Tsohue 是一個食譜分享與食材包販售平台,讓客戶可以根據食譜訂購食材包。我們解決了日常中採購會產生的許多問題,包括在採購餐點的不便和減少剩餘食材的浪費。本repo僅描述關於後端服務的啟動流程,完整專案運行請參考以下相關連結:
E-commerce platform | Website | Front-end: https://github.com/cce932/tsohue
E-commerce platform | App: https://github.com/amy5563891/EasyCookMobileApp
Backstage Content Management | Website | Front-end: https://github.com/cce932/tsohue-manager
Back-end: https://github.com/ShannonHung/EasyCook
在下載該檔案的時候建議先下載maven並且設定環境變數 參考連結: 「入門篇」「java神器」使用maven搭建spring boot
- Get an extension, 'Lombok'
- If you do not have Maven, go https://maven.apache.org/download.cgi# and install it
- Install dependences
mvn install
- Press F5
- Do post in postman
http://localhost:8082/member
to get a set of account. - Go
localhost:{server.port}
server.port
is inEasyCook/src/main/resources/application.properties
- Login in with the account that you got it in step 3.
- You can see data with h2 in
http://localhost:{server.port}/h2
http://localhost:8082/swagger-ui.html
操作說明
- 啟動localhost server之後, 去瀏覽器採訪上面的uri
- 可以看到所有api接口的說明
詳細圖片Trello: 網頁基礎設定/ 建立API文件檔案Swagger附件
如果使用Intellij,請先Plugin MapStruct的功能
前端在進行request的時候不需要放role因為後端已經預設好employee/register
給予的權限就是ROLE_EMPLOYEE
,目前ROLE_EMPLOYEE
的權限可以訪問所有的API, 如果前端透過member/register
來註冊員工帳號,後端預設給他的權限是ROLE_MEMBER
,目前甚麼API都不能查看除了自己的個人資料
- 先去
employee/register
註冊員工帳號 (詳細post規則可以查看swagger), 也可以去member/register
註冊會員帳號 - 去
/login
取得token - 去
/auth/parse
Post json 去解析 token 樣式如下,查看目前登入的這個帳號的資料以及權限
//request
{
"accessToken": "Bearer 請在這裡放Token"
}
//the example of response for employee
{
"iss": "ShannonHung From EasyCook", //發token的單位
"UserInfo": { //使用者資訊
"account": "employee001", //使用者帳號
"username": "shannonhung", // 使用者名稱
"phone": "0978232062", //使用者電話
"email": "micky@gmail.com", //使用者信箱
"role": "EMPLOYEE", //使用者權限
"id": 2, //使用者id
"department": "Sales", //使用者部門
"title": "經理" //使用者職稱
},
"exp": 1604207180 //過期的期限為五分鐘,如果時間過了就要重新LOGIN一次
}
- 確認response 中 UserInfo的Role為EMPLOYEE表示這個TOKEN權限合法
- 當要透過api的獲取資料的時候,拿Bearer Token放到header屬性key為
Authentication
的value裡面 請參考 Header Authentication - Key Value Edit 就可以進行成功的Request囉~~
{
"token": "Bearer eyJhbGciOiJIUzI1NiJ9.eyJVc2VySW5mbyI6Im1lbWJlcjAwMiIsImV4cCI6MTYxMTQ2MjMxMiwiaXNzIjoiU2hhbm5vbkh1bmcgRnJvbSBFYXN5Q29vayJ9.BmG28RK9-2_dJd3LJlhswjNiykGM3wyFICIosVkB9ik"
}
- 格式錯誤,必須符合以下格式
- 帳號或密碼錯誤
回應格式
{
"account": "username",
"password": "password"
}
Unauthorized 401錯誤回應
{
"status": "UNAUTHORIZED",
"timestamp": {
"nano": 132550600,
"year": 2021,
"monthValue": 1,
"dayOfMonth": 24,
"hour": 12,
"minute": 27,
"second": 0,
"dayOfWeek": "SUNDAY",
"dayOfYear": 24,
"month": "JANUARY",
"chronology": {
"id": "ISO",
"calendarType": "iso8601"
}
},
"message": "LOGIN FAILURE", //可能帳號或密碼錯或request格式不正確
