aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2016-11-28 13:09:34 +0300
committerGravatar Vitaly Takmazov2016-11-28 13:09:34 +0300
commit1679b35661297fd9a6693b03cadcdbc1ab5a4203 (patch)
treeec2457286fcf93f1c227da369c0c39c98aa853df
parentbc23d2d2125d2086847397e85335f29a70668f6b (diff)
juick-api: all controllers are using spring-security and @RequestParam
-rw-r--r--juick-api/src/main/java/com/juick/api/controllers/Messages.java74
-rw-r--r--juick-api/src/main/java/com/juick/api/controllers/Notifications.java70
-rw-r--r--juick-api/src/main/java/com/juick/api/controllers/Others.java39
-rw-r--r--juick-api/src/main/java/com/juick/api/controllers/PM.java46
-rw-r--r--juick-api/src/main/java/com/juick/api/controllers/Post.java134
-rw-r--r--juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java30
-rw-r--r--juick-api/src/main/java/com/juick/api/controllers/Users.java61
-rw-r--r--juick-api/src/main/java/com/juick/api/util/HttpUtils.java32
-rw-r--r--juick-server/src/main/java/com/juick/service/UserServiceImpl.java7
9 files changed, 178 insertions, 315 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java
index 0f8e7e07..f30a7687 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java
@@ -25,7 +25,6 @@ import rocks.xmpp.addr.Jid;
import rocks.xmpp.core.stanza.model.Message;
import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
import java.security.Principal;
import java.util.Collections;
import java.util.List;
@@ -77,23 +76,15 @@ public class Messages {
@RequestMapping("/messages")
public ResponseEntity<List<com.juick.Message>> getMessages(
- HttpServletRequest request,
- @RequestParam(required = false) String hash,
+ Principal principal,
@RequestParam(required = false) String uname,
@RequestParam(defaultValue = "0") int before_mid,
@RequestParam(required = false) String popular,
@RequestParam(required = false) String media,
@RequestParam(required = false) String tag) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1)
- return FORBIDDEN;
-
- if (vuid == 0) {
- if (hash != null && hash.length() == 16)
- vuid = userService.getUIDbyHash(hash);
- }
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
List<Integer> mids;
if (!StringUtils.isEmpty(uname)) {
@@ -135,20 +126,11 @@ public class Messages {
@RequestMapping("/thread")
public ResponseEntity<List<com.juick.Message>> getThread(
- HttpServletRequest request,
+ Principal principal,
@RequestParam(defaultValue = "0") int mid) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- return FORBIDDEN;
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
com.juick.Message msg = messagesService.getMessage(mid);
if (msg != null) {
if (!messagesService.canViewThread(mid, vuid)) {
@@ -164,20 +146,11 @@ public class Messages {
@RequestMapping("/messages/recommended")
public ResponseEntity<List<com.juick.Message>> doGetRecommended(
- HttpServletRequest request,
+ Principal principal,
@RequestParam(defaultValue = "0") int before_mid) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- return FORBIDDEN;
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
if (vuid == 0) {
return FORBIDDEN;
}
@@ -195,29 +168,20 @@ public class Messages {
@RequestMapping("/messages/set_privacy")
@ResponseBody
- public Status doSetPrivacy(
- HttpServletRequest request,
+ public ResponseEntity<Status> doSetPrivacy(
+ Principal principal,
@RequestParam(defaultValue = "0") int mid) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
if (vuid == 0) {
throw new HttpForbiddenException();
}
com.juick.User user = messagesService.getMessageAuthor(mid);
if (user != null && user.getUid() == vuid && messagesService.setMessagePrivacy(mid)) {
- return Status.OK;
+ return ResponseEntity.ok(Status.OK);
}
- throw new HttpBadRequestException();
+ throw new HttpForbiddenException();
}
@RequestMapping("/messages/set_popular")
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java
index c3529645..35298095 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java
@@ -12,17 +12,15 @@ import com.juick.service.MessagesService;
import com.juick.service.PushQueriesService;
import com.juick.service.SubscriptionService;
import com.juick.service.UserService;
-import org.apache.commons.lang3.math.NumberUtils;
+import com.juick.util.UserUtils;
import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.*;
import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
+import java.security.Principal;
import java.util.List;
import java.util.stream.Collectors;
@@ -43,36 +41,24 @@ public class Notifications {
SubscriptionService subscriptionService;
@RequestMapping(value = "/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public List<String> doGet(HttpServletRequest request) {
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
- if (vuid == 0) {
- throw new HttpForbiddenException();
- }
- User visitor = userService.getUserByUID(vuid).orElse(new User());
+ public ResponseEntity<List<String>> doGet(
+ Principal principal,
+ @RequestParam String type,
+ @RequestParam(required = false, defaultValue = "0") int uid,
+ @RequestParam(required = false, defaultValue = "0") int mid) {
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) {
throw new HttpForbiddenException();
}
- String type = request.getParameter("type");
- int uid = NumberUtils.toInt(request.getParameter("uid"), 0);
- int mid = NumberUtils.toInt(request.getParameter("mid"), 0);
if (uid > 0) {
switch (type) {
case "gcm":
- return pushQueriesService.getAndroidRegID(uid);
+ return ResponseEntity.ok(pushQueriesService.getAndroidRegID(uid));
case "apns":
- return pushQueriesService.getAPNSToken(uid);
+ return ResponseEntity.ok(pushQueriesService.getAPNSToken(uid));
case "mpns":
- return pushQueriesService.getWinPhoneURL(uid);
+ return ResponseEntity.ok(pushQueriesService.getWinPhoneURL(uid));
default:
throw new HttpBadRequestException();
}
@@ -92,11 +78,11 @@ public class Notifications {
switch (type) {
case "gcm":
- return pushQueriesService.getAndroidTokens(uids);
+ return ResponseEntity.ok(pushQueriesService.getAndroidTokens(uids));
case "apns":
- return pushQueriesService.getAPNSTokens(uids);
+ return ResponseEntity.ok(pushQueriesService.getAPNSTokens(uids));
case "mpns":
- return pushQueriesService.getWindowsTokens(uids);
+ return ResponseEntity.ok(pushQueriesService.getWindowsTokens(uids));
default:
throw new HttpBadRequestException();
}
@@ -107,23 +93,11 @@ public class Notifications {
}
@RequestMapping(value = "/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public Status doDelete(HttpServletRequest request, @RequestBody String requestBody) throws IOException {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
- if (vuid == 0) {
- throw new HttpForbiddenException();
- }
- User visitor = userService.getUserByUID(vuid).orElse(new User());
+ public Status doDelete(
+ Principal principal,
+ @RequestBody String requestBody) throws IOException {
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) {
throw new HttpForbiddenException();
}
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Others.java b/juick-api/src/main/java/com/juick/api/controllers/Others.java
index ad620444..e2d802d8 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Others.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Others.java
@@ -6,14 +6,16 @@ import com.juick.api.util.HttpNotFoundException;
import com.juick.server.helpers.PrivateChats;
import com.juick.service.PMQueriesService;
import com.juick.service.UserService;
+import com.juick.util.UserUtils;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
+import java.security.Principal;
import java.util.List;
/**
@@ -30,33 +32,20 @@ public class Others {
UserService userService;
@RequestMapping(value = "groups_pms", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public PrivateChats doGetGroupsPMs(HttpServletRequest request) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ public PrivateChats doGetGroupsPMs(
+ Principal principal,
+ @RequestParam(defaultValue = "5") int cnt) {
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
if (vuid == 0) {
throw new HttpForbiddenException();
}
- int cnt = 5;
- try {
- String cntStr = request.getParameter("cnt");
- cnt = Integer.parseInt(cntStr);
- if (cnt < 3) {
- cnt = 3;
- }
- if (cnt > 10) {
- cnt = 10;
- }
- } catch (Exception e) {
+ if (cnt < 3) {
+ cnt = 3;
+ }
+ if (cnt > 10) {
+ cnt = 10;
}
List<User> lastconv = pmQueriesService.getPMLastConversationsUsers(vuid, cnt);
diff --git a/juick-api/src/main/java/com/juick/api/controllers/PM.java b/juick-api/src/main/java/com/juick/api/controllers/PM.java
index 3d9893b1..c928a11e 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/PM.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/PM.java
@@ -1,5 +1,6 @@
package com.juick.api.controllers;
+import com.juick.User;
import com.juick.api.ApiServer;
import com.juick.api.util.HttpBadRequestException;
import com.juick.api.util.HttpForbiddenException;
@@ -10,12 +11,13 @@ import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import rocks.xmpp.addr.Jid;
import rocks.xmpp.core.stanza.model.Message;
import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
+import java.security.Principal;
import java.util.List;
/**
@@ -34,23 +36,15 @@ public class PM {
ApiServer apiServer;
@RequestMapping(value = "/pm", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public List<com.juick.Message> doGetPM(HttpServletRequest request) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ public List<com.juick.Message> doGetPM(
+ Principal principal,
+ @RequestParam(required = false) String uname) {
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
if (vuid == 0) {
throw new HttpForbiddenException();
}
- String uname = request.getParameter("uname");
int uid = 0;
if (uname != null && uname.matches("^[a-zA-Z0-9\\-]{2,16}$")) {
uid = userService.getUIDbyName(uname);
@@ -64,29 +58,21 @@ public class PM {
}
@RequestMapping(value = "/pm", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public com.juick.Message doPostPM(HttpServletRequest request) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ public com.juick.Message doPostPM(
+ Principal principal,
+ @RequestParam String uname,
+ @RequestParam String body) {
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
if (vuid == 0) {
throw new HttpForbiddenException();
}
- String uname = request.getParameter("uname");
int uid = 0;
if (UserUtils.checkUserNameValid(uname)) {
uid = userService.getUIDbyName(uname);
}
- String body = request.getParameter("body");
if (uid == 0 || body == null || body.length() < 1 || body.length() > 10240) {
throw new HttpBadRequestException();
}
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Post.java b/juick-api/src/main/java/com/juick/api/controllers/Post.java
index fb1914e9..18f417d8 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Post.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Post.java
@@ -1,6 +1,7 @@
package com.juick.api.controllers;
import com.juick.Tag;
+import com.juick.User;
import com.juick.api.ApiServer;
import com.juick.api.util.HttpBadRequestException;
import com.juick.api.util.HttpForbiddenException;
@@ -10,23 +11,25 @@ import com.juick.service.MessagesService;
import com.juick.service.SubscriptionService;
import com.juick.service.TagService;
import com.juick.service.UserService;
+import com.juick.util.UserUtils;
import net.coobird.thumbnailator.Thumbnails;
-import org.apache.commons.lang3.math.NumberUtils;
+import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.core.env.Environment;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.multipart.MultipartFile;
import rocks.xmpp.addr.Jid;
-import rocks.xmpp.core.session.XmppSession;
import rocks.xmpp.core.stanza.model.Message;
import rocks.xmpp.extensions.nick.model.Nickname;
import rocks.xmpp.extensions.oob.model.x.OobX;
import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
@@ -34,6 +37,7 @@ import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
@@ -55,50 +59,31 @@ public class Post {
MessagesService messagesService;
@Inject
SubscriptionService subscriptionService;
+ @Inject
+ Environment env;
@RequestMapping(value = "/post", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- protected com.juick.Message doPost(HttpServletRequest request) throws IOException {
- String uri = request.getRequestURI();
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ public com.juick.Message doPostMessage(
+ Principal principal,
+ @RequestParam String body,
+ @RequestParam String tags,
+ @RequestParam(required = false) String img,
+ @RequestParam(required = false) MultipartFile attach) throws IOException {
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
if (vuid == 0) {
throw new HttpForbiddenException();
}
- switch (uri) {
- case "/post":
- int mid = NumberUtils.toInt(request.getParameter("mid"), 0);
- if (mid == 0) {
- return doPostMessage(request, apiServer.getXmpp(), vuid);
- } else {
- return doPostComment(request, apiServer.getXmpp(), vuid);
