www: telegram login

1 files changed, 39 insertions, 0 deletions

diff --git a/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java b/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java
index 4a502637..b9d3c9c7 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java
@@ -28,10 +28,14 @@ import com.juick.server.util.HttpBadRequestException;
 import com.juick.server.util.UserUtils;
 import com.juick.service.CrosspostService;
 import com.juick.service.EmailService;
+import com.juick.service.TelegramService;
 import com.juick.service.UserService;
 import com.juick.www.Utils;
 import com.juick.www.facebook.User;
 import com.juick.www.vk.UsersResponse;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.codec.digest.HmacAlgorithms;
+import org.apache.commons.codec.digest.HmacUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.math.NumberUtils;
 import org.slf4j.Logger;
@@ -48,8 +52,10 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Map;
 import java.util.UUID;
 import java.util.concurrent.ExecutionException;
+import java.util.stream.Collectors;
 
 /**
  *
@@ -79,6 +85,8 @@ public class SocialLogin {
     private String VK_APPID;
     @Value("${vk_secret}")
     private String VK_SECRET;
+    @Value("${telegram_token}")
+    private String telegramToken;
 
     @Inject
     private CrosspostService crosspostService;
@@ -86,6 +94,8 @@ public class SocialLogin {
     private UserService userService;
     @Inject
     private EmailService emailService;
+    @Inject
+    private TelegramService telegramService;
 
     @PostConstruct
     public void init() {
@@ -279,4 +289,33 @@ public class SocialLogin {
             return "redirect:/signup?type=vk&hash=" + loginhash;
         }
     }
+
+    @GetMapping("/_tglogin")
+    public String doDurovLogin(HttpServletRequest request,
+                               @RequestParam Map<String, String> params,
+                               HttpServletResponse response) {
+        String dataCheckString = params.entrySet().stream()
+                .filter(p -> !p.getKey().equals("hash"))
+                .sorted(Map.Entry.comparingByKey())
+                .map(p -> p.getKey() + "=" + p.getValue())
+                .collect(Collectors.joining("\n"));
+        String hash = params.get("hash");
+        byte[] secretKey = DigestUtils.sha256(telegramToken);
+        String resultString = new HmacUtils(HmacAlgorithms.HMAC_SHA_256, secretKey).hmacHex(dataCheckString);
+        if (hash.equals(resultString)) {
+            Long tgUser = Long.valueOf(params.get("id"));
+            int uid = telegramService.getUser(tgUser);
+            if (uid > 0) {
+                Cookie c = new Cookie("hash", userService.getHashByUID(uid));
+                c.setMaxAge(50 * 24 * 60 * 60);
+                response.addCookie(c);
+                return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
+            } else {
+                logger.warn("invalid user {}", tgUser);
+            }
+        } else {
+            logger.warn("invalid tg hash {} for {}", resultString, hash);
+        }
+        throw new HttpBadRequestException();
+    }
 }