854: protector to protected

src/main/java/org/patinanetwork/codebloom/api/admin/AdminController.java

@@ -6,7 +6,6 @@
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import java.time.OffsetDateTime;
 import java.util.ArrayList;
@@ -34,7 +33,8 @@
 import org.patinanetwork.codebloom.common.dto.autogen.UnsafeGenericFailureResponse;
 import org.patinanetwork.codebloom.common.dto.question.QuestionWithUserDto;
 import org.patinanetwork.codebloom.common.dto.user.UserDto;
-import org.patinanetwork.codebloom.common.security.Protector;
+import org.patinanetwork.codebloom.common.security.AuthenticationObject;
+import org.patinanetwork.codebloom.common.security.annotation.Protected;
 import org.patinanetwork.codebloom.common.time.StandardizedOffsetDateTime;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -56,22 +56,19 @@ public class AdminController {
     private final LeaderboardRepository leaderboardRepository;
     private final AnnouncementRepository announcementRepository;
     private final QuestionRepository questionRepository;
-    private final Protector protector;
     private final DiscordClubManager discordClubManager;
     private final LeaderboardManager leaderboardManager;
     private final DiscordClubRepository discordClubRepository;
 
     public AdminController(
             final LeaderboardRepository leaderboardRepository,
-            final Protector protector,
             final UserRepository userRepository,
             final AnnouncementRepository announcementRepository,
             final QuestionRepository questionRepository,
             final DiscordClubManager discordClubManager,
             final LeaderboardManager leaderboardManager,
             final DiscordClubRepository discordClubRepository) {
         this.leaderboardRepository = leaderboardRepository;
-        this.protector = protector;
         this.userRepository = userRepository;
         this.announcementRepository = announcementRepository;
         this.questionRepository = questionRepository;
@@ -85,8 +82,8 @@ public AdminController(
         """)
     @PostMapping("/leaderboard/create")
     public ResponseEntity<ApiResponder<Empty>> createLeaderboard(
-            final HttpServletRequest request, @Valid @RequestBody final NewLeaderboardBody newLeaderboardBody) {
-        protector.validateAdminSession(request);
+            @Protected(admin = true) final AuthenticationObject authenticationObject,
+            @Valid @RequestBody final NewLeaderboardBody newLeaderboardBody) {
 
         final String name = newLeaderboardBody.getName().trim();
 
@@ -132,8 +129,8 @@ public ResponseEntity<ApiResponder<Empty>> createLeaderboard(
         """)
     @PostMapping("/user/admin/toggle")
     public ResponseEntity<ApiResponder<UserDto>> updateAdmin(
-            final HttpServletRequest request, @Valid @RequestBody final UpdateAdminBody newAdminBody) {
-        protector.validateAdminSession(request);
+            @Protected(admin = true) final AuthenticationObject authenticationObject,
+            @Valid @RequestBody final UpdateAdminBody newAdminBody) {
 
         final String userId = newAdminBody.getId();
         final boolean toggleTo = newAdminBody.getToggleTo();
@@ -174,8 +171,8 @@ public ResponseEntity<ApiResponder<UserDto>> updateAdmin(
             })
     @PostMapping("/announcement/create")
     public ResponseEntity<ApiResponder<Announcement>> createNewAnnouncement(
-            @Valid @RequestBody final CreateAnnouncementBody createAnnouncementBody, final HttpServletRequest request) {
-        protector.validateAdminSession(request);
+            @Valid @RequestBody final CreateAnnouncementBody createAnnouncementBody,
+            @Protected(admin = true) final AuthenticationObject authenticationObject) {
 
         OffsetDateTime nowWithOffset = StandardizedOffsetDateTime.now();
         OffsetDateTime expiresAtWithOffset =
@@ -218,8 +215,8 @@ public ResponseEntity<ApiResponder<Announcement>> createNewAnnouncement(
             })
     @PostMapping("/announcement/disable")
     public ResponseEntity<ApiResponder<Empty>> deleteAnnouncement(
-            @Valid @RequestBody final DeleteAnnouncementBody deleteAnnouncementBody, final HttpServletRequest request) {
-        protector.validateAdminSession(request);
+            @Valid @RequestBody final DeleteAnnouncementBody deleteAnnouncementBody,
+            @Protected(admin = true) final AuthenticationObject authenticationObject) {
         Announcement announcement = announcementRepository.getAnnouncementById(deleteAnnouncementBody.getId());
         if (announcement == null) {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Announcement does not exist");
@@ -250,8 +247,7 @@ public ResponseEntity<ApiResponder<Empty>> deleteAnnouncement(
             })
     @GetMapping("/questions/incomplete")
     public ResponseEntity<ApiResponder<List<QuestionWithUserDto>>> getIncompleteQuestions(
-            final HttpServletRequest request) {
-        protector.validateAdminSession(request);
+            @Protected(admin = true) final AuthenticationObject authenticationObject) {
 