- }
- default:
- throw new HttpBadRequestException();
- }
- }
-
- public com.juick.Message doPostMessage(HttpServletRequest request, XmppSession xmpp, int vuid) throws IOException {
- String body = request.getParameter("body");
if (body == null || body.length() < 1 || body.length() > 4096) {
throw new HttpBadRequestException();
}
body = body.replace("\r", "");
- String tagsStr = request.getParameter("tags");
- List<Tag> tags = new ArrayList<>();
+ List<Tag> tagsList = new ArrayList<>();
String tagsArr[] = new String[1];
- if (tagsStr != null && !tagsStr.isEmpty()) {
- tagsArr = tagsStr.split("[ \\,]");
+ if (tags != null && !tags.isEmpty()) {
+ tagsArr = tags.split("[ \\,]");
for (int i = 0; i < tagsArr.length; i++) {
if (tagsArr[i].startsWith("*")) {
tagsArr[i] = tagsArr[i].substring(1);
@@ -107,24 +92,18 @@ public class Post {
tagsArr[i] = tagsArr[i].substring(0, 64);
}
}
- tags = tagService.getTags(tagsArr, true);
- while (tags.size() > 5) {
- tags.remove(5);
+ tagsList = tagService.getTags(tagsArr, true);
+ while (tagsList.size() > 5) {
+ tagsList.remove(5);
}
}
- String attachmentFName = null;
- try {
- attachmentFName = HttpUtils.receiveMultiPartFile(request, "attach");
- } catch (Exception e) {
- logger.error("MULTIPART ERROR", e);
- throw new HttpBadRequestException();
- }
+ String attachmentFName = HttpUtils.receiveMultiPartFile(attach, env.getProperty("upload_tmp_dir",
+ "/var/www/juick.com/i/tmp/"));
- String paramImg = request.getParameter("img");
- if (attachmentFName == null && paramImg != null && paramImg.length() > 10) {
+ if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) {
try {
- URL imgUrl = new URL(paramImg);
+ URL imgUrl = new URL(img);
attachmentFName = HttpUtils.downloadImage(imgUrl);
} catch (Exception e) {
logger.error("DOWNLOAD ERROR", e);
@@ -133,10 +112,10 @@ public class Post {
}
String attachmentType = attachmentFName != null ? attachmentFName.substring(attachmentFName.length() - 3) : null;
- int mid = messagesService.createMessage(vuid, body, attachmentType, tags);
+ int mid = messagesService.createMessage(vuid, body, attachmentType, tagsList);
subscriptionService.subscribeMessage(mid, vuid);
com.juick.Message jmsg = messagesService.getMessage(mid);
- if (xmpp != null) {
+ if (apiServer.getXmpp() != null) {
Message xmsg = new Message();
xmsg.setFrom(Jid.of("juick@juick.com"));
xmsg.setType(Message.Type.CHAT);
@@ -174,30 +153,41 @@ public class Post {
xmsg.setBody("@" + jmsg.getUser().getName() + ":" + tagsStr2 + "\n" + body + "\n\n#" + mid + " http://juick.com/" + mid);
xmsg.setTo(Jid.of("juick@s2s.juick.com"));
- xmpp.send(xmsg);
+ apiServer.getXmpp().send(xmsg);
xmsg.setTo(Jid.of("juick@ws.juick.com"));
- xmpp.send(xmsg);
+ apiServer.getXmpp().send(xmsg);
xmsg.setTo(Jid.of("juick@push.juick.com"));
- xmpp.send(xmsg);
+ apiServer.getXmpp().send(xmsg);
xmsg.setTo(Jid.of("twitter@crosspost.juick.com"));
- xmpp.send(xmsg);
+ apiServer.getXmpp().send(xmsg);
xmsg.setTo(Jid.of("fb@crosspost.juick.com"));
- xmpp.send(xmsg);
+ apiServer.getXmpp().send(xmsg);
xmsg.setTo(Jid.of("jubo@nologin.ru"));
- xmpp.send(xmsg);
+ apiServer.getXmpp().send(xmsg);
} else {
logger.error("XMPP unavailable");
}
return jmsg;
}
-
- public com.juick.Message doPostComment(HttpServletRequest request, XmppSession xmpp, int vuid)
+ @RequestMapping(value = "/comment", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ public com.juick.Message doPostComment(
+ Principal principal,
+ @RequestParam(defaultValue = "0") int mid,
+ @RequestParam(defaultValue = "0") int rid,
+ @RequestParam String body,
+ @RequestParam(required = false) String img,
+ @RequestParam(required = false) MultipartFile attach)
throws IOException {
- int mid = NumberUtils.toInt(request.getParameter("mid"), 0);
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
+ if (vuid == 0) {
+ throw new HttpForbiddenException();
+ }
if (mid == 0) {
throw new HttpBadRequestException();
}
@@ -206,7 +196,6 @@ public class Post {
throw new HttpNotFoundException();
}
- int rid = NumberUtils.toInt(request.getParameter("rid"), 0);
com.juick.Message reply = null;
if (rid > 0) {
reply = messagesService.getReply(mid, rid);
@@ -215,7 +204,6 @@ public class Post {
}
}
- String body = request.getParameter("body");
