feature #9: Add security for route "create article"

src/main/kotlin/fr/dcproject/Application.kt

@@ -33,6 +33,7 @@ import java.util.*
 import fr.dcproject.repository.Article as RepositoryArticle
 import fr.dcproject.repository.Citizen as RepositoryCitizen
 import fr.dcproject.repository.Constitution as RepositoryConstitution
+import fr.dcproject.repository.User as UserRepository
 
 fun main(args: Array<String>): Unit = io.ktor.server.jetty.EngineMain.main(args)
 
@@ -104,7 +105,9 @@ fun Application.module() {
             verifier(JwtConfig.verifier)
             realm = "dc-project.fr"
             validate {
-                it.payload.getClaim("id").asInt()?.let { get<User>() }
+                it.payload.getClaim("id").asString()?.let { id ->
+                    get<UserRepository>().findById(UUID.fromString(id))
+                }
             }
         }
     }

src/main/kotlin/fr/dcproject/repository/User.kt

@@ -3,6 +3,7 @@ package fr.dcproject.repository
 import fr.postgresjson.connexion.Requester
 import fr.postgresjson.repository.RepositoryI
 import io.ktor.auth.UserPasswordCredential
+import java.util.*
 import fr.dcproject.entity.User as UserEntity
 
 class User(override var requester: Requester) : RepositoryI<UserEntity> {
@@ -16,4 +17,16 @@ class User(override var requester: Requester) : RepositoryI<UserEntity> {
                 "plain_password" to credentials.password
             )
     }
+
+    fun findById(id: UUID): UserEntity {
+        return requester
+            .getFunction("find_user_by_id")
+            .selectOne(
+                "id" to id
+            ) ?: throw UserNotFound(id)
+    }
+
+    class UserNotFound(override val message: String?, override val cause: Throwable?): Throwable(message, cause) {
+        constructor(id: UUID): this("No User with ID $id", null)
+    }
 }

src/main/kotlin/fr/dcproject/routes/Article.kt

@@ -1,7 +1,11 @@
 package fr.dcproject.routes
 
 import Paths
+import io.ktor.application.ApplicationCall
 import io.ktor.application.call
+import io.ktor.auth.authenticate
+import io.ktor.auth.authentication
+import io.ktor.http.HttpStatusCode
 import io.ktor.locations.KtorExperimentalLocationsAPI
 import io.ktor.locations.get
 import io.ktor.locations.post
@@ -9,8 +13,11 @@ import io.ktor.request.receive
 import io.ktor.response.respond
 import io.ktor.routing.Route
 import fr.dcproject.entity.Article as ArticleEntity
+import fr.dcproject.entity.User as UserEntity
 import fr.dcproject.repository.Article as ArticleRepository
 
+val ApplicationCall.user get() = authentication.principal<UserEntity>()
+
 @KtorExperimentalLocationsAPI
 fun Route.article(repo: ArticleRepository) {
     get<Paths.ArticlesRequest> {
@@ -22,9 +29,17 @@ fun Route.article(repo: ArticleRepository) {
         call.respond(it.article)
     }
 
-    post<Paths.PostArticleRequest>() {
-        val article = call.receive<ArticleEntity>()
-        repo.upsert(article)
-        call.respond(article)
+    authenticate(optional = true) {
+        post<Paths.PostArticleRequest>() {
+            // TODO replace to voter
+            val user = call.user
+            if (user == null) {
+                call.respond(HttpStatusCode.Unauthorized)
+            } else {
+                val article = call.receive<ArticleEntity>()
+                repo.upsert(article)
+                call.respond(article)
+            }
+        }
     }
 }