         ArrayList<QuestionWithUser> incompleteQuestions = questionRepository.getAllIncompleteQuestionsWithUser();
 
@@ -281,8 +277,8 @@ public ResponseEntity<ApiResponder<List<QuestionWithUserDto>>> getIncompleteQues
             })
     @PostMapping("/discord/message/test")
     public ResponseEntity<ApiResponder<Empty>> sendDiscordMessage(
-            @RequestBody final String clubId, final HttpServletRequest request) {
-        protector.validateAdminSession(request);
+            @RequestBody final String clubId,
+            @Protected(admin = true) final AuthenticationObject authenticationObject) {
 
         Optional<DiscordClub> clubOpt = discordClubRepository.getDiscordClubById(clubId);
         if (clubOpt.isEmpty()) {
@@ -301,8 +297,8 @@ public ResponseEntity<ApiResponder<Empty>> sendDiscordMessage(
 
     @DeleteMapping("/discord/message")
     public ResponseEntity<ApiResponder<Empty>> deleteDiscordMessage(
-            @Valid @RequestBody final DeleteMessageBody deleteMessageBody, final HttpServletRequest request) {
-        protector.validateAdminSession(request);
+            @Valid @RequestBody final DeleteMessageBody deleteMessageBody,
+            @Protected(admin = true) final AuthenticationObject authenticationObject) {
 
         boolean isDeleted = discordClubManager.deleteMessageById(
                 deleteMessageBody.getChannelId(), deleteMessageBody.getMessageId());

src/main/java/org/patinanetwork/codebloom/api/announcement/AnnouncementController.java

@@ -10,7 +10,6 @@
 import org.patinanetwork.codebloom.common.db.repos.announcement.AnnouncementRepository;
 import org.patinanetwork.codebloom.common.dto.ApiResponder;
 import org.patinanetwork.codebloom.common.dto.announcement.AnnouncementDto;
-import org.patinanetwork.codebloom.common.security.Protector;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -26,11 +25,9 @@
 @Timed(value = "controller.execution")
 public class AnnouncementController {
 
-    private final Protector protector;
     private final AnnouncementRepository announcementRepository;
 
-    public AnnouncementController(final Protector protector, final AnnouncementRepository announcementRepository) {
-        this.protector = protector;
+    public AnnouncementController(final AnnouncementRepository announcementRepository) {
         this.announcementRepository = announcementRepository;
     }
 

src/main/java/org/patinanetwork/codebloom/api/auth/AuthController.java

@@ -198,8 +198,7 @@ public RedirectView logoutAll(final HttpServletRequest request, final HttpServle
             })
     @PostMapping("/school/enroll")
     public ResponseEntity<ApiResponder<Empty>> enrollSchool(
-            @Valid @RequestBody final EmailBody emailBody, final HttpServletRequest request) {
-        AuthenticationObject authenticationObject = protector.validateSession(request);
+            @Valid @RequestBody final EmailBody emailBody, @Protected final AuthenticationObject authenticationObject) {
         User user = authenticationObject.getUser();
         String userId = user.getId();
 

src/main/java/org/patinanetwork/codebloom/api/leaderboard/LeaderboardController.java

@@ -25,7 +25,7 @@
 import org.patinanetwork.codebloom.common.page.Indexed;
 import org.patinanetwork.codebloom.common.page.Page;
 import org.patinanetwork.codebloom.common.security.AuthenticationObject;
-import org.patinanetwork.codebloom.common.security.Protector;
+import org.patinanetwork.codebloom.common.security.annotation.Protected;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -45,17 +45,14 @@ public class LeaderboardController {
 
     private final LeaderboardRepository leaderboardRepository;
     private final UserRepository userRepository;
-    private final Protector protector;
     private final LeaderboardManager leaderboardManager;
 
     public LeaderboardController(
             final LeaderboardRepository leaderboardRepository,
             final UserRepository userRepository,
-            final Protector protector,
             final LeaderboardManager leaderboardManager) {
         this.leaderboardRepository = leaderboardRepository;
         this.userRepository = userRepository;
-        this.protector = protector;
         this.leaderboardManager = leaderboardManager;
     }
 
@@ -322,7 +319,7 @@ public ResponseEntity<ApiResponder<UserWithScoreDto>> getUserCurrentLeaderboardF
                 @ApiResponse(responseCode = "404", description = "User not found on leaderboard"),
             })
     public ResponseEntity<ApiResponder<Indexed<UserWithScoreDto>>> getUserCurrentLeaderboardRank(
-            final HttpServletRequest request,
+            @Protected final AuthenticationObject authenticationObject,
             @Parameter(description = "Filter for Patina users") @RequestParam(required = false, defaultValue = "false")
                     final boolean patina,
             @Parameter(description = "Filter for Hunter College users")
@@ -350,7 +347,6 @@ public ResponseEntity<ApiResponder<Indexed<UserWithScoreDto>>> getUserCurrentLea
                     final boolean bmcc) {
         FakeLag.sleep(650);
 
