From 65f44a9394e7179d3074e226cf78fa704a07ecef Mon Sep 17 00:00:00 2001
From: Christian Schneider <mail@Christian-Schneider.net>
Date: Fri, 16 Jun 2023 18:15:56 +0200
Subject: [PATCH] unregistered runners endpoint

---
 pom.xml                                       | 12 ++++++++
 .../demo/action/EditRunnerPhotoAction.java    | 18 +++++++++++
 src/main/java/demo/dao/RunnerDAO.java         |  8 +++++
 .../java/demo/service/MarathonService.java    | 30 +++++++++++++++++--
 .../webapp/WEB-INF/pages/editRunnerPhoto.jsp  | 26 ++++++++++++++++
 5 files changed, 91 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 93f3995..76373ac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -78,6 +78,18 @@
                         <artifactId>batik-transcoder</artifactId>
                         <version>1.6</version>
                 </dependency>
+		<!--
+                <dependency>
+                        <groupId>batik</groupId>
+                        <artifactId>batik-rasterizer</artifactId>
+                        <version>1.6</version>
+                </dependency>
+                <dependency>
+						<groupId>xml-apis</groupId>
+						<artifactId>xml-apis</artifactId>
+						<version>1.4.01</version>
+                </dependency>
+		-->
 		<dependency>
 			<groupId>org.owasp.encoder</groupId>
 			<artifactId>encoder</artifactId>
diff --git a/src/main/java/demo/action/EditRunnerPhotoAction.java b/src/main/java/demo/action/EditRunnerPhotoAction.java
index 4f15655..5a8f5c9 100644
--- a/src/main/java/demo/action/EditRunnerPhotoAction.java
+++ b/src/main/java/demo/action/EditRunnerPhotoAction.java
@@ -1,11 +1,16 @@
 package demo.action;
 
+import java.sql.Connection;
 import java.sql.SQLException;
 
 import javax.naming.NamingException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import demo.dao.DAOUtils;
+import demo.dao.RunnerDAO;
+import demo.form.RunnerForm;
+import demo.pojo.Runner;
 import org.apache.struts.action.Action;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
@@ -18,7 +23,20 @@ public class EditRunnerPhotoAction extends Action {
 	@Override
 	public ActionForward execute(ActionMapping mapping, ActionForm form,
 			HttpServletRequest request, HttpServletResponse response) throws SQLException, NamingException {
+		String runnerUsername = request.getUserPrincipal().getName();
 
+		final Runner runner;
+
+		Connection connection = null;
+		try {
+			connection = DAOUtils.getConnection();
+			RunnerDAO runnerDAO = new RunnerDAO(connection);
+			runner = runnerDAO.loadRunnerByName(runnerUsername);
+		} finally {
+			if (connection != null) connection.close();
+		}
+
+		request.setAttribute("runner", runner);
 		return mapping.findForward(FORWARD_editRunnerPhoto);
 	}
 
diff --git a/src/main/java/demo/dao/RunnerDAO.java b/src/main/java/demo/dao/RunnerDAO.java
index ab93ebe..e23ca6b 100644
--- a/src/main/java/demo/dao/RunnerDAO.java
+++ b/src/main/java/demo/dao/RunnerDAO.java
@@ -212,4 +212,12 @@ public List<Runner> getRunnersNotRegisteredOnAnyDiscipline() throws SQLException
 		return runners;
 	}
 
