diff options
Diffstat (limited to 'juick-api/src')
9 files changed, 37 insertions, 80 deletions
diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java index 723d2f15..47053706 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java @@ -3,9 +3,9 @@ package com.juick.api.controllers; import com.juick.Tag; import com.juick.User; import com.juick.api.ApiServer; +import com.juick.server.helpers.Status; import com.juick.server.util.HttpBadRequestException; import com.juick.server.util.HttpForbiddenException; -import com.juick.server.helpers.Status; import com.juick.service.MessagesService; import com.juick.service.TagService; import com.juick.service.UserService; @@ -25,7 +25,6 @@ import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; import javax.inject.Inject; -import java.security.Principal; import java.util.Collections; import java.util.List; @@ -58,11 +57,9 @@ public class Messages { @RequestMapping("/home") public ResponseEntity<List<com.juick.Message>> getHome( - @RequestParam(defaultValue = "0") int before_mid, - Principal principal) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); - if (visitor != null) { + @RequestParam(defaultValue = "0") int before_mid) { + User visitor = UserUtils.getCurrentUser(); + if (!visitor.isAnonym()) { int vuid = visitor.getUid(); List<Integer> mids = messagesService.getMyFeed(vuid, before_mid); @@ -76,14 +73,12 @@ public class Messages { @RequestMapping("/messages") public ResponseEntity<List<com.juick.Message>> getMessages( - Principal principal, @RequestParam(required = false) String uname, @RequestParam(defaultValue = "0") int before_mid, @RequestParam(required = false) String popular, @RequestParam(required = false) String media, @RequestParam(required = false) String tag) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); List<Integer> mids; @@ -126,10 +121,8 @@ public class Messages { @RequestMapping("/thread") public ResponseEntity<List<com.juick.Message>> getThread( - Principal principal, @RequestParam(defaultValue = "0") int mid) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); com.juick.Message msg = messagesService.getMessage(mid); if (msg != null) { @@ -146,10 +139,8 @@ public class Messages { @RequestMapping("/messages/recommended") public ResponseEntity<List<com.juick.Message>> doGetRecommended( - Principal principal, @RequestParam(defaultValue = "0") int before_mid) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { return FORBIDDEN; @@ -169,10 +160,8 @@ public class Messages { @RequestMapping("/messages/set_privacy") @ResponseBody public ResponseEntity<Status> doSetPrivacy( - Principal principal, @RequestParam(defaultValue = "0") int mid) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); diff --git a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java index cd31ad39..9f2f675b 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java @@ -4,10 +4,10 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.databind.ObjectMapper; import com.juick.Message; import com.juick.User; -import com.juick.server.util.HttpBadRequestException; -import com.juick.server.util.HttpForbiddenException; import com.juick.server.helpers.Status; import com.juick.server.helpers.TokensList; +import com.juick.server.util.HttpBadRequestException; +import com.juick.server.util.HttpForbiddenException; import com.juick.service.MessagesService; import com.juick.service.PushQueriesService; import com.juick.service.SubscriptionService; @@ -42,12 +42,10 @@ public class Notifications { @RequestMapping(value = "/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<List<String>> doGet( - Principal principal, @RequestParam String type, @RequestParam(required = false, defaultValue = "0") int uid, @RequestParam(required = false, defaultValue = "0") int mid) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } @@ -95,10 +93,8 @@ public class Notifications { @RequestMapping(value = "/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doDelete( - Principal principal, @RequestBody String requestBody) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); // FIXME: it is possible to delete other user's tokens if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); @@ -124,12 +120,11 @@ public class Notifications { return Status.OK; } + @RequestMapping(value = "/notifications", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doPut( - Principal principal, @RequestBody String requestBody) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if (visitor.getUid() == 0) { throw new HttpForbiddenException(); } @@ -153,35 +148,36 @@ public class Notifications { } return Status.OK; } + @Deprecated @RequestMapping(value = "/android/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doAndroidRegister( - Principal principal, @RequestParam(name = "regid") String regId) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if (visitor.getUid() == 0) { throw new HttpForbiddenException(); } pushQueriesService.addGCMToken(visitor.getUid(), regId); return Status.OK; } + @Deprecated @RequestMapping(value = "/android/unregister", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doAndroidUnRegister(@RequestParam(name = "regid") String regId) { pushQueriesService.deleteGCMToken(regId); return Status.OK; } + @Deprecated @RequestMapping(value = "/winphone/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doWinphoneRegister( Principal principal, @RequestParam(name = "url") String regId) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); pushQueriesService.addMPNSToken(visitor.getUid(), regId); return Status.OK; } + @Deprecated @RequestMapping(value = "/winphone/unregister", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doWinphoneUnRegister(@RequestParam(name = "url") String regId) { diff --git a/juick-api/src/main/java/com/juick/api/controllers/Others.java b/juick-api/src/main/java/com/juick/api/controllers/Others.java index 852c03d6..b23be483 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Others.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Others.java @@ -1,9 +1,9 @@ package com.juick.api.controllers; import com.juick.User; +import com.juick.server.helpers.PrivateChats; import com.juick.server.util.HttpForbiddenException; import com.juick.server.util.HttpNotFoundException; -import com.juick.server.helpers.PrivateChats; import com.juick.service.PMQueriesService; import com.juick.service.UserService; import com.juick.util.UserUtils; @@ -19,13 +19,11 @@ import java.security.Principal; import java.util.List; /** - * * @author ugnich */ @Controller @ResponseBody public class Others { - @Inject PMQueriesService pmQueriesService; @Inject @@ -33,10 +31,8 @@ public class Others { @RequestMapping(value = "groups_pms", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public PrivateChats doGetGroupsPMs( - Principal principal, @RequestParam(defaultValue = "5") int cnt) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); diff --git a/juick-api/src/main/java/com/juick/api/controllers/PM.java b/juick-api/src/main/java/com/juick/api/controllers/PM.java index 478ca75e..1bf1646b 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/PM.java +++ b/juick-api/src/main/java/com/juick/api/controllers/PM.java @@ -18,17 +18,14 @@ import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; import javax.inject.Inject; -import java.security.Principal; import java.util.List; /** - * * @author ugnich */ @Controller @ResponseBody public class PM { - @Inject UserService userService; @Inject @@ -38,10 +35,8 @@ public class PM { @RequestMapping(value = "/pm", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List<com.juick.Message> doGetPM( - Principal principal, @RequestParam(required = false) String uname) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); @@ -60,11 +55,9 @@ public class PM { @RequestMapping(value = "/pm", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public com.juick.Message doPostPM( - Principal principal, @RequestParam String uname, @RequestParam String body) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); @@ -96,7 +89,7 @@ public class PM { apiServer.getXmpp().send(msg); List<String> jids = userService.getJIDsbyUID(uid); - for (String jid: jids) { + for (String jid : jids) { Message mm = new Message(); mm.setTo(Jid.of(jid)); mm.setType(Message.Type.CHAT); diff --git a/juick-api/src/main/java/com/juick/api/controllers/Post.java b/juick-api/src/main/java/com/juick/api/controllers/Post.java index 53cfc3e5..72327ad0 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Post.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Post.java @@ -57,16 +57,14 @@ public class Post { @RequestMapping(value = "/post", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) @ResponseStatus(value = HttpStatus.OK) public void doPostMessage( - Principal principal, @RequestParam String body, @RequestParam(required = false) String img, @RequestParam(required = false) MultipartFile attach) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); - int vuid = visitor.getUid(); - if (vuid == 0) { + User visitor = UserUtils.getCurrentUser(); + + if (visitor.isAnonym()) throw new HttpForbiddenException(); - } + if (body == null || body.length() < 1 || body.length() > 4096) { throw new HttpBadRequestException(); } @@ -104,15 +102,13 @@ public class Post { @RequestMapping(value = "/comment", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public com.juick.Message doPostComment( - Principal principal, @RequestParam(defaultValue = "0") int mid, @RequestParam(defaultValue = "0") int rid, @RequestParam String body, @RequestParam(required = false) String img, @RequestParam(required = false) MultipartFile attach) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); diff --git a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java index b93ec1f3..5e8b89b1 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java @@ -17,7 +17,6 @@ import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; import java.io.IOException; -import java.security.Principal; import java.util.List; /** @@ -35,11 +34,9 @@ public class Subscriptions { @RequestMapping(value = "/subscriptions", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List<User> doGet( - Principal principal, @RequestParam(defaultValue = "0") int mid, @RequestParam(defaultValue = "0") int uid) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if ((visitor.getUid() == 0) && !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } diff --git a/juick-api/src/main/java/com/juick/api/controllers/Tags.java b/juick-api/src/main/java/com/juick/api/controllers/Tags.java index 5548da17..bc412456 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Tags.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Tags.java @@ -13,7 +13,6 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; -import java.security.Principal; import java.util.List; /** @@ -29,11 +28,9 @@ public class Tags { @RequestMapping(value = "/tags", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List<TagStats> tags( - Principal principal, @RequestParam(required = false, defaultValue = "0") int user_id ) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if (user_id == 0) { user_id = visitor.getUid(); } diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java index 78f6175f..079ff4f3 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Users.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java @@ -14,7 +14,6 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; -import java.security.Principal; import java.util.ArrayList; import java.util.List; @@ -24,7 +23,6 @@ import java.util.List; @Controller @ResponseBody public class Users { - @Inject UserService userService; @@ -56,10 +54,8 @@ public class Users { @RequestMapping(value = "/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List<User> doGetUserRead( - Principal principal, @RequestParam String uname) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); @@ -90,10 +86,8 @@ public class Users { @RequestMapping(value = "/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List<User> doGetUserReaders( - Principal principal, @RequestParam String uname) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java index 9f74c00d..2a5dba18 100644 --- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java +++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java @@ -36,9 +36,7 @@ import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.is; import static org.mockito.Mockito.when; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; /** @@ -156,7 +154,6 @@ public class MessagesTests { Message msg = getMessage(ugnich, msgText); - when(messagesService.getMyFeed(1, 0)) .thenReturn(Collections.singletonList(1)); when(messagesService.getMessages(Collections.singletonList(1))) @@ -263,6 +260,7 @@ public class MessagesTests { .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8)) .andExpect(jsonPath("$", hasSize(2))); } + @Test public void tags() throws Exception { Tag weather = new Tag("weather"); @@ -284,6 +282,7 @@ public class MessagesTests { .andExpect(jsonPath("$", hasSize(1))) .andExpect(jsonPath("$[0].messages", is(5))); } + @Test public void postWithReferer() throws Exception { mockMvc.perform(post("/post") |