aboutsummaryrefslogtreecommitdiff
path: root/juick-api/src/main/java/com/juick/api/controllers
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2016-11-25 13:20:15 +0300
committerGravatar Vitaly Takmazov2016-11-25 13:20:15 +0300
commit55b09a6a3bc4a21201189d855e140308f05016fb (patch)
tree543c880aaf15bf396eca6255bd816fb7d5dc9f12 /juick-api/src/main/java/com/juick/api/controllers
parentefe9b6d78c9aac2b92afe2d55d2f33e4b5e6d179 (diff)
juick-api: security WIP
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/controllers')
-rw-r--r--juick-api/src/main/java/com/juick/api/controllers/Messages.java22
1 files changed, 5 insertions, 17 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java
index f4cde321..36882140 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java
@@ -16,7 +16,6 @@ import org.slf4j.LoggerFactory;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
-import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@@ -25,6 +24,7 @@ import rocks.xmpp.core.stanza.model.Message;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
+import java.security.Principal;
import java.util.List;
/**
@@ -47,22 +47,10 @@ public class Messages {
// TODO: serialize image urls
@RequestMapping(value = "/home", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public List<com.juick.Message> doGetHome(HttpServletRequest request) {
- // TODO: use spring-security
- String auth = request.getHeader("Authorization");
- int vuid = userService.getUIDByHttpAuth(auth);
- if (vuid == -1) {
- throw new HttpForbiddenException();
- }
- if (vuid == 0) {
- String hash = request.getParameter("hash");
- if (hash != null && hash.length() == 16) {
- vuid = userService.getUIDbyHash(hash);
- }
- }
- if (vuid == 0) {
- throw new HttpForbiddenException();
- }
+ public List<com.juick.Message> doGetHome(HttpServletRequest request, Principal principal) {
+ String name = principal.getName();
+ User visitor = userService.getUserByName(name);
+ int vuid = visitor.getUid();
int before_mid = NumberUtils.toInt(request.getParameter("before_mid"), 0);
List<Integer> mids = messagesService.getMyFeed(vuid, before_mid);
return messagesService.getMessages(mids);