Forem: Miguel Barbosa The latest articles on Forem by Miguel Barbosa (@m1guelsb). https://forem.com/m1guelsb https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F896932%2Fab359dee-49bf-40d4-9edc-962f7b111b50.jpg Forem: Miguel Barbosa https://forem.com/m1guelsb en Authentication and authorization with Spring-Boot Miguel Barbosa Fri, 24 Nov 2023 20:41:12 +0000 https://forem.com/m1guelsb/authentication-and-authorization-with-spring-boot-4m2n https://forem.com/m1guelsb/authentication-and-authorization-with-spring-boot-4m2n <p>In the vast world of web development, authentication is the guardian of every digital realm. In this tutorial we'll see how to protect, authenticate and authorize the users of a Spring-Boot application in a native way and following the good practices of the framework.</p> <p>We'll be using the following technologies:</p> <ul> <li>Java 17</li> <li>Spring-boot 3.1.5</li> <li>jwt</li> <li>hibernate/jpa</li> <li>postgresql</li> <li>lombok</li> </ul> <blockquote> <p><a href="https://github.com/m1guelsb/spring-auth">Source code used in this tutorial</a></p> </blockquote> <h2> Summary </h2> <ul> <li>First steps</li> <li>User entity and repository</li> <li>Token provider</li> <li>Security filter</li> <li>Auth configuration</li> <li>Auth DTOs</li> <li>Auth service</li> <li>Auth controller</li> <li>Testing the authentication</li> </ul> <h2> First steps </h2> <p>To protect our application we'll need two dependencies in our <code>pom.xml</code>, the first is the native spring security package, the other one will help us to create and validate our jwt tokens.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code>//pom.xml <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-security<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>com.auth0<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>java-jwt<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>4.4.0<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <h2> User entity and repository </h2> <p>First we'll need a enum to represent the user roles, this will help us to define the permissions of each user in our application.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// enums/UserRole.java</span> <span class="kd">public</span> <span class="kd">enum</span> <span class="nc">UserRole</span> <span class="o">{</span> <span class="no">ADMIN</span><span class="o">(</span><span class="s">"admin"</span><span class="o">),</span> <span class="no">USER</span><span class="o">(</span><span class="s">"user"</span><span class="o">);</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">role</span><span class="o">;</span> <span class="nc">UserRole</span><span class="o">(</span><span class="nc">String</span> <span class="n">role</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">role</span> <span class="o">=</span> <span class="n">role</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getValue</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">role</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>In the enum we have two representative roles: <code>ADMIN</code> and <code>USER</code>, the <code>ADMIN</code> role will have access to all the endpoints of our application, while the <code>USER</code> role will only have access to specific endpoints.</p> <p>The user entity will be the core of our authentication system, it will hold the user's credentials and the roles that the user has. We'll be implementing the <code>UserDetails</code> interface to represent our user entity, this interface is provided by the spring security package and it's the recommended way to represent the user entity in a spring-boot application.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// entities/UserEntity.java</span> <span class="nd">@Table</span><span class="o">()</span> <span class="nd">@Entity</span><span class="o">(</span><span class="n">name</span> <span class="o">=</span> <span class="s">"users"</span><span class="o">)</span> <span class="nd">@Getter</span> <span class="nd">@NoArgsConstructor</span> <span class="nd">@AllArgsConstructor</span> <span class="nd">@EqualsAndHashCode</span><span class="o">(</span><span class="n">of</span> <span class="o">=</span> <span class="s">"id"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">User</span> <span class="kd">implements</span> <span class="nc">UserDetails</span> <span class="o">{</span> <span class="nd">@Id</span> <span class="nd">@GeneratedValue</span><span class="o">(</span><span class="n">strategy</span> <span class="o">=</span> <span class="nc">GenerationType</span><span class="o">.</span><span class="na">IDENTITY</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">Long</span> <span class="n">id</span><span class="o">;</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">login</span><span class="o">;</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">password</span><span class="o">;</span> <span class="nd">@Enumerated</span><span class="o">(</span><span class="nc">EnumType</span><span class="o">.</span><span class="na">STRING</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">UserRole</span> <span class="n">role</span><span class="o">;</span> <span class="kd">public</span> <span class="nf">User</span><span class="o">(</span><span class="nc">String</span> <span class="n">login</span><span class="o">,</span> <span class="nc">String</span> <span class="n">password</span><span class="o">,</span> <span class="nc">UserRole</span> <span class="n">role</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">login</span> <span class="o">=</span> <span class="n">login</span><span class="o">;</span> <span class="k">this</span><span class="o">.</span><span class="na">password</span> <span class="o">=</span> <span class="n">password</span><span class="o">;</span> <span class="k">this</span><span class="o">.</span><span class="na">role</span> <span class="o">=</span> <span class="n">role</span><span class="o">;</span> <span class="o">}</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">Collection</span><span class="o">&lt;?</span> <span class="kd">extends</span> <span class="nc">GrantedAuthority</span><span class="o">&gt;</span> <span class="nf">getAuthorities</span><span class="o">()</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="k">this</span><span class="o">.</span><span class="na">role</span> <span class="o">==</span> <span class="nc">UserRole</span><span class="o">.</span><span class="na">ADMIN</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">List</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="k">new</span> <span class="nc">SimpleGrantedAuthority</span><span class="o">(</span><span class="s">"ROLE_ADMIN"</span><span class="o">),</span> <span class="k">new</span> <span class="nc">SimpleGrantedAuthority</span><span class="o">(</span><span class="s">"ROLE_USER"</span><span class="o">));</span> <span class="o">}</span> <span class="k">return</span> <span class="nc">List</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="k">new</span> <span class="nc">SimpleGrantedAuthority</span><span class="o">(</span><span class="s">"ROLE_USER"</span><span class="o">));</span> <span class="o">}</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getUsername</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">login</span><span class="o">;</span> <span class="o">}</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">isAccountNonExpired</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="kc">true</span><span class="o">;</span> <span class="o">}</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">isAccountNonLocked</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="kc">true</span><span class="o">;</span> <span class="o">}</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">isCredentialsNonExpired</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="kc">true</span><span class="o">;</span> <span class="o">}</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">isEnabled</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="kc">true</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>It has a lot of methods that we can override to customize the authentication process, you can implement those properties in the database too but for now we'll only use the required to make our authentication system work: <code>id</code>, <code>username</code>, <code>password</code> and <code>role</code>.