1 files changed, 263 insertions, 0 deletions

diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java b/juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java
new file mode 100644
index 00000000..9e364ff8
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java
@@ -0,0 +1,263 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.server.www.controllers;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.juick.Message;
+import com.juick.User;
+import com.juick.server.helpers.AnonymousUser;
+import com.juick.server.helpers.CommandResult;
+import com.juick.server.util.*;
+import com.juick.server.www.WebApp;
+import com.juick.service.*;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.multipart.MultipartFile;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import javax.inject.Inject;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URL;
+import java.util.stream.Collectors;
+
+/**
+ * @author Ugnich Anton
+ */
+@Controller
+public class NewMessage {
+
+    @Inject
+    private TagService tagService;
+    @Inject
+    private MessagesService messagesService;
+    @Inject
+    private UserService userService;
+    @Inject
+    private SubscriptionService subscriptionService;
+    @Inject
+    private CrosspostService crosspostService;
+    @Inject
+    private PMQueriesService pmQueriesService;
+    @Inject
+    private WebApp webApp;
+    @Inject
+    private ObjectMapper jsonMapper;
+    @Inject
+    private ImagesService imagesService;
+    @Value("${img_path:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
+    private String imgDir;
+    @Value("${upload_tmp_dir:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
+    private String tmpDir;
+    @Value("${api_url:http://localhost:8080}")
+    private String apiUrl;
+    private RestTemplate rest = new RestTemplate();
+
+    private static final Logger logger = LoggerFactory.getLogger(NewMessage.class);
+
+    @GetMapping("/post")
+    protected String postAction(@RequestParam(required = false) String body, ModelMap model) {
+        com.juick.User visitor = UserUtils.getCurrentUser();
+        model.addAttribute("title", "Написать");
+        model.addAttribute("headers", "");
+        model.addAttribute("visitor", visitor);
+        if (body == null) {
+            body = StringUtils.EMPTY;
+        } else {
+            if (body.length() > 4096) {
+                body = body.substring(0, 4096);
+            }
+            body = StringEscapeUtils.escapeHtml4(body);
+        }
+        model.addAttribute("body", body);
+        model.addAttribute("visitor", visitor);
+        model.addAttribute("tags", tagService.getUserTagStats(visitor.getUid()).stream()
+                .sorted((e1, e2) -> Integer.compare(e2.getUsageCount(), e1.getUsageCount())).map(t -> t.getTag().getName()).collect(Collectors.toList()));
+        return "views/post";
+    }
+
+    @PostMapping("/comment")
+    public String doPostComment(
+            @RequestParam Integer mid,
+            @RequestParam(required = false, defaultValue = "0") Integer rid,
+            @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
+            @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String img,
+            @RequestParam(required = false) MultipartFile attach) throws IOException {
+        com.juick.User visitor = UserUtils.getCurrentUser();
+        if (visitor.isAnonymous() || visitor.isBanned()) {
+            throw new HttpForbiddenException();
+        }
+        com.juick.Message msg = messagesService.getMessage(mid);
+        if (msg == null) {
+            throw new HttpNotFoundException();
+        }
+
+        com.juick.Message reply = null;
+        if (rid > 0) {
+            reply = messagesService.getReply(mid, rid);
+            if (reply == null) {
+                throw new HttpNotFoundException();
+            }
+        }
+
+        if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) {
+            throw new HttpBadRequestException();
+        }
+        body = body.replace("\r", StringUtils.EMPTY);
+
+        if ((msg.ReadOnly && msg.getUser().getUid() != visitor.getUid())
+                || userService.isInBLAny(msg.getUser().getUid(), visitor.getUid())
+                || (reply != null && userService.isInBLAny(reply.getUser().getUid(), visitor.getUid()))) {
+            throw new HttpForbiddenException();
+        }
+
+        URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir);
+
+        if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) {
+            try {
+                URL imgUrl = new URL(img);
+                attachmentFName = HttpUtils.downloadImage(imgUrl, tmpDir);
+            } catch (Exception e) {
+                logger.error("DOWNLOAD ERROR", e);
+                throw new HttpBadRequestException();
+            }
+        }
+
