diff options
Diffstat (limited to 'juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java')
-rw-r--r-- | juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java | 30 |
1 files changed, 9 insertions, 21 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java index 5426f853..42be9903 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java @@ -7,16 +7,17 @@ import com.juick.api.util.HttpForbiddenException; import com.juick.service.MessagesService; import com.juick.service.SubscriptionService; import com.juick.service.UserService; -import org.apache.commons.lang3.math.NumberUtils; +import com.juick.util.UserUtils; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; import java.io.IOException; +import java.security.Principal; import java.util.List; /** @@ -33,28 +34,15 @@ public class Subscriptions { MessagesService messagesService; @RequestMapping(value = "/subscriptions", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List<User> doGet(HttpServletRequest request) throws IOException { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } - if (vuid == 0) { - throw new HttpForbiddenException(); - } - User visitor = userService.getUserByUID(vuid).orElse(new User()); + public List<User> doGet( + Principal principal, + @RequestParam(defaultValue = "0") int mid, + @RequestParam(defaultValue = "0") int uid) throws IOException { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); if ((visitor.getUid() == 0) && !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } - int uid = NumberUtils.toInt(request.getParameter("uid"), 0); - int mid = NumberUtils.toInt(request.getParameter("mid"), 0); if (uid > 0) { return subscriptionService.getSubscribedUsers(uid, mid); } else { |