www: no more xmpp

author: Vitaly Takmazov 2018-04-25 13:54:25 +0300
committer: Vitaly Takmazov 2018-04-25 19:04:07 +0300
commit: 2bf63fc8d2a4b84e051d28e670c7c74b039e2545 (patch)
tree: afceff82288a45649156b0a8428999a00464ba59 /juick-api
parent: 003ff7221782c4f0cf4a5660832e40c7ac386618 (diff)
4 files changed, 341 insertions, 0 deletions
diff --git a/juick-api/build.gradle b/juick-api/build.gradle
new file mode 100644
index 00000000..2899529a
--- /dev/null
+++ b/juick-api/build.gradle
@@ -0,0 +1,7 @@
+apply plugin: 'java'
+
+dependencies {
+    compile project(':juick-common')
+    compile project(':juick-server-jdbc')
+    compile 'org.apache.commons:commons-email:1.5'
+}
+\ No newline at end of file
diff --git a/juick-api/src/main/java/com/juick/server/api/Post.java b/juick-api/src/main/java/com/juick/server/api/Post.java
new file mode 100644
index 00000000..5757db09
--- /dev/null
+++ b/juick-api/src/main/java/com/juick/server/api/Post.java
@@ -0,0 +1,201 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.api;
+
+import com.juick.Reaction;
+import com.juick.Status;
+import com.juick.User;
+import com.juick.server.CommandsManager;
+import com.juick.server.helpers.CommandResult;
+import com.juick.server.util.*;
+import com.juick.service.MessagesService;
+import com.juick.service.SubscriptionService;
+import com.juick.service.UserService;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.multipart.MultipartFile;
+
+import javax.inject.Inject;
+import javax.validation.constraints.NotNull;
+import java.net.URI;
+import java.net.URL;
+import java.util.List;
+
+/**
+ * Created by vt on 24/11/2016.
+ */
+@RestController
+public class Post {
+    private static Logger logger = LoggerFactory.getLogger(Post.class);
+
+    @Inject
+    private UserService userService;
+    @Inject
+    private MessagesService messagesService;
+    @Inject
+    private SubscriptionService subscriptionService;
+    @Value("${upload_tmp_dir:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
+    private String tmpDir;
+    @Value("${img_path:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
+    private String imgDir;
+    @Inject
+    CommandsManager commandsManager;
+
+    @RequestMapping(value = "/post", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+    @ResponseStatus(value = HttpStatus.OK)
+    public CommandResult doPostMessage(
+            @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
+            @RequestParam(required = false) String img,
+            @RequestParam(required = false) MultipartFile attach) throws Exception {
+        User visitor = UserUtils.getCurrentUser();
+
+        if (visitor.isAnonymous())
+            throw new HttpForbiddenException();
+
+        if (body.length() > 4096) {
+            throw new HttpBadRequestException();
+        }
+        body = body.replace("\r", StringUtils.EMPTY);
+
+        URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir);
+
+        if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) {
+            URI juickUri = URI.create(img);
+            if (juickUri.getScheme().equals("juick")) {
+                attachmentFName = juickUri;
+            } else {
+                try {
+                    URL imgUrl = new URL(img);
+                    attachmentFName = HttpUtils.downloadImage(imgUrl, tmpDir);
+                } catch (Exception e) {
+                    logger.error("DOWNLOAD ERROR", e);
+                    throw new HttpBadRequestException();
+                }
+            }
+        }
+        return commandsManager.processCommand(visitor, body, attachmentFName);
+    }
+
+    @RequestMapping(value = "/comment", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+    public com.juick.Message doPostComment(
+            @RequestParam(defaultValue = "0") int mid,
+            @RequestParam(defaultValue = "0") int rid,
+            @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
+            @RequestParam(required = false) String img,
+            @RequestParam(required = false) MultipartFile attach)
+            throws Exception {
+        User visitor = UserUtils.getCurrentUser();
+        int vuid = visitor.getUid();
+        if (vuid == 0) {
+            throw new HttpForbiddenException();
+        }
+        if (mid == 0) {
+            throw new HttpBadRequestException();
+        }
+        com.juick.Message msg = messagesService.getMessage(mid);
+        if (msg == null) {
+            throw new HttpNotFoundException();
+        }
+
+        com.juick.Message reply = null;
+        if (rid > 0) {
+            reply = messagesService.getReply(mid, rid);
+            if (reply == null) {
+                throw new HttpNotFoundException();
+            }
+        }
+
+        if (body.length() > 4096) {
+            throw new HttpBadRequestException();
+        }
+        body = body.replace("\r", StringUtils.EMPTY);
+
+        if ((msg.ReadOnly && msg.getUser().getUid() != vuid) || userService.isInBLAny(msg.getUser().getUid(), vuid)
+                || (reply != null && userService.isInBLAny(reply.getUser().getUid(), vuid))) {
+            throw new HttpForbiddenException();
+        }
+
+        URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir);
+
+        if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) {
+            try {
+                attachmentFName = HttpUtils.downloadImage(new URL(img), tmpDir);
+            } catch (Exception e) {
+                logger.error("DOWNLOAD ERROR", e);
+                throw new HttpBadRequestException();
+            }
+        }
+
+        return commandsManager.processCommand(visitor, String.format("#%d/%d %s", mid, rid, body), attachmentFName).getNewMessage().get();
+    }
+
