diff options
| author |  Vitaly Takmazov | 2016-11-28 13:09:34 +0300 |
|---|---|---|
| committer | Vitaly Takmazov | 2016-11-28 13:09:34 +0300 |
| commit | 1679b35661297fd9a6693b03cadcdbc1ab5a4203 (patch) | |
| tree | ec2457286fcf93f1c227da369c0c39c98aa853df /juick-api/src/main/java/com/juick/api/controllers/Notifications.java | |
| parent | bc23d2d2125d2086847397e85335f29a70668f6b (diff) | |
juick-api: all controllers are using spring-security and @RequestParam
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/controllers/Notifications.java')
| -rw-r--r-- | juick-api/src/main/java/com/juick/api/controllers/Notifications.java | 70 |
1 files changed, 22 insertions, 48 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java index c3529645..35298095 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java @@ -12,17 +12,15 @@ import com.juick.service.MessagesService; import com.juick.service.PushQueriesService; import com.juick.service.SubscriptionService; import com.juick.service.UserService; -import org.apache.commons.lang3.math.NumberUtils; +import com.juick.util.UserUtils; import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.*; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; import java.io.IOException; +import java.security.Principal; import java.util.List; import java.util.stream.Collectors; @@ -43,36 +41,24 @@ public class Notifications { SubscriptionService subscriptionService; @RequestMapping(value = "/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List<String> doGet(HttpServletRequest request) { - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } - if (vuid == 0) { - throw new HttpForbiddenException(); - } - User visitor = userService.getUserByUID(vuid).orElse(new User()); + public ResponseEntity<List<String>> doGet( + Principal principal, + @RequestParam String type, + @RequestParam(required = false, defaultValue = "0") int uid, + @RequestParam(required = false, defaultValue = "0") int mid) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } - String type = request.getParameter("type"); - int uid = NumberUtils.toInt(request.getParameter("uid"), 0); - int mid = NumberUtils.toInt(request.getParameter("mid"), 0); if (uid > 0) { switch (type) { case "gcm": - return pushQueriesService.getAndroidRegID(uid); + return ResponseEntity.ok(pushQueriesService.getAndroidRegID(uid)); case "apns": - return pushQueriesService.getAPNSToken(uid); + return ResponseEntity.ok(pushQueriesService.getAPNSToken(uid)); case "mpns": - return pushQueriesService.getWinPhoneURL(uid); + return ResponseEntity.ok(pushQueriesService.getWinPhoneURL(uid)); default: throw new HttpBadRequestException(); } @@ -92,11 +78,11 @@ public class Notifications { switch (type) { case "gcm": - return pushQueriesService.getAndroidTokens(uids); + return ResponseEntity.ok(pushQueriesService.getAndroidTokens(uids)); case "apns": - return pushQueriesService.getAPNSTokens(uids); + return ResponseEntity.ok(pushQueriesService.getAPNSTokens(uids)); case "mpns": - return pushQueriesService.getWindowsTokens(uids); + return ResponseEntity.ok(pushQueriesService.getWindowsTokens(uids)); default: throw new HttpBadRequestException(); } @@ -107,23 +93,11 @@ public class Notifications { } @RequestMapping(value = "/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public Status doDelete(HttpServletRequest request, @RequestBody String requestBody) throws IOException { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } - if (vuid == 0) { - throw new HttpForbiddenException(); - } - User visitor = userService.getUserByUID(vuid).orElse(new User()); + public Status doDelete( + Principal principal, + @RequestBody String requestBody) throws IOException { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } |