Add DTO validation

docker-compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   database:
     image: 'postgres:latest'

src/main/java/org/zzpj/tabi/controllers/AccountController.java

@@ -163,7 +163,7 @@ public ResponseEntity<?> getAccountById(@PathVariable("uuid") UUID uuid) {
                             examples = @ExampleObject("500 Internal Server Error"))}
             )
     })
-    public ResponseEntity<?> updateAccount(@RequestHeader(value = HttpHeaders.IF_MATCH, required = false) String ifMatch, @RequestBody AccountUpdateDTO accountUpdateDTO) {
+    public ResponseEntity<?> updateAccount(@RequestHeader(value = HttpHeaders.IF_MATCH, required = false) String ifMatch, @Valid @RequestBody AccountUpdateDTO accountUpdateDTO) {
         try {
             if (ifMatch == null) {
                 return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("If-match header is required");
@@ -280,7 +280,7 @@ public ResponseEntity<?> unblockAccount(@PathVariable("uuid") UUID uuid) {
                             examples = @ExampleObject("500 Internal Server Error"))}
             )
     })
-    public ResponseEntity<?> changePassword(@RequestBody ChangeSelfPasswordDTO dto) {
+    public ResponseEntity<?> changePassword(@Valid @RequestBody ChangeSelfPasswordDTO dto) {
         try {
             String login = SecurityContextHolder.getContext().getAuthentication().getName();
             accountService.changePassword(dto, login);
@@ -365,7 +365,7 @@ public ResponseEntity<?> getSelf() {
                             examples = @ExampleObject("500 Internal Server Error"))}
             )
     })
-    public ResponseEntity<?> updateSelf(@RequestHeader(value = HttpHeaders.IF_MATCH, required = false) String ifMatch, @RequestBody AccountUpdateDTO accountUpdateDTO) {
+    public ResponseEntity<?> updateSelf(@RequestHeader(value = HttpHeaders.IF_MATCH, required = false) String ifMatch, @Valid @RequestBody AccountUpdateDTO accountUpdateDTO) {
         try {
             if (ifMatch == null) {
                 return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("If-match header is required");

src/main/java/org/zzpj/tabi/controllers/AuthenticationController.java

@@ -5,6 +5,8 @@
 import io.swagger.v3.oas.annotations.media.ExampleObject;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import jakarta.validation.Valid;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.http.HttpStatus;
@@ -46,7 +48,7 @@ public class AuthenticationController {
                             examples = @ExampleObject("500 Internal Server Error"))}
             ),
     })
-    public ResponseEntity<?> register(@RequestBody RegisterAccountDTO clientData) {
+    public ResponseEntity<?> register(@Valid @RequestBody RegisterAccountDTO clientData) {
         try {
             accountService.registerClient(clientData);
             return ResponseEntity.status(HttpStatus.CREATED).body("Account created successfully");
@@ -88,7 +90,7 @@ public ResponseEntity<?> register(@RequestBody RegisterAccountDTO clientData) {
                             examples = @ExampleObject("500 Internal Server Error"))}
             )
     })
-    public ResponseEntity<?> login(@RequestBody LoginDTO credentials) {
+    public ResponseEntity<?> login(@Valid @RequestBody LoginDTO credentials) {
         try {
             String token = accountService.login(credentials);
             return new ResponseEntity<>(token, HttpStatus.OK);

src/main/java/org/zzpj/tabi/controllers/ReservationController.java

@@ -35,6 +35,7 @@
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import jakarta.validation.Valid;
 
 @RestController
 @RequestMapping("/api/reservtions")
@@ -135,7 +136,7 @@ public ResponseEntity<?> getOwnReservations() {
                             examples = @ExampleObject("500 Internal Server Error"))}
             )
     })
-    public ResponseEntity<?> createReservation(ReservationCreateDTO reservationCreateDTO) {
+    public ResponseEntity<?> createReservation(@Valid ReservationCreateDTO reservationCreateDTO) {
         String login = SecurityContextHolder.getContext().getAuthentication().getName();
         try {
             Account account = accountService.getAccountByLogin(login);