-        AuthenticationObject authenticationObject = protector.validateSession(request);
         String userId = authenticationObject.getUser().getId();
 
         Optional<Leaderboard> leaderboardData = leaderboardRepository.getRecentLeaderboardMetadata();

src/main/java/org/patinanetwork/codebloom/api/submission/SubmissionController.java

@@ -30,7 +30,7 @@
 import org.patinanetwork.codebloom.common.leetcode.models.UserProfile;
 import org.patinanetwork.codebloom.common.leetcode.throttled.ThrottledLeetcodeClient;
 import org.patinanetwork.codebloom.common.security.AuthenticationObject;
-import org.patinanetwork.codebloom.common.security.Protector;
+import org.patinanetwork.codebloom.common.security.annotation.Protected;
 import org.patinanetwork.codebloom.common.simpleredis.SimpleRedis;
 import org.patinanetwork.codebloom.common.simpleredis.SimpleRedisProvider;
 import org.patinanetwork.codebloom.common.simpleredis.SimpleRedisSlot;
@@ -61,7 +61,6 @@ public class SubmissionController {
     private static final double SECONDS_TO_WAIT = 5 * 60;
 
     private final UserRepository userRepository;
-    private final Protector protector;
     private final SimpleRedis<Long> simpleRedis;
     private final ThrottledLeetcodeClient leetcodeClient;
     private final SubmissionsHandler submissionsHandler;
@@ -80,14 +79,12 @@ private boolean isSameDay(final LocalDateTime createdAt) {
 
     public SubmissionController(
             final UserRepository userRepository,
-            final Protector protector,
             final SimpleRedisProvider simpleRedisProvider,
             final ThrottledLeetcodeClient throttledLeetcodeClient,
             final SubmissionsHandler submissionsHandler,
             final QuestionRepository questionRepository,
             final POTDRepository potdRepository) {
         this.userRepository = userRepository;
-        this.protector = protector;
         this.simpleRedis = simpleRedisProvider.select(SimpleRedisSlot.SUBMISSION_REFRESH);
         this.leetcodeClient = throttledLeetcodeClient;
         this.submissionsHandler = submissionsHandler;
@@ -109,10 +106,10 @@ public SubmissionController(
                 @ApiResponse(responseCode = "200", description = "Successfully retrieved key"),
             })
     @GetMapping("/key")
-    public ResponseEntity<ApiResponder<String>> getVerificationKey(final HttpServletRequest request) {
+    public ResponseEntity<ApiResponder<String>> getVerificationKey(
+            @Protected final AuthenticationObject authenticationObject) {
         FakeLag.sleep(350);
 
-        AuthenticationObject authenticationObject = protector.validateSession(request);
         User user = authenticationObject.getUser();
 
         return ResponseEntity.ok()
@@ -145,10 +142,10 @@ public ResponseEntity<ApiResponder<String>> getVerificationKey(final HttpServlet
             })
     @PostMapping("/set")
     public ResponseEntity<ApiResponder<Empty>> setLeetcodeUsername(
-            final HttpServletRequest request, @Valid @RequestBody final LeetcodeUsernameObject leetcodeUsernameObject) {
+            @Protected final AuthenticationObject authenticationObject,
+            @Valid @RequestBody final LeetcodeUsernameObject leetcodeUsernameObject) {
         FakeLag.sleep(350);
 
-        AuthenticationObject authenticationObject = protector.validateSession(request);
         User user = authenticationObject.getUser();
 
         if (user.getLeetcodeUsername() != null) {
@@ -209,8 +206,7 @@ There is a rate limit on the route to prevent abuse (currently: 5 minutes).
     @PostMapping("/check")
     @LogExecutionTime
     public ResponseEntity<ApiResponder<ArrayList<AcceptedSubmission>>> checkLatestSubmissions(
-            final HttpServletRequest request) {
-        AuthenticationObject authenticationObject = protector.validateSession(request);
+            @Protected final AuthenticationObject authenticationObject) {
         User user = authenticationObject.getUser();
 
         if (user.getLeetcodeUsername() == null) {
@@ -258,10 +254,10 @@ public ResponseEntity<ApiResponder<ArrayList<AcceptedSubmission>>> checkLatestSu
                         content = @Content(schema = @Schema(implementation = UnsafeGenericFailureResponse.class))),
             })
     @GetMapping("/potd")
-    public ResponseEntity<ApiResponder<PotdDto>> getCurrentPotd(final HttpServletRequest request) {
+    public ResponseEntity<ApiResponder<PotdDto>> getCurrentPotd(
+            @Protected final AuthenticationObject authenticationObject) {
         FakeLag.sleep(750);
 
-        AuthenticationObject authenticationObject = protector.validateSession(request);
         User user = authenticationObject.getUser();
 
         POTD potd = potdRepository