</p> <p>For the user repository we have the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// repositories/UserRepository.java</span> <span class="kd">public</span> <span class="kd">interface</span> <span class="nc">UserRepository</span> <span class="kd">extends</span> <span class="nc">JpaRepository</span><span class="o">&lt;</span><span class="nc">User</span><span class="o">,</span> <span class="nc">Long</span><span class="o">&gt;</span> <span class="o">{</span> <span class="nc">UserDetails</span> <span class="nf">findByLogin</span><span class="o">(</span><span class="nc">String</span> <span class="n">login</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <p>Extending the <code>JpaRepository</code> we'll have access to a lot of methods to manipulate our users in the database. In addition, the <code>findByLogin</code> method will be used by the spring security to find the user in the database and validate the credentials.</p> <h2> Token provider </h2> <p>We need to define a secret key to sign our tokens, this key will be used to validate and to generate the token signature. We'll be using the <code>@Value</code> annotation to get the secret key from the <code>application.yml</code> file. And in the <code>application.yml</code> file we'll define the secret key as an environment variable, this will help us to keep the secret key safe and out of the source code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>//.env JWT_SECRET="yoursecret" </code></pre> </div> <p>In our <code>application.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">// resources/application.yml</span> <span class="na">security</span><span class="pi">:</span> <span class="na">jwt</span><span class="pi">:</span> <span class="na">token</span><span class="pi">:</span> <span class="na">secret-key</span><span class="pi">:</span> <span class="s">${JWT_SECRET}</span> </code></pre> </div> <p>To the spring-boot application read the environment variables we need declare the <code>PropertySource</code> annotation in our main class indicating where is the <code>.env</code> file located. In our case it's located in the root of the project, so we'll use the <code>user.dir</code> variable to get the project root path. The main class will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@SpringBootApplication</span> <span class="nd">@PropertySource</span><span class="o">(</span><span class="s">"file:${user.dir}/.env"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SpringAuthApplication</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="nc">SpringApplication</span><span class="o">.</span><span class="na">run</span><span class="o">(</span><span class="nc">SpringAuthApplication</span><span class="o">.</span><span class="na">class</span><span class="o">,</span> <span class="n">args</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Finally we can define our token provider class, this class will be responsible to generate and validate our tokens.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// config/auth/TokenProvider.java</span> <span class="nd">@Service</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">TokenProvider</span> <span class="o">{</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${security.jwt.token.secret-key}"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="no">JWT_SECRET</span><span class="o">;</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">generateAccessToken</span><span class="o">(</span><span class="nc">User</span> <span class="n">user</span><span class="o">)</span> <span class="o">{</span> <span class="k">try</span> <span class="o">{</span> <span class="nc">Algorithm</span> <span class="n">algorithm</span> <span class="o">=</span> <span class="nc">Algorithm</span><span class="o">.</span><span class="na">HMAC256</span><span class="o">(</span><span class="no">JWT_SECRET</span><span class="o">);</span> <span class="k">return</span> <span class="no">JWT</span><span class="o">.</span><span class="na">create</span><span class="o">()</span> <span class="o">.</span><span class="na">withSubject</span><span class="o">(</span><span class="n">user</span><span class="o">.</span><span class="na">getUsername</span><span class="o">())</span> <span class="o">.</span><span class="na">withClaim</span><span class="o">(</span><span class="s">"username"</span><span class="o">,</span> <span class="n">user</span><span class="o">.</span><span class="na">getUsername</span><span class="o">())</span> <span class="o">.</span><span class="na">withExpiresAt</span><span class="o">(</span><span class="n">genAccessExpirationDate</span><span class="o">())</span> <span class="o">.</span><span class="na">sign</span><span class="o">(</span><span class="n">algorithm</span><span class="o">);</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">JWTCreationException</span> <span class="n">exception</span><span class="o">)</span> <span class="o">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">JWTCreationException</span><span class="o">(</span><span class="s">"Error while generating token"</span><span class="o">,</span> <span class="n">exception</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">validateToken</span><span class="o">(</span><span class="nc">String</span> <span class="n">token</span><span class="o">)</span> <span class="o">{</span> <span class="k">try</span> <span class="o">{</span> <span class="nc">Algorithm</span> <span class="n">algorithm</span> <span class="o">=</span> <span class="nc">Algorithm</span><span class="o">.</span><span class="na">HMAC256</span><span class="o">(</span><span class="no">JWT_SECRET</span><span class="o">);</span> <span class="k">return</span> <span class="no">JWT</span><span class="o">.</span><span class="na">require</span><span class="o">(</span><span class="n">algorithm</span><span class="o">)</span> <span class="o">.</span><span class="na">build</span><span class="o">()</span> <span class="o">.</span><span class="na">verify</span><span class="o">(</span><span class="n">token</span><span class="o">)</span> <span class="o">.</span><span class="na">getSubject</span><span class="o">();</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">JWTVerificationException</span> <span class="n">exception</span><span class="o">)</span> <span class="o">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">JWTVerificationException</span><span class="o">(</span><span class="s">"Error while validating token"</span><span class="o">,</span> <span class="n">exception</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">Instant</span> <span class="nf">genAccessExpirationDate</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">LocalDateTime</span><span class="o">.</span><span class="na">now</span><span class="o">().</span><span class="na">plusHours</span><span class="o">(</span><span class="mi">2</span><span class="o">).</span><span class="na">toInstant</span><span class="o">(</span><span class="nc">ZoneOffset</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="s">"-03:00"</span><span class="o">));</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>In the <code>generateAccessToken</code> we define an algorithm to sign our token, the subject of the token and the expiration date and return a new token. In the <code>validateToken</code> method we validate the token signature and return the subject of the token.</p> <h2> Security filter </h2> <p>Then we need to define a filter to intercept the requests and validate the token. We'll be extending the <code>OncePerRequestFilter</code> spring security class to intercept the requests and validate the token.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// config/auth/SecurityFilter.java</span> <span class="nd">@Component</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecurityFilter</span> <span class="kd">extends</span> <span class="nc">OncePerRequestFilter</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="nc">TokenProvider</span> <span class="n">tokenService</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="nc">UserRepository</span> <span class="n">userRepository</span><span class="o">;</span> <span class="nd">@Override</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">doFilterInternal</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">request</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">response</span><span class="o">,</span> <span class="nc">FilterChain</span> <span class="n">filterChain</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">ServletException</span><span class="o">,</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="kt">var</span> <span class="n">token</span> <span class="o">=</span> <span class="k">this</span><span class="o">.