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+        HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
+
+
+        params.add("body", rid == 0 ? String.format("#%d %s", mid, body) : String.format("#%d/%d %s", mid, rid, body));
+        params.add("hash", userService.getHashByUID(visitor.getUid()));
+        if (StringUtils.isNotEmpty(attachmentFName.toString())) {
+            params.add("img", attachmentFName.toASCIIString());
+        }
+        URI postUri = UriComponentsBuilder.fromUriString(apiUrl).path("/api/post").build().toUri();
+        ResponseEntity<CommandResult> result = rest.postForEntity(
+                postUri,
+                request, CommandResult.class);
+        logger.info("/comment: {}", jsonMapper.writeValueAsString(result.getBody()));
+        boolean wasReply = result.getBody().getNewMessage().isPresent();
+        return wasReply ? "redirect:/" + msg.getUser().getName() + "/" + mid + "#" + result.getBody().getNewMessage().get().getRid() : "redirect:/" + msg.getUser().getName() + "/" + mid;
+    }
+
+    @PostMapping("/pm/send")
+    public String doPostPM(@RequestParam(name = "uname", required = false) String unameParam,
+                           @RequestParam String body) throws IOException {
+        com.juick.User visitor = UserUtils.getCurrentUser();
+        if (visitor.isAnonymous() || visitor.isBanned()) {
+            throw new HttpForbiddenException();
+        }
+        String uname = unameParam;
+        if (uname.startsWith("@")) {
+            uname = uname.substring(1);
+        }
+        User userTo = AnonymousUser.INSTANCE;
+        if (WebUtils.isUserName(uname)) {
+            userTo = userService.getUserByName(uname);
+        }
+
+        if (userTo.isAnonymous() || body.length() > 10240) {
+            throw new HttpBadRequestException();
+        }
+
+        if (userService.isInBLAny(userTo.getUid(), visitor.getUid())) {
+            throw new HttpForbiddenException();
+        }
+
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+        HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
+
+        params.add("body", String.format("@%s %s", userTo.getName(), body));
+        params.add("hash", userService.getHashByUID(visitor.getUid()));
+        URI postUri = UriComponentsBuilder.fromUriString(apiUrl).path("/api/post").build().toUri();
+        ResponseEntity<CommandResult> result = rest.postForEntity(
+                postUri,
+                request, CommandResult.class);
+        logger.info("/pm: {}", jsonMapper.writeValueAsString(result.getBody()));
+        return "redirect:/pm/sent";
+
+    }
+    @PostMapping("/post2")
+    public String doPostMessage(@RequestParam(name = "body", required = false) String bodyParam,
+                                @RequestParam(required = false) String img,
+                                @RequestParam(required = false) MultipartFile attach) throws IOException {
+
+        com.juick.User visitor = UserUtils.getCurrentUser();
+        if (visitor.isAnonymous() || visitor.isBanned()) {
+            throw new HttpForbiddenException();
+        }
+        String body = StringUtils.isNotEmpty(bodyParam) ? bodyParam.replace("\r", StringUtils.EMPTY) : StringUtils.EMPTY;
+
+        URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir);
+
+        if (StringUtils.isBlank(attachmentFName.toString()) && StringUtils.isNotBlank(img)) {
+            try {
+                URL imgUrl = new URL(img);
+                attachmentFName = HttpUtils.downloadImage(imgUrl, tmpDir);
+            } catch (Exception e) {
+                logger.error("DOWNLOAD ERROR", e);
+                throw new HttpBadRequestException();
+            }
+        }
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+        HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
+
+        params.add("body", body);
+        params.add("hash", userService.getHashByUID(visitor.getUid()));
+        if (StringUtils.isNotEmpty(attachmentFName.toString())) {
+            params.add("img", attachmentFName.toASCIIString());
+        }
+        URI postUri = UriComponentsBuilder.fromUriString(apiUrl).path("/api/post").build().toUri();
+        try {
+            ResponseEntity<CommandResult> result = rest.postForEntity(postUri,
+                    request, CommandResult.class);
+            Message newMessage = result.getBody().getNewMessage().orElse(new Message());
+            if (newMessage.getMid() > 0) {
+                logger.info("/post: {}", jsonMapper.writeValueAsString(result.getBody()));
+                return String.format("redirect:/%d", newMessage.getMid());
+            } else {
+                logger.info("{} : {}", body, result.getBody().getText());
+            }
+        } catch (HttpClientErrorException e) {
+            logger.error("post error", e);
+        }
+        return "redirect:/?show=my";
+    }
+}