/site/events: add interface for viewing suspicious activity.

Fix #248

Author: cssru

src/main/java/ru/mystamps/web/Url.java

@@ -38,6 +38,8 @@ public final class Url {
 	public static final String ROBOTS_TXT            = "/robots.txt";
 	public static final String SITEMAP_XML           = "/sitemap.xml";
 
+	public static final String SITE_EVENTS_PAGE      = "/site/events";
+	
 	public static final String REGISTRATION_PAGE     = "/account/register";
 
 	public static final String AUTHENTICATION_PAGE   = "/account/auth";
@@ -124,6 +126,7 @@ public static Map<String, String> asMap(boolean serveContentFromSingleHost) {
 		map.put("INFO_COUNTRY_PAGE", INFO_COUNTRY_PAGE);
 		map.put("LIST_COUNTRIES_PAGE", LIST_COUNTRIES_PAGE);
 		map.put("INFO_COLLECTION_PAGE", INFO_COLLECTION_PAGE);
+		map.put("SITE_EVENTS_PAGE", SITE_EVENTS_PAGE);
 		map.put("BOOTSTRAP_LANGUAGE", BOOTSTRAP_LANGUAGE);
 
 		if (serveContentFromSingleHost) {

src/main/java/ru/mystamps/web/config/ControllersConfig.java

@@ -100,7 +100,8 @@ public SiteController getSiteController() {
 			servicesConfig.getCategoryService(),
 			servicesConfig.getCollectionService(),
 			servicesConfig.getCountryService(),
-			servicesConfig.getSeriesService()
+			servicesConfig.getSeriesService(),
+			servicesConfig.getSuspiciousActivityService()
 		);
 	}
 

src/main/java/ru/mystamps/web/config/ServicesConfig.java

@@ -58,6 +58,11 @@ public class ServicesConfig {
 	@Autowired
 	private MessageSource messageSource;
 
+	@Bean
+	public SuspiciousActivityService getSuspiciousActivityService() {
+		return new SuspiciousActivityServiceImpl(daoConfig.getSuspiciousActivityDao());
+	}
+
 	@Bean
 	public CountryService getCountryService() {
 		return new CountryServiceImpl(daoConfig.getJdbcCountryDao());

src/main/java/ru/mystamps/web/controller/SiteController.java

@@ -30,6 +30,7 @@
 import ru.mystamps.web.service.CollectionService;
 import ru.mystamps.web.service.CountryService;
 import ru.mystamps.web.service.SeriesService;
+import ru.mystamps.web.service.SuspiciousActivityService;
 import ru.mystamps.web.util.LocaleUtils;
 
 @Controller
@@ -43,6 +44,7 @@ public class SiteController {
 	private final CollectionService collectionService;
 	private final CountryService countryService;
 	private final SeriesService seriesService;
+	private final SuspiciousActivityService suspiciousActivityService;
 
 	@RequestMapping(Url.INDEX_PAGE)
 	public String showIndexPage(Model model, Locale userLocale) {
@@ -66,4 +68,15 @@ public String showIndexPage(Model model, Locale userLocale) {
 		return "site/index";
 	}
 
+	/**
+	 * @author Sergey Chechenev
+	 */
+	@RequestMapping(Url.SITE_EVENTS_PAGE)
+	public void viewSiteEvents(Model model) {
+		model.addAttribute(
+			"activities",
+			suspiciousActivityService.findSuspiciousActivities()
+		);
+	}
+	
 }

src/main/java/ru/mystamps/web/dao/SuspiciousActivityDao.java

@@ -17,8 +17,12 @@
  */
 package ru.mystamps.web.dao;
 
+import java.util.List;
+
 import ru.mystamps.web.dao.dto.AddSuspiciousActivityDbDto;
+import ru.mystamps.web.dao.dto.SuspiciousActivityDto;
 
 public interface SuspiciousActivityDao {
 	void add(AddSuspiciousActivityDbDto activity);
+	List<SuspiciousActivityDto> findAll();
 }

src/main/java/ru/mystamps/web/dao/dto/SuspiciousActivityDto.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2009-2016 Slava Semushin <slava.semushin@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package ru.mystamps.web.dao.dto;
+
+import java.util.Date;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+/**
+ * @author Sergey Chechenev
+ */
+@Getter
+@RequiredArgsConstructor
+public class SuspiciousActivityDto {
+	private final String type;
+	private final Date occurredAt;
+	private final String page;
+	private final String method;
+	private final String userLogin;
+	private final String ip;
+	private final String refererPage;
+	private final String userAgent;
+}

src/main/java/ru/mystamps/web/dao/impl/JdbcSuspiciousActivityDao.java

@@ -17,7 +17,9 @@
  */
 package ru.mystamps.web.dao.impl;
 
