backend/src/main/java/dev/dinauer/login/LoginResource.java

package dev.dinauer.login;

import java.time.ZonedDateTime;
import java.util.Optional;

import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.*;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;

import org.jboss.logging.Logger;

import io.quarkus.elytron.security.common.BcryptUtil;
import io.smallrye.jwt.build.Jwt;

@Path("/login")
@ApplicationScoped
public class LoginResource
{
    @Inject
    Logger LOG;

    @Inject
    UserRepo userRepo;

    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.TEXT_PLAIN)
    public String login(Login login)
    {
        Optional<UserEntity> userOptional = userRepo.findOptionalByUsername(login.username());
        if(userOptional.isPresent())
        {
            UserEntity user = userOptional.get();
            if(BcryptUtil.matches(login.password(), user.getPassword()))
            {
                return Jwt
                    .upn(user.getId())
                    .expiresAt(ZonedDateTime.now().plusDays(15).toInstant())
                    .groups(user.getRoles())
                    .sign();
            }
            LOG.info("Cannot access user. Forbidden");
            throw new ForbiddenException(Response.status(403).type(MediaType.TEXT_PLAIN).entity("wrong_password").build());
        }
        LOG.info("User not found");
        throw new NotFoundException(Response.status(404).type(MediaType.TEXT_PLAIN).entity("user_not_found").build());
    }
}