From d0d96b959cfafc8e0c043c1de3fc8ae2f9ffa1f2 Mon Sep 17 00:00:00 2001
From: Gregory Rudolph <rudi@nightmare.haus>
Date: Mon, 28 Sep 2020 14:14:00 -0400
Subject: [PATCH] Basic authentication using static sha256 password. TODO:
 Update for MariaDB

---
 src/main/java/MTGClone/SQLDriver.java         | 22 ++++++++++++++++++-
 .../MTGClone/controller/CardController.java   | 10 +++++----
 src/main/webapp/WEB-INF/jsp/card.jsp          |  5 +++++
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/src/main/java/MTGClone/SQLDriver.java b/src/main/java/MTGClone/SQLDriver.java
index 575c631..cdf48ba 100644
--- a/src/main/java/MTGClone/SQLDriver.java
+++ b/src/main/java/MTGClone/SQLDriver.java
@@ -1,5 +1,6 @@
 package MTGClone;
 
+import java.security.MessageDigest;
 import java.sql.*;
 import java.util.*;
 
@@ -16,7 +17,26 @@ public class SQLDriver {
         }
         return true;
     }
-
+    public boolean authenticateUser(String username, String password) {
+        return sha256(password).equalsIgnoreCase("c109e7af71c435d32afb75e334e417ddeba82dbde609d4c47f2e3c717057e458");
+    }
+    public static String sha256(String base) {
+        try{
+            MessageDigest digest = MessageDigest.getInstance("SHA-256");
+            byte[] hash = digest.digest(base.getBytes("UTF-8"));
+            StringBuffer hexString = new StringBuffer();
+    
+            for (int i = 0; i < hash.length; i++) {
+                String hex = Integer.toHexString(0xff & hash[i]);
+                if(hex.length() == 1) hexString.append('0');
+                hexString.append(hex);
+            }
+    
+            return hexString.toString();
+        } catch(Exception ex){
+           throw new RuntimeException(ex);
+        }
+    }
     public Card getRandomCard() {
         try {
             c = DriverManager.getConnection("jdbc:sqlite:cards.db");
diff --git a/src/main/java/MTGClone/controller/CardController.java b/src/main/java/MTGClone/controller/CardController.java
index ee8759c..a44f71e 100644
--- a/src/main/java/MTGClone/controller/CardController.java
+++ b/src/main/java/MTGClone/controller/CardController.java
@@ -24,10 +24,12 @@ public class CardController {
     @PostMapping({"/card"})
     public String greet(@RequestParam("cardname") String cardname, @RequestParam("manacost") int manacost, 
     @RequestParam("power") int power, @RequestParam("toughness") int toughness, @RequestParam("description") String description, @RequestParam("creaturetype") String creaturetype,
-    ModelMap modelMap) {
-      Card newCard = new Card(cardname, manacost, power, toughness, description, "", creaturetype);
-      SQLDriver d = new SQLDriver();
-      d.insertCard(newCard);
+    @RequestParam("username") String username, @RequestParam("password") String password, ModelMap modelMap) {
+        SQLDriver d = new SQLDriver();
+        if (d.authenticateUser(username, password)) {
+            Card newCard = new Card(cardname, manacost, power, toughness, description, "", creaturetype);
+            d.insertCard(newCard);
+        }        
         return "card";
     }
     
diff --git a/src/main/webapp/WEB-INF/jsp/card.jsp b/src/main/webapp/WEB-INF/jsp/card.jsp
index aa4663f..2e8d57c 100644
--- a/src/main/webapp/WEB-INF/jsp/card.jsp
+++ b/src/main/webapp/WEB-INF/jsp/card.jsp
@@ -42,6 +42,11 @@ table, td, th{
         <input type="text" id="description" name="description"><br>
         <label for="creaturetype">Creature Type:</label>
         <input type="text" id="creaturetype" name="creaturetype"><br>
+        <label for="username">Username:</label>
+        <input type="text" id="username" name="username"><br>
+        <label for="password">Password:</label>
+        <input type="password" id="password" name="password"><br>
+        
         <br> <input style="width:30%;display:block;margin:0 auto;" type="submit" value="Submit">
       </form>
       </div>