Jdbc fredrik m

[fredrikmohlen]

Summary by CodeRabbit

• New Features

  • Interactive, menu-driven database app with user authentication
  • Browse moon mission catalog, view mission by ID, and analyze missions by year
  • Account management: create accounts, update passwords, and delete accounts

• Documentation

  • Added a visual badge to the README

• Chores

  • Added a no-op runtime logging binding to the project dependencies

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Added an interactive JDBC-driven CLI run() that reads DB config from env/properties, authenticates users, and provides a menu for missions and account management; added slf4j-nop dependency and a README badge.

Changes

Cohort / File(s)	Summary
Documentation Updates README.md	Added a Markdown badge link at the top of the file (presentation-only change).
Dependency Management pom.xml	Added org.slf4j:slf4j-nop:2.0.17 dependency (no-op SLF4J binding).
Core Application Logic src/main/java/com/example/Main.java	Added public run() and multiple private helpers; resolves APP_JDBC_URL, APP_DB_USER, APP_DB_PASS from env/properties, opens JDBC Connection and Scanner, authenticates user, and implements a menu loop with actions: list missions, get mission by id, count missions by year, create account, update password, delete account, plus exit. Includes SQL interactions and input handling.

Sequence Diagram

sequenceDiagram
    participant User as User (Console)
    participant Main as Main.run()
    participant DB as Database
    participant Input as Scanner

    User->>Main: Start application
    Main->>Main: Resolve DB config (env/properties)
    Main->>DB: Open JDBC connection
    Main->>Input: Open console scanner

    rect rgb(200,220,255)
        Note over Main,DB: Authentication
        Main->>Input: Prompt username/password
        Input->>Main: Return credentials
        Main->>DB: Query account table (authenticate)
        DB->>Main: Auth result
    end

    rect rgb(220,240,220)
        Note over Main,DB: Interactive menu loop
        loop until Exit
            Main->>Input: Display menu / read choice
            Input->>Main: Choice
            alt List Missions
                Main->>DB: Query missions
            else Get Mission by ID
                Main->>Input: Prompt ID
                Input->>Main: ID
                Main->>DB: Query mission by ID
            else Count by Year
                Main->>Input: Prompt year
                Input->>Main: Year
                Main->>DB: Count missions
            else Create Account
                Main->>Input: Prompt account details
                Input->>Main: Details
                Main->>DB: Insert account
            else Update Password
                Main->>Input: Prompt new password
                Input->>Main: New password
                Main->>DB: Update account
            else Delete Account
                Main->>Input: Prompt account id
                Input->>Main: id
                Main->>DB: Delete account
            end
            DB->>Main: Operation result
            Main->>User: Display result
        end
    end

    Main->>DB: Close connection
    Main->>Input: Close scanner

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Review DB interaction methods for SQL injection and correct use of PreparedStatement
• Verify resource cleanup (Connection, ResultSet, Statement, Scanner) across success/error paths
• Check input validation and EOF handling for Scanner-driven flows
• Inspect authentication and password handling (storage/validation)
• Confirm logging usage and that slf4j-nop is the intended binding

Poem

🐰 I hopped from stub to JDBC,
Menus and missions call to me,
I nibble queries, guard the gate,
A badge above, a logger's plate,
Nose twitch — the rabbit says: run free!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 10.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'Jdbc fredrik m' is vague and does not clearly convey what the pull request accomplishes. It uses a non-descriptive format with a first name fragment that provides no meaningful information about the changes.	Use a clear, descriptive title that summarizes the main change, such as 'Add interactive JDBC-based database operations with user authentication' or 'Implement user authentication and database operations menu'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (5)

pom.xml (1)

54-58: Consider adding <scope>runtime</scope> for consistency.

The slf4j-nop dependency is a no-op logging binding typically only needed at runtime to suppress SLF4J warning messages. Adding <scope>runtime</scope> would align with the intent and match the pattern used by mysql-connector-j above.

         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-nop</artifactId>
             <version>2.0.17</version>
+            <scope>runtime</scope>
         </dependency>

src/main/java/com/example/Main.java (4)

133-133: Stale TODO comment.