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import org.apache.commons.lang3.Validate;
@@ -29,6 +31,7 @@
 
 import ru.mystamps.web.dao.SuspiciousActivityDao;
 import ru.mystamps.web.dao.dto.AddSuspiciousActivityDbDto;
+import ru.mystamps.web.dao.dto.SuspiciousActivityDto;
 
 @RequiredArgsConstructor
 public class JdbcSuspiciousActivityDao implements SuspiciousActivityDao {
@@ -38,6 +41,9 @@ public class JdbcSuspiciousActivityDao implements SuspiciousActivityDao {
 	@Value("${suspicious_activity.create}")
 	private String addSuspiciousActivitySql;
 
+	@Value("${suspicious_activity.find_all}")
+	private String findAllSuspiciousActivitiesSql;
+	
 	@Override
 	public void add(AddSuspiciousActivityDbDto activity) {
 		Map<String, Object> params = new HashMap<>();
@@ -62,4 +68,16 @@ public void add(AddSuspiciousActivityDbDto activity) {
 		);
 	}
 
+	/**
+	 * @author Sergey Chechenev
+	 */
+	@Override
+	public List<SuspiciousActivityDto> findAll() {
+		return jdbcTemplate.query(
+			findAllSuspiciousActivitiesSql,
+			Collections.emptyMap(),
+			RowMappers::forSuspiciousActivityDto
+		);
+	}
+	
 }

src/main/java/ru/mystamps/web/dao/impl/RowMappers.java

@@ -20,9 +20,11 @@
 import java.math.BigDecimal;
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.util.Date;
 
 import ru.mystamps.web.dao.dto.CollectionInfoDto;
 import ru.mystamps.web.dao.dto.SeriesFullInfoDto;
+import ru.mystamps.web.dao.dto.SuspiciousActivityDto;
 import ru.mystamps.web.dao.dto.UsersActivationDto;
 import ru.mystamps.web.dao.dto.UsersActivationFullDto;
 import ru.mystamps.web.service.dto.LinkEntityDto;
@@ -31,7 +33,7 @@
 import ru.mystamps.web.service.dto.SitemapInfoDto;
 import ru.mystamps.web.service.dto.UrlEntityDto;
 
-@SuppressWarnings("PMD.AvoidDuplicateLiterals")
+@SuppressWarnings({ "PMD.AvoidDuplicateLiterals", "PMD.TooManyMethods" })
 final class RowMappers {
 
 	private RowMappers() {
@@ -158,7 +160,33 @@ public static SeriesFullInfoDto forSeriesFullInfoDto(ResultSet rs, int i) throws
 		);
 	}
 
+	/**
+	 * @author Sergey Chechenev
+	 */
 	// CheckStyle: ignore LineLength for next 1 line
+	public static SuspiciousActivityDto forSuspiciousActivityDto(ResultSet rs, int i) throws SQLException {
+		String type        = rs.getString("activity_name");
+		Date occurredAt    = rs.getTimestamp("occurred_at");
+		String page        = rs.getString("page");
+		String method      = rs.getString("method");
+		String userLogin   = rs.getString("user_login");
+		String ip          = rs.getString("ip");
+		String refererPage = rs.getString("referer_page");
+		String userAgent   = rs.getString("user_agent");
+		
+		return new SuspiciousActivityDto(
+			type,
+			occurredAt,
+			page,
+			method,
+			userLogin,
+			ip,
+			refererPage,
+			userAgent
+		);
+	}
+		
+		// CheckStyle: ignore LineLength for next 1 line
 	public static UsersActivationDto forUsersActivationDto(ResultSet rs, int i) throws SQLException {
 		return new UsersActivationDto(
 			rs.getString("email"),

src/main/java/ru/mystamps/web/service/SuspiciousActivityService.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2009-2016 Slava Semushin <slava.semushin@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package ru.mystamps.web.service;
+
+import java.util.List;
+
+import ru.mystamps.web.dao.dto.SuspiciousActivityDto;
+
+/**
+ * @author Sergey Chechenev
+ */
+public interface SuspiciousActivityService {
+	List<SuspiciousActivityDto> findSuspiciousActivities();
+}

src/main/java/ru/mystamps/web/service/SuspiciousActivityServiceImpl.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2009-2016 Slava Semushin <slava.semushin@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package ru.mystamps.web.service;
+
+import java.util.List;
+
+import org.springframework.transaction.annotation.Transactional;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import lombok.RequiredArgsConstructor;
+
+import ru.mystamps.web.dao.SuspiciousActivityDao;
+import ru.mystamps.web.dao.dto.SuspiciousActivityDto;
+
+/**
+ * @author Sergey Chechenev
+ */
+@RequiredArgsConstructor
+public class SuspiciousActivityServiceImpl implements SuspiciousActivityService {
+	private final SuspiciousActivityDao suspiciousActivityDao;
+	
+	@Override
+	@Transactional(readOnly = true)
+	@PreAuthorize("hasAuthority('VIEW_SITE_EVENTS')")
+	public List<SuspiciousActivityDto> findSuspiciousActivities() {
+		return suspiciousActivityDao.findAll();
+	}
+}

src/main/java/ru/mystamps/web/support/spring/security/CustomUserDetailsService.java

