diff options
author | Vitaly Takmazov | 2017-11-01 01:57:08 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2017-11-01 01:57:08 +0300 |
commit | 3e87cc6a73fbfc165f81d5f7a3d7d1f76e7feb9a (patch) | |
tree | 68023133cec4261e38fa9ed56d26626553847e21 /juick-www/src/main/java/com | |
parent | 20e19b4242f888aafe3c55f9dabe3af46728cbab (diff) |
www: /post should not throw if img or attach is present
Diffstat (limited to 'juick-www/src/main/java/com')
3 files changed, 17 insertions, 16 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 3dc7bc76..231c6e2e 100644 --- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -72,7 +72,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class); http .authorizeRequests() - .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter").authenticated() + .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/comment").authenticated() .anyRequest().permitAll() .and() .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY) diff --git a/juick-www/src/main/java/com/juick/www/controllers/Messages.java b/juick-www/src/main/java/com/juick/www/controllers/Messages.java index 7c96705f..75e81b94 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/Messages.java +++ b/juick-www/src/main/java/com/juick/www/controllers/Messages.java @@ -542,8 +542,16 @@ public class Messages { headers += "<meta name=\"robots\" content=\"noindex\"/>"; } String cardType = StringUtils.isNotEmpty(msg.getAttachmentType()) ? "summary_large_image" : "summary"; - String msgImage = StringUtils.isNotEmpty(msg.getAttachmentType()) ? msg.getAttachment().getMedium().getUrl() - : "https://i.juick.com/a/" + msg.getUser().getUid() + ".png"; + if (StringUtils.isNotEmpty(msg.getAttachmentType())) { + // additional check in case of broken images + if (msg.getAttachment() != null) { + String msgImage = msg.getAttachment().getMedium().getUrl(); + headers += "<meta property=\"og:image\" content=\"" + msgImage + "\" />"; + } + } else { + String msgImage ="https://i.juick.com/a/" + msg.getUser().getUid() + ".png"; + headers += "<meta property=\"og:image\" content=\"" + msgImage + "\" />"; + } model.addAttribute("ogtype", "article"); String cardDescription = StringEscapeUtils.escapeHtml4(PlainTextFormatter.formatTwitterCard(msg)); headers += "<meta name=\"twitter:card\" content=\"" + cardType + "\" />\n" + @@ -551,8 +559,7 @@ public class Messages { "<meta property=\"og:url\" content=\"" + pageUrl + "\" />\n" + "<meta property=\"og:title\" content=\"" + msg.getUser().getName() + " at Juick\" />\n" + "<meta property=\"og:description\" content=\"" + cardDescription + "\" />\n" + - "<meta name=\"Description\" content=\"" + cardDescription + "\" />\n" + - "<meta property=\"og:image\" content=\"" + msgImage + "\" />"; + "<meta name=\"Description\" content=\"" + cardDescription + "\" />\n"; String twitterName = crosspostService.getTwitterName(msg.getUser().getUid()); if (StringUtils.isNotEmpty(twitterName)) { headers += "<meta name=\"twitter:creator\" content=\"@" + twitterName + "\" />\n"; diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java index 2de6a2ad..2b411523 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java +++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java @@ -91,14 +91,11 @@ public class NewMessage { @PostMapping("/post") public String postResult(@RequestParam(required = false) String img, - @RequestParam String body, + @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body, @RequestParam(required = false, name = "tags") String tagsStr, @RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); - if (visitor.getUid() == 0) { - throw new HttpForbiddenException(); - } - if (body == null || body.length() < 1 || body.length() > 4096) { + if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) { throw new HttpBadRequestException(); } body = body.replace("\r", StringUtils.EMPTY); @@ -107,7 +104,7 @@ public class NewMessage { String attachmentFName = HttpUtils.receiveMultiPartFile(attach, webApp.getTmpDir()); - if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) { + if (StringUtils.isBlank(attachmentFName) && StringUtils.isNotBlank(img)) { try { URL imgUrl = new URL(img); attachmentFName = HttpUtils.downloadImage(imgUrl, webApp.getTmpDir()); @@ -200,13 +197,10 @@ public class NewMessage { public String doPostComment( @RequestParam(required = false, defaultValue = "0") Integer mid, @RequestParam(required = false, defaultValue = "0") Integer rid, - @RequestParam String body, + @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body, @RequestParam(required = false) String img, @RequestParam(required = false) MultipartFile attach) throws IOException { com.juick.User visitor = UserUtils.getCurrentUser(); - if (visitor.getUid() == 0) { - throw new HttpForbiddenException(); - } if (mid == 0) { throw new HttpBadRequestException(); } @@ -223,7 +217,7 @@ public class NewMessage { } } - if (body.length() < 1 || body.length() > 4096) { + if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img)) { throw new HttpBadRequestException(); } body = body.replace("\r", StringUtils.EMPTY); |