This TODO comment appears to be leftover from a template. Since the run() method is now fully implemented, consider removing it to avoid confusion.

-        //Todo: Starting point for your code

---

169-189: Consider validating user_id input.

If user_id is a numeric column, using setString relies on implicit type conversion. Consider parsing to int/long and using setInt/setLong for type safety, similar to the approach in moonMissionsById.

---

216-219: Inconsistent error handling pattern.

This method prints to System.err before throwing RuntimeException, while other methods (e.g., deleteAccount, createAnAccount) throw directly. Consider removing the System.err.println for consistency.

         } catch (SQLException e) {
-            System.err.println("ERROR: Failed to update password.");
             throw new RuntimeException("Database operation failed. " + e.getMessage());
         }

---

281-297: Redundant input validation logic.

The method checks hasNextInt() on line 283, but then reads as nextLine() and re-parses as Long with a try-catch on lines 291-297. The hasNextInt() check is effectively bypassed by reading the whole line. Consider simplifying:

     private void moonMissionsById(Connection connection, Scanner scanner) {
         System.out.println("Enter moon mission id: ");
-        if (!scanner.hasNextInt()) {
+        if (!scanner.hasNextLine()) {
             return;
         }
         String missionId = scanner.nextLine().trim();
+        
+        long id;
+        try {
+            id = Long.parseLong(missionId);
+        } catch (NumberFormatException e) {
+            System.out.println("Invalid moon mission id. Please enter a number");
+            return;
+        }

         String sql = "select spacecraft, mission_id, mission_type, launch_date from moon_mission where mission_id = ?";
         try (PreparedStatement stmt = connection.prepareStatement(sql)) {
-            long id;
-            try {
-                id = Long.parseLong(missionId);
-                stmt.setLong(1, id);
-            } catch (NumberFormatException e) {
-                System.out.println("Invalid moon mission id. Please enter a number");
-                return;
-            }
+            stmt.setLong(1, id);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e629e94 and afbba8b.

📒 Files selected for processing (3)

• README.md (1 hunks)
• pom.xml (1 hunks)
• src/main/java/com/example/Main.java (2 hunks)

🔇 Additional comments (4)

README.md (1)

1-1: LGTM!

Standard GitHub Classroom badge for assignment deadline tracking.

src/main/java/com/example/Main.java (3)

44-57: LGTM!

Good use of try-with-resources for both Connection and Scanner, ensuring proper resource cleanup. The configuration validation with a clear error message is also appropriate.

---

137-166: Good use of parameterized queries for SQL injection prevention.

The authentication logic correctly uses PreparedStatement with parameter binding. Minor nit: consider translating the Swedish comments ("Hantera EOF i testmiljön") to English for consistency.

---

253-279: LGTM!

Good input validation with hasNextInt() and proper cleanup of the newline character. The SQL query and prepared statement usage are correct.

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/main/java/com/example/Main.java (1)

10-15: JVM entrypoint likely broken: main must be public static void main(String[] args)

-    static void main(String[] args) {
+    public static void main(String[] args) {
         if (isDevMode(args)) {
             DevDatabaseInitializer.start();
         }
         new Main().run();
     }

♻️ Duplicate comments (1)

src/main/java/com/example/Main.java (1)

245-278: Account creation: fix wrong validation message + add missing EOF guards (and avoid crashing the CLI)

• Line 254 throws “First name…” when validating last name.
• Lines 256–258 read without hasNextLine() (EOF can throw), and IllegalArgumentException will currently crash the interactive flow (better to print + return).

-        if (lastName.length() < 3) { throw new IllegalArgumentException("First name must be at least 3 characters long."); }
+        if (lastName.length() < 3) {
+            System.out.println("Last name must be at least 3 characters long.");
+            return;
+        }
         System.out.print("Enter ssn: ");
+        if (!scanner.hasNextLine()) { return; }
         String ssn = scanner.nextLine().trim();
         System.out.print("Enter password: ");
+        if (!scanner.hasNextLine()) { return; }
         String password = scanner.nextLine().trim();

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between afbba8b and 0608d2d.

