Java server capable of asynchronously serving multiple clients. Provides API functionality (Account management, ToDos).
- Tibor Haller (@972C8)
- Marco Kaufmann (@mahgoh)
Note: No custom MVC client was created. The Client.java included is taken from the template and only serves for testing purposes.
In addition to the minimum requirements (4p), multiple optional features were implemented to enhance the server:
Type | Description | Status |
---|---|---|
Additional | Validate data on the server (0.5p) | |
Additional | Hash the passwords (0.5p) | |
Additional | Use real tokens for user logins (0.5p) | |
Additional | Save and restore data (1p) |
Not Implemented In Progress Done
Implemented according to the specifications.
MessageType | Data | Requires Token |
---|---|---|
CreateLogin |
Username , Password |
No |
Login |
Username , Password |
No |
ChangePassword |
NewPassword |
Yes |
Logout |
No | |
CreateToDo |
Title , Priority , Description |
Yes |
GetToDo |
ID |
Yes |
DeleteToDo |
ID |
Yes |
ListToDos |
Yes | |
Ping |
[Token ] |
No |
Data is an array of strings separated by |
consisting of the response data of the command. Could be the data of a single ToDo or the token provided after login.
MessageType | Data |
---|---|
Results |
Success , [Data ] |
Request data sent by the user, is validated on the server to match the requirements specified in the project description. Below the respective requirements for each attribute are listed.
Attribute | Requirements |
---|---|
mailAddress |
valid e-mail address according to RFC 5322 |
password |
3-20 characters |
Attribute | Requirements |
---|---|
ID |
unique integer - generated by system |
title |
3-20 characters |
priority |
Low , Medium or High (case insensitive) |
description |
0-255 characters |
All passwords are hashed with SHA-512 and the usage of salts. A random byte sequence (salt) is generated for each account and prepended to the raw password before being hashed with SHA-512. This prevents the simple comparison of hashes (with hash tables) to "decrypt" passwords. Therefore, two users with the same password do not have the same password hash, as they have different salts. On login, the user input (password) is hashed with the same salt and this temporary hash is then compared to the one stored in the account.
Every time the user performs a login, a random hexadecimal string (token) is generated, stored in the session and sent back to the user. For each subsequent request, the user has to provide the token which is compared to the token stored in the session. If valid, the commands are executed.
- Based on GsonUtility written by us
- Main code found in ReadWriteData.java
- Data (Accounts + ToDos) is automatically read from disk on server start
- Data is automatically exported on given time interval (every 5 minutes)
- Data is also exported on user logout
- Server logs information on action (import/export).