src/main/java/org/zzpj/tabi/controllers/TravelController.java

@@ -8,6 +8,8 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 
 import jakarta.persistence.OptimisticLockException;
+import jakarta.validation.Valid;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
@@ -68,7 +70,7 @@ public class TravelController {
                             examples = @ExampleObject("500 Internal Server Error"))}
             )
     })
-    public ResponseEntity<?> createTravel(@RequestBody TravelCreateDTO travelCreateDTO) {
+    public ResponseEntity<?> createTravel(@Valid @RequestBody TravelCreateDTO travelCreateDTO) {
         try{
             String login = SecurityContextHolder.getContext().getAuthentication().getName();
             Account account = accountService.getAccountByLogin(login);
@@ -210,7 +212,7 @@ public ResponseEntity<?> getTravelReviews(@PathVariable("uuid") UUID uuid) {
                             examples = @ExampleObject("500 Internal Server Error"))}
             )
     })
-    public ResponseEntity<?> addReview(@RequestBody ReviewUpdateDTO review) {
+    public ResponseEntity<?> addReview(@Valid @RequestBody ReviewUpdateDTO review) {
         try {
             String name = SecurityContextHolder.getContext().getAuthentication().getName();
             reviewService.addReview(review, name);
@@ -259,7 +261,7 @@ public ResponseEntity<?> addReview(@RequestBody ReviewUpdateDTO review) {
                             examples = @ExampleObject("500 Internal Server Error"))}
             )
     })
-    public ResponseEntity<?> editReview(@RequestBody ReviewUpdateDTO review) {
+    public ResponseEntity<?> editReview(@Valid @RequestBody ReviewUpdateDTO review) {
         try {
             String name = SecurityContextHolder.getContext().getAuthentication().getName();
             reviewService.editReview(review, name);

src/main/java/org/zzpj/tabi/dto/account/AccountUpdateDTO.java

@@ -1,6 +1,7 @@
 package org.zzpj.tabi.dto.account;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.Email;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
@@ -21,6 +22,7 @@ public class AccountUpdateDTO {
     private String lastName;
 
     @Schema(example = "[email protected]")
+    @Email
     private String email;
 
     @Schema(example = "0")

src/main/java/org/zzpj/tabi/dto/account/ChangeSelfPasswordDTO.java

@@ -1,6 +1,7 @@
 package org.zzpj.tabi.dto.account;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotEmpty;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
@@ -10,8 +11,10 @@
 public class ChangeSelfPasswordDTO {
 
     @Schema(example = "foo")
+    @NotEmpty
     private String oldPassword;
 
     @Schema(example = "oof")
+    @NotEmpty
     private String newPassword;
 }

src/main/java/org/zzpj/tabi/dto/account/LoginDTO.java

@@ -1,6 +1,7 @@
 package org.zzpj.tabi.dto.account;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotEmpty;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
@@ -10,8 +11,10 @@
 public class LoginDTO {
 
     @Schema(example = "foo")
+    @NotEmpty
     private String login;
 
     @Schema(example = "foo")
+    @NotEmpty
     private String password;
 }

src/main/java/org/zzpj/tabi/dto/account/RegisterAccountDTO.java

@@ -1,6 +1,8 @@
 package org.zzpj.tabi.dto.account;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotEmpty;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
@@ -10,17 +12,23 @@
 public class RegisterAccountDTO {
 
     @Schema(example = "qux")
+    @NotEmpty
     private String login;
 
     @Schema(example = "John")
+    @NotEmpty
     private String firstName;
 
     @Schema(example = "Doe")
+    @NotEmpty
     private String lastName;
 
-    @Schema(example = "[email protected]")
+    @Schema(example = "[email protected]")
+    @NotEmpty
+    @Email
     private String email;
 
     @Schema(example = "password")
+    @NotEmpty
     private String password;
 }

src/main/java/org/zzpj/tabi/dto/reservation/ReservationCreateDTO.java

@@ -3,6 +3,8 @@
 import java.util.UUID;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.Positive;
 import lombok.Data;
 
 @Data
@@ -12,5 +14,7 @@ public class ReservationCreateDTO {
     private UUID travelId;
 
     @Schema(example = "1")
+    @NotEmpty
+    @Positive
     private int guestCount;
 }

src/main/java/org/zzpj/tabi/dto/review/ReviewUpdateDTO.java

@@ -1,6 +1,9 @@
 package org.zzpj.tabi.dto.review;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.Max;
+import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.NotEmpty;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
@@ -12,11 +15,13 @@
 public class ReviewUpdateDTO {
 
     @Schema(example = "5")
+    @Min(0) @Max(10)
     private int rating;
 
     @Schema(example = "I've changed my mind.")
     private String comment;
 
     @Schema(example = "00000000-0000-0000-0001-000000000001")
+    @NotEmpty
     private UUID travelId;
 }

src/main/java/org/zzpj/tabi/dto/travel/TravelCreateDTO.java

@@ -1,6 +1,8 @@
 package org.zzpj.tabi.dto.travel;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.Positive;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
@@ -13,19 +15,23 @@
 public class TravelCreateDTO {
 
     @Schema(example = "China: Imperial cities and natural wonders")
+    @NotEmpty
     private String title;
 
     @Schema(
         example = "From the iconic Great Wall to Shanghai's soaring "
             + "skyscrapers, all the way up to the 'Roof of the World', China "
             + "guarantees an unforgettable experience"
     )
+    @NotEmpty
     private String description;
 
     @Schema(example = "China")
+    @NotEmpty
     private String place;
 
     @Schema(example = "4999.99")
+    @Positive
     private BigDecimal basePrice;
 
     @Schema(example = "2025-12-15")
@@ -35,8 +41,10 @@ public class TravelCreateDTO {
     private LocalDate endDate;
 
     @Schema(example = "100")
+    @Positive
     private int maxPlaces;
 
     @Schema(example = "10")
+    @Positive
     private int available;
 }

src/main/java/org/zzpj/tabi/dto/travel/TravelUpdateDTO.java

@@ -1,6 +1,8 @@
 package org.zzpj.tabi.dto.travel;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.Positive;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
@@ -24,5 +26,7 @@ public class TravelUpdateDTO {
     private String description;
 
     @Schema(example = "0")
+    @Positive
+    @NotEmpty
     private Long version;
 }

src/main/java/org/zzpj/tabi/entities/Travel.java

@@ -6,6 +6,7 @@
 
 import jakarta.persistence.*;
 import jakarta.validation.constraints.Positive;
+import jakarta.validation.constraints.PositiveOrZero;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Getter;
@@ -57,7 +58,7 @@ public class Travel {
     @Column(name = "max_places", nullable = false)
     private int maxPlaces;
 
-    @Positive
+    @PositiveOrZero
     @Column(name = "available_places", nullable = false)
     private int availablePlaces;
 

src/main/java/org/zzpj/tabi/security/jws/JwsService.java

@@ -1,6 +1,8 @@
 package org.zzpj.tabi.security.jws;
 
 import io.jsonwebtoken.Jwts;
+import jakarta.validation.Valid;
+
 import org.springframework.stereotype.Service;
 import org.zzpj.tabi.dto.account.AccountUpdateDTO;
 import org.zzpj.tabi.dto.travel.TravelUpdateDTO;
@@ -21,7 +23,7 @@ public String signAccount(Account account) {
                 .compact();
     }
 
-    public String signDataFromAccountUpdateDTO(AccountUpdateDTO accountUpdateDTO) {
+    public String signDataFromAccountUpdateDTO(@Valid AccountUpdateDTO accountUpdateDTO) {
         return Jwts.builder()
                 .claim("id", accountUpdateDTO.getId())
                 .claim("version", accountUpdateDTO.getVersion())
@@ -37,7 +39,7 @@ public String signDataFromTravelUpdateDTO(TravelUpdateDTO travelUpdateDTO) {
                 .compact();
     }
 
-    public boolean isIfMatchValid(String if_match, AccountUpdateDTO accountUpdateDTO) {
+    public boolean isIfMatchValid(String if_match, @Valid AccountUpdateDTO accountUpdateDTO) {
         return if_match.equals(this.signDataFromAccountUpdateDTO(accountUpdateDTO));
     }
 

src/main/java/org/zzpj/tabi/services/AccountService.java

@@ -4,6 +4,8 @@
 import java.util.UUID;
 
 import jakarta.persistence.OptimisticLockException;
+import jakarta.validation.Valid;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -48,7 +50,7 @@ public Account getAccountByLogin(String login) throws AccountNotFoundException {
         return accountRepository.findByLogin(login).orElseThrow(AccountNotFoundException::new);
     }
 
-    public void registerClient(RegisterAccountDTO dto) {
+    public void registerClient(@Valid RegisterAccountDTO dto) {
         Client client = Client.builder()
                 .login(dto.getLogin())
                 .firstName(dto.getFirstName())
@@ -61,7 +63,7 @@ public void registerClient(RegisterAccountDTO dto) {
         accountRepository.save(client);
     }
 
-    public String login(LoginDTO credentials) {
+    public String login(@Valid LoginDTO credentials) {
         String login = credentials.getLogin();
         String password = credentials.getPassword();
 
@@ -71,7 +73,7 @@ public String login(LoginDTO credentials) {
         return jwtService.generateToken(user.get());
     }
 
-    public void modifyAccount(AccountUpdateDTO accountUpdateDTO, UUID id) throws AccountNotFoundException {
+    public void modifyAccount(@Valid AccountUpdateDTO accountUpdateDTO, UUID id) throws AccountNotFoundException {
         Account account = accountRepository.findById(id).orElseThrow(AccountNotFoundException::new);
 
         if (!accountUpdateDTO.getVersion().equals(account.getVersion())) {
@@ -85,7 +87,7 @@ public void modifyAccount(AccountUpdateDTO accountUpdateDTO, UUID id) throws Acc
         accountRepository.save(account);
     }
 
-    public void changePassword(ChangeSelfPasswordDTO dto, String login) throws AccountNotFoundException, OldPasswordNotMatchException {
+    public void changePassword(@Valid ChangeSelfPasswordDTO dto, String login) throws AccountNotFoundException, OldPasswordNotMatchException {
         Account account = accountRepository.findByLogin(login).orElseThrow(AccountNotFoundException::new);
 
         if (!passwordEncoder.matches(dto.getOldPassword(), account.getPassword())) {