📒 Files selected for processing (1)

• src/main/java/com/example/Main.java (2 hunks)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Plaintext password authentication + weak exception context

• Comparing password = ? suggests plaintext storage/comparison; please hash + salt passwords (and compare hashes), even for a CLI.
• Also, Line 162 throws new RuntimeException(ex) with no context—hard to debug.

-        } catch (SQLException ex) {
-            throw new RuntimeException(ex);
+        } catch (SQLException ex) {
+            throw new RuntimeException("Error authenticating user.", ex);
         }

🤖 Prompt for AI Agents

In src/main/java/com/example/Main.java around lines 135 to 164, the method
currently selects by plaintext password and throws a RuntimeException with no
context; change the query to fetch the stored password hash by username only
(e.g., "select name, password_hash from account where name = ?"), remove
password from the WHERE clause, then compute/verify the provided password
against the stored salted hash using a secure algorithm/library (bcrypt or
Argon2) and return the username only on successful verification; also replace
the bare throw new RuntimeException(ex) with a more informative exception or log
message that includes context (e.g., "Failed to authenticate user: " + username)
while preserving the original exception as the cause.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

moonMissionsById: improve error messaging + keep SQL exception context

• Line 210 message says “Please enter a number” when the ID was a number but wasn’t found.
• Line 215 drops context.

-                } else {
-                    System.out.println("Mission id " + missionId + " not found. Please enter a number");
+                } else {
+                    System.out.println("Mission id " + missionId + " not found.");
                 }
...
-        } catch (SQLException e) {
-            throw new RuntimeException(e);
+        } catch (SQLException e) {
+            throw new RuntimeException("Error fetching moon mission by id=" + id, e);
         }

🤖 Prompt for AI Agents

In src/main/java/com/example/Main.java around lines 185-218, update the
user-facing "not found" message and preserve SQL exception context: change the
"Mission id ... not found. Please enter a number" line to a clear not-found
message (e.g., "Mission id X not found.") without the misleading "Please enter a
number" text, and replace the catch(SQLException e) throw with a
RuntimeException that includes context about the query (for example: throw new
RuntimeException("Failed to query moon mission with id " + id, e)) so the
original SQLException is preserved as the cause.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

updateAccountPassword: validate user_id, trim inputs, and preserve SQL cause

-        String userId = scanner.nextLine();
+        String userId = scanner.nextLine().trim();
+        try {
+            Long.parseLong(userId);
+        } catch (NumberFormatException e) {
+            System.out.println("Invalid user_id. Please enter a number.");
+            return;
+        }
...
-        String newPassword = scanner.nextLine();
+        String newPassword = scanner.nextLine().trim();
...
-        } catch (SQLException e) {
-            System.err.println("ERROR: Failed to update password.");
-            throw new RuntimeException("Database operation failed. " + e.getMessage());
+        } catch (SQLException e) {
+            System.err.println("ERROR: Failed to update password.");
+            throw new RuntimeException("Database operation failed. " + e.getMessage(), e);
         }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	private void updateAccountPassword(Connection connection, Scanner scanner) {
	System.out.println("Enter user_id: ");
	if (!scanner.hasNextLine()) {
	return;
	}
	String userId = scanner.nextLine();
	System.out.println("Enter new password: ");
	if (!scanner.hasNextLine()) {
	return;
	}
	String newPassword = scanner.nextLine();
	String sql = " update account set password = ? where user_id = ? ";
	try (PreparedStatement stmt = connection.prepareStatement(sql)) {
	stmt.setString(1, newPassword);
	stmt.setString(2, userId);
	int affectedRows = stmt.executeUpdate();
	if (affectedRows > 0) {
	System.out.println("Account updated successfully.");
	} else {
	System.out.println("Failed to update account.");
	}
	} catch (SQLException e) {
	System.err.println("ERROR: Failed to update password.");
	throw new RuntimeException("Database operation failed. " + e.getMessage());
	}
	}
	private void updateAccountPassword(Connection connection, Scanner scanner) {
	System.out.println("Enter user_id: ");
	if (!scanner.hasNextLine()) {
	return;
	}
	String userId = scanner.nextLine().trim();
	try {
	Long.parseLong(userId);
	} catch (NumberFormatException e) {
	System.out.println("Invalid user_id. Please enter a number.");
	return;
	}
	System.out.println("Enter new password: ");
	if (!scanner.hasNextLine()) {
	return;
	}
	String newPassword = scanner.nextLine().trim();
	String sql = " update account set password = ? where user_id = ? ";
	try (PreparedStatement stmt = connection.prepareStatement(sql)) {
	stmt.setString(1, newPassword);
	stmt.setString(2, userId);
	int affectedRows = stmt.executeUpdate();
	if (affectedRows > 0) {
	System.out.println("Account updated successfully.");
	} else {
	System.out.println("Failed to update account.");
	}
	} catch (SQLException e) {
	System.err.println("ERROR: Failed to update password.");
	throw new RuntimeException("Database operation failed. " + e.getMessage(), e);
	}
	}