</span><span class="na">recoverToken</span><span class="o">(</span><span class="n">request</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">token</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="kt">var</span> <span class="n">login</span> <span class="o">=</span> <span class="n">tokenService</span><span class="o">.</span><span class="na">validateToken</span><span class="o">(</span><span class="n">token</span><span class="o">);</span> <span class="kt">var</span> <span class="n">user</span> <span class="o">=</span> <span class="n">userRepository</span><span class="o">.</span><span class="na">findByLogin</span><span class="o">(</span><span class="n">login</span><span class="o">);</span> <span class="kt">var</span> <span class="n">authentication</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">UsernamePasswordAuthenticationToken</span><span class="o">(</span><span class="n">user</span><span class="o">,</span> <span class="kc">null</span><span class="o">,</span> <span class="n">user</span><span class="o">.</span><span class="na">getAuthorities</span><span class="o">());</span> <span class="nc">SecurityContextHolder</span><span class="o">.</span><span class="na">getContext</span><span class="o">().</span><span class="na">setAuthentication</span><span class="o">(</span><span class="n">authentication</span><span class="o">);</span> <span class="o">}</span> <span class="n">filterChain</span><span class="o">.</span><span class="na">doFilter</span><span class="o">(</span><span class="n">request</span><span class="o">,</span> <span class="n">response</span><span class="o">);</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">String</span> <span class="nf">recoverToken</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">request</span><span class="o">)</span> <span class="o">{</span> <span class="kt">var</span> <span class="n">authHeader</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="na">getHeader</span><span class="o">(</span><span class="s">"Authorization"</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">authHeader</span> <span class="o">==</span> <span class="kc">null</span><span class="o">)</span> <span class="k">return</span> <span class="kc">null</span><span class="o">;</span> <span class="k">return</span> <span class="n">authHeader</span><span class="o">.</span><span class="na">replace</span><span class="o">(</span><span class="s">"Bearer "</span><span class="o">,</span> <span class="s">""</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>In the <code>doFilterInternal</code> method we recover the token from the request, remove the "Bearer" from the string using the <code>recoverToken</code> helper method, validate the token and set the authentication in the <code>SecurityContextHolder</code>. The <code>SecurityContextHolder</code> is a spring security class that holds the authentication of the current request, so we can access the user information in the controllers.</p> <h2> Auth configuration </h2> <p>Here we need to define some more necessary methods to make our authentication system work. At the top we have the <code>Configuration</code> and <code>@EnableWebSecurity</code> annotation to enable the web security in our application. Then we define the <code>SecurityFilterChain</code> bean to define the endpoints that will be protected by our authentication system.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// config/AuthConfig.java</span> <span class="nd">@Configuration</span> <span class="nd">@EnableWebSecurity</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthConfig</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="nc">SecurityFilter</span> <span class="n">securityFilter</span><span class="o">;</span> <span class="nd">@Bean</span> <span class="nc">SecurityFilterChain</span> <span class="nf">securityFilterChain</span><span class="o">(</span><span class="nc">HttpSecurity</span> <span class="n">httpSecurity</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="k">return</span> <span class="n">httpSecurity</span> <span class="o">.</span><span class="na">csrf</span><span class="o">(</span><span class="n">csrf</span> <span class="o">-&gt;</span> <span class="n">csrf</span><span class="o">.</span><span class="na">disable</span><span class="o">())</span> <span class="o">.</span><span class="na">sessionManagement</span><span class="o">(</span><span class="n">session</span> <span class="o">-&gt;</span> <span class="n">session</span><span class="o">.</span><span class="na">sessionCreationPolicy</span><span class="o">(</span><span class="nc">SessionCreationPolicy</span><span class="o">.</span><span class="na">STATELESS</span><span class="o">))</span> <span class="o">.</span><span class="na">authorizeHttpRequests</span><span class="o">(</span><span class="n">authorize</span> <span class="o">-&gt;</span> <span class="n">authorize</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="nc">HttpMethod</span><span class="o">.</span><span class="na">POST</span><span class="o">,</span> <span class="s">"/api/v1/auth/*"</span><span class="o">).</span><span class="na">permitAll</span><span class="o">()</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="nc">HttpMethod</span><span class="o">.</span><span class="na">POST</span><span class="o">,</span> <span class="s">"/api/v1/books"</span><span class="o">).</span><span class="na">hasRole</span><span class="o">(</span><span class="s">"ADMIN"</span><span class="o">)</span> <span class="o">.</span><span class="na">anyRequest</span><span class="o">().</span><span class="na">authenticated</span><span class="o">())</span> <span class="o">.</span><span class="na">addFilterBefore</span><span class="o">(</span><span class="n">securityFilter</span><span class="o">,</span> <span class="nc">UsernamePasswordAuthenticationFilter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span> <span class="o">.</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> <span class="nd">@Bean</span> <span class="nc">AuthenticationManager</span> <span class="nf">authenticationManager</span><span class="o">(</span><span class="nc">AuthenticationConfiguration</span> <span class="n">authenticationConfiguration</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="k">return</span> <span class="n">authenticationConfiguration</span><span class="o">.</span><span class="na">getAuthenticationManager</span><span class="o">();</span> <span class="o">}</span> <span class="nd">@Bean</span> <span class="nc">PasswordEncoder</span> <span class="nf">passwordEncoder</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">BCryptPasswordEncoder</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>In the <code>authorizeHttpRequests</code> method we define the endpoints that will be protected and the roles that will have access to each endpoint. In our case the <code>/api/v1/auth/*</code> endpoints will be public, the <code>/api/v1/books</code> endpoint will be protected and only the users with the <code>ADMIN</code> role will have access to it. The others endpoints will be protected and only the authenticated users will have access to it. </p> <p>In the <code>addFilterBefore</code> method we define the filter that we created before. And finally we define the <code>AuthenticationManager</code> and the <code>PasswordEncoder</code> beans that is necessary to make the authentication system work.</p> <h2> Auth DTOs </h2> <p>We'll need two DTOs to receive the user credentials, and another DTO to return the token when the user sign in.