From b512d9aa4abb228f85f6ce50538bb463ebf90442 Mon Sep 17 00:00:00 2001
From: dashevchenko <dshevchenko@thingsboard.io>
Date: Tue, 8 Oct 2024 18:46:15 +0300
Subject: [PATCH] fixed MobileV2Controller with authorization checks

---
 .../server/controller/MobileV2Controller.java | 28 ++++++++++++++++---
 .../server/dao/mobile/MobileAppService.java   |  2 ++
 .../common/data/mobile/LoginMobileInfo.java   |  2 +-
 .../server/dao/mobile/MobileAppDao.java       |  2 ++
 .../dao/mobile/MobileAppServiceImpl.java      |  9 ++++--
 .../dao/sql/mobile/JpaMobileAppBundleDao.java |  2 +-
 .../dao/sql/mobile/JpaMobileAppDao.java       |  5 ++++
 .../sql/mobile/MobileAppBundleRepository.java |  3 +-
 .../dao/sql/mobile/MobileAppRepository.java   |  3 ++
 9 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/controller/MobileV2Controller.java b/application/src/main/java/org/thingsboard/server/controller/MobileV2Controller.java
index abe3526bca..764c18bfd7 100644
--- a/application/src/main/java/org/thingsboard/server/controller/MobileV2Controller.java
+++ b/application/src/main/java/org/thingsboard/server/controller/MobileV2Controller.java
@@ -18,46 +18,66 @@ package org.thingsboard.server.controller;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.server.common.data.HomeDashboardInfo;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.common.data.mobile.MobileAppBundle;
 import org.thingsboard.server.common.data.mobile.LoginMobileInfo;
+import org.thingsboard.server.common.data.mobile.MobileApp;
+import org.thingsboard.server.common.data.mobile.MobileAppBundle;
+import org.thingsboard.server.common.data.mobile.MobileAppVersionInfo;
 import org.thingsboard.server.common.data.mobile.UserMobileInfo;
 import org.thingsboard.server.common.data.oauth2.OAuth2ClientLoginInfo;
 import org.thingsboard.server.common.data.oauth2.PlatformType;
+import org.thingsboard.server.config.annotations.ApiOperation;
 import org.thingsboard.server.queue.util.TbCoreComponent;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 import java.util.List;
 
+import static org.thingsboard.server.controller.ControllerConstants.AVAILABLE_FOR_ANY_AUTHORIZED_USER;
+
 @RequiredArgsConstructor
 @RestController
 @TbCoreComponent
 public class MobileV2Controller extends BaseController {
 
+    @ApiOperation(value = "Get mobile app login info (getLoginMobileInfo)")
     @GetMapping(value = "/api/noauth/mobile")
     public LoginMobileInfo getLoginMobileInfo(@Parameter(description = "Mobile application package name")
                                               @RequestParam String pkgName,
                                               @Parameter(description = "Platform type", schema = @Schema(allowableValues = {"ANDROID", "IOS"}))
                                               @RequestParam PlatformType platform) {
         List<OAuth2ClientLoginInfo> oauth2Clients = oAuth2ClientService.findOAuth2ClientLoginInfosByMobilePkgNameAndPlatformType(pkgName, platform);
-        return new LoginMobileInfo(oauth2Clients);
+        MobileApp mobileApp = mobileAppService.findMobileAppByPkgNameAndPlatformType(pkgName, platform);
+        return new LoginMobileInfo(oauth2Clients, mobileApp != null ? mobileApp.getVersionInfo() : null);
     }
 
-    @GetMapping(value = "/api/auth/mobile")
+    @ApiOperation(value = "Get user mobile app basic info (getUserMobileInfo)", notes = AVAILABLE_FOR_ANY_AUTHORIZED_USER)
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN','TENANT_ADMIN', 'CUSTOMER_USER')")
+    @GetMapping(value = "/api/mobile")
     public UserMobileInfo getUserMobileInfo(@Parameter(description = "Mobile application package name")
                                             @RequestParam String pkgName,
                                             @Parameter(description = "Platform type", schema = @Schema(allowableValues = {"ANDROID", "IOS"}))
                                             @RequestParam PlatformType platform) throws ThingsboardException {
         SecurityUser securityUser = getCurrentUser();
         User user = userService.findUserById(securityUser.getTenantId(), securityUser.getId());
-        HomeDashboardInfo homeDashboardInfo = getHomeDashboardInfo(securityUser, user.getAdditionalInfo());
+        HomeDashboardInfo homeDashboardInfo = securityUser.isSystemAdmin() ? null : getHomeDashboardInfo(securityUser, user.getAdditionalInfo());
         MobileAppBundle mobileAppBundle = mobileAppBundleService.findMobileAppBundleByPkgNameAndPlatform(securityUser.getTenantId(), pkgName, platform);
         return new UserMobileInfo(user, homeDashboardInfo, mobileAppBundle != null ? mobileAppBundle.getLayoutConfig() : null);
     }
 
