tdatIT
diff --git a/‎README.md
Lines changed: 50 additions & 2 deletions b/‎README.md
Lines changed: 50 additions & 2 deletions
diff --git a/‎recauction_db.sql
Lines changed: 1 addition & 461 deletions b/‎recauction_db.sql
Lines changed: 1 addition & 461 deletions
diff --git a/‎src/main/java/com/ec/recauctionec/RecauctionEcApplication.java
Lines changed: 0 additions & 11 deletions b/‎src/main/java/com/ec/recauctionec/RecauctionEcApplication.java
Lines changed: 0 additions & 11 deletions
diff --git a/‎src/main/java/com/ec/recauctionec/configs/CloudinarySDK.java
Lines changed: 29 additions & 0 deletions b/‎src/main/java/com/ec/recauctionec/configs/CloudinarySDK.java
Lines changed: 29 additions & 0 deletions
diff --git a/‎src/main/java/com/ec/recauctionec/configs/WebSecurityConfig.java
Lines changed: 68 additions & 15 deletions b/‎src/main/java/com/ec/recauctionec/configs/WebSecurityConfig.java
Lines changed: 68 additions & 15 deletions
diff --git a/‎src/main/java/com/ec/recauctionec/controller/AccountController.java
Lines changed: 10 additions & 15 deletions b/‎src/main/java/com/ec/recauctionec/controller/AccountController.java
Lines changed: 10 additions & 15 deletions
diff --git a/‎src/main/java/com/ec/recauctionec/controller/BidController.java
Lines changed: 18 additions & 22 deletions b/‎src/main/java/com/ec/recauctionec/controller/BidController.java
Lines changed: 18 additions & 22 deletions
diff --git a/‎src/main/java/com/ec/recauctionec/controller/CategoryController.java
Lines changed: 3 additions & 2 deletions b/‎src/main/java/com/ec/recauctionec/controller/CategoryController.java
Lines changed: 3 additions & 2 deletions
@@ -1,7 +1,7 @@
-# recauction-web
+# Rec-Auction Web Application
 This is an e-commerce website that uses a reverse auction mechanism. Users can place bids on the products they want to buy and the sellers will bid to find out who is the winning bidder in the auction session. The website aims to provide a platform for buyers and sellers to interact and transact in a fair, transparent, and competitive environment. 
 Website include: Website a user interface for customers and a CMS for admin and vendor
-# tech
+# Tech
 - JDK 11 
 - MySQL
 - Spring Framework:
@@ -13,3 +13,51 @@ Website include: Website a user interface for customers and a CMS for admin and
 - Cloudinary for upload image
 - Paypal Sandbox for payment service
 - Fontend: Boostrap + JQuery and more js library ...
+
+# Getting Started
+- Clone the project
+- Import the project into your IDE (Recommend IntelliJ IDEA)
+- Put your configuration in application.yml
+  - Database configuration
+  - (**Imortant**) Email configuration (username and password) 
+  - Paypal configuration (app and secret)
+  - Cloudinary configuration (cloud name, api key, api secret)
+- Create database schema name `recauction_db` in MySQL by using command `create database recauction_db;`
+- Run the project
+  - Run the project with the main class `RecAuctionWebApplication` by IDE
+  - Or use maven build `.\mvnw clean package -DskipTest`
+    - Then run the jar file: `java -jar target/recauction-web-0.0.1-SNAPSHOT.jar`
+- After the project is started, the database schema will be created automatically. You need to run `recauction_db.sql` to insert some initial data (categories, product_tags)
+- Access the website at `http://localhost:8080/`
+
+# How to use (primary features)
+- Create Admin account
+  - Step 1: Register as User and verify your email
+  - Step 2: Go to `user` table in database and update the `role_id` field to `1`
+  - Step 3: Login new admin account and go to `/admin` page
+
+- Create Supplier account
+  - Step 1: Register as User and verify your email
+  - Step 2: Go to Account Page and click `Become a Supplier` and fill in the form
+  - Step 3: Login new supplier account and go to `/vendor` page
+  - Step 4: Add product to your inventory (if you don't have any product, you can't attend any bid session)
+- Pay in wallet via Paypal
+  - Step 1: Login as User
+  - Step 2: Go to `Wallet` page
+  - Step 3: Click `Pay in via Paypal` and choose amount to pay
+  - Step 4: You will be redirected to Paypal payment page 
+  - Step 5: Login to your Paypal account and complete the payment
+  - Step 6: You will be redirected back to the website and your wallet will be updated
+- Create a bid session
+  - **Note**: Before creating a bid session, you need to have enough account balance to pay for the bid (30% of the product price), and you must have at least address.
+  - Step 1: Login as User
+  - Step 2: Go to `Create Bid Session` page
+  - Step 3: Fill in the form and submit
+ 
+- Attend a bid session
+  - Step 1: Login as Supplier
+  - Step 2: Go to `Bid Session` in home page
+  - Step 3: Find the bid session you want to attend and click `Attend`
+  - Step 4: Place your bid
+  - **Note**: You can only place a bid if you have product in your inventory and that product is matched with the bid session (base on category and product tag)
+  
@@ -15,15 +15,4 @@ public static void main(String[] args) {
         SpringApplication.run(RecauctionEcApplication.class, args);
     }
 
-    @Bean
-    public Cloudinary cloudinary() {
-        Cloudinary cloudinary = new Cloudinary(ObjectUtils.asMap(
-                "cloud_name", "dddb8btv0",
-                "api_key", "159138865977743",
-                "api_secret", "xz-CUQykgKnBja571VNtfhX2gsU",
-                "secure",true
-        ));
-        return cloudinary;
-    }
-
 }
@@ -0,0 +1,29 @@
+package com.ec.recauctionec.configs;
+
+import com.cloudinary.Cloudinary;
+import com.cloudinary.utils.ObjectUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.stereotype.Component;
+
+@Component
+public class CloudinarySDK {
+    @Value("${cloudinary.cloud_name}")
+    private String cloudName;
+
+    @Value("${cloudinary.api_key}")
+    private String apiKey;
+
+    @Value("${cloudinary.api_secret}")
+    private String apiSecret;
+
+    @Bean
+    public Cloudinary cloudinary() {
+        return new Cloudinary(ObjectUtils.asMap(
+                "cloud_name", cloudName,
+                "api_key", apiKey,
+                "api_secret", apiSecret,
+                "secure", true
+        ));
+    }
+}
@@ -1,46 +1,99 @@
 package com.ec.recauctionec.configs;
 
+import com.ec.recauctionec.data.repositories.UserRepo;
 import com.ec.recauctionec.services.impl.UserDetailsServiceImpl;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 @Configuration
 @EnableWebSecurity
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
     @Bean
-    public UserDetailsService userDetailsService() {
-        return new UserDetailsServiceImpl();
+    public UserDetailsService userDetailsService(UserRepo userRepo) {
+        return new UserDetailsServiceImpl(userRepo);
     }
 
     @Bean
     public BCryptPasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
+    @Bean
+    public AuthenticationManager authenticationManager(HttpSecurity http, BCryptPasswordEncoder bCryptPasswordEncoder,
+                                                     UserDetailsService userDetailService) throws Exception {
+        return http.getSharedObject(AuthenticationManagerBuilder.class)
+                .userDetailsService(userDetailService)
+                .passwordEncoder(bCryptPasswordEncoder)
+                .and()
+                .build();
+    }
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.userDetailsService(userDetailsService())
-                .passwordEncoder(passwordEncoder());
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return web -> web.ignoring().antMatchers("/resources/**");
     }
 
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web
-                .ignoring()
-                .antMatchers("/resources/**");
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+                .antMatchers("/",
+                        "/dang-ky",
+                        "/dang-nhap",
+                        "/trang-chu",
+                        "/danh-muc",
+                        "/tat-ca-phien",
+                        "/san-pham").permitAll()
+                .antMatchers("/tai-khoan/**",
+                        "/dau-gia/**",
+                        "/don-hang/**",
+                        "/thanh-toan/**",
+                        "/api/v1/supplier/**",
+                        "/api/v1/admin/**").authenticated()
+                .and()
+                .logout()
+                .invalidateHttpSession(true)
+                .clearAuthentication(true)
+                .logoutRequestMatcher(new AntPathRequestMatcher("/dang-xuat"))
+                .logoutSuccessUrl("/trang-chu")
+                .permitAll();
+        http.formLogin().loginPage("/dang-nhap")
+                .usernameParameter("email")
+                .passwordParameter("password");
+        http.formLogin()
+                .defaultSuccessUrl("/")
+                .failureUrl("/dang-nhap?error=true");
+        http.csrf().disable();
+
+        //authorize
+        //admin
+        http.authorizeRequests()
+                .antMatchers("/admin/**",
+                        "/api/v1/admin/**")
+                .access("hasRole('ADMIN')");
+        //supplier
+        http.authorizeRequests()
+                .antMatchers("/supplier/**",
+                        "/api/v1/supplier/**")
+                .access("hasRole('SUPPLIER')");
+        //handle when user not have permission
+        http.authorizeRequests().and().exceptionHandling().accessDeniedPage("/403");
+
+        return http.build();
     }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    /*protected void configure(HttpSecurity http) throws Exception {
         //authentication
         http.authorizeRequests()
                 .antMatchers("/",
@@ -86,6 +139,6 @@ protected void configure(HttpSecurity http) throws Exception {
         //handle when user not have permission
         http.authorizeRequests().and().exceptionHandling().accessDeniedPage("/403");
 
-    }
+    }*/
 
 }
@@ -2,11 +2,11 @@
 
 import com.ec.recauctionec.data.entities.*;
 import com.ec.recauctionec.data.repositories.UserAddressRepo;
-import com.ec.recauctionec.data.repositories.WalletHistoryRepo;
+import com.ec.recauctionec.data.repositories.WalletTransactionRepo;
 import com.ec.recauctionec.data.repositories.WalletRepo;
 import com.ec.recauctionec.services.SupplierService;
 import com.ec.recauctionec.services.UserService;
-import org.springframework.beans.factory.annotation.Autowired;
+import lombok.RequiredArgsConstructor;
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -19,18 +19,13 @@
 
 @Controller
 @RequestMapping(value = "/tai-khoan")
+@RequiredArgsConstructor
 public class AccountController {
-    @Autowired
-    UserService userService;
-    @Autowired
-    UserAddressRepo addressRepo;
-    @Autowired
-    private WalletRepo walletRepo;
-    @Autowired
-    private WalletHistoryRepo historyRepo;
-    @Autowired
-    private SupplierService supplierService;
-
+    final UserService userService;
+    final UserAddressRepo addressRepo;
+    private final WalletRepo walletRepo;
+    private final WalletTransactionRepo historyRepo;
+    private final SupplierService supplierService;
     private Authentication auth;
 
     @RequestMapping(value = {"/thong-tin", ""}, method = RequestMethod.GET)
@@ -72,9 +67,9 @@ public String getWalletPage(@RequestParam(value = "filter", required = false)
         User us = ((CustomUserDetails) auth.getPrincipal()).getUser();
         //get wallet from user
         Wallet wallet = walletRepo.findByUserId(us.getUserId()).get(0);
-        WalletHistory recent = historyRepo.findTop1ByWalletOrderByCreateDateDesc(wallet);
+        WalletTransaction recent = historyRepo.findTop1ByWalletOrderByCreatedDateDesc(wallet);
         //if date query is null get 5 transaction recent
-        List<WalletHistory> logs = date == null ?
+        List<WalletTransaction> logs = date == null ?
                 historyRepo.find5RecentLogByWallet(wallet.getWalletId())
                 : historyRepo.findLogByDate(date, wallet.getWalletId());
         modelMap.addAttribute("logs", logs);
 
@@ -4,7 +4,7 @@
 import com.ec.recauctionec.data.entities.*;
 import com.ec.recauctionec.data.variable.Router;
 import com.ec.recauctionec.services.*;
-import org.springframework.beans.factory.annotation.Autowired;
+import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
@@ -19,20 +19,16 @@
 import java.util.List;
 
 @Controller
+@RequiredArgsConstructor
 @RequestMapping(value = "/dau-gia")
 public class BidController {
-    @Autowired
-    private CategoryService categoryService;
-    @Autowired
-    private ProductTagService productTagService;
-    @Autowired
-    private BidService bidService;
-    @Autowired
-    private UserService userService;
-    @Autowired
-    private BidJoinService joinService;
-    @Autowired
-    private ProductService productService;
+    
+    private final CategoryService categoryService;
+    private final ProductTagService productTagService;
+    private final BidService bidService;
+    private final UserService userService;
+    private final BidParticipantService joinService;
+    private final ProductService productService;
     private Authentication auth;
 
 
@@ -67,13 +63,13 @@ public String joinAuction(@RequestParam("auctionId") int auctionId,
         Product product = productService.findById(productId);
         if (product.getSupplier()
                 .getUser().getUserId() != auction.getUser().getUserId()) {
-            BidJoin bidJoin = new BidJoin();
-            bidJoin.setPrice(price);
-            bidJoin.setProduct(product);
-            bidJoin.setBid(auction);
-            bidJoin.setTime(new Timestamp(new java.util.Date().getTime()));
-            bidJoin.setStatus(BidJoin.ACTIVE);
-            joinService.joinAuction(bidJoin);
+            BidParticipant bidParticipant = new BidParticipant();
+            bidParticipant.setPrice(price);
+            bidParticipant.setProduct(product);
+            bidParticipant.setBid(auction);
+            bidParticipant.setTime(new Timestamp(new java.util.Date().getTime()));
+            bidParticipant.setStatus(BidParticipant.ACTIVE);
+            joinService.joinAuction(bidParticipant);
         }
         return "redirect:/chi-tiet-dau-gia/" + auctionId;
     }
@@ -98,8 +94,8 @@ public ResponseEntity getJoinAuction(@RequestParam("auctionId") int auctionId,
         auth = SecurityContextHolder.getContext().getAuthentication();
         User us = ((CustomUserDetails) auth.getPrincipal()).getUser();
         Bid auction = bidService.findById(auctionId);
-        List<BidJoin> joins = new ArrayList<>(auction.getBidId());
-        for (BidJoin j : joins) {
+        List<BidParticipant> joins = new ArrayList<>(auction.getBidId());
+        for (BidParticipant j : joins) {
             if (j.getProduct()
                     .getSupplier()
                     .getUser().getUserId() == us.getUserId()) {
 
@@ -2,6 +2,7 @@
 
 import com.ec.recauctionec.data.entities.Product;
 import com.ec.recauctionec.services.ProductService;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
@@ -12,10 +13,10 @@
 import java.util.List;
 
 @Controller
+@RequiredArgsConstructor
 @RequestMapping(value = "/danh-muc-san-pham")
 public class CategoryController {
-    @Autowired
-    private ProductService productService;
+    private final ProductService productService;
 
     @RequestMapping(value = "", method = RequestMethod.GET)
     public String getProduct(@RequestParam("id") int id,