diff options
author | Vitaly Takmazov | 2016-10-24 14:06:17 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2016-10-24 14:19:10 +0300 |
commit | 95ac207e5dd5566490571fda7229b754a2bbe7ac (patch) | |
tree | 44ab7bdd2b86f7abf343599162fd43846544de7a /juick-ws/src/main/java/com/juick/ws/components | |
parent | 44806446ccb0fc845ab289b545e5a8bcb55925dc (diff) |
ws: fix injections
Diffstat (limited to 'juick-ws/src/main/java/com/juick/ws/components')
4 files changed, 48 insertions, 88 deletions
diff --git a/juick-ws/src/main/java/com/juick/ws/components/CrosspostComponent.java b/juick-ws/src/main/java/com/juick/ws/components/CrosspostComponent.java index 8cda122e..dcb4a709 100644 --- a/juick-ws/src/main/java/com/juick/ws/components/CrosspostComponent.java +++ b/juick-ws/src/main/java/com/juick/ws/components/CrosspostComponent.java @@ -27,11 +27,9 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang3.math.NumberUtils; import org.apache.commons.lang3.tuple.Pair; import org.springframework.beans.factory.DisposableBean; -import org.springframework.beans.factory.InitializingBean; import org.springframework.core.env.Environment; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.datasource.DriverManagerDataSource; -import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; import javax.crypto.Mac; @@ -44,6 +42,7 @@ import java.net.URL; import java.net.URLEncoder; import java.security.Key; import java.util.UUID; +import java.util.concurrent.ExecutorService; import java.util.logging.Level; import java.util.logging.Logger; @@ -52,51 +51,41 @@ import java.util.logging.Logger; * @author Ugnich Anton */ @Component -public class CrosspostComponent implements JuickComponent, DisposableBean, Stream.StreamListener, Message.MessageListener { +public class CrosspostComponent implements DisposableBean, Stream.StreamListener, Message.MessageListener { private static Logger logger = Logger.getLogger(CrosspostComponent.class.getName()); public final static String TWITTERURL = "https://api.twitter.com/1.1/statuses/update.json"; public final static String FBURL = "https://graph.facebook.com/me/feed"; public final static String VKURL = "https://api.vk.com/method/wall.post"; - JdbcTemplate sql; + @Inject + JdbcTemplate jdbc; Stream xmpp; String twitter_consumer_key; String twitter_consumer_secret; + ExecutorService service; @Inject - public CrosspostComponent(Environment env) { + public CrosspostComponent(Environment env, ExecutorService service) { + this.service = service; logger.info("component initialized"); try { twitter_consumer_key = env.getProperty("twitter_consumer_key", ""); twitter_consumer_secret = env.getProperty("twitter_consumer_secret", ""); - setupSql(env.getProperty("datasource_driver", "com.mysql.jdbc.Driver"), env.getProperty("datasource_url", "")); setupXmppComponent(env.getProperty("crosspost_jid", "crosspost.juick.local"), env.getProperty("xmpp_password", ""), NumberUtils.toInt(env.getProperty("xmpp_port", ""), 5347)); + service.submit(() -> xmpp.startParsing()); } catch (Exception e) { logger.log(Level.SEVERE, e.getMessage(), e); } } - @Async - @Override - public void init() { - xmpp.startParsing(); - } - @Override public void destroy() { logger.info("component destroyed"); } - public void setupSql(String driver, String url) { - DriverManagerDataSource dataSource = new DriverManagerDataSource(); - dataSource.setDriverClassName(driver); - dataSource.setUrl(url); - sql = new JdbcTemplate(dataSource); - } - public void setupXmppComponent(String jid, String password, int port) { try { Socket socket = new Socket("localhost", port); @@ -131,7 +120,7 @@ public class CrosspostComponent implements JuickComponent, DisposableBean, Strea } public boolean facebookPost(com.juick.Message jmsg) { - String token = CrosspostQueries.getFacebookToken(sql, jmsg.getUser().getUID()).orElse(""); + String token = CrosspostQueries.getFacebookToken(jdbc, jmsg.getUser().getUID()).orElse(""); if (token.isEmpty()) { return false; } @@ -168,7 +157,7 @@ public class CrosspostComponent implements JuickComponent, DisposableBean, Strea } public boolean vkontaktePost(com.juick.Message jmsg) { - Pair<String, String> tokens = CrosspostQueries.getVKTokens(sql, jmsg.getUser().getUID()).orElse(Pair.of("", "")); + Pair<String, String> tokens = CrosspostQueries.getVKTokens(jdbc, jmsg.getUser().getUID()).orElse(Pair.of("", "")); if (tokens.getLeft().isEmpty() || tokens.getRight().isEmpty()) { return false; } @@ -205,7 +194,7 @@ public class CrosspostComponent implements JuickComponent, DisposableBean, Strea } public boolean twitterPost(com.juick.Message jmsg) { - Pair<String, String> tokens = CrosspostQueries.getTwitterTokens(sql, jmsg.getUser().getUID()).orElse(Pair.of("", "")); + Pair<String, String> tokens = CrosspostQueries.getTwitterTokens(jdbc, jmsg.getUser().getUID()).orElse(Pair.of("", "")); if (tokens.getLeft().isEmpty() || tokens.getRight().isEmpty()) { return false; } diff --git a/juick-ws/src/main/java/com/juick/ws/components/JuickComponent.java b/juick-ws/src/main/java/com/juick/ws/components/JuickComponent.java deleted file mode 100644 index 0f53ed66..00000000 --- a/juick-ws/src/main/java/com/juick/ws/components/JuickComponent.java +++ /dev/null @@ -1,8 +0,0 @@ -package com.juick.ws.components; - -/** - * Created by vitalyster on 08.08.2016. - */ -public interface JuickComponent { - void init(); -} diff --git a/juick-ws/src/main/java/com/juick/ws/components/PushComponent.java b/juick-ws/src/main/java/com/juick/ws/components/PushComponent.java index 7be2f797..5c4fc969 100644 --- a/juick-ws/src/main/java/com/juick/ws/components/PushComponent.java +++ b/juick-ws/src/main/java/com/juick/ws/components/PushComponent.java @@ -59,6 +59,7 @@ import java.net.Socket; import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import java.util.concurrent.ExecutorService; import java.util.logging.Level; import java.util.logging.Logger; import java.util.stream.Collectors; @@ -68,33 +69,30 @@ import java.util.stream.Collectors; * @author Ugnich Anton */ @Component -public class PushComponent implements JuickComponent, DisposableBean, Stream.StreamListener, MessageListener { +public class PushComponent implements DisposableBean, Stream.StreamListener, MessageListener { private static Logger logger = Logger.getLogger(PushComponent.class.getName()); String wns_application_sip; String wns_client_secret; - JdbcTemplate sql; + @Inject + JdbcTemplate jdbc; Socket socket; Stream xmpp; Sender GCMSender; + ExecutorService service; @Inject - public PushComponent(Environment env) { + public PushComponent(Environment env, ExecutorService service) { + this.service = service; logger.info("component initialized"); wns_application_sip = env.getProperty("wns_application_sip", ""); wns_client_secret = env.getProperty("wns_client_secret", ""); GCMSender = new Sender(env.getProperty("gcm_key", "")); - setupSql(env.getProperty("datasource_driver", "com.mysql.jdbc.Driver"), env.getProperty("datasource_url", "")); setupXmppComponent(new JID("", env.getProperty("push_jid"), ""), env.getProperty("xmpp_host", "localhost"), NumberUtils.toInt(env.getProperty("xmpp_port", ""), 5347), env.getProperty("push_xmpp_password", "")); - } - - @Async - @Override - public void init() { - xmpp.startParsing(); + service.submit(() -> xmpp.startParsing()); } @Override @@ -102,13 +100,6 @@ public class PushComponent implements JuickComponent, DisposableBean, Stream.Str logger.info("component destroyed"); } - public void setupSql(String driver, String url) { - DriverManagerDataSource dataSource = new DriverManagerDataSource(); - dataSource.setDriverClassName(driver); - dataSource.setUrl(url); - sql = new JdbcTemplate(dataSource); - } - public void setupXmppComponent(JID jid, String host, int port, String password) { try { socket = new Socket(host, port); @@ -141,21 +132,21 @@ public class PushComponent implements JuickComponent, DisposableBean, Stream.Str } else { if (isReply) { subscribedUsers = - SubscriptionsQueries.getUsersSubscribedToComments(sql, jmsg.getMID(), jmsg.getUser().getUID()); + SubscriptionsQueries.getUsersSubscribedToComments(jdbc, jmsg.getMID(), jmsg.getUser().getUID()); } else { // new message - subscribedUsers = SubscriptionsQueries.getSubscribedUsers(sql, jmsg.getUser().getUID(), jmsg.getMID()); + subscribedUsers = SubscriptionsQueries.getSubscribedUsers(jdbc, jmsg.getUser().getUID(), jmsg.getMID()); } } /*** ANDROID ***/ final List<String> regids = new ArrayList<>(); if (isPM) { - regids.addAll(PushQueries.getAndroidRegID(sql, pmTo)); + regids.addAll(PushQueries.getAndroidRegID(jdbc, pmTo)); } else { List<Integer> uids = subscribedUsers.stream().map(com.juick.User::getUID).collect(Collectors.toList()); if (uids.size() > 0) { - regids.addAll(PushQueries.getAndroidTokens(sql, uids)); + regids.addAll(PushQueries.getAndroidTokens(jdbc, uids)); } } @@ -182,11 +173,11 @@ public class PushComponent implements JuickComponent, DisposableBean, Stream.Str /*** WinPhone ***/ final List<String> urls = new ArrayList<>(); if (isPM) { - urls.addAll(PushQueries.getWinPhoneURL(sql, pmTo)); + urls.addAll(PushQueries.getWinPhoneURL(jdbc, pmTo)); } else { List<Integer> uids = subscribedUsers.stream().map(com.juick.User::getUID).collect(Collectors.toList()); if (uids.size() > 0) { - urls.addAll(PushQueries.getWindowsTokens(sql, uids)); + urls.addAll(PushQueries.getWindowsTokens(jdbc, uids)); } } @@ -227,11 +218,11 @@ public class PushComponent implements JuickComponent, DisposableBean, Stream.Str /*** iOS ***/ final List<String> tokens = new ArrayList<>(); if (isPM) { - tokens.addAll(PushQueries.getAPNSToken(sql, pmTo)); + tokens.addAll(PushQueries.getAPNSToken(jdbc, pmTo)); } else { List<Integer> uids = subscribedUsers.stream().map(com.juick.User::getUID).collect(Collectors.toList()); if (uids.size() > 0) { - tokens.addAll(PushQueries.getAPNSTokens(sql, uids)); + tokens.addAll(PushQueries.getAPNSTokens(jdbc, uids)); } } if (!tokens.isEmpty()) { diff --git a/juick-ws/src/main/java/com/juick/ws/components/XMPPComponent.java b/juick-ws/src/main/java/com/juick/ws/components/XMPPComponent.java index 1db8c604..2cc898ec 100644 --- a/juick-ws/src/main/java/com/juick/ws/components/XMPPComponent.java +++ b/juick-ws/src/main/java/com/juick/ws/components/XMPPComponent.java @@ -12,10 +12,8 @@ import com.juick.xmpp.extensions.XOOB; import org.apache.commons.dbcp2.BasicDataSource; import org.apache.commons.lang3.math.NumberUtils; import org.springframework.beans.factory.DisposableBean; -import org.springframework.beans.factory.InitializingBean; import org.springframework.core.env.Environment; import org.springframework.jdbc.core.JdbcTemplate; -import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; import org.xmlpull.v1.XmlPullParserException; @@ -30,7 +28,6 @@ import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.*; import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; import java.util.logging.Level; import java.util.logging.Logger; @@ -44,7 +41,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, private static final Logger logger = Logger.getLogger(XMPPComponent.class.getName()); - public final ExecutorService executorService = Executors.newCachedThreadPool(); + public ExecutorService service; private StreamComponent router; JuickBot bot; @@ -57,11 +54,13 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, private final List<ConnectionIn> inConnections = Collections.synchronizedList(new ArrayList<>()); private final List<ConnectionOut> outConnections = Collections.synchronizedList(new ArrayList<>()); private final List<CacheEntry> outCache = Collections.synchronizedList(new ArrayList<>()); - private JdbcTemplate sql; + @Inject + public JdbcTemplate jdbc; final public HashMap<String, StanzaChild> childParsers = new HashMap<>(); @Inject - public XMPPComponent(Environment env) { + public XMPPComponent(Environment env, ExecutorService service) { + this.service = service; logger.info("component initialized"); try { HOSTNAME = env.getProperty("hostname"); @@ -74,15 +73,11 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, keystorePassword = env.getProperty("keystore_password"); brokenSSLhosts = Arrays.asList(env.getProperty("broken_ssl_hosts", "").split(",")); bannedHosts = Arrays.asList(env.getProperty("banned_hosts", "").split(",")); - BasicDataSource dataSource = new BasicDataSource(); - dataSource.setDriverClassName(env.getProperty("datasource_driver", "com.mysql.jdbc.Driver")); - dataSource.setUrl(env.getProperty("datasource_url")); - setSql(new JdbcTemplate(dataSource)); bot = new JuickBot(this, Jid); childParsers.put(JuickMessage.XMLNS, new JuickMessage()); - executorService.submit(() -> { + service.submit(() -> { try { Socket routerSocket = new Socket("localhost", componentPort); router = new StreamComponent(new JID("s2s"), routerSocket.getInputStream(), routerSocket.getOutputStream(), env.getProperty("xmpp_password")); @@ -95,7 +90,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, logger.log(Level.SEVERE, "router