diff options
Diffstat (limited to 'juick-server/src/main/java/com/juick/server')
-rw-r--r-- | juick-server/src/main/java/com/juick/server/api/Notifications.java | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/Notifications.java b/juick-server/src/main/java/com/juick/server/api/Notifications.java index 67e52851..bc3d98bf 100644 --- a/juick-server/src/main/java/com/juick/server/api/Notifications.java +++ b/juick-server/src/main/java/com/juick/server/api/Notifications.java @@ -105,7 +105,32 @@ public class Notifications { public Status doDelete( @RequestBody List<ExternalToken> list) { User visitor = UserUtils.getCurrentUser(); - // FIXME: it is possible to delete other user's tokens + if ((visitor.isAnonymous()) || !(visitor.getName().equals("juick"))) { + throw new HttpForbiddenException(); + } + list.forEach(t -> { + switch (t.getType()) { + case "gcm": + pushQueriesService.deleteGCMToken(t.getToken()); + break; + case "apns": + pushQueriesService.deleteAPNSToken(t.getToken()); + break; + case "mpns": + pushQueriesService.deleteMPNSToken(t.getToken()); + break; + default: + throw new HttpBadRequestException(); + } + }); + + return Status.OK; + } + @ApiIgnore + @RequestMapping(value = "/api/notifications/delete", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) + public Status doDeleteTokens( + @RequestBody List<ExternalToken> list) { + User visitor = UserUtils.getCurrentUser(); if ((visitor.isAnonymous()) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } |