Refactor clan creation to be done via Elide POST call

+ other cleanups

Author: Brutus5000

src/main/java/com/faforever/api/clan/ClanService.java

@@ -10,43 +10,77 @@
 import com.faforever.api.error.ApiException;
 import com.faforever.api.error.Error;
 import com.faforever.api.error.ErrorCode;
-import com.faforever.api.error.ProgrammingError;
-import com.faforever.api.player.PlayerRepository;
 import com.faforever.api.player.PlayerService;
 import com.faforever.api.security.JwtService;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
+import org.springframework.security.jwt.Jwt;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.Assert;
 
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Objects;
 import java.util.Set;
+import java.util.List;
 
 @Service
 @RequiredArgsConstructor
 public class ClanService {
 
   private final ClanRepository clanRepository;
-  private final PlayerRepository playerRepository;
   private final FafApiProperties fafApiProperties;
   private final JwtService jwtService;
   private final ObjectMapper objectMapper;
   private final PlayerService playerService;
   private final ClanMembershipRepository clanMembershipRepository;
 
+  @Transactional
+  public void preCreate(Clan clan) {
+    Assert.isNull(clan.getId(), "Clan payload with id can not be used for creation.");
+
+    Player player = playerService.getCurrentPlayer();
+
+    if (player.getClanMembership() != null) {
+      throw ApiException.of(ErrorCode.CLAN_CREATE_FOUNDER_IS_IN_A_CLAN);
+    }
+
+    if (!player.equals(clan.getFounder())) {
+      throw ApiException.of(ErrorCode.CLAN_INVALID_FOUNDER);
+    }
+
+    clanRepository.findOneByName(clan.getName()).ifPresent(c -> {
+      throw ApiException.of(ErrorCode.CLAN_NAME_EXISTS, clan.getName());
+    });
+
+    clanRepository.findOneByTag(clan.getTag()).ifPresent(c -> {
+      throw ApiException.of(ErrorCode.CLAN_TAG_EXISTS, clan.getTag());
+    });
+
+    clan.setLeader(player);
+    clan.setMemberships(List.of(new ClanMembership()
+      .setClan(clan)
+      .setPlayer(player)));
+  }
+
   @SneakyThrows
-  Clan create(String name, String tag, String description, Player creator) {
+  @Transactional
+  @Deprecated
+    // use preCreate instead
+  Clan create(String name, String tag, String description) {
+    Player creator = playerService.getCurrentPlayer();
+
     if (creator.getClanMembership() != null) {
-      throw new ApiException(new Error(ErrorCode.CLAN_CREATE_FOUNDER_IS_IN_A_CLAN));
+      throw ApiException.of(ErrorCode.CLAN_CREATE_FOUNDER_IS_IN_A_CLAN);
     }
     if (clanRepository.findOneByName(name).isPresent()) {
-      throw new ApiException(new Error(ErrorCode.CLAN_NAME_EXISTS, name));
+      throw ApiException.of(ErrorCode.CLAN_NAME_EXISTS, name);
     }
     if (clanRepository.findOneByTag(tag).isPresent()) {
-      throw new ApiException(new Error(ErrorCode.CLAN_TAG_EXISTS, tag));
+      throw ApiException.of(ErrorCode.CLAN_TAG_EXISTS, tag);
     }
 
     Clan clan = new Clan();
@@ -70,16 +104,18 @@ Clan create(String name, String tag, String description, Player creator) {
   }
 
   @SneakyThrows
-  String generatePlayerInvitationToken(Player requester, int newMemberId, int clanId) {
+  @Transactional
+  String generatePlayerInvitationToken(int newMemberId, int clanId) {
+    Player requester = playerService.getCurrentPlayer();
+
     Clan clan = clanRepository.findById(clanId)
       .orElseThrow(() -> new ApiException(new Error(ErrorCode.CLAN_NOT_EXISTS, clanId)));
 
     if (!requester.getId().equals(clan.getLeader().getId())) {
-      throw new ApiException(new Error(ErrorCode.CLAN_NOT_LEADER, clanId));
+      throw ApiException.of(ErrorCode.CLAN_NOT_LEADER, clanId);
     }
 