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// dtos/SignUpDto.java</span> <span class="kd">public</span> <span class="n">record</span> <span class="nf">SignUpDto</span><span class="o">(</span> <span class="nc">String</span> <span class="n">login</span><span class="o">,</span> <span class="nc">String</span> <span class="n">password</span><span class="o">,</span> <span class="nc">UserRole</span> <span class="n">role</span><span class="o">)</span> <span class="o">{</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// dtos/SignInDto.java</span> <span class="kd">public</span> <span class="n">record</span> <span class="nf">SignInDto</span><span class="o">(</span> <span class="nc">String</span> <span class="n">login</span><span class="o">,</span> <span class="nc">String</span> <span class="n">password</span><span class="o">)</span> <span class="o">{</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// dtos/JwtDto.java</span> <span class="kd">public</span> <span class="n">record</span> <span class="nf">JwtDto</span><span class="o">(</span> <span class="nc">String</span> <span class="n">accessToken</span><span class="o">)</span> <span class="o">{</span> <span class="o">}</span> </code></pre> </div> <h2> Auth service </h2> <p>Here we define the service implementing <code>UserDetailsService</code> that will be responsible to create the users and save them in the database or load the user information by the username.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// services/AuthService.java</span> <span class="nd">@Service</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthService</span> <span class="kd">implements</span> <span class="nc">UserDetailsService</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="nc">UserRepository</span> <span class="n">repository</span><span class="o">;</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">UserDetails</span> <span class="nf">loadUserByUsername</span><span class="o">(</span><span class="nc">String</span> <span class="n">username</span><span class="o">)</span> <span class="o">{</span> <span class="kt">var</span> <span class="n">user</span> <span class="o">=</span> <span class="n">repository</span><span class="o">.</span><span class="na">findByLogin</span><span class="o">(</span><span class="n">username</span><span class="o">);</span> <span class="k">return</span> <span class="n">user</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">UserDetails</span> <span class="nf">signUp</span><span class="o">(</span><span class="nc">SignUpDto</span> <span class="n">data</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">InvalidJwtException</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">repository</span><span class="o">.</span><span class="na">findByLogin</span><span class="o">(</span><span class="n">data</span><span class="o">.</span><span class="na">login</span><span class="o">())</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">InvalidJwtException</span><span class="o">(</span><span class="s">"Username already exists"</span><span class="o">);</span> <span class="o">}</span> <span class="nc">String</span> <span class="n">encryptedPassword</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">BCryptPasswordEncoder</span><span class="o">().</span><span class="na">encode</span><span class="o">(</span><span class="n">data</span><span class="o">.</span><span class="na">password</span><span class="o">());</span> <span class="nc">User</span> <span class="n">newUser</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">User</span><span class="o">(</span><span class="n">data</span><span class="o">.</span><span class="na">login</span><span class="o">(),</span> <span class="n">encryptedPassword</span><span class="o">,</span> <span class="n">data</span><span class="o">.</span><span class="na">role</span><span class="o">());</span> <span class="k">return</span> <span class="n">repository</span><span class="o">.</span><span class="na">save</span><span class="o">(</span><span class="n">newUser</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>In the <code>signUp</code> method we check if the username is already registered then encrypt the password using the <code>BCryptPasswordEncoder</code> and save the user information.</p> <h2> Auth controller </h2> <p>And finally we define the auth controller. It will be responsible to receive the request, authenticate the users and generate the tokens.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// controllers/AuthController.java</span> <span class="nd">@RestController</span> <span class="nd">@RequestMapping</span><span class="o">(</span><span class="s">"/api/v1/auth"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthController</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">AuthenticationManager</span> <span class="n">authenticationManager</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">AuthService</span> <span class="n">service</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">TokenProvider</span> <span class="n">tokenService</span><span class="o">;</span> <span class="nd">@PostMapping</span><span class="o">(</span><span class="s">"/signup"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;?&gt;</span> <span class="n">signUp</span><span class="o">(</span><span class="nd">@RequestBody</span> <span class="nd">@Valid</span> <span class="nc">SignUpDto</span> <span class="n">data</span><span class="o">)</span> <span class="o">{</span> <span class="n">service</span><span class="o">.</span><span class="na">signUp</span><span class="o">(</span><span class="n">data</span><span class="o">);</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">CREATED</span><span class="o">).</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> <span class="nd">@PostMapping</span><span class="o">(</span><span class="s">"/signin"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">JwtDto</span><span class="o">&gt;</span> <span class="nf">signIn</span><span class="o">(</span><span class="nd">@RequestBody</span> <span class="nd">@Valid</span> <span class="nc">SignInDto</span> <span class="n">data</span><span class="o">)</span> <span class="o">{</span> <span class="kt">var</span> <span class="n">usernamePassword</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">UsernamePasswordAuthenticationToken</span><span class="o">(</span><span class="n">data</span><span class="o">.</span><span class="na">login</span><span class="o">(),</span> <span class="n">data</span><span class="o">.</span><span class="na">password</span><span class="o">());</span> <span class="kt">var</span> <span class="n">authUser</span> <span class="o">=</span> <span class="n">authenticationManager</span><span class="o">.</span><span class="na">authenticate</span><span class="o">(</span><span class="n">usernamePassword</span><span class="o">);</span> <span class="kt">var</span> <span class="n">accessToken</span> <span class="o">=</span> <span class="n">tokenService</span><span class="o">.</span><span class="na">generateAccessToken</span><span class="o">((</span><span class="nc">User</span><span class="o">)</span> <span class="n">authUser</span><span class="o">.</span><span class="na">getPrincipal</span><span class="o">());</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">ok</span><span class="o">(</span><span class="k">new</span> <span class="nc">JwtDto</span><span class="o">(</span><span class="n">accessToken</span><span class="o">));</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>In the <code>signUp</code> method we receive the user data, create a new user and save it in the database. In the <code>signIn</code> method we receive the user credentials, authenticate the user using the <code>AuthenticationManager</code>, and generate the token.</p> <h2> Testing the authentication </h2> <p>To create a new user we send a <code>POST</code> request to the <code>/api/v1/auth/signup</code> endpoint with a body containing the login, password and one of the roles available (USER or ADMIN):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"login"</span><span class="p">:</span><span class="w"> </span><span class="s2">"myusername"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"123456"</span><span class="p">,</span><span class="w"> </span><span class="nl">"role"</span><span class="p">:</span><span class="w"> </span><span class="s2">"USER"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>To retrieve an authentication token we send a <code>POST</code> request with this user login and password to the <code>/api/v1/auth/signin</code> endpoint.</p> <p>To test our authentication system we'll create a simple book controller with two endpoints, one to create a new book and another one to list all the books.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@RestController</span> <span class="nd">@RequestMapping</span><span class="o">(</span><span class="s">"/api/v1/books"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">BookController</span> <span class="o">{</span> <span class="nd">@GetMapping</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;&gt;</span> <span class="nf">findAll</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">ok</span><span class="o">(</span><span class="nc">List</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="s">"Book1"</span><span class="o">,</span> <span class="s">"Book2"</span><span class="o">,</span> <span class="s">"Book3"</span><span class="o">));</span> <span class="o">}</span> <span class="nd">@PostMapping</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="nf">create</span><span class="o">(</span><span class="nd">@RequestBody</span> <span class="nc">String</span> <span class="n">data</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">ok</span><span class="o">(</span><span class="n">data</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>In the <code>/api/v1/books</code> endpoint the <code>GET</code> method will be available for the users with <code>USER</code> role, and the <code>POST</code> method will be protected and only the users with the <code>ADMIN</code> role will be able to create a book.</p> <p>Phew! That was a lot of information and coding, but I hope you enjoyed it and learned something new! If you have any questions or suggestions, feel free to send me a message on <a href="https://x.com/m1guelsb">Twitter/X</a>.</p> <p>Thanks for reading!</p> java springboot tutorial springsecurity Como tratar erros http no Spring Boot Miguel Barbosa Mon, 30 Oct 2023 21:20:59 +0000 https://forem.com/m1guelsb/como-tratar-erros-http-no-spring-boot-41de https://forem.com/m1guelsb/como-tratar-erros-http-no-spring-boot-41de <p>Tratamento de erros, independente da linguagem, é sempre uma questão complicada. Mas quando se trata de Spring, existe um padrão recomendado e nativo para lidar com exceções sem muita dor de cabeça.</p> <blockquote> <p>Este tutorial utiliza <strong>Java 17</strong> e <strong>Spring boot 3.1.5</strong>.<br> <a href="https://github.com/m1guelsb/spring-exceptions">Código completo usado como exemplo</a>.</p> </blockquote> <h2> Sumário </h2> <ul> <li> A situação </li> <li> O problema </li> <li>Filtro global de exceções</li> <li>Receptando e tratando erros de validação</li> <li>Tratando outros tipos de erro</li> </ul> <h2> A situação </h2> <p>Temos uma aplicação onde estamos usando a biblioteca de validação padrão do Spring:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-validation<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <p>E validamos os campos do <a href="https://www.baeldung.com/java-dto-pattern">DTO</a> da entidade <code>Person</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Data</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">PersonDto</span> <span class="o">{</span> <span class="nd">@NotBlank</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"name: Is required"</span><span class="o">)</span> <span class="nd">@Length</span><span class="o">(</span><span class="n">min</span> <span class="o">=</span> <span class="mi">3</span><span class="o">,</span> <span class="n">max</span> <span class="o">=</span> <span class="mi">100</span><span class="o">,</span> <span class="n">message</span> <span class="o">=</span> <span class="s">"title: Must be of 3 - 100 characters"</span><span class="o">)</span> <span class="nc">String</span> <span class="n">name</span><span class="o">;</span> <span class="nd">@NotBlank</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"email: Is required"</span><span class="o">)</span> <span class="nd">@Email</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"email: Invalid format"</span><span class="o">)</span> <span class="nc">String</span> <span class="n">email</span><span class="o">;</span> <span class="nd">@NotNull</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"age: Is required"</span><span class="o">)</span> <span class="nd">@Min</span><span class="o">(</span><span class="n">value</span> <span class="o">=</span> <span class="mi">1</span><span class="o">,</span> <span class="n">message</span> <span class="o">=</span> <span class="s">"age: Must be greater than 0"</span><span class="o">)</span> <span class="nd">@Max</span><span class="o">(</span><span class="n">value</span> <span class="o">=</span> <span class="mi">100</span><span class="o">,</span> <span class="n">message</span> <span class="o">=</span> <span class="s">"age: Must be less than 100"</span><span class="o">)</span> <span class="nc">Integer</span> <span class="n">age</span><span class="o">;</span> <span class="o">}</span> </code></pre> </div> <p>Após definir nosso DTO, devemos utiliza-lo para representar o body do nosso controller e sempre nos atentarmos na utilização da annotation <code>@Valid</code> para considerar as checagens definidas acima:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@PostMapping</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">Person</span><span class="o">&gt;</span> <span class="nf">create</span><span class="o">(</span><span class="nd">@RequestBody</span> <span class="nd">@Valid</span> <span class="nd">@NotNull</span> <span class="nc">PersonDto</span> <span class="n">dto</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">CREATED</span><span class="o">).</span><span class="na">body</span><span class="o">(</span><span class="n">personService</span><span class="o">.</span><span class="na">create</span><span class="o">(</span><span class="n">dto</span><span class="o">));</span> <span class="o">}</span> </code></pre> </div> <h2> O problema </h2> <p>Quando enviamos uma requisição para criação de um person com valores inválidos, recebemos algo parecido com isso:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"timestamp"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2023-10-27T00:03:21.577+00:00"</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="mi">400</span><span class="p">,</span><span class="w"> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Bad Request"</span><span class="p">,</span><span class="w"> </span><span class="nl">"trace"</span><span class="p">:</span><span class="w"> </span><span class="s2">"org.springframework.web.bind.MethodArgumentNotValidException: Validation failed for argument [0] in public org.springframework.http.ResponseEntity&lt;com.m1guelsb.springexceptions.entities.Person&gt; com.m1guelsb.springexceptions.controllers.PersonController.create(com.m1guelsb.springexceptions.dtos.PersonDto) with 3 errors: [Field error in object 'personDto' on field 'email': rejected value [example]; codes [Email.personDto.email,Email.email,Email.java.lang.String,Email]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [...]"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>A única informação legível é que o erro foi um <code>400 Bad request</code>, além disso temos <code>trace</code> e <code>message</code> com valores nem um pouco descritivos. Não sabemos quais foram os campos incorretos, nem quais valores devem ser enviados.</p> <p>Esse tipo de resposta, além de confundir os usuários de nossa API, também expõem as tecnologias que nosso back-end está usando. Podemos considerar isso como uma brecha de segurança já que toda tecnologia contém falhas.</p> <blockquote> <p>É importante destacar a parte <code>MethodArgumentNotValidException</code> que indica qual o tipo de erro que estamos recebendo. Precisaremos desta informação adiante.</p> </blockquote> <h2> Filtro global de exceções </h2> <p>O Spring nos provê um jeito nativo para tratar exceções de modo global, o <strong>Controller Advice</strong>. Podemos usá-lo através da annotation <code>@RestControllerAdvice</code>.