"debugMessage": "Full authentication is required to access this resource"
}
/login
失敗 可能因為帳號密碼有誤或是格式不正確
401 Unauthorized
{
"status": "UNAUTHORIZED",
"timestamp": {
"nano": 132550600,
"year": 2021,
"monthValue": 1,
"dayOfMonth": 24,
"hour": 12,
"minute": 27,
"second": 0,
"dayOfWeek": "SUNDAY",
"dayOfYear": 24,
"month": "JANUARY",
"chronology": {
"id": "ISO",
"calendarType": "iso8601"
}
},
"message": "LOGIN FAILURE", //可能帳號或密碼錯或request格式不正確
"debugMessage": "Full authentication is required to access this resource"
}
/api/member/allMembers
只能employee才可以存取,但若權限不足的使用者進行REQUEST會回傳403錯誤如下
{
"status": "FORBIDDEN",
"timestamp": "24-01-2021 12:34:24",
"message": "NEED AUTHORIZATION",
"debugMessage": "Access is denied"
}
如果TOKEN超過期限則會拒絕REQUEST並且回應DEBUG MESSAGE JWT expired...
內容
{
"status": "BAD_REQUEST",
"timestamp": {
"nano": 237947000,
"year": 2021,
"monthValue": 1,
"dayOfMonth": 24,
"hour": 12,
"minute": 31,
"second": 12,
"dayOfWeek": "SUNDAY",
"dayOfYear": 24,
"month": "JANUARY",
"chronology": {
"id": "ISO",
"calendarType": "iso8601"
}
},
"message": "Unexpected error",
"debugMessage": "JWT expired at 2021-01-24T04:13:27Z. Current time: 2021-01-24T04:31:12Z, a difference of 1065236 milliseconds. Allowed clock skew: 0 milliseconds."
}
會回傳以下錯誤
{
"status": "BAD_REQUEST",
"timestamp": {
"nano": 357116800,
"year": 2021,
"monthValue": 1,
"dayOfMonth": 24,
"hour": 12,
"minute": 38,
"second": 4,
"dayOfWeek": "SUNDAY",
"dayOfYear": 24,
"month": "JANUARY",
"chronology": {
"id": "ISO",
"calendarType": "iso8601"
}
},
"message": "Unexpected error",
"debugMessage": "JWT String argument cannot be null or empty."
}
如果有以下問題就會回傳"message": "Malformed JSON request."
- 沒有json內容就進行post
- json的格式有問題像是少一個冒號
沒有傳json就進行post傳json就進行post
{
"status": "BAD_REQUEST",
"timestamp": "24-01-2021 12:52:46",
"message": "Malformed JSON request.",
"debugMessage": "Required request body is missing: public org.springframework.http.ResponseEntity<com.seminar.easyCookWeb.model.user.MemberResponse> com.seminar.easyCookWeb.controller.user.MemberController.createMember(com.seminar.easyCookWeb.model.user.MemberRequest)"
}
request json裡面的key: account, password格式有問題
//account不小心打成account1
{
"account1": 123,
"password1": 123,
"phone1": 123,
"usernam1e": 123
}
//錯誤回應
{
"status": "BAD_REQUEST",
"timestamp": "24-01-2021 01:01:36",
"message": "Malformed JSON request.",
"debugMessage": "Account or Password is Empty"
}
- 如果資料庫已經有該使用者會回傳以下錯誤
{
"status": "CONFLICT",
"timestamp": "24-01-2021 12:51:23",
"message": "ACCOUNT DUPLICATED",
"debugMessage": null
}
- 沒有此api路徑
{
"timestamp": "2021-01-24T05:37:48.191+00:00",
"status": 404,
"error": "Not Found",
"message": "",
"path": "/api/auth/login"
}
.drone.yml Dockerfile