diff options
Diffstat (limited to 'juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java')
-rw-r--r-- | juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java | 263 |
1 files changed, 263 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java b/juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java new file mode 100644 index 00000000..9e364ff8 --- /dev/null +++ b/juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java @@ -0,0 +1,263 @@ +/* + * Copyright (C) 2008-2017, Juick + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package com.juick.server.www.controllers; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.juick.Message; +import com.juick.User; +import com.juick.server.helpers.AnonymousUser; +import com.juick.server.helpers.CommandResult; +import com.juick.server.util.*; +import com.juick.server.www.WebApp; +import com.juick.service.*; +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Controller; +import org.springframework.ui.ModelMap; +import org.springframework.util.LinkedMultiValueMap; +import org.springframework.util.MultiValueMap; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.client.HttpClientErrorException; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.multipart.MultipartFile; +import org.springframework.web.util.UriComponentsBuilder; + +import javax.inject.Inject; +import java.io.IOException; +import java.net.URI; +import java.net.URL; +import java.util.stream.Collectors; + +/** + * @author Ugnich Anton + */ +@Controller +public class NewMessage { + + @Inject + private TagService tagService; + @Inject + private MessagesService messagesService; + @Inject + private UserService userService; + @Inject + private SubscriptionService subscriptionService; + @Inject + private CrosspostService crosspostService; + @Inject + private PMQueriesService pmQueriesService; + @Inject + private WebApp webApp; + @Inject + private ObjectMapper jsonMapper; + @Inject + private ImagesService imagesService; + @Value("${img_path:#{systemEnvironment['TEMP'] ?: '/tmp'}}") + private String imgDir; + @Value("${upload_tmp_dir:#{systemEnvironment['TEMP'] ?: '/tmp'}}") + private String tmpDir; + @Value("${api_url:http://localhost:8080}") + private String apiUrl; + private RestTemplate rest = new RestTemplate(); + + private static final Logger logger = LoggerFactory.getLogger(NewMessage.class); + + @GetMapping("/post") + protected String postAction(@RequestParam(required = false) String body, ModelMap model) { + com.juick.User visitor = UserUtils.getCurrentUser(); + model.addAttribute("title", "Написать"); + model.addAttribute("headers", ""); + model.addAttribute("visitor", visitor); + if (body == null) { + body = StringUtils.EMPTY; + } else { + if (body.length() > 4096) { + body = body.substring(0, 4096); + } + body = StringEscapeUtils.escapeHtml4(body); + } + model.addAttribute("body", body); + model.addAttribute("visitor", visitor); + model.addAttribute("tags", tagService.getUserTagStats(visitor.getUid()).stream() + .sorted((e1, e2) -> Integer.compare(e2.getUsageCount(), e1.getUsageCount())).map(t -> t.getTag().getName()).collect(Collectors.toList())); + return "views/post"; + } + + @PostMapping("/comment") + public String doPostComment( + @RequestParam Integer mid, + @RequestParam(required = false, defaultValue = "0") Integer rid, + @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body, + @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String img, + @RequestParam(required = false) MultipartFile attach) throws IOException { + com.juick.User visitor = UserUtils.getCurrentUser(); + if (visitor.isAnonymous() || visitor.isBanned()) { + throw new HttpForbiddenException(); + } + com.juick.Message msg = messagesService.getMessage(mid); + if (msg == null) { + throw new HttpNotFoundException(); + } + + com.juick.Message reply = null; + if (rid > 0) { + reply = messagesService.getReply(mid, rid); + if (reply == null) { + throw new HttpNotFoundException(); + } + } + + if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) { + throw new HttpBadRequestException(); + } + body = body.replace("\r", StringUtils.EMPTY); + + if ((msg.ReadOnly && msg.getUser().getUid() != visitor.getUid()) + || userService.isInBLAny(msg.getUser().getUid(), visitor.getUid()) + || (reply != null && userService.isInBLAny(reply.getUser().getUid(), visitor.getUid()))) { + throw new HttpForbiddenException(); + } + + URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir); + + if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) { + try { + URL imgUrl = new URL(img); + attachmentFName = HttpUtils.downloadImage(imgUrl, tmpDir); + } catch (Exception e) { + logger.error("DOWNLOAD ERROR", e); + throw new HttpBadRequestException(); + } + } + + HttpHeaders headers = new HttpHeaders(); + headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); + MultiValueMap<String, String> params = new LinkedMultiValueMap<>(); + HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers); + + + params.add("body", rid == 0 ? String.format("#%d %s", mid, body) : String.format("#%d/%d %s", mid, rid, body)); + params.add("hash", userService.getHashByUID(visitor.getUid())); + if (StringUtils.isNotEmpty(attachmentFName.toString())) { + params.add("img", attachmentFName.toASCIIString()); + } + URI postUri = UriComponentsBuilder.fromUriString(apiUrl).path("/api/post").build().toUri(); + ResponseEntity<CommandResult> result = rest.postForEntity( + postUri, + request, CommandResult.class); + logger.info("/comment: {}", jsonMapper.writeValueAsString(result.getBody())); + boolean wasReply = result.getBody().getNewMessage().isPresent(); + return wasReply ? "redirect:/" + msg.getUser().getName() + "/" + mid + "#" + result.getBody().getNewMessage().get().getRid() : "redirect:/" + msg.getUser().getName() + "/" + mid; + } + + @PostMapping("/pm/send") + public String doPostPM(@RequestParam(name = "uname", required = false) String unameParam, + @RequestParam String body) throws IOException { + com.juick.User visitor = UserUtils.getCurrentUser(); + if (visitor.isAnonymous() || visitor.isBanned()) { + throw new HttpForbiddenException(); + } + String uname = unameParam; + if (uname.startsWith("@")) { + uname = uname.substring(1); + } + User userTo = AnonymousUser.INSTANCE; + if (WebUtils.isUserName(uname)) { + userTo = userService.getUserByName(uname); + } + + if (userTo.isAnonymous() || body.length() > 10240) { + throw new HttpBadRequestException(); + } + + if (userService.isInBLAny(userTo.getUid(), visitor.getUid())) { + throw new HttpForbiddenException(); + } + + HttpHeaders headers = new HttpHeaders(); + headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); + MultiValueMap<String, String> params = new LinkedMultiValueMap<>(); + HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers); + + params.add("body", String.format("@%s %s", userTo.getName(), body)); + params.add("hash", userService.getHashByUID(visitor.getUid())); + URI postUri = UriComponentsBuilder.fromUriString(apiUrl).path("/api/post").build().toUri(); + ResponseEntity<CommandResult> result = rest.postForEntity( + postUri, + request, CommandResult.class); + logger.info("/pm: {}", jsonMapper.writeValueAsString(result.getBody())); + return "redirect:/pm/sent"; + + } + @PostMapping("/post2") + public String doPostMessage(@RequestParam(name = "body", required = false) String bodyParam, + @RequestParam(required = false) String img, + @RequestParam(required = false) MultipartFile attach) throws IOException { + + com.juick.User visitor = UserUtils.getCurrentUser(); + if (visitor.isAnonymous() || visitor.isBanned()) { + throw new HttpForbiddenException(); + } + String body = StringUtils.isNotEmpty(bodyParam) ? bodyParam.replace("\r", StringUtils.EMPTY) : StringUtils.EMPTY; + + URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir); + + if (StringUtils.isBlank(attachmentFName.toString()) && StringUtils.isNotBlank(img)) { + try { + URL imgUrl = new URL(img); + attachmentFName = HttpUtils.downloadImage(imgUrl, tmpDir); + } catch (Exception e) { + logger.error("DOWNLOAD ERROR", e); + throw new HttpBadRequestException(); + } + } + HttpHeaders headers = new HttpHeaders(); + headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); + MultiValueMap<String, String> params = new LinkedMultiValueMap<>(); + HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers); + + params.add("body", body); + params.add("hash", userService.getHashByUID(visitor.getUid())); + if (StringUtils.isNotEmpty(attachmentFName.toString())) { + params.add("img", attachmentFName.toASCIIString()); + } + URI postUri = UriComponentsBuilder.fromUriString(apiUrl).path("/api/post").build().toUri(); + try { + ResponseEntity<CommandResult> result = rest.postForEntity(postUri, + request, CommandResult.class); + Message newMessage = result.getBody().getNewMessage().orElse(new Message()); + if (newMessage.getMid() > 0) { + logger.info("/post: {}", jsonMapper.writeValueAsString(result.getBody())); + return String.format("redirect:/%d", newMessage.getMid()); + } else { + logger.info("{} : {}", body, result.getBody().getText()); + } + } catch (HttpClientErrorException e) { + logger.error("post error", e); + } + return "redirect:/?show=my"; + } +} |