1 files changed, 69 insertions, 0 deletions

diff --git a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java
new file mode 100644
index 00000000..5426f853
--- /dev/null
+++ b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java
@@ -0,0 +1,69 @@
+package com.juick.api.controllers;
+
+import com.juick.Message;
+import com.juick.User;
+import com.juick.api.util.HttpBadRequestException;
+import com.juick.api.util.HttpForbiddenException;
+import com.juick.service.MessagesService;
+import com.juick.service.SubscriptionService;
+import com.juick.service.UserService;
+import org.apache.commons.lang3.math.NumberUtils;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.util.List;
+
+/**
+ * Created by vitalyster on 24.10.2016.
+ */
+@Controller
+@ResponseBody
+public class Subscriptions {
+    @Inject
+    UserService userService;
+    @Inject
+    SubscriptionService subscriptionService;
+    @Inject
+    MessagesService messagesService;
+
+    @RequestMapping(value = "/subscriptions", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+    public List<User> doGet(HttpServletRequest request) throws IOException {
+        // TODO: use spring-security
+        String auth = request.getHeader("Authorization");
+        int vuid = userService.getUIDByHttpAuth(auth);
+        if (vuid == -1) {
+            throw new HttpForbiddenException();
+        }
+        if (vuid == 0) {
+            String hash = request.getParameter("hash");
+            if (hash != null && hash.length() == 16) {
+                vuid  = userService.getUIDbyHash(hash);
+            }
+        }
+        if (vuid == 0) {
+            throw new HttpForbiddenException();
+        }
+        User visitor = userService.getUserByUID(vuid).orElse(new User());
+        if ((visitor.getUid() == 0) && !(visitor.getName().equals("juick"))) {
+            throw new HttpForbiddenException();
+        }
+        int uid = NumberUtils.toInt(request.getParameter("uid"), 0);
+        int mid = NumberUtils.toInt(request.getParameter("mid"), 0);
+        if (uid > 0) {
+            return subscriptionService.getSubscribedUsers(uid, mid);
+        } else {
+            // thread
+            Message msg = messagesService.getMessage(mid);
+            if (msg != null) {
+                return subscriptionService.getUsersSubscribedToComments(mid, msg.getUser().getUid());
+            }
+        }
+        throw new HttpBadRequestException();
+    }
+}