🤖 Prompt for AI Agents

In src/main/java/com/example/Main.java around lines 280 to 309, the
updateAccountPassword method must trim inputs, validate user_id and new
password, and preserve the original SQLException as the cause when rethrowing;
trim userId and newPassword after reading them, check that userId is not blank
and meets the expected format (adjust pattern to your app — e.g. non-empty or
numeric/UUID) and that newPassword is not blank (return early with a clear
message if validation fails), then proceed to prepare and execute the statement
as before, and in the catch block rethrow a RuntimeException that includes the
SQLException as the cause (new RuntimeException("Database operation failed", e))
rather than just concatenating the message.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (5)

src/main/java/com/example/Main.java (5)

291-328: Good userId validation, but trim the password input and preserve exception cause.

The userId validation (lines 296-303) properly addresses the previous review comment. However, line 309 should trim the password input for consistency, and line 326 should include the SQLException cause.

Apply this diff:

         System.out.println("Enter new password: ");
         if (!scanner.hasNextLine()) {
             return;
         }
-        String newPassword = scanner.nextLine();
+        String newPassword = scanner.nextLine().trim();
 
         String sql = " update account set password = ? where user_id = ? ";
         try (PreparedStatement stmt = connection.prepareStatement(sql)) {
             stmt.setString(1, newPassword);
             stmt.setLong(2, userId);
 
             int affectedRows = stmt.executeUpdate();
 
             if (affectedRows > 0) {
                 System.out.println("Account updated successfully.");
             } else {
                 System.out.println("Failed to update account.");
             }
 
         } catch (SQLException e) {
             System.err.println("ERROR: Failed to update password.");
-            throw new RuntimeException("Database operation failed. " + e.getMessage());
+            throw new RuntimeException("Database operation failed. " + e.getMessage(), e);
         }

---

135-164: Plaintext password authentication remains unresolved.

The authentication method still compares passwords in plaintext (line 148). This is a significant security risk even for a CLI application. Additionally, line 162 throws a RuntimeException without any descriptive context, making debugging difficult.

Please implement password hashing (bcrypt or Argon2) and improve exception context:

-        String sql = " select name from account where name = ? and password = ? ";
+        String sql = " select name, password from account where name = ? ";
 
         try (PreparedStatement stmt = connection.prepareStatement(sql)) {
             stmt.setString(1, username);
-            stmt.setString(2, password);
 
             try (ResultSet rs = stmt.executeQuery()) {
                 if (rs.next()) {
-                    return rs.getString("name");
+                    String storedHash = rs.getString("password");
+                    // Verify password against stored hash using BCrypt or similar
+                    if (verifyPassword(password, storedHash)) {
+                        return rs.getString("name");
+                    }
+                    return null;
                 } else {
                     return null;
                 }
             }
         } catch (SQLException ex) {
-            throw new RuntimeException(ex);
+            throw new RuntimeException("Failed to authenticate user: " + username, ex);
         }

Note: Based on learnings or past feedback, if plaintext is acceptable for this educational/demo context, at minimum fix the exception message.

---

185-217: Misleading error message and missing exception context.

Line 210 says "Please enter a number" even though the input was successfully parsed as a number—it just wasn't found in the database. Line 215 throws a generic RuntimeException without context.

