diff options
author | Vitaly Takmazov | 2016-11-25 13:20:15 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2016-11-25 13:20:15 +0300 |
commit | 55b09a6a3bc4a21201189d855e140308f05016fb (patch) | |
tree | 543c880aaf15bf396eca6255bd816fb7d5dc9f12 /juick-api/src/main/java/com/juick/api/controllers | |
parent | efe9b6d78c9aac2b92afe2d55d2f33e4b5e6d179 (diff) |
juick-api: security WIP
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/controllers')
-rw-r--r-- | juick-api/src/main/java/com/juick/api/controllers/Messages.java | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java index f4cde321..36882140 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java @@ -16,7 +16,6 @@ import org.slf4j.LoggerFactory; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @@ -25,6 +24,7 @@ import rocks.xmpp.core.stanza.model.Message; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; +import java.security.Principal; import java.util.List; /** @@ -47,22 +47,10 @@ public class Messages { // TODO: serialize image urls @RequestMapping(value = "/home", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List<com.juick.Message> doGetHome(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } - if (vuid == 0) { - throw new HttpForbiddenException(); - } + public List<com.juick.Message> doGetHome(HttpServletRequest request, Principal principal) { + String name = principal.getName(); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); int before_mid = NumberUtils.toInt(request.getParameter("before_mid"), 0); List<Integer> mids = messagesService.getMyFeed(vuid, before_mid); return messagesService.getMessages(mids); |