error", e); } }); - executorService.submit(() -> { + service.submit(() -> { final ServerSocket listener = new ServerSocket(s2sPort); logger.info("s2s listener ready"); while (true) { @@ -103,13 +98,13 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, Socket socket = listener.accept(); ConnectionIn client = new ConnectionIn(this, bot, socket); addConnectionIn(client); - executorService.submit(client); + service.submit(client); } catch (Exception e) { logger.log(Level.SEVERE, "s2s error", e); } } }); - executorService.submit(new CleaningUp(this)); + service.submit(new CleaningUp(this)); } catch (Exception e) { logger.log(Level.SEVERE, "XMPPComponent error", e); @@ -225,7 +220,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, if (!haveAnyConn) { try { ConnectionOut connectionOut = new ConnectionOut(this, hostname); - executorService.submit(connectionOut); + service.submit(connectionOut); } catch (CertificateException | UnrecoverableKeyException | NoSuchAlgorithmException | XmlPullParserException | KeyStoreException | KeyManagementException | IOException e) { logger.log(Level.SEVERE, "s2s out error", e); } @@ -256,7 +251,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, } catch (IOException e) { logger.log(Level.WARNING, "router warning", e); } - executorService.shutdown(); + service.shutdown(); logger.info("component destroyed"); } public void closeRouterConnection() throws IOException { @@ -267,11 +262,11 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, List<String> jids = new ArrayList<>(); if (jmsg.FriendsOnly) { - jids = SubscriptionsQueries.getJIDSubscribedToUser(getSql(), jmsg.getUser().getUID(), jmsg.FriendsOnly); + jids = SubscriptionsQueries.getJIDSubscribedToUser(jdbc, jmsg.getUser().getUID(), jmsg.FriendsOnly); } else { - List<User> users = SubscriptionsQueries.getSubscribedUsers(getSql(), jmsg.getUser().getUID(), jmsg.getMID()); + List<User> users = SubscriptionsQueries.getSubscribedUsers(jdbc, jmsg.getUser().getUID(), jmsg.getMID()); for (User user : users) { - for (String jid : UserQueries.getJIDsbyUID(getSql(), user.getUID())) { + for (String jid : UserQueries.getJIDsbyUID(jdbc, user.getUID())) { jids.add(jid); } } @@ -312,9 +307,9 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, String replyQuote; String replyTo; - users = SubscriptionsQueries.getUsersSubscribedToComments(getSql(), jmsg.getMID(), jmsg.getUser().getUID()); - com.juick.Message replyMessage = jmsg.ReplyTo > 0 ? MessagesQueries.getReply(getSql(), jmsg.getMID(), jmsg.ReplyTo) - : MessagesQueries.getMessage(getSql(), jmsg.getMID()); + users = SubscriptionsQueries.getUsersSubscribedToComments(jdbc, jmsg.getMID(), jmsg.getUser().getUID()); + com.juick.Message replyMessage = jmsg.ReplyTo > 0 ? MessagesQueries.getReply(jdbc, jmsg.getMID(), jmsg.ReplyTo) + : MessagesQueries.getMessage(jdbc, jmsg.getMID()); replyTo = replyMessage.getUser().getUName(); replyQuote = getReplyQuote(replyMessage); @@ -331,7 +326,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, msg.type = Message.Type.chat; msg.addChild(jmsg); for (User user : users) { - for (String jid : UserQueries.getJIDsbyUID(getSql(), user.getUID())) { + for (String jid : UserQueries.getJIDsbyUID(jdbc, user.getUID())) { msg.to = new JID(jid); sendOut(msg); } @@ -351,8 +346,8 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, public void sendJuickRecommendation(JuickMessage recomm) { List<User> users; JuickMessage jmsg; - jmsg = new JuickMessage(MessagesQueries.getMessage(getSql(), recomm.getMID())); - users = SubscriptionsQueries.getUsersSubscribedToUserRecommendations(getSql(), + jmsg = new JuickMessage(MessagesQueries.getMessage(jdbc, recomm.getMID())); + users = SubscriptionsQueries.getUsersSubscribedToUserRecommendations(jdbc, recomm.getUser().getUID(), recomm.getMID(), jmsg.getUser().getUID()); String txt = "Recommended by @" + recomm.getUser().getUName() + ":\n"; @@ -389,7 +384,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, } for (User user : users) { - for (String jid : UserQueries.getJIDsbyUID(getSql(), user.getUID())) { + for (String jid : UserQueries.getJIDsbyUID(jdbc, user.getUID())) { msg.to = new JID(jid); sendOut(msg); } @@ -463,11 +458,4 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, return outCache; } - public JdbcTemplate getSql() { - return sql; - } - - public void setSql(JdbcTemplate sql) { - this.sql = sql; - } } |