Apply this diff:

                 } else {
-                    System.out.println("Mission id " + missionId + " not found. Please enter a number");
+                    System.out.println("Mission id " + missionId + " not found.");
                 }
             }
 
         } catch (SQLException e) {
-            throw new RuntimeException(e);
+            throw new RuntimeException("Error fetching moon mission by id=" + id, e);
         }

---

252-289: Good length validation, but passwords stored in plaintext and exception cause missing.

The length validation (lines 257-263) properly addresses the previous StringIndexOutOfBoundsException risk. However, line 277 stores the password in plaintext in the database, and line 287 doesn't preserve the SQLException cause.

Apply this diff:

         System.out.print("Enter password: ");
         if (!scanner.hasNextLine()) {return;}
         String password = scanner.nextLine().trim();
+        // Hash the password before storage (use BCrypt, Argon2, etc.)
+        String hashedPassword = hashPassword(password);
         String name = firstName.substring(0, 3) + lastName.substring(0, 3);
 
         String sql = "INSERT INTO account (first_name, last_name, ssn, password, name) VALUES (?, ?, ?, ?, ?)";
         try (PreparedStatement stmt = connection.prepareStatement(sql)) {
             stmt.setString(1, firstName);
             stmt.setString(2, lastName);
             stmt.setString(3, ssn);
-            stmt.setString(4, password);
+            stmt.setString(4, hashedPassword);
             stmt.setString(5, name);
 
             int affectedRows = stmt.executeUpdate();
             if (affectedRows > 0) {
                 System.out.println("Successfully created an account for " + firstName + " " + lastName);
             } else
                 System.out.println("Failed to create an account.");
 
         } catch (SQLException e) {
-            throw new RuntimeException("Database operation failed. " + e.getMessage());
+            throw new RuntimeException("Database operation failed. " + e.getMessage(), e);
         }

Note: If plaintext is acceptable for this educational context, at minimum fix the exception cause.

---

330-350: Validate and trim userId input, and preserve exception cause.

The method should validate that userId is numeric (similar to updateAccountPassword) and trim the input. Line 348 should also include the SQLException cause for better debugging.

Apply this diff:

         System.out.println("Enter user id, that you wish to delete: ");
         if (!scanner.hasNextLine()) {
             return;
         }
-        String userId = scanner.nextLine();
+        String userIdStr = scanner.nextLine().trim();
+        long userId;
+        try {
+            userId = Long.parseLong(userIdStr);
+        } catch (NumberFormatException e) {
+            System.out.println("Invalid user_id. Please enter a number.");
+            return;
+        }
 
         String sql = " delete from account where user_id = ? ";
         try (PreparedStatement stmt = connection.prepareStatement(sql)) {
-            stmt.setString(1, userId);
+            stmt.setLong(1, userId);
 
             int affectedRows = stmt.executeUpdate();
             if (affectedRows > 0) {
                 System.out.println("Successfully deleted the account.");
             } else {
                 System.out.println("Failed to delete the account.");
             }
         } catch (SQLException e) {
-            throw new RuntimeException("Database operation failed. " + e.getMessage());
+            throw new RuntimeException("Database operation failed. " + e.getMessage(), e);
         }

🧹 Nitpick comments (1)

src/main/java/com/example/Main.java (1)

219-250: Good input validation, but add exception context.

The NumberFormatException handling (lines 227-232) properly addresses the previous review comment. However, line 248 should include a descriptive message in the RuntimeException.

Apply this diff to improve exception context:

         } catch (SQLException e) {
-            throw new RuntimeException(e);
+            throw new RuntimeException("Error counting missions for year=" + year, e);
         }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0608d2d and 38b2569.

📒 Files selected for processing (1)

• src/main/java/com/example/Main.java (2 hunks)

🔇 Additional comments (2)

src/main/java/com/example/Main.java (2)

129-131: Good fix: SQLException cause is now preserved.

The exception handling now properly includes the original SQLException as the cause, which will help with debugging.

---

167-183: LGTM: Exception handling is correct.

The method properly includes the SQLException cause and a descriptive message in the RuntimeException.