</p> <p>Para isso é ideal criarmos uma classe onde centralizaremos nossos métodos de tratamento de erro e dentro dela teremos um método que irá nos ajudar a <strong>padronizar</strong> as nossas respostas de erro:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@RestControllerAdvice</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">GlobalExceptionHandler</span> <span class="o">{</span> <span class="kd">private</span> <span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;&gt;</span> <span class="nf">errorsMap</span><span class="o">(</span><span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">errors</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;&gt;</span> <span class="n">errorResponse</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HashMap</span><span class="o">&lt;&gt;();</span> <span class="n">errorResponse</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="s">"errors"</span><span class="o">,</span> <span class="n">errors</span><span class="o">);</span> <span class="k">return</span> <span class="n">errorResponse</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>O método <code>errorsMap</code> vai receber uma lista de <code>String</code> e retornar um <code>Map</code> que terá uma única chave contendo os valores da lista <code>errors</code>. A representação em JSON seria a seguinte:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"errors"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="err">//lista</span><span class="w"> </span><span class="err">de</span><span class="w"> </span><span class="err">erros</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Receptando e tratando erros de validação </h2> <p>Agora finalmente escrevemos o método que irá de fato interceptar os erros e retornar os valores do jeito que queremos:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@RestControllerAdvice</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">GlobalExceptionHandler</span> <span class="o">{</span> <span class="nd">@ExceptionHandler</span><span class="o">(</span><span class="nc">MethodArgumentNotValidException</span><span class="o">.</span><span class="na">class</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;&gt;&gt;</span> <span class="nf">handleValidationErrors</span><span class="o">(</span><span class="nc">MethodArgumentNotValidException</span> <span class="n">ex</span><span class="o">)</span> <span class="o">{</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">errors</span> <span class="o">=</span> <span class="n">ex</span><span class="o">.</span><span class="na">getBindingResult</span><span class="o">()</span> <span class="o">.</span><span class="na">getFieldErrors</span><span class="o">()</span> <span class="o">.</span><span class="na">stream</span><span class="o">()</span> <span class="o">.</span><span class="na">map</span><span class="o">(</span><span class="n">error</span> <span class="o">-&gt;</span> <span class="n">error</span><span class="o">.</span><span class="na">getDefaultMessage</span><span class="o">())</span> <span class="o">.</span><span class="na">toList</span><span class="o">();</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">BAD_REQUEST</span><span class="o">).</span><span class="na">body</span><span class="o">(</span><span class="n">errorsMap</span><span class="o">(</span><span class="n">errors</span><span class="o">));</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;&gt;</span> <span class="nf">errorsMap</span><span class="o">(</span><span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">errors</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;&gt;</span> <span class="n">errorResponse</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HashMap</span><span class="o">&lt;&gt;();</span> <span class="n">errorResponse</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="s">"errors"</span><span class="o">,</span> <span class="n">errors</span><span class="o">);</span> <span class="k">return</span> <span class="n">errorResponse</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Usando a annotation <code>@ExceptionHandler()</code>, interceptamos as exceções do tipo <code>MethodArgumentNotValidException</code> que é exatamente o mesmo que vimos no <code>trace</code> da resposta anteriormente.</p> <h3> Entendendo o método <code>handleValidationErrors(MethodArgumentNotValidException ex)</code>: </h3> <ul> <li>Recebemos <code>ex</code> como parâmetro do tipo do nosso erro, iteramos em <code>getFieldErrors()</code> e em seguida, coletamos as mensagens de erro usando <code>getDefaultMessage()</code> para retornar uma lista com elas: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">errors</span> <span class="o">=</span> <span class="n">ex</span><span class="o">.</span><span class="na">getBindingResult</span><span class="o">()</span> <span class="o">.</span><span class="na">getFieldErrors</span><span class="o">()</span> <span class="o">.</span><span class="na">stream</span><span class="o">()</span> <span class="o">.</span><span class="na">map</span><span class="o">(</span><span class="n">error</span> <span class="o">-&gt;</span> <span class="n">error</span><span class="o">.</span><span class="na">getDefaultMessage</span><span class="o">())</span> <span class="o">.</span><span class="na">toList</span><span class="o">();</span> </code></pre> </div> <ul> <li>Então passamos nossa lista de erros para o <code>errorsMap</code> retornando dentro do <code>body</code> do <code>ResponseEntity</code> com o status de <code>BAD_REQUEST</code>: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">BAD_REQUEST</span><span class="o">).</span><span class="na">body</span><span class="o">(</span><span class="n">errorsMap</span><span class="o">(</span><span class="n">errors</span><span class="o">));</span> </code></pre> </div> <p>Com isso, quando nosso client enviar dados <strong>incorretos</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mi"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Invalid email"</span><span class="p">,</span><span class="w"> </span><span class="nl">"age"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Terá a linda e cheirosa <strong>resposta</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"errors"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"title: Must be of 3 - 100 characters"</span><span class="p">,</span><span class="w"> </span><span class="s2">"age: Must be greater than 0"</span><span class="p">,</span><span class="w"> </span><span class="s2">"email: Invalid format"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <blockquote> <p>Meus caros leitores, isso aqui é o <strong>sonho</strong> de todo dev front-end! 🥰</p> </blockquote> <h2> Tratando outros tipos de erro </h2> <p>Seguindo o mesmo modelo, podemos criar outros métodos que lidarão com outros tipos de erro.</p> <p>Outro erro muito comum de acontecer é o famoso <code>404 NOT_FOUND</code>, para trata-lo podemos criar um método estendendo <code>RuntimeException</code> que irá nos ajudar a enviar uma mensagem personalizada para cada caso de NOT_FOUND que tivermos:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">NotFoundException</span> <span class="kd">extends</span> <span class="nc">RuntimeException</span> <span class="o">{</span> <span class="kd">public</span> <span class="nf">NotFoundException</span><span class="o">(</span><span class="nc">String</span> <span class="n">ex</span><span class="o">)</span> <span class="o">{</span> <span class="kd">super</span><span class="o">(</span><span class="n">ex</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>E então, no nosso <code>GlobalExceptionHandler</code> adicionamos o seguinte método:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@ExceptionHandler</span><span class="o">(</span><span class="nc">NotFoundException</span><span class="o">.</span><span class="na">class</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;&gt;&gt;</span> <span class="nf">handleNotFoundException</span><span class="o">(</span><span class="nc">NotFoundException</span> <span class="n">ex</span><span class="o">)</span> <span class="o">{</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">errors</span> <span class="o">=</span> <span class="nc">List</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="n">ex</span><span class="o">.</span><span class="na">getMessage</span><span class="o">());</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">NOT_FOUND</span><span class="o">).</span><span class="na">body</span><span class="o">(</span><span class="n">errorsMap</span><span class="o">(</span><span class="n">errors</span><span class="o">));</span> <span class="o">}</span> </code></pre> </div> <p>As únicas diferenças para o método anterior são:</p> <ul> <li>Trocamos o parâmetro classe do <code>ExceptionHandler</code> para agora lidar com a nossa classe <code>NotFoundException</code> </li> <li>Agora coletamos a mensagem de erro criando uma lista contendo o seu valor: <code>List.of(ex.getMessage())</code>.