2 files changed, 90 insertions, 1 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index ac61f8f69..6608a658a 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -201,7 +201,7 @@ public class SecurityConfig {
                                 "/api/swagger-ui/**",
                                 "/api/messages/discussions",
                                 "/api/users", "/api/thread", "/api/tags",
-                                "/api/tlgmbtwbhk", "/api/fbwbhk", "/api/_patreon", "/api/_vk",
+                                "/api/tlgmbtwbhk", "/api/fbwbhk", "/api/_patreon", "/api/_vk", "/api/_google",
                                 "/api/skypebotendpoint", "/api/signup",
                                 "/api/inbox", "/api/events", "/api/u/", "/u/**",
                                 "/n/**",
diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java
new file mode 100644
index 000000000..5b48c52be
--- /dev/null
+++ b/src/main/java/com/juick/www/api/ApiSocialLogin.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2008-2024, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.www.api;
+
+import com.github.scribejava.apis.GoogleTokenVerifier;
+import com.juick.model.AuthResponse;
+import com.juick.service.EmailService;
+import com.juick.service.UserService;
+import com.juick.util.HttpBadRequestException;
+import com.juick.util.HttpForbiddenException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Controller;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import jakarta.inject.Inject;
+import java.util.Optional;
+
+@Controller
+public class ApiSocialLogin {
+
+    private static final Logger logger = LoggerFactory.getLogger(ApiSocialLogin.class);
+
+    @Value("${google_client_id:}")
+    private String googleClientId;
+
+    @Inject
+    private UserService userService;
+    @Inject
+    private EmailService emailService;
+    @Inject
+    private Users users;
+    @ResponseBody
+    @PostMapping("/api/signup")
+    public com.juick.model.User signupWithEmail(String username, String password, String verificationCode) {
+        if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$")
+                || password.length() < 6 || password.length() > 32) {
+            throw new HttpBadRequestException();
+        }
+
+        String verifiedEmail = emailService.getEmailByAuthCode(verificationCode);
+        if (StringUtils.hasText(verifiedEmail)) {
+            com.juick.model.User newUser = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new);
+            emailService.addEmail(newUser.getUid(), verifiedEmail);
+            emailService.deleteAuthCode(verificationCode);
+            return newUser;
+        } else {
+            throw new HttpForbiddenException();
+        }
+    }
+    @ResponseBody
+    @PostMapping("/api/_google")
+    public AuthResponse googleSignIn(@RequestParam(name = "idToken") String idTokenString) {
+        logger.info("Token: {}", idTokenString);
+        logger.info("Client: {}", googleClientId);
+        Optional<String> verifiedEmail = GoogleTokenVerifier.validateToken(googleClientId, idTokenString);
+        if (verifiedEmail.isPresent()) {
+            String email = verifiedEmail.get();
+            com.juick.model.User visitor = userService.getUserByEmail(email);
+            if (visitor.isAnonymous()) {
+                String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
+                emailService.addVerificationCode(null, email, verificationCode);
+                return new AuthResponse(null, email, verificationCode);
+            } else {
+                return new AuthResponse(users.getMe(visitor), null, null);
+            }
+        }
+        throw new HttpForbiddenException();
+    }
+}