if (body == null || body.length() < 1 || body.length() > 4096) {
throw new HttpBadRequestException();
}
@@ -226,18 +214,12 @@ public class Post {
throw new HttpForbiddenException();
}
- String attachmentFName = null;
- try {
- attachmentFName = HttpUtils.receiveMultiPartFile(request, "attach");
- } catch (Exception e) {
- logger.error("MULTIPART ERROR", e);
- throw new HttpBadRequestException();
- }
+ String attachmentFName = HttpUtils.receiveMultiPartFile(attach, env.getProperty("upload_tmp_dir",
+ "/var/www/juick.com/i/tmp/"));
- String paramImg = request.getParameter("img");
- if (attachmentFName == null && paramImg != null && paramImg.length() > 10) {
+ if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) {
try {
- attachmentFName = HttpUtils.downloadImage(new URL(paramImg));
+ attachmentFName = HttpUtils.downloadImage(new URL(img));
} catch (Exception e) {
logger.error("DOWNLOAD ERROR", e);
throw new HttpBadRequestException();
@@ -250,7 +232,7 @@ public class Post {
com.juick.Message jmsg = messagesService.getReply(mid, ridnew);
- if (xmpp != null) {
+ if (apiServer.getXmpp() != null) {
Message xmsg = new Message();
xmsg.setFrom(Jid.of("juick@juick.com"));
xmsg.setType(Message.Type.CHAT);
@@ -289,13 +271,13 @@ public class Post {
mid + "/" + ridnew + " http://juick.com/" + mid + "#" + ridnew);
xmsg.setTo(Jid.of("juick@s2s.juick.com"));
- xmpp.send(xmsg);
+ apiServer.getXmpp().send(xmsg);
xmsg.setTo(Jid.of("juick@ws.juick.com"));
- xmpp.send(xmsg);
+ apiServer.getXmpp().send(xmsg);
xmsg.setTo(Jid.of("juick@push.juick.com"));
- xmpp.send(xmsg);
+ apiServer.getXmpp().send(xmsg);
} else {
logger.error("XMPP unavailable");
}
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java
index 5426f853..42be9903 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java
@@ -7,16 +7,17 @@ import com.juick.api.util.HttpForbiddenException;
import com.juick.service.MessagesService;
import com.juick.service.SubscriptionService;
import com.juick.service.UserService;
-import org.apache.commons.lang3.math.NumberUtils;
+import com.juick.util.UserUtils;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
+import java.security.Principal;
import java.util.List;
/**
@@ -33,28 +34,15 @@ public class Subscriptions {
MessagesService messagesService;
@RequestMapping(value = "/subscriptions", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public List<User> doGet(HttpServletRequest request) throws IOException {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
- if (vuid == 0) {
- throw new HttpForbiddenException();
- }
- User visitor = userService.getUserByUID(vuid).orElse(new User());
+ public List<User> doGet(
+ Principal principal,
+ @RequestParam(defaultValue = "0") int mid,
+ @RequestParam(defaultValue = "0") int uid) throws IOException {
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
if ((visitor.getUid() == 0) && !(visitor.getName().equals("juick"))) {
throw new HttpForbiddenException();
}
- int uid = NumberUtils.toInt(request.getParameter("uid"), 0);
- int mid = NumberUtils.toInt(request.getParameter("mid"), 0);
if (uid > 0) {
return subscriptionService.getSubscribedUsers(uid, mid);
} else {
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java
index 8b1bc6cd..75dea5f5 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Users.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java
@@ -9,10 +9,11 @@ import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
+import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
@@ -30,22 +31,11 @@ public class Users {
UserService userService;
@RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public List<User> doGetUsers(HttpServletRequest request) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ public List<User> doGetUsers(
+ @RequestParam(value = "uname", required = false) String[] punames,
+ @RequestParam(value = "jid", required = false) String[] pjids) {
List<com.juick.User> users = new ArrayList<>();
- String punames[] = request.getParameterValues("uname");
if (punames != null) {
ArrayList<String> unames = new ArrayList<>(Arrays.asList(punames));
Iterator<String> i = unames.iterator();
@@ -59,7 +49,6 @@ public class Users {
}
}
- String pjids[] = request.getParameterValues("jid");
if (pjids != null) {
List<String> jids = new ArrayList<>(Arrays.asList(pjids));
