long albumId, @Valid @RequestBody AlbumRequest request @@ -97,6 +121,10 @@ public ResponseEntity updateAlbum( } @PutMapping("/update/status/{albumId}") + @ApiResponses(value = { + @ApiResponse(responseCode = "404", description = "album not found"), + @ApiResponse(responseCode = "200", description = "update album status successfully"), + }) public ResponseEntity updateStatusAlbum( @PathVariable("albumId") Long albumId ) { diff --git a/src/main/java/com/spotify/app/security/config/SecurityFilterChainConfig.java b/src/main/java/com/spotify/app/security/config/SecurityFilterChainConfig.java index fff6cd5..3c7fa20 100644 --- a/src/main/java/com/spotify/app/security/config/SecurityFilterChainConfig.java +++ b/src/main/java/com/spotify/app/security/config/SecurityFilterChainConfig.java @@ -41,68 +41,67 @@ public JwtAuthenticationFilter jwtAuthenticationFilter () { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http + .csrf((AbstractHttpConfigurer::disable)) + .cors(Customizer.withDefaults()) + .authorizeHttpRequests( + authz -> + authz + .requestMatchers( + "/api/v1/song/save", + "/api/v1/song/update/**", + "/api/v1/song/upload/**", + "/api/v1/album/upload/**", + "/api/v1/album/*/add/**", + "/api/v1/album/*/remove/**", + "/api/v1/album/*/add", + "/api/v1/album/update/**" + ) + .hasRole( "ARTIST") + .requestMatchers( + "/api/v1/role/**", + "/api/v1/playlist/admin/**", + "/api/v1/category/admin/**", + "/api/v1/review/admin/**" + ) + .hasRole("ADMIN") + .requestMatchers( + "/api/v1/song/find/by/sentiment/**", + "/api/v1/song/increase/view/**", + "/api/v1/user/increase/view/**", + "/api/v1/user/*/playlists/followings", + "/api/v1/user/*/add/**", + "/api/v1/user/*/remove/**", + "/api/v1/playlist/user/*/add/**", + "/api/v1/playlist/user/*/remove/**", + "/api/v1/playlist/*/create/playlist", + "/api/v1/playlist/*/add/song/**", + "/api/v1/playlist/*/remove/song/**", + "/api/v1/playlist/upload/**", + "/api/v1/follower/*/follow/**", + "/api/v1/follower/*/cancel/**", + "/api/v1/follower/*/followings", + "/api/v1/follower/is/*/followed/**", + "/api/v1/review/*/review/in/**" + ) + .authenticated() + .anyRequest() + .permitAll()) + .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer + .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authenticationProvider(authenticationProvider) + .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class) + .logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutUrl("/api/v1/auth/logout") + .logoutSuccessHandler((request, response, authentication) -> SecurityContextHolder.clearContext())); // .csrf((AbstractHttpConfigurer::disable)) // .cors(Customizer.withDefaults()) -// .authorizeHttpRequests( -// authz -> -// authz -// .requestMatchers( -// "/api/v1/song/save", -// "/api/v1/song/update/**", -// "/api/v1/song/upload/**", -// "/api/v1/album/upload/**", -// "/api/v1/album/*/add/**", -// "/api/v1/album/*/remove/**", -// "/api/v1/album/*/add", -// "/api/v1/album/update/**" -// ) -// .hasRole( "ARTIST") -// .requestMatchers( -// "/api/v1/role/**", -// "/api/v1/playlist/admin/**", -// "/api/v1/category/admin/**", -// "/api/v1/review/admin/**" -// ) -// .hasRole("ADMIN") -// .requestMatchers( -// "/api/v1/song/find/by/sentiment/**", -// "/api/v1/song/increase/view/**", -// "/api/v1/user/increase/view/**", -// "/api/v1/user/*/playlists/followings", -// "/api/v1/user/*/add/**", -// "/api/v1/user/*/remove/**", -// "/api/v1/playlist/user/*/add/**", -// "/api/v1/playlist/user/*/remove/**", -// "/api/v1/playlist/*/create/playlist", -// "/api/v1/playlist/*/add/song/**", -// "/api/v1/playlist/*/remove/song/**", -// "/api/v1/playlist/upload/**", -// "/api/v1/follower/*/follow/**", -// "/api/v1/follower/*/cancel/**", -// "/api/v1/follower/*/followings", -// "/api/v1/follower/is/*/followed/**", -// "/api/v1/review/*/review/in/**" -// ) -// .authenticated() -// .anyRequest() -// .permitAll()) +// .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry +// .requestMatchers("/api/v1/allowAllByPhi/**").authenticated().anyRequest().permitAll()) // .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer // .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // .authenticationProvider(authenticationProvider) // .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class) // .logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutUrl("/api/v1/auth/logout") // .logoutSuccessHandler((request, response, authentication) -> SecurityContextHolder.clearContext())) - .csrf((AbstractHttpConfigurer::disable)) - .cors(Customizer.withDefaults()) - .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry - .requestMatchers("/api/v1/allowAllByPhi/**").authenticated().anyRequest().permitAll()) - .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer - .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .authenticationProvider(authenticationProvider) - .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class) - .logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutUrl("/api/v1/auth/logout") - .logoutSuccessHandler((request, response, authentication) -> SecurityContextHolder.clearContext())) - ; return http.build(); } diff --git a/src/main/java/com/spotify/app/service/PlaylistService.java b/src/main/java/com/spotify/app/service/PlaylistService.java index 75864b7..5cad4bb 100644 --- a/src/main/java/com/spotify/app/service/PlaylistService.java +++ b/src/main/java/com/spotify/app/service/PlaylistService.java @@ -167,13 +167,15 @@ public void removeSong(Long playlistId, Long songId) { public Long addSongToLikedPlaylist(Long userId,Long songId) { PlaylistUser playlistUser = playlistUserRepository. - findByUserIdAndName(userId,playlistNameHasAllLikedSongOfUser). + findByUserIdAndName(userId, playlistNameHasAllLikedSongOfUser). orElseThrow(); Playlist playlist = playlistUser.getPlaylist(); Song song = songService.get(songId); playlist.addSong(song); + playlistRepository.saveAndFlush(playlist); + return playlist.getId(); }