+    @ApiOperation(value = "Get mobile app version info (getMobileVersionInfo)")
+    @GetMapping(value = "/api/mobile/versionInfo")
+    public MobileAppVersionInfo getMobileVersionInfo(@Parameter(description = "Mobile application package name")
+                                                     @RequestParam String pkgName,
+                                                     @Parameter(description = "Platform type", schema = @Schema(allowableValues = {"ANDROID", "IOS"}))
+                                                     @RequestParam PlatformType platform) {
+        MobileApp mobileApp = mobileAppService.findMobileAppByPkgNameAndPlatformType(pkgName, platform);
+        return mobileApp != null ? mobileApp.getVersionInfo() : null;
+    }
+
 }
diff --git a/common/dao-api/src/main/java/org/thingsboard/server/dao/mobile/MobileAppService.java b/common/dao-api/src/main/java/org/thingsboard/server/dao/mobile/MobileAppService.java
index 01ebe81d30..63ca222cde 100644
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/mobile/MobileAppService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/mobile/MobileAppService.java
@@ -34,6 +34,8 @@ public interface MobileAppService extends EntityDaoService {
 
     MobileApp findByBundleIdAndPlatformType(TenantId tenantId, MobileAppBundleId mobileAppBundleId, PlatformType platformType);
 
+    MobileApp findMobileAppByPkgNameAndPlatformType(String pkgName, PlatformType platform);
+
     void deleteMobileAppById(TenantId tenantId, MobileAppId mobileAppId);
 
     void deleteMobileAppsByTenantId(TenantId tenantId);
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/mobile/LoginMobileInfo.java b/common/data/src/main/java/org/thingsboard/server/common/data/mobile/LoginMobileInfo.java
index f146291123..0556e2169d 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/mobile/LoginMobileInfo.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/mobile/LoginMobileInfo.java
@@ -19,5 +19,5 @@ import org.thingsboard.server.common.data.oauth2.OAuth2ClientLoginInfo;
 
 import java.util.List;
 
-public record LoginMobileInfo(List<OAuth2ClientLoginInfo> oAuth2ClientLoginInfos) {
+public record LoginMobileInfo(List<OAuth2ClientLoginInfo> oAuth2ClientLoginInfos, MobileAppVersionInfo versionInfo) {
 }
diff --git a/dao/src/main/java/org/thingsboard/server/dao/mobile/MobileAppDao.java b/dao/src/main/java/org/thingsboard/server/dao/mobile/MobileAppDao.java
index 091e61327c..683cb88efd 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/mobile/MobileAppDao.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/mobile/MobileAppDao.java
@@ -30,4 +30,6 @@ public interface MobileAppDao extends Dao<MobileApp> {
     PageData<MobileApp> findByTenantId(TenantId tenantId, PageLink pageLink);
 
     void deleteByTenantId(TenantId tenantId);
+
+    MobileApp findByPkgNameAndPlatformType(TenantId tenantId, String pkgName, PlatformType platform);
 }
diff --git a/dao/src/main/java/org/thingsboard/server/dao/mobile/MobileAppServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/mobile/MobileAppServiceImpl.java
index a471b30589..6ff1130221 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/mobile/MobileAppServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/mobile/MobileAppServiceImpl.java
@@ -19,15 +19,12 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.HasId;
 import org.thingsboard.server.common.data.id.MobileAppBundleId;
 import org.thingsboard.server.common.data.id.MobileAppId;
 import org.thingsboard.server.common.data.id.TenantId;
-import org.thingsboard.server.common.data.mobile.AndroidQrCodeConfig;
-import org.thingsboard.server.common.data.mobile.IosQrCodeConfig;
 import org.thingsboard.server.common.data.mobile.MobileApp;
 import org.thingsboard.server.common.data.oauth2.PlatformType;
 import org.thingsboard.server.common.data.page.PageData;
@@ -102,6 +99,12 @@ public class MobileAppServiceImpl extends AbstractEntityService implements Mobil
         return mobileAppDao.findByBundleIdAndPlatformType(tenantId, mobileAppBundleId, platformType);
     }
 
