delete notifications using POST

1 files changed, 26 insertions, 1 deletions

diff --git a/juick-server/src/main/java/com/juick/server/api/Notifications.java b/juick-server/src/main/java/com/juick/server/api/Notifications.java
index 67e52851..bc3d98bf 100644
--- a/juick-server/src/main/java/com/juick/server/api/Notifications.java
+++ b/juick-server/src/main/java/com/juick/server/api/Notifications.java
@@ -105,7 +105,32 @@ public class Notifications {
     public Status doDelete(
             @RequestBody List<ExternalToken> list) {
         User visitor = UserUtils.getCurrentUser();
-        // FIXME: it is possible to delete other user's tokens
+        if ((visitor.isAnonymous()) || !(visitor.getName().equals("juick"))) {
+            throw new HttpForbiddenException();
+        }
+        list.forEach(t -> {
+            switch (t.getType()) {
+                case "gcm":
+                    pushQueriesService.deleteGCMToken(t.getToken());
+                    break;
+                case "apns":
+                    pushQueriesService.deleteAPNSToken(t.getToken());
+                    break;
+                case "mpns":
+                    pushQueriesService.deleteMPNSToken(t.getToken());
+                    break;
+                default:
+                    throw new HttpBadRequestException();
+            }
+        });
+
+        return Status.OK;
+    }
+    @ApiIgnore
+    @RequestMapping(value = "/api/notifications/delete", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+    public Status doDeleteTokens(
+            @RequestBody List<ExternalToken> list) {
+        User visitor = UserUtils.getCurrentUser();
         if ((visitor.isAnonymous()) || !(visitor.getName().equals("juick"))) {
             throw new HttpForbiddenException();
         }