diff options
-rw-r--r-- | juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java | 39 | ||||
-rw-r--r-- | juick-www/src/main/webapp/WEB-INF/views/login.html | 8 |
2 files changed, 44 insertions, 3 deletions
diff --git a/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java b/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java index 4a502637..b9d3c9c7 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java +++ b/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java @@ -28,10 +28,14 @@ import com.juick.server.util.HttpBadRequestException; import com.juick.server.util.UserUtils; import com.juick.service.CrosspostService; import com.juick.service.EmailService; +import com.juick.service.TelegramService; import com.juick.service.UserService; import com.juick.www.Utils; import com.juick.www.facebook.User; import com.juick.www.vk.UsersResponse; +import org.apache.commons.codec.digest.DigestUtils; +import org.apache.commons.codec.digest.HmacAlgorithms; +import org.apache.commons.codec.digest.HmacUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.math.NumberUtils; import org.slf4j.Logger; @@ -48,8 +52,10 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.Map; import java.util.UUID; import java.util.concurrent.ExecutionException; +import java.util.stream.Collectors; /** * @@ -79,6 +85,8 @@ public class SocialLogin { private String VK_APPID; @Value("${vk_secret}") private String VK_SECRET; + @Value("${telegram_token}") + private String telegramToken; @Inject private CrosspostService crosspostService; @@ -86,6 +94,8 @@ public class SocialLogin { private UserService userService; @Inject private EmailService emailService; + @Inject + private TelegramService telegramService; @PostConstruct public void init() { @@ -279,4 +289,33 @@ public class SocialLogin { return "redirect:/signup?type=vk&hash=" + loginhash; } } + + @GetMapping("/_tglogin") + public String doDurovLogin(HttpServletRequest request, + @RequestParam Map<String, String> params, + HttpServletResponse response) { + String dataCheckString = params.entrySet().stream() + .filter(p -> !p.getKey().equals("hash")) + .sorted(Map.Entry.comparingByKey()) + .map(p -> p.getKey() + "=" + p.getValue()) + .collect(Collectors.joining("\n")); + String hash = params.get("hash"); + byte[] secretKey = DigestUtils.sha256(telegramToken); + String resultString = new HmacUtils(HmacAlgorithms.HMAC_SHA_256, secretKey).hmacHex(dataCheckString); + if (hash.equals(resultString)) { + Long tgUser = Long.valueOf(params.get("id")); + int uid = telegramService.getUser(tgUser); + if (uid > 0) { + Cookie c = new Cookie("hash", userService.getHashByUID(uid)); + c.setMaxAge(50 * 24 * 60 * 60); + response.addCookie(c); + return Utils.getPreviousPageByRequest(request).orElse("redirect:/"); + } else { + logger.warn("invalid user {}", tgUser); + } + } else { + logger.warn("invalid tg hash {} for {}", resultString, hash); + } + throw new HttpBadRequestException(); + } } diff --git a/juick-www/src/main/webapp/WEB-INF/views/login.html b/juick-www/src/main/webapp/WEB-INF/views/login.html index f1ea75d2..1ddc5f90 100644 --- a/juick-www/src/main/webapp/WEB-INF/views/login.html +++ b/juick-www/src/main/webapp/WEB-INF/views/login.html @@ -123,9 +123,11 @@ {{ i18n("messages","label.register") }}: <div id="facebook"><a href="/_fblogin" rel="nofollow">Facebook</a></div> <div id="vk"><a href="/_vklogin" rel="nofollow">ВКонтакте</a></div> - <div id="xmpp"><a href="#" onclick="$('#xmppinfo').toggle(); return false">XMPP</a> - <div id="xmppinfo">{{ i18n("messages","message.sendLoginToXmpp") | raw }}</a></div> - </div> + <div id="tg"> + <script src="https://telegram.org/js/telegram-widget.js?3" + data-telegram-login="Juick_bot" data-size="medium" data-radius="0" + data-auth-url="https://juick.com/_tglogin" data-request-access="write"></script> + </div> </div> <div id="signin"> <a href="#" onclick="$('#signinform').toggle(); $('#nickinput').focus(); return false"> |