</li> </ul> <p>Não podemos esquecer de instanciar e retornar nossa classe sempre que um erro <code>404</code> pode ser disparado, como por exemplo o método <code>findById</code> do nosso <code>PersonService</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="nc">Person</span> <span class="nf">findById</span><span class="o">(</span><span class="nc">Long</span> <span class="n">id</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">NotFoundException</span> <span class="o">{</span> <span class="k">return</span> <span class="n">personRepository</span><span class="o">.</span><span class="na">findById</span><span class="o">(</span><span class="n">id</span><span class="o">)</span> <span class="o">.</span><span class="na">orElseThrow</span><span class="o">(()</span> <span class="o">-&gt;</span> <span class="k">new</span> <span class="nc">NotFoundException</span><span class="o">(</span><span class="s">"Person with id "</span> <span class="o">+</span> <span class="n">id</span> <span class="o">+</span> <span class="s">" not found"</span><span class="o">));</span> <span class="o">}</span> </code></pre> </div> <p>Dessa forma, quando nosso client tentar acessar um Person que não existe, ele receberá a mensagem que inserimos ao instanciar a classe:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"errors"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"Person with id 999 not found"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>E por último mas não menos importante, filtramos também os erros gerais dos tipos <code>Exception</code> e <code>RuntimeException</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@ExceptionHandler</span><span class="o">(</span><span class="nc">Exception</span><span class="o">.</span><span class="na">class</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">final</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;&gt;&gt;</span> <span class="nf">handleGeneralExceptions</span><span class="o">(</span><span class="nc">Exception</span> <span class="n">ex</span><span class="o">)</span> <span class="o">{</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">errors</span> <span class="o">=</span> <span class="nc">List</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="n">ex</span><span class="o">.</span><span class="na">getMessage</span><span class="o">());</span> <span class="k">return</span> <span class="nc">ResponseEntity</span> <span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">INTERNAL_SERVER_ERROR</span><span class="o">)</span> <span class="o">.</span><span class="na">body</span><span class="o">(</span><span class="n">errorsMap</span><span class="o">(</span><span class="n">errors</span><span class="o">));</span> <span class="o">}</span> <span class="nd">@ExceptionHandler</span><span class="o">(</span><span class="nc">RuntimeException</span><span class="o">.</span><span class="na">class</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">final</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;&gt;&gt;</span> <span class="nf">handleRuntimeExceptions</span><span class="o">(</span><span class="nc">RuntimeException</span> <span class="n">ex</span><span class="o">)</span> <span class="o">{</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">errors</span> <span class="o">=</span> <span class="nc">List</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="n">ex</span><span class="o">.</span><span class="na">getMessage</span><span class="o">());</span> <span class="k">return</span> <span class="nc">ResponseEntity</span> <span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">INTERNAL_SERVER_ERROR</span><span class="o">)</span> <span class="o">.</span><span class="na">body</span><span class="o">(</span><span class="n">errorsMap</span><span class="o">(</span><span class="n">errors</span><span class="o">));</span> <span class="o">}</span> </code></pre> </div> <blockquote> <p>Seguindo este padrão, podemos tratar qualquer tipo de erro e retornar sempre o mesmo padrão de mensagens. 🥳🎉</p> </blockquote> <p>Por hoje é isso! Acha que faltou alguma informação importante ou descobriu algum bug? Sinta-se livre para me mandar uma mensagem no <a href="https://x.com/m1guelsb">Twitter/X</a>.</p> <p>Obrigado pela leitura! 💝</p> beginners java springboot tutorial Erros comuns de iniciantes em ReactJS Miguel Barbosa Wed, 18 Oct 2023 20:03:18 +0000 https://forem.com/m1guelsb/erros-comuns-de-iniciantes-em-reactjs-1fla https://forem.com/m1guelsb/erros-comuns-de-iniciantes-em-reactjs-1fla <p>Ao longo de nosso tempo de estudo, percebemos que o React possui uma série de detalhes que nos pegam desprevenidos e ocasionam comportamentos inesperados ou erros não tão detalhados que acabam nos confundindo.</p> <blockquote> <p>Dedico este artigo aos iniciantes em React que, assim como o meu eu do passado, perdeu um tempinho tentando resolver tais problemas. 😅</p> </blockquote> <h2> Sumário </h2> <ul> <li> A propriedade style no JSX </li> <li> Acessar um valor que ainda não existe </li> <li>Esquecer a propriedade key quando exibindo uma lista</li> <li>Verificando se uma lista está vazia</li> </ul> <h2> A propriedade style no JSX </h2> <p>JSX foi construído para ser bem similar ao clássico HTML. Mas há algumas diferenças que, mesmo bem documentadas, acabamos esquecendo. Dentre essas, há o uso de <code>className</code> no lugar de <code>class</code> e a forma com que atribuímos o valor da propriedade <code>style</code>.</p> <p>No <strong>HTML</strong> atribuímos os valores em uma string e escrevemos parecido com o <strong>CSS</strong> padrão:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;button</span> <span class="na">style=</span><span class="s">"height: 3rem; background-color: blue;"</span><span class="nt">&gt;</span> A really cool button <span class="nt">&lt;/button&gt;</span> </code></pre> </div> <p>Já dentro do JSX, precisamos atribuir em formato de objeto javascript e usando <strong>camelCase</strong> para propriedades que contém nomes compostos.</p> <blockquote> <p>Mas há uma pegadinha! 🧐</p> </blockquote> <p>Em outras propriedades do JSX, geralmente atribuímos o valor entre <strong>um</strong> par de chaves:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">input</span> <span class="na">placeholder</span><span class="p">=</span><span class="si">{</span><span class="dl">"</span><span class="s2">My beautiful input</span><span class="dl">"</span><span class="si">}</span> <span class="p">/&gt;</span> <span class="p">)</span> </code></pre> </div> <p>Porém, quando se trata da propriedade <code>style</code> precisamos inserir mais um par de chaves para que consigamos atribuir os valores de nossos estilos:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">button</span> <span class="na">style</span><span class="p">=</span><span class="si">{</span><span class="p">{</span> <span class="na">height</span><span class="p">:</span> <span class="dl">"</span><span class="s2">3rem</span><span class="dl">"</span><span class="p">,</span> <span class="na">backgroundColor</span><span class="p">:</span> <span class="dl">"</span><span class="s2">blue</span><span class="dl">"</span> <span class="p">}</span><span class="si">}</span><span class="p">&gt;</span> A really cool button <span class="p">&lt;/</span><span class="nt">button</span><span class="p">&gt;</span> <span class="p">)</span> </code></pre> </div> <p>Isso acontece porque o primeiro par de chaves serve para criar um <strong>expression slot</strong>, onde podemos atribuir qualquer expressão javascript como por exemplo um condicional ternário. O segundo par de chaves é um <strong>objeto javascript</strong> contendo os nossos estilos.</p> <h2> Acessar um valor que ainda não existe </h2> <p>Digamos que você possui um estado que guardará dados que serão providos por uma api, então tentará exibir valores da seguinte forma:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="k">import</span> <span class="nx">React</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">PokemonsList</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">pokemons</span><span class="p">,</span> <span class="nx">setPokemons</span><span class="p">]</span> <span class="o">=</span> <span class="nx">React</span><span class="p">.</span><span class="nf">useState</span><span class="p">();</span> <span class="nx">React</span><span class="p">.