Iterator<String> ii = jids.iterator();
@@ -80,24 +69,16 @@ public class Users {
}
@RequestMapping(value = "/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public List<User> doGetUserRead(HttpServletRequest request) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ public List<User> doGetUserRead(
+ Principal principal,
+ @RequestParam String uname) {
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
if (vuid == 0) {
throw new HttpForbiddenException();
}
int uid = 0;
- String uname = request.getParameter("uname");
if (uname == null) {
uid = vuid;
} else {
@@ -122,24 +103,16 @@ public class Users {
}
@RequestMapping(value = "/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public List<User> doGetUserReaders(HttpServletRequest request) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
+ public List<User> doGetUserReaders(
+ Principal principal,
+ @RequestParam String uname) {
+ String name = UserUtils.getUsername(principal, null);
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
if (vuid == 0) {
throw new HttpForbiddenException();
}
int uid = 0;
- String uname = request.getParameter("uname");
if (uname == null) {
uid = vuid;
} else {
diff --git a/juick-api/src/main/java/com/juick/api/util/HttpUtils.java b/juick-api/src/main/java/com/juick/api/util/HttpUtils.java
index f20e10a8..2fe4322d 100644
--- a/juick-api/src/main/java/com/juick/api/util/HttpUtils.java
+++ b/juick-api/src/main/java/com/juick/api/util/HttpUtils.java
@@ -17,12 +17,19 @@
*/
package com.juick.api.util;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.multipart.MultipartFile;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.Part;
import java.io.FileOutputStream;
+import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.util.UUID;
/**
@@ -30,6 +37,7 @@ import java.util.UUID;
* @author Ugnich Anton
*/
public class HttpUtils {
+ private static final Logger logger = LoggerFactory.getLogger(HttpUtils.class);
public static String getPartFilename(Part part) {
for (String cd : part.getHeader("content-disposition").split(";")) {
if (cd.trim().startsWith("filename")) {
@@ -39,27 +47,27 @@ public class HttpUtils {
}
return null;
}
- public static String receiveMultiPartFile(HttpServletRequest request, String name) throws Exception {
- String attachmentFName = null;
-
- Part filePart = request.getPart("attach");
- if (filePart != null) {
- String partname = HttpUtils.getPartFilename(filePart);
+ public static String receiveMultiPartFile(MultipartFile attach, String tmpDir) {
+ if (!attach.isEmpty()) {
+ String partname = attach.getOriginalFilename();
if (partname != null && partname.length() > 0) {
String attachmentType = partname.substring(partname.length() - 3).toLowerCase();
if (attachmentType.equals("jpg") || attachmentType.equals("peg") || attachmentType.equals("png")) {
if (attachmentType.equals("peg")) {
attachmentType = "jpg";
}
- attachmentFName = UUID.randomUUID().toString() + "." + attachmentType;
- filePart.write("/var/www/juick.com/i/tmp/" + attachmentFName);
- } else {
- throw new Exception("Wrong file type");
+ String attachmentFName = UUID.randomUUID().toString() + "." + attachmentType;
+ try {
+ Files.write(Paths.get(tmpDir, attachmentFName),
+ attach.getBytes());
+ return attachmentFName;
+ } catch (IOException e) {
+ logger.warn("file receive error", e);
+ }
}
}
}
-
- return attachmentFName;
+ return "";
}
public static String downloadImage(URL url) throws Exception {
String attachmentFName = null;
diff --git a/juick-server/src/main/java/com/juick/service/UserServiceImpl.java b/juick-server/src/main/java/com/juick/service/UserServiceImpl.java
index a00eab3f..b3430254 100644
--- a/juick-server/src/main/java/com/juick/service/UserServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/UserServiceImpl.java
@@ -118,16 +118,15 @@ public class UserServiceImpl extends BaseJdbcService implements UserService {
@Transactional(readOnly = true)
@Override
public User getUserByName(final String username) {
- User result = null;
-
if (StringUtils.isNotBlank(username)) {
List<User> list = getJdbcTemplate().query(
"SELECT id, nick, banned, lang FROM users WHERE nick = ?", new UserMapper(), username);
if (!list.isEmpty())
- result = list.get(0);
+ return list.get(0);
}
- return result;
+ // TODO: @NonNullable ?
+ return new User();
}
@Override