aboutsummaryrefslogtreecommitdiff
path: root/juick-api/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'juick-api/src/main')
-rw-r--r--juick-api/src/main/java/com/juick/server/api/Post.java205
-rw-r--r--juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java125
-rw-r--r--juick-api/src/main/java/com/juick/server/configuration/PostConfig.java9
3 files changed, 0 insertions, 339 deletions
diff --git a/juick-api/src/main/java/com/juick/server/api/Post.java b/juick-api/src/main/java/com/juick/server/api/Post.java
deleted file mode 100644
index afe9d2d5..00000000
--- a/juick-api/src/main/java/com/juick/server/api/Post.java
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * Copyright (C) 2008-2017, Juick
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.juick.server.api;
-
-import com.juick.Reaction;
-import com.juick.Status;
-import com.juick.User;
-import com.juick.server.CommandsManager;
-import com.juick.server.helpers.CommandResult;
-import com.juick.server.util.*;
-import com.juick.service.MessagesService;
-import com.juick.service.SubscriptionService;
-import com.juick.service.UserService;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
-import org.springframework.web.bind.annotation.*;
-import org.springframework.web.multipart.MultipartFile;
-
-import javax.inject.Inject;
-import javax.validation.constraints.NotNull;
-import java.net.URI;
-import java.net.URL;
-import java.util.List;
-
-/**
- * Created by vt on 24/11/2016.
- */
-@RestController
-public class Post {
- private static Logger logger = LoggerFactory.getLogger(Post.class);
-
- @Inject
- private UserService userService;
- @Inject
- private MessagesService messagesService;
- @Inject
- private SubscriptionService subscriptionService;
- @Value("${upload_tmp_dir:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
- private String tmpDir;
- @Value("${img_path:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
- private String imgDir;
- @Inject
- CommandsManager commandsManager;
-
- @RequestMapping(value = "/post", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- @ResponseStatus(value = HttpStatus.OK)
- public CommandResult doPostMessage(
- @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
- @RequestParam(required = false) String img,
- @RequestParam(required = false) MultipartFile attach) throws Exception {
- User visitor = UserUtils.getCurrentUser();
-
- if (visitor.isAnonymous())
- throw new HttpForbiddenException();
-
- if (body.length() > 4096) {
- throw new HttpBadRequestException();
- }
- body = body.replace("\r", StringUtils.EMPTY);
-
- URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir);
-
- if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) {
- URI juickUri = URI.create(img);
- if (juickUri.getScheme().equals("juick")) {
- attachmentFName = juickUri;
- } else {
- try {
- URL imgUrl = new URL(img);
- attachmentFName = HttpUtils.downloadImage(imgUrl, tmpDir);
- } catch (Exception e) {
- logger.error("DOWNLOAD ERROR", e);
- throw new HttpBadRequestException();
- }
- }
- }
- if (StringUtils.isBlank(body) && StringUtils.isBlank(attachmentFName.toString())) {
- // Should be there for compatibility
- throw new HttpBadRequestException();
- }
- return commandsManager.processCommand(visitor, body, attachmentFName);
- }
-
- @RequestMapping(value = "/comment", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
- public com.juick.Message doPostComment(
- @RequestParam(defaultValue = "0") int mid,
- @RequestParam(defaultValue = "0") int rid,
- @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
- @RequestParam(required = false) String img,
- @RequestParam(required = false) MultipartFile attach)
- throws Exception {
- User visitor = UserUtils.getCurrentUser();
- int vuid = visitor.getUid();
- if (vuid == 0) {
- throw new HttpForbiddenException();
- }
- if (mid == 0) {
- throw new HttpBadRequestException();
- }
- com.juick.Message msg = messagesService.getMessage(mid);
- if (msg == null) {
- throw new HttpNotFoundException();
- }
-
- com.juick.Message reply = null;
- if (rid > 0) {
- reply = messagesService.getReply(mid, rid);
- if (reply == null) {
- throw new HttpNotFoundException();
- }
- }
-
- if (body.length() > 4096) {
- throw new HttpBadRequestException();
- }
- body = body.replace("\r", StringUtils.EMPTY);
-
- if ((msg.ReadOnly && msg.getUser().getUid() != vuid) || userService.isInBLAny(msg.getUser().getUid(), vuid)
- || (reply != null && userService.isInBLAny(reply.getUser().getUid(), vuid))) {
- throw new HttpForbiddenException();
- }
-
- URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir);
-
- if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) {
- try {
- attachmentFName = HttpUtils.downloadImage(new URL(img), tmpDir);
- } catch (Exception e) {
- logger.error("DOWNLOAD ERROR", e);
- throw new HttpBadRequestException();
- }
- }
-
- return commandsManager.processCommand(visitor, String.format("#%d/%d %s", mid, rid, body), attachmentFName).getNewMessage().get();
- }
-
- @PostMapping("/like")
- @ResponseStatus(value = HttpStatus.OK)
- public Status doPostRecomm(@RequestParam Integer mid) throws Exception {
- com.juick.User visitor = UserUtils.getCurrentUser();
