aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick/server
diff options
context:
space:
mode:
Diffstat (limited to 'juick-server/src/main/java/com/juick/server')
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Notifications.java27
1 files changed, 26 insertions, 1 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/Notifications.java b/juick-server/src/main/java/com/juick/server/api/Notifications.java
index 67e52851..bc3d98bf 100644
--- a/juick-server/src/main/java/com/juick/server/api/Notifications.java
+++ b/juick-server/src/main/java/com/juick/server/api/Notifications.java
@@ -105,7 +105,32 @@ public class Notifications {
public Status doDelete(
@RequestBody List<ExternalToken> list) {
User visitor = UserUtils.getCurrentUser();
- // FIXME: it is possible to delete other user's tokens
+ if ((visitor.isAnonymous()) || !(visitor.getName().equals("juick"))) {
+ throw new HttpForbiddenException();
+ }
+ list.forEach(t -> {
+ switch (t.getType()) {
+ case "gcm":
+ pushQueriesService.deleteGCMToken(t.getToken());
+ break;
+ case "apns":
+ pushQueriesService.deleteAPNSToken(t.getToken());
+ break;
+ case "mpns":
+ pushQueriesService.deleteMPNSToken(t.getToken());
+ break;
+ default:
+ throw new HttpBadRequestException();
+ }
+ });
+
+ return Status.OK;