+    @Override
+    public MobileApp findMobileAppByPkgNameAndPlatformType(String pkgName, PlatformType platform) {
+        log.trace("Executing findMobileAppByPkgNameAndPlatformType, pkgName [{}], platform [{}]", pkgName, platform);
+        return mobileAppDao.findByPkgNameAndPlatformType(TenantId.SYS_TENANT_ID, pkgName, platform);
+    }
+
     @Override
     public void deleteByTenantId(TenantId tenantId) {
         deleteMobileAppsByTenantId(tenantId);
diff --git a/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/JpaMobileAppBundleDao.java b/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/JpaMobileAppBundleDao.java
index 0d9bc0dbf5..b2b9d913f3 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/JpaMobileAppBundleDao.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/JpaMobileAppBundleDao.java
@@ -84,7 +84,7 @@ public class JpaMobileAppBundleDao extends JpaAbstractDao<MobileAppBundleEntity,
 
     @Override
     public MobileAppBundle findByPkgNameAndPlatform(TenantId tenantId, String pkgName, PlatformType platform) {
-        return DaoUtil.getData(mobileAppBundleRepository.findByPkgNameAndPlatformType(pkgName, platform.name()));
+        return DaoUtil.getData(mobileAppBundleRepository.findByPkgNameAndPlatformType(pkgName, platform));
     }
 
     @Override
diff --git a/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/JpaMobileAppDao.java b/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/JpaMobileAppDao.java
index 1c8dbe4aba..daa7bc56ad 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/JpaMobileAppDao.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/JpaMobileAppDao.java
@@ -69,6 +69,11 @@ public class JpaMobileAppDao extends JpaAbstractDao<MobileAppEntity, MobileApp>
         mobileAppRepository.deleteByTenantId(tenantId.getId());
     }
 
+    @Override
+    public MobileApp findByPkgNameAndPlatformType(TenantId tenantId, String pkgName, PlatformType platform) {
+        return DaoUtil.getData(mobileAppRepository.findByPkgNameAndPlatformType(pkgName, platform));
+    }
+
     @Override
     public EntityType getEntityType() {
         return EntityType.MOBILE_APP;
diff --git a/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/MobileAppBundleRepository.java b/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/MobileAppBundleRepository.java
index 846062ec4d..7cc60ddd00 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/MobileAppBundleRepository.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/MobileAppBundleRepository.java
@@ -22,6 +22,7 @@ import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
 import org.springframework.transaction.annotation.Transactional;
+import org.thingsboard.server.common.data.oauth2.PlatformType;
 import org.thingsboard.server.dao.model.sql.MobileAppBundleEntity;
 import org.thingsboard.server.dao.model.sql.MobileAppBundleInfoEntity;
 
@@ -51,7 +52,7 @@ public interface MobileAppBundleRepository extends JpaRepository<MobileAppBundle
             "LEFT JOIN MobileAppEntity a on b.androidAppId = a.id or b.iosAppID = a.id " +
             "WHERE a.pkgName = :pkgName AND a.platformType = :platformType")
     MobileAppBundleEntity findByPkgNameAndPlatformType(@Param("pkgName") String pkgName,
-                                                       @Param("platformType") String platformType);
+                                                       @Param("platformType") PlatformType platformType);
 
     @Query("SELECT b FROM MobileAppBundleEntity b WHERE b.tenantId = :tenantId AND " +
             "(:searchText is NULL OR ilike(b.title, concat('%', :searchText, '%')) = true)")
diff --git a/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/MobileAppRepository.java b/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/MobileAppRepository.java
index 56aa8dfc9f..c463596069 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/MobileAppRepository.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/sql/mobile/MobileAppRepository.java
@@ -22,6 +22,7 @@ import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
 import org.springframework.transaction.annotation.Transactional;
+import org.thingsboard.server.common.data.oauth2.PlatformType;
 import org.thingsboard.server.dao.model.sql.MobileAppEntity;
 
 import java.util.UUID;
@@ -34,6 +35,8 @@ public interface MobileAppRepository extends JpaRepository<MobileAppEntity, UUID
                                          @Param("searchText") String searchText,
                                          Pageable pageable);
 
+    MobileAppEntity findByPkgNameAndPlatformType(@Param("pkgName") String pkgName, @Param("platformType") PlatformType platformType);
+
     @Transactional
     @Modifying
     @Query("DELETE FROM MobileAppEntity r WHERE r.tenantId = :tenantId")