- if (visitor.isAnonymous()) {
- throw new HttpForbiddenException();
- }
- com.juick.Message msg = messagesService.getMessage(mid);
- if (msg == null) {
- throw new HttpNotFoundException();
- }
- if (msg.getUser().getUid() == visitor.getUid()) {
- throw new HttpForbiddenException();
- }
- CommandResult status = commandsManager.processCommand(visitor, String.format("! #%d", mid),
- URI.create(StringUtils.EMPTY));
- return Status.getStatus(status.getText());
- }
-
- @GetMapping("/reactions")
- @ResponseStatus(value = HttpStatus.OK)
- public List<Reaction> reactionsList() {
- return messagesService.listReactions();
- }
-
- @PostMapping("/react")
- @ResponseStatus(value = HttpStatus.OK)
- public Status doPostReact(@RequestParam Integer mid,@RequestParam @NotNull int reactionId,
- @RequestParam (required = false, defaultValue = "1") int count) {
-
- logger.info("got reaction with type: {}", reactionId);
- com.juick.User visitor = UserUtils.getCurrentUser();
- if (visitor.isAnonymous()) {
- throw new HttpForbiddenException();
- }
- com.juick.Message msg = messagesService.getMessage(mid);
- if (msg == null) {
- throw new HttpNotFoundException();
- }
- if (msg.getUser().getUid() == visitor.getUid()) {
- throw new HttpForbiddenException();
- }
- MessagesService.RecommendStatus recommendStatus = MessagesService.RecommendStatus.Error;
- for (int i = 0; i < count; i++)
- recommendStatus = messagesService.likeMessage(mid, visitor.getUid(),
- reactionId);
-
- return recommendStatus == MessagesService.RecommendStatus.Error ? Status.ERROR :Status.OK;
- }
-}
diff --git a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
deleted file mode 100644
index 94c1f1a8..00000000
--- a/juick-api/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright (C) 2008-2017, Juick
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.juick.server.configuration;
-
-import com.juick.service.UserService;
-import com.juick.service.security.JuickUserDetailsService;
-import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.authentication.HttpStatusEntryPoint;
-import org.springframework.security.web.authentication.RememberMeServices;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-
-import javax.inject.Inject;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.concurrent.TimeUnit;
-
-/**
- * Created by aalexeev on 11/21/16.
- */
-@Configuration
-@EnableWebSecurity
-public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
- @Value("${auth_remember_me_key:secret}")
- private String rememberMeKey;
- @Inject
- private UserService userService;
-
- ApiSecurityConfig() {
- super(true);
- }
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
- .antMatchers(HttpMethod.OPTIONS).permitAll()
- .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
- "/skypebotendpoint").permitAll()
- .anyRequest().hasRole("USER")
- .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
- .and().anonymous()
- .and().cors().configurationSource(corsConfigurationSource())
- .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
- .and()
- .rememberMe()
- .alwaysRemember(true)
- .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
- .rememberMeServices(rememberMeServices())
- .key(rememberMeKey)
- .and().authenticationProvider(authenticationProvider())
- .headers().defaultsDisabled().cacheControl();
- }
-
- @Bean
- public DaoAuthenticationProvider authenticationProvider() {
- DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
-
- authenticationProvider.setUserDetailsService(userDetailsService());
-
- return authenticationProvider;
- }
-
- @Bean
- public JuickUserDetailsService userDetailsService() {
- return new JuickUserDetailsService(userService);
- }
-
- @Bean
- public RememberMeServices rememberMeServices() {
- return new RequestParamHashRememberMeServices(rememberMeKey, userService);
- }
-
- @Bean
- public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
- return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
- }
-
- @Bean
- public CorsConfigurationSource corsConfigurationSource() {
- CorsConfiguration configuration = new CorsConfiguration();
-
- configuration.setAllowedOrigins(Collections.singletonList("*"));
- configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
- configuration.setAllowedHeaders(Collections.singletonList("*"));
-
- UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
- source.registerCorsConfiguration("/**", configuration);
-
- return source;
- }
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**",
- "/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**");
- }
-}
diff --git a/juick-api/src/main/java/com/juick/server/configuration/PostConfig.java b/juick-api/src/main/java/com/juick/server/configuration/PostConfig.java
deleted file mode 100644
index 598a7435..00000000
--- a/juick-api/src/main/java/com/juick/server/configuration/PostConfig.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package com.juick.server.configuration;
-
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.context.annotation.ComponentScan;
-
-@EnableAutoConfiguration
-@ComponentScan({"com.juick.server", "com.juick.service"})
-public class PostConfig {
-}