diff options
author | Vitaly Takmazov | 2016-11-28 13:09:34 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2016-11-28 13:09:34 +0300 |
commit | 1679b35661297fd9a6693b03cadcdbc1ab5a4203 (patch) | |
tree | ec2457286fcf93f1c227da369c0c39c98aa853df /juick-api/src/main/java/com/juick/api/controllers/PM.java | |
parent | bc23d2d2125d2086847397e85335f29a70668f6b (diff) |
juick-api: all controllers are using spring-security and @RequestParam
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/controllers/PM.java')
-rw-r--r-- | juick-api/src/main/java/com/juick/api/controllers/PM.java | 46 |
1 files changed, 16 insertions, 30 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/PM.java b/juick-api/src/main/java/com/juick/api/controllers/PM.java index 3d9893b1..c928a11e 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/PM.java +++ b/juick-api/src/main/java/com/juick/api/controllers/PM.java @@ -1,5 +1,6 @@ package com.juick.api.controllers; +import com.juick.User; import com.juick.api.ApiServer; import com.juick.api.util.HttpBadRequestException; import com.juick.api.util.HttpForbiddenException; @@ -10,12 +11,13 @@ import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; +import java.security.Principal; import java.util.List; /** @@ -34,23 +36,15 @@ public class PM { ApiServer apiServer; @RequestMapping(value = "/pm", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List<com.juick.Message> doGetPM(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public List<com.juick.Message> doGetPM( + Principal principal, + @RequestParam(required = false) String uname) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } - String uname = request.getParameter("uname"); int uid = 0; if (uname != null && uname.matches("^[a-zA-Z0-9\\-]{2,16}$")) { uid = userService.getUIDbyName(uname); @@ -64,29 +58,21 @@ public class PM { } @RequestMapping(value = "/pm", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public com.juick.Message doPostPM(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public com.juick.Message doPostPM( + Principal principal, + @RequestParam String uname, + @RequestParam String body) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } - String uname = request.getParameter("uname"); int uid = 0; if (UserUtils.checkUserNameValid(uname)) { uid = userService.getUIDbyName(uname); } - String body = request.getParameter("body"); if (uid == 0 || body == null || body.length() < 1 || body.length() > 10240) { throw new HttpBadRequestException(); } |