FetchAPI/src/main/java/dev/alexzaw/fetchapi/AuthenticationService.java

package dev.alexzaw.fetchapi;

import com.ibm.as400.access.AS400;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;

public class AuthenticationService {
    private static final Logger logger = Logger.getLogger(AuthenticationService.class.getName());
    private Properties configProps;
    private Properties APITokens;
    
    public AuthenticationService(Properties configProps, Properties APITokens) {
        this.configProps = configProps;
        this.APITokens = APITokens;
    }
    
    public boolean authenticate(HttpServletRequest req) {
        String userId = req.getParameter("userId");
        String password = req.getParameter("password");
        String apiToken = req.getParameter("apiToken");

        if ((userId == null || password == null) && apiToken == null) {
            logger.warning("No credentials provided");
            return false;
        }

         return userId != null && password != null
                ? authenticateWithCredentials(userId, password)
                : apiToken != null && validateApiToken(apiToken);
       
       
    }

    public boolean authenticateWithCredentials(String userId, String password) {
        AS400 system = null;
        try {
            system = new AS400(
                configProps.getProperty("db.server"),
                userId,
                password
            );
            system.validateSignon();
            logger.info("User authenticated successfully: " + userId);
            return true;
        } catch (Exception e) {
            logger.log(Level.WARNING, "Authentication failed", e);
            return false;
        } finally {
            if (system != null) {
                system.disconnectAllServices();
            }
        }
    }

    public boolean validateApiToken(String tokenToValidate) {
        try {
            String decodedToken = Utils.decodeBase64(tokenToValidate);
            String[] parts = decodedToken.split(":");

            if (parts.length != 2) {
                logger.warning("Invalid token format");
                return false;
            }

            String identifier = parts[0];
            String uuid = parts[1];
            String validToken = APITokens.getProperty(identifier);

            if (validToken == null || validToken.trim().isEmpty()) {
                logger.warning("No API token configured for: " + identifier);
                return false;
            }

            if (validToken.equals(uuid)) {
                logger.info("API token validated for: " + identifier);
                return true;
            }

            logger.warning("Invalid token attempted for: " + identifier);
            return false;
        } catch (Exception e) {
            logger.log(Level.SEVERE, "Error validating API token", e);
            return false;
        }
    }
}