+	public boolean removeRunnerPhoto(String runnerId) throws SQLException {
+		String sql = "UPDATE runner SET photo_name = 'default.png' WHERE id = ?";
+		try (PreparedStatement statement = connection.prepareStatement(sql)) {
+			statement.setString(1, runnerId);
+			int rowsAffected = statement.executeUpdate();
+			return rowsAffected > 0;
+		}
+	}
 }
diff --git a/src/main/java/demo/service/MarathonService.java b/src/main/java/demo/service/MarathonService.java
index 0918aff..2ca99ea 100644
--- a/src/main/java/demo/service/MarathonService.java
+++ b/src/main/java/demo/service/MarathonService.java
@@ -159,8 +159,7 @@ public void write(OutputStream output) throws IOException, WebApplicationExcepti
     @GET
     @Path("/unregistered") // --> /marathon/rest/runners/unregistered
     public Response getUnregisteredRunners(@Context HttpServletRequest request) throws Exception {
-        String sessionCookie = getSessionCookie(request);
-        if (!isValidSession(request, sessionCookie, true)) {
+        if (!isValidSession(request, true)) {
             return Response.status(Response.Status.UNAUTHORIZED).build();
         }
 
@@ -177,6 +176,30 @@ public Response getUnregisteredRunners(@Context HttpServletRequest request) thro
         return Response.status(200).entity(runners).type(MediaType.APPLICATION_JSON).build();
     }
 
+    @DELETE
+    @Path("/{runnerId}/photo")
+    public Response deleteRunnerPhoto(@Context HttpServletRequest request, @PathParam("runnerId") String runnerId) throws Exception {
+        if (!isValidSession(request, true)) {
+            return Response.status(Response.Status.UNAUTHORIZED).build();
+        }
+
+        Connection connection = null;
+        try {
+            connection = DAOUtils.getConnection();
+            RunnerDAO runnerDAO = new RunnerDAO(connection);
+
+            boolean success = runnerDAO.removeRunnerPhoto(runnerId);
+            if (success) {
+                return Response.status(Response.Status.NO_CONTENT).build(); // 204 No Content response if the photo was deleted
+            } else {
+                return Response.status(Response.Status.NOT_FOUND).build(); // 404 Not Found if there was no photo to delete
+            }
+
+        } finally {
+            if (connection != null) connection.close();
+        }
+    }
+
     private String getSessionCookie(HttpServletRequest request) {
         // Authenticate user using session cookie
         String sessionCookie = null;
@@ -191,10 +214,11 @@ private String getSessionCookie(HttpServletRequest request) {
         return sessionCookie;
     }
 
-    private boolean isValidSession(HttpServletRequest request, String jsessionId, boolean loggedIn) {
+    private boolean isValidSession(HttpServletRequest request, boolean loggedIn) {
         if (request == null) {
             return false;
         }
+        String jsessionId = getSessionCookie(request);
         HttpSession session = request.getSession(false);
         boolean ok = session != null && jsessionId.equals(session.getId());
         if (ok && loggedIn) {
diff --git a/src/main/webapp/WEB-INF/pages/editRunnerPhoto.jsp b/src/main/webapp/WEB-INF/pages/editRunnerPhoto.jsp
index e6cddb1..612deda 100644
--- a/src/main/webapp/WEB-INF/pages/editRunnerPhoto.jsp
+++ b/src/main/webapp/WEB-INF/pages/editRunnerPhoto.jsp
@@ -70,6 +70,32 @@
    			</div>
 	    </div>
 	</div>
+
+	<input type="button" onclick="removePhoto('${runner.id}')" value="Remove Photo">
+
+	<script>
+		function removePhoto(id) {
+			var xhr = new XMLHttpRequest();
+			xhr.open("DELETE", "/marathon/rest/runners/" + id + "/photo", true);
+			xhr.onload = function () {
+				if (xhr.status == 204) {
+					console.log('Photo removed successfully.');
+					alert('Photo removed successfully.');
+				} else if (xhr.status == 404) {
+					console.log('No photo found to delete.');
+					alert('No photo found to delete.');
+				} else {
+					console.log('An error occurred: ' + xhr.status);
+					alert('An error occurred: ' + xhr.status);
+				}
+			};
+			xhr.onerror = function () {
+				console.log('Request failed.');
+				alert('Request failed.');
+			};
+			xhr.send();
+		}
+	</script>