@@ -77,6 +77,7 @@ private static Collection<? extends GrantedAuthority> getAuthorities(User user)
 			authorities.add(new SimpleGrantedAuthority("CREATE_CATEGORY"));
 			authorities.add(new SimpleGrantedAuthority("CREATE_COUNTRY"));
 			authorities.add(new SimpleGrantedAuthority("ADD_COMMENTS_TO_SERIES"));
+			authorities.add(new SimpleGrantedAuthority("VIEW_SITE_EVENTS"));
 
 			// gives access to Togglz web console
 			authorities.add(new SimpleGrantedAuthority("CHANGE_FEATURES"));

src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java

@@ -69,6 +69,7 @@ protected void configure(HttpSecurity http) throws Exception {
 				.antMatchers(Url.ADD_CATEGORY_PAGE).hasAuthority("CREATE_CATEGORY")
 				.antMatchers(Url.ADD_COUNTRY_PAGE).hasAuthority("CREATE_COUNTRY")
 				.antMatchers(Url.ADD_SERIES_PAGE).hasAuthority("CREATE_SERIES")
+				.antMatchers(Url.SITE_EVENTS_PAGE).hasAuthority("VIEW_SITE_EVENTS")
 				.regexMatchers(HttpMethod.POST, "/series/[0-9]+")
 					.hasAnyAuthority("UPDATE_COLLECTION", "ADD_IMAGES_TO_SERIES")
 				.anyRequest().permitAll()

src/main/java/ru/mystamps/web/support/togglz/Features.java

@@ -40,6 +40,10 @@ public enum Features implements Feature {
 	@EnabledByDefault
 	SHOW_SEARCH_PANEL_ON_INDEX_PAGE,
 
+	@Label("View site events")
+	@EnabledByDefault
+	VIEW_SITE_EVENTS,
+	
 	@Label("Show statistics of collection on collection page")
 	@EnabledByDefault
 	SHOW_COLLECTION_STATISTICS,

src/main/resources/ru/mystamps/i18n/Messages.properties

@@ -29,6 +29,22 @@ t_site_author_name = Slava Semushin
 t_site_author_email = slava.semushin@gmail.com
 t_write_email = Write e-mail
 
+# site/events.html
+t_suspicious_activities = suspicious activities
+t_no_suspicious_activities_found = No suspicious activities found
+t_type = Type
+t_occurred = Date
+t_page = Page
+t_method = Method
+t_user_login = Login
+t_ip = IP
+t_referer_page = Referer page
+t_user_agent = User agent
+t_invalid_csrf_token = Invalid CSRF token
+t_missing_csrf_token = Missing CSRF token
+t_page_not_found = Page not found
+t_auth_failed = Authentication failed
+
 # site/index.html
 t_index_title = create your own virtual collection!
 t_you_may = You may
@@ -47,6 +63,7 @@ t_number = Number
 t_example = Example
 t_catalog = Catalog
 t_search = Search
+t_watch_suspicious_activities = view suspicious activities
 
 # account/register.html
 t_registration_on_site = Register on site

src/main/resources/ru/mystamps/i18n/Messages_ru.properties

@@ -29,6 +29,22 @@ t_site_author_name = Слава Семушин
 t_site_author_email = slava.semushin@gmail.com
 t_write_email = Написать письмо
 
+# site/events.html
+t_suspicious_activities = подозрительная активность
+t_no_suspicious_activities_found = Подозрительная активность не обнаружена
+t_type = Тип
+t_occurred = Дата
+t_page = Страница
+t_method = Метод
+t_user_login = Логин
+t_ip = IP
+t_referer_page = Ссылающаяся страница
+t_user_agent = Браузер
+t_invalid_csrf_token = Неверный CSRF токен
+t_missing_csrf_token = Несуществующий CSRF токен
+t_page_not_found = Страница не найдена
+t_auth_failed = Неверный логин/пароль
+
 # site/index.html
 t_index_title = создай свою виртуальную коллекцию!
 t_you_may = Вы можете
@@ -47,6 +63,7 @@ t_number = Номер
 t_example = Пример
 t_catalog = Каталог
 t_search = Найти
+t_watch_suspicious_activities = посмотреть подозрительные события
 
 # account/register.html
 t_registration_on_site = Регистрация на сайте