diff options
Diffstat (limited to 'juick-server/src/main/java/com/juick/server/www/controllers/SignUp.java')
-rw-r--r-- | juick-server/src/main/java/com/juick/server/www/controllers/SignUp.java | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/SignUp.java b/juick-server/src/main/java/com/juick/server/www/controllers/SignUp.java new file mode 100644 index 00000000..6d72aecc --- /dev/null +++ b/juick-server/src/main/java/com/juick/server/www/controllers/SignUp.java @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2008-2017, Juick + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package com.juick.server.www.controllers; + +import com.juick.server.util.HttpBadRequestException; +import com.juick.server.util.HttpForbiddenException; +import com.juick.server.util.UserUtils; +import com.juick.service.CrosspostService; +import com.juick.service.EmailService; +import com.juick.service.MessengerService; +import com.juick.service.UserService; +import org.springframework.stereotype.Controller; +import org.springframework.ui.ModelMap; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; + +import javax.inject.Inject; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; + +/** + * + * @author Ugnich Anton + */ +@Controller +public class SignUp { + + @Inject + private UserService userService; + @Inject + private CrosspostService crosspostService; + @Inject + private MessengerService messengerService; + @Inject + private EmailService emailService; + + + @GetMapping("/signup") + protected String doGet(@RequestParam String type, @RequestParam String hash, ModelMap model) { + com.juick.User visitor = UserUtils.getCurrentUser(); + + if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") + || !hash.matches("^[a-zA-Z0-9\\-]+$")) { + throw new HttpBadRequestException(); + } + + String account = null; + switch (type) { + case "fb": + account = crosspostService.getFacebookNameByHash(hash); + break; + case "vk": + account = crosspostService.getVKNameByHash(hash); + break; + case "xmpp": + account = crosspostService.getJIDByHash(hash); + break; + case "durov": + account = crosspostService.getTelegramNameByHash(hash); + break; + case "messenger": + account = messengerService.getDisplayName(hash); + break; + case "email": + account = emailService.getEmailByAuthCode(hash); + } + if (account == null) { + throw new HttpBadRequestException(); + } + + model.addAttribute("title", "Новый пользователь"); + model.addAttribute("visitor", visitor); + model.addAttribute("account", account); + model.addAttribute("type", type); + model.addAttribute("hash", hash); + return "views/signup"; + } + + @PostMapping("/signup") + protected String doPost( + HttpServletResponse response, + @RequestParam String type, + @RequestParam String hash, + @RequestParam String action, + @RequestParam(required = false) String username, + @RequestParam(required = false) String password) { + com.juick.User visitor = UserUtils.getCurrentUser(); + int uid = 0; + + if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) { + throw new HttpBadRequestException(); + } + + if (action.charAt(0) == 'l') { + + if (visitor.isAnonymous()) { + if (username.length() > 32) { + throw new HttpBadRequestException(); + } + uid = userService.checkPassword(username, password); + } else { + uid = visitor.getUid(); + } + + if (uid <= 0) { + throw new HttpForbiddenException(); + } + + if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid)) + && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid)) + && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid)) + && !(type.charAt(0) == 'x' && crosspostService.setJIDUser(hash, uid)) + && !(type.charAt(0) == 'm' && messengerService.linkMessengerUser(hash, uid))) { + if (type.equals("email")) { + String email = emailService.getEmailByAuthCode(hash); + emailService.addEmail(uid, email); + emailService.deleteAuthCode(hash); + } else { + throw new HttpBadRequestException(); + } + } + + } else { // Create new account + if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$") || password.length() < 6 || password.length() > 32) { + throw new HttpBadRequestException(); + } + + // CHECK USERNAME + + uid = userService.createUser(username, password); + if (uid <= 0) { + throw new HttpBadRequestException(); + } + + if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid)) + && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid)) + && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid)) + && !(type.charAt(0) == 'm' && messengerService.linkMessengerUser(hash, uid))) { + if (type.equals("email")) { + String email = emailService.getEmailByAuthCode(hash); + emailService.addEmail(uid, email); + emailService.deleteAuthCode(hash); + } else { + throw new HttpBadRequestException(); + } + } + } + + if (visitor.isAnonymous()) { + hash = userService.getHashByUID(uid); + Cookie c = new Cookie("hash", hash); + c.setMaxAge(365 * 24 * 60 * 60); + response.addCookie(c); + } + return "redirect:/"; + } +} |