</span><span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://pokeapi.co/api/v2/pokemon</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setPokemons</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">results</span><span class="p">));</span> <span class="p">},</span> <span class="p">[])</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">pokemons</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">pokemon</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nt">h2</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">pokemon</span><span class="p">.</span><span class="nx">name</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">h2</span><span class="p">&gt;</span> <span class="p">))</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>E então, vemos o seguinte erro ao tentar iterar <code>pokemons.map()</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go"> Cannot read properties of undefined (reading 'map') </span></code></pre> </div> <p>A requisição acontece de forma assíncrona, então em primeiro momento, a variável <code>pokemons</code> irá conter o valor que atribuímos ao iniciar o estado (que nesse caso deixamos vazio), ou seja: <code>undefined</code>.</p> <p>Temos duas formas de resolver isso:</p> <ul> <li>Iniciando o estado como um array vazio: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code><span class="gd">- const [pokemons, setPokemons] = React.useState(); </span><span class="gi">+ const [pokemons, setPokemons] = React.useState([]); </span></code></pre> </div> <ul> <li>Usando o <strong>optional chaining</strong>: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code><span class="gd">- {pokemons.map((pokemon) =&gt; ( </span><span class="gi">+ {pokemons?.map((pokemon) =&gt; ( </span></code></pre> </div> <p>Inserir <code>?.</code> antes de acessar um método ou uma propriedade de um objeto que ainda não existe, faz com que o javascript retorne <code>undefined</code> em vez de um erro.</p> <blockquote> <p>Lembre-se de usar o <strong>optional chaining</strong> sempre que uma propriedade de um objeto pode ser <code>null</code> ou <code>undefined</code>! ☝🤓</p> </blockquote> <h2> Esquecer a propriedade key quando exibindo uma lista </h2> <p>Muitas vezes ao renderizar uma lista de itens usando <code>.map</code>, acabamos esquecendo um detalhe essencial para o React: a propriedade <code>key</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go"> Warning: Each child in a list should have a unique "key" prop. </span></code></pre> </div> <p>Quando renderizamos uma lista, precisamos dar um pouco mais de contexto para que o React consiga identificar cada item. E o valor da propriedade <code>key</code> deve ser <strong>único</strong>.<br> É comum vemos em alguns lugares o <code>index</code> da iteração sendo usado:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">pokemons</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">pokemon</span><span class="p">,</span> <span class="nx">index</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="c1">//usando index</span> <span class="p">&lt;</span><span class="nt">h2</span> <span class="na">key</span><span class="p">=</span><span class="si">{</span><span class="nx">index</span><span class="si">}</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">pokemon</span><span class="p">.</span><span class="nx">name</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">h2</span><span class="p">&gt;</span> <span class="p">))</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> </code></pre> </div> <blockquote> <p>⚠️ Mas em alguns casos, isso é uma má ideia. ⚠️</p> </blockquote> <p>O valor índex não está ligado a cada item específico da lista, mas sim a suas posições.</p> <p>Em uma situação onde a ordem da lista mudará, o React perde a referência de cada um dos itens resultando em problemas de performance, renderização e até acessibilidade.</p> <p>Para evitar tais problemas devemos atribuir um valor realmente único de cada item. Em nosso caso, onde estamos usando dados de uma api externa, é esperado que todo item tenha um <code>id</code> único:<br> <br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">pokemons</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">pokemon</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="c1">//usando id</span> <span class="p">&lt;</span><span class="nt">h2</span> <span class="na">key</span><span class="p">=</span><span class="si">{</span><span class="nx">pokemon</span><span class="p">.</span><span class="nx">id</span><span class="si">}</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">pokemon</span><span class="p">.</span><span class="nx">name</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">h2</span><span class="p">&gt;</span> <span class="p">))</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> </code></pre> </div> <p>Mas em casos onde tal valor não existe, podemos criar o nosso próprio <code>id</code> único da seguinte maneira:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">pokemonsWithoutIds</span> <span class="o">=</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">/pokemons/without-ids</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">return</span> <span class="nx">data</span><span class="p">.</span><span class="nx">results</span><span class="p">);</span> <span class="c1">//criando uma nova lista</span> <span class="kd">const</span> <span class="nx">pokemonsWithIds</span> <span class="o">=</span> <span class="nx">pokemonsWithoutIds</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">item</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span><span class="nx">item</span><span class="p">,</span> <span class="c1">//atribuindo um id único para cada item</span> <span class="na">id</span><span class="p">:</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">(),</span> <span class="p">};</span> <span class="p">});</span> </code></pre> </div> <p>O método <code>crypto.randomUUID</code> é totalmente seguro de usar, já que possui <a href="https://caniuse.com/mdn-api_crypto_randomuuid">suporte em todos navegadores atuais.</a></p> <p>Este método retornará um valor parecido com <code>0bf9b4a4-6bb4-11ee-b962-0242ac120002</code>, que é um <a href="https://en.wikipedia.org/wiki/Universally_unique_identifier">universally unique identifier.</a></p> <h2> Verificando se uma lista está vazia </h2> <p>Digamos que nosso objetivo é mostrar condicionalmente uma lista somente quando ela não estiver vazia. É comum pensarmos da seguinte forma:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="p">[</span><span class="nx">pokemons</span><span class="p">,</span> <span class="nx">setPokemons</span><span class="p">]</span> <span class="o">=</span> <span class="nx">React</span><span class="p">.</span><span class="nf">useState</span><span class="p">([]);</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">pokemons</span><span class="p">.</span><span class="nx">length</span> <span class="o">&amp;&amp;</span> <span class="p">&lt;</span><span class="nc">PokemonList</span> <span class="na">pokemonsData</span><span class="p">=</span><span class="si">{</span><span class="nx">pokemons</span><span class="si">}</span> <span class="p">/&gt;</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> </code></pre> </div> <p>Em nosso HTML veremos um simples <strong>0</strong>. Isso ocorre porque diferente de outros valores <a href="https://developer.mozilla.org/en-US/docs/Glossary/Falsy">falsy</a> (<code>""</code>, <code>false</code>, <code>null</code>), o número <strong>0</strong> é válido dentro do JSX. Afinal, em algumas ocasiões queremos de fato exibi-lo.</p> <p>Para termos o comportamento esperado podemos fazer uma verificação realmente válida checando se <code>length</code> é maior que 0: <code>pokemons.length &gt; 0 &amp;&amp;</code>.<br> Ou usar um verificador ternário:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">pokemons</span><span class="p">.</span><span class="nx">length</span> <span class="p">?</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nc">PokemonList</span> <span class="na">pokemonsData</span><span class="p">=</span><span class="si">{</span><span class="nx">pokemons</span><span class="si">}</span> <span class="p">/&gt;</span> <span class="p">)</span> <span class="p">:</span> <span class="kc">null</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> </code></pre> </div> <p>Por hoje é só! 🫡 <br> Acha que faltou algo que não citei?<br> Ficou com alguma dúvida?<br> Deixa nos comentários ou me manda uma mensagem no <a href="https://x.com/m1guelsb">Twitter/X</a>.</p> <p>Obrigado pela leitura! &lt;3</p> react beginners braziliandevs