-    Player newMember = playerRepository.findById(newMemberId)
-      .orElseThrow(() -> new ApiException(new Error(ErrorCode.CLAN_GENERATE_LINK_PLAYER_NOT_FOUND, newMemberId)));
+    Player newMember = playerService.getById(newMemberId);
 
     long expire = Instant.now()
       .plus(fafApiProperties.getClan().getInviteLinkExpireDurationMinutes(), ChronoUnit.MINUTES)
@@ -92,28 +128,26 @@ String generatePlayerInvitationToken(Player requester, int newMemberId, int clan
   }
 
   @SneakyThrows
-  void acceptPlayerInvitationToken(String stringToken, Authentication authentication) {
-    String decodedToken = jwtService.decodeAndVerify(stringToken);
-    InvitationResult invitation = objectMapper.readValue(decodedToken, InvitationResult.class);
+  void acceptPlayerInvitationToken(String stringToken) {
+    Jwt token = jwtService.decodeAndVerify(stringToken);
+    InvitationResult invitation = objectMapper.readValue(token.getClaims(), InvitationResult.class);
 
     if (invitation.isExpired()) {
-      throw new ApiException(new Error(ErrorCode.CLAN_ACCEPT_TOKEN_EXPIRE));
+      throw ApiException.of(ErrorCode.CLAN_ACCEPT_TOKEN_EXPIRE);
     }
 
     final Integer clanId = invitation.clan().id();
-    Player player = playerService.getPlayer(authentication);
+    Player player = playerService.getCurrentPlayer();
     Clan clan = clanRepository.findById(clanId)
       .orElseThrow(() -> new ApiException(new Error(ErrorCode.CLAN_NOT_EXISTS, clanId)));
 
-    Player newMember = playerRepository.findById(invitation.newMember().id())
-      .orElseThrow(() -> new ProgrammingError("ClanMember does not exist: " + invitation.newMember().id()));
-
+    Player newMember = playerService.getById(invitation.newMember().getId());
 
     if (!Objects.equals(player.getId(), newMember.getId())) {
-      throw new ApiException(new Error(ErrorCode.CLAN_ACCEPT_WRONG_PLAYER));
+      throw ApiException.of(ErrorCode.CLAN_ACCEPT_WRONG_PLAYER);
     }
     if (newMember.getClan() != null) {
-      throw new ApiException(new Error(ErrorCode.CLAN_ACCEPT_PLAYER_IN_A_CLAN));
+      throw ApiException.of(ErrorCode.CLAN_ACCEPT_PLAYER_IN_A_CLAN);
     }
 
     ClanMembership membership = new ClanMembership();

src/main/java/com/faforever/api/clan/ClansController.java

@@ -11,15 +11,12 @@
 import io.swagger.annotations.ApiResponses;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
-import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.io.IOException;
 import java.io.Serializable;
 import java.util.Map;
 
@@ -40,8 +37,9 @@ public class ClansController {
     @ApiResponse(code = 200, message = "Success with JSON { player: {id: ?, login: ?}, clan: { id: ?, name: ?, tag: ?}}"),
     @ApiResponse(code = 400, message = "Bad Request")})
   @GetMapping(path = "/me", produces = APPLICATION_JSON_VALUE)
-  public MeResult me(Authentication authentication) {
-    Player player = playerService.getPlayer(authentication);
+  @Deprecated // use regular /me route instead
+  public MeResult me() {
+    Player player = playerService.getCurrentPlayer();
 
     Clan clan = player.getClan();
     ClanResult clanResult = null;
@@ -59,13 +57,11 @@ public MeResult me(Authentication authentication) {
     @ApiResponse(code = 400, message = "Bad Request")})
   @PostMapping(path = "/create", produces = APPLICATION_JSON_VALUE)
   @PreAuthorize("hasRole('ROLE_USER')")
-  @Transactional
+  @Deprecated // use POST /data/clans instead (with a founder in relationships)
   public Map<String, Serializable> createClan(@RequestParam(value = "name") String name,
                                               @RequestParam(value = "tag") String tag,
-                                              @RequestParam(value = "description", required = false) String description,
-                                              Authentication authentication) throws IOException {
-    Player player = playerService.getPlayer(authentication);
-    Clan clan = clanService.create(name, tag, description, player);
+                                              @RequestParam(value = "description", required = false) String description) {
+    Clan clan = clanService.create(name, tag, description);
     return Map.of("id", clan.getId(), "type", "clan");
   }
 
@@ -76,19 +72,14 @@ public Map<String, Serializable> createClan(@RequestParam(value = "name") String
   @GetMapping(path = "/generateInvitationLink", produces = APPLICATION_JSON_VALUE)
   public Map<String, Serializable> generateInvitationLink(
     @RequestParam(value = "clanId") int clanId,
-    @RequestParam(value = "playerId") int newMemberId,
-    Authentication authentication) throws IOException {
-    Player player = playerService.getPlayer(authentication);
-    String jwtToken = clanService.generatePlayerInvitationToken(player, newMemberId, clanId);
+    @RequestParam(value = "playerId") int newMemberId) {
+    String jwtToken = clanService.generatePlayerInvitationToken(newMemberId, clanId);
     return Map.of("jwtToken", jwtToken);
   }
 
-  @ApiOperation("Check invitation link and add Member to Clan")
+  @ApiOperation("Check invitation link and add member to Clan")
   @PostMapping(path = "/joinClan", produces = APPLICATION_JSON_VALUE)
-  @Transactional
-  public void joinClan(
-    @RequestParam(value = "token") String stringToken,
-    Authentication authentication) throws IOException {
-    clanService.acceptPlayerInvitationToken(stringToken, authentication);
+  public void joinClan(@RequestParam(value = "token") String stringToken) {
+    clanService.acceptPlayerInvitationToken(stringToken);
   }
 }

src/main/java/com/faforever/api/data/domain/Clan.java

@@ -46,8 +46,8 @@ public class Clan extends AbstractEntity<Clan> implements OwnableEntity {
   private String description;
   private String tagColor;
   private String websiteUrl;
+  private Boolean requiresInvitation = Boolean.TRUE;
   private Set<ClanMembership> memberships;
-  private Boolean requiresInvitation;
 
   @Column(name = "name")
   @NotNull

src/main/java/com/faforever/api/data/listeners/ClanEnricherListener.java

@@ -1,20 +1,31 @@
 package com.faforever.api.data.listeners;
 
+import com.faforever.api.clan.ClanService;
 import com.faforever.api.config.FafApiProperties;
 import com.faforever.api.data.domain.Clan;
 import org.springframework.stereotype.Component;
 
 import jakarta.inject.Inject;
 import jakarta.persistence.PostLoad;
+import jakarta.persistence.PrePersist;
 
 @Component
 public class ClanEnricherListener {
 
   private static FafApiProperties fafApiProperties;
+  private static ClanService clanService;
 
   @Inject
-  public void init(FafApiProperties fafApiProperties) {
+  public void init(FafApiProperties fafApiProperties, ClanService clanService) {
     ClanEnricherListener.fafApiProperties = fafApiProperties;
+    ClanEnricherListener.clanService = clanService;
+  }
+
+  @PrePersist
+  public void prePersist(Clan clan) {
+    if (clan.getId() == null) {
+      clanService.preCreate(clan);
+    }
   }
 
   @PostLoad

src/main/java/com/faforever/api/error/ErrorCode.java

@@ -61,7 +61,7 @@ public enum ErrorCode {
   CLAN_ACCEPT_PLAYER_IN_A_CLAN(152, "Player is in a clan", "You are already in a clan"),
   CLAN_NOT_LEADER(153, "You Permission", "You are not the leader of the clan"),
   CLAN_NOT_EXISTS(154, "Cannot find Clan", "Clan with id {0, number} is not available"),
-  CLAN_GENERATE_LINK_PLAYER_NOT_FOUND(155, "Player not found", "Cannot find player with id {0, number} who should be invited to the clan"),
+  PLAYER_NOT_FOUND(155, "Player not found", "Cannot find player with id {0, number}."),
   CLAN_NAME_EXISTS(156, "Clan Name already in use", "The clan name ''{0}'' is already in use. Please choose a different clan name."),
   CLAN_TAG_EXISTS(157, "Clan Tag already in use", "The clan tag ''{0}'' is already in use. Please choose a different clan tag."),
   VALIDATION_FAILED(158, "Validation failed", "{0}"),
@@ -117,6 +117,7 @@ public enum ErrorCode {
   LESS_PERMISSIVE_LICENSE(207, "Less permissive license", "New license is less permissive than current license."),
   MALFORMED_URL(208, "Malformed URL", "Provided url ''{0}'' is malformed."),
   NOT_ALLOWED_URL_HOST(209, "URL host not allowed", "Provided URL's host is not allowed. URL: ''{0}'', allowed hosts: ''{1}''."),
+  CLAN_INVALID_FOUNDER(210, "Invalid clan founder", "If you create a clan you must be the founder of it."),
   ;
 
 

src/main/java/com/faforever/api/player/PlayerService.java

@@ -2,31 +2,32 @@
 
 import com.faforever.api.data.domain.Player;
 import com.faforever.api.error.ApiException;
-import com.faforever.api.error.Error;
 import com.faforever.api.error.ErrorCode;
 import com.faforever.api.security.FafAuthenticationToken;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
-import static com.faforever.api.error.ErrorCode.TOKEN_INVALID;
 
 @Service
 @RequiredArgsConstructor
 public class PlayerService {
 
   private final PlayerRepository playerRepository;
 
-  public Player getPlayer(Authentication authentication) {
+  public Player getPlayer() {
+    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
     if (authentication instanceof FafAuthenticationToken fafAuthenticationToken) {
       return playerRepository.findById((fafAuthenticationToken.getUserId()))
-        .orElseThrow(() -> new ApiException(new Error(TOKEN_INVALID)));
+        .orElseThrow(() -> ApiException.of(ErrorCode.TOKEN_INVALID));
     }
-    throw new ApiException(new Error(TOKEN_INVALID));
+    throw ApiException.of(ErrorCode.TOKEN_INVALID);
   }
 
   public Player getById(Integer playerId) {
     return playerRepository.findById(playerId)
-      .orElseThrow(() -> new ApiException(new Error(ErrorCode.ENTITY_NOT_FOUND, playerId)));
+      .orElseThrow(() -> ApiException.of(ErrorCode.PLAYER_NOT_FOUND, playerId));
   }
 }

src/main/java/com/faforever/api/voting/VotingController.java

@@ -9,7 +9,6 @@
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -31,14 +30,14 @@ public class VotingController {
   @ApiOperation(value = "Post a vote")
   @PreAuthorize("hasScope('" + OAuthScope._VOTE + "')")
   @RequestMapping(path = "/vote", method = RequestMethod.POST, produces = JsonApiMediaType.JSON_API_MEDIA_TYPE)
-  public void postVote(@RequestBody Vote vote, Authentication authentication) {
-    votingService.saveVote(vote, playerService.getPlayer(authentication));
+  public void postVote(@RequestBody Vote vote) {
+    votingService.saveVote(vote, playerService.getCurrentPlayer());
   }
 
   @ApiOperation(value = "See if user can vote on a subject")
   @RequestMapping(path = "/votingSubjectsAbleToVote", method = RequestMethod.GET, produces = JsonApiMediaType.JSON_API_MEDIA_TYPE)
-  public void votingSubjectsAbleTo(HttpServletResponse response, Authentication authentication, HttpServletRequest request) throws IOException {
-    List<VotingSubject> votingSubjects = votingService.votingSubjectsAbleToVote(playerService.getPlayer(authentication));
+  public void votingSubjectsAbleTo(HttpServletResponse response, HttpServletRequest request) throws IOException {
+    List<VotingSubject> votingSubjects = votingService.votingSubjectsAbleToVote(playerService.getCurrentPlayer());
     redirectToFilteredVotingSubjects(response, votingSubjects, request);
   }