+    @PostMapping("/like")
+    @ResponseStatus(value = HttpStatus.OK)
+    public Status doPostRecomm(@RequestParam Integer mid) throws Exception {
+        com.juick.User visitor = UserUtils.getCurrentUser();
+        if (visitor.getUid() == 0) {
+            throw new HttpForbiddenException();
+        }
+        com.juick.Message msg = messagesService.getMessage(mid);
+        if (msg == null) {
+            throw new HttpNotFoundException();
+        }
+        if (msg.getUser().getUid() == visitor.getUid()) {
+            throw new HttpForbiddenException();
+        }
+        CommandResult status = commandsManager.processCommand(visitor, String.format("! #%d", mid),
+                URI.create(StringUtils.EMPTY));
+        return Status.getStatus(status.getText());
+    }
+
+    @GetMapping("/reactions")
+    @ResponseStatus(value = HttpStatus.OK)
+    public List<Reaction> reactionsList() {
+        return messagesService.listReactions();
+    }
+
+    @PostMapping("/react")
+    @ResponseStatus(value = HttpStatus.OK)
+    public Status doPostReact(@RequestParam Integer mid,@RequestParam @NotNull int reactionId,
+                              @RequestParam (required = false, defaultValue = "1") int count) {
+
+        logger.info("got reaction with type: {}", reactionId);
+        com.juick.User visitor = UserUtils.getCurrentUser();
+        if (visitor.getUid() == 0) {
+            throw new HttpForbiddenException();
+        }
+        com.juick.Message msg = messagesService.getMessage(mid);
+        if (msg == null) {
+            throw new HttpNotFoundException();
+        }
+        if (msg.getUser().getUid() == visitor.getUid()) {
+            throw new HttpForbiddenException();
+        }
+        MessagesService.RecommendStatus recommendStatus = MessagesService.RecommendStatus.Error;
+        for (int i = 0; i < count; i++)
+            recommendStatus = messagesService.likeMessage(mid, visitor.getUid(),
+                    reactionId);
+
+        return  recommendStatus ==  MessagesService.RecommendStatus.Error ? Status.ERROR :Status.OK;
+    }
+}
diff --git a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
new file mode 100644
index 00000000..3809090e
--- /dev/null
+++ b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.configuration;
+
+import com.juick.service.UserService;
+import com.juick.service.security.JuickUserDetailsService;
+import com.juick.service.security.NotAuthorizedAuthenticationEntryPoint;
+import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import javax.inject.Inject;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+@Configuration
+@EnableWebSecurity
+public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Value("${auth_remember_me_key:secret}")
+    private String rememberMeKey;
+    @Inject
+    private UserService userService;
+
+    ApiSecurityConfig() {
+        super(true);
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+                .antMatchers(HttpMethod.OPTIONS).permitAll()
+                .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
+                        "/skypebotendpoint").permitAll()
+                .anyRequest().hasRole("USER")
+                .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+                .and().anonymous()
+                .and().cors().configurationSource(corsConfigurationSource())
+                .and().servletApi()
+                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
+                .and()
+                .rememberMe()
+                .alwaysRemember(true)
+                .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
+                .rememberMeServices(rememberMeServices())
+                .key(rememberMeKey)
+                .and().authenticationProvider(authenticationProvider())
+                .headers().defaultsDisabled().cacheControl();
+    }
+
+    @Bean
+    public DaoAuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
+
+        authenticationProvider.setUserDetailsService(userDetailsService());
+
+        return authenticationProvider;
+    }
+
+    @Bean
+    public JuickUserDetailsService userDetailsService() {
+        return new JuickUserDetailsService(userService);
+    }
+
+    @Bean
+    public RememberMeServices rememberMeServices() {
+        return new RequestParamHashRememberMeServices(rememberMeKey, userService);
+    }
+
+    @Bean
+    public NotAuthorizedAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
+        return new NotAuthorizedAuthenticationEntryPoint();
+    }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(Collections.singletonList("*"));
+        configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+        configuration.setAllowedHeaders(Collections.singletonList("*"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**",
+                "/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**");
+    }
+}
diff --git a/juick-api/src/main/java/com/juick/server/configuration/PostConfig.java b/juick-api/src/main/java/com/juick/server/configuration/PostConfig.java
new file mode 100644
index 00000000..598a7435
--- /dev/null
+++ b/juick-api/src/main/java/com/juick/server/configuration/PostConfig.java
@@ -0,0 +1,9 @@
+package com.juick.server.configuration;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.context.annotation.ComponentScan;
+
+@EnableAutoConfiguration
+@ComponentScan({"com.juick.server", "com.juick.service"})
+public class PostConfig {
+}
author	Vitaly Takmazov	2018-04-25 13:54:25 +0300
committer	Vitaly Takmazov	2018-04-25 19:04:07 +0300
commit	2bf63fc8d2a4b84e051d28e670c7c74b039e2545 (patch)
tree	afceff82288a45649156b0a8428999a00464ba59 /juick-api
parent	003ff7221782c4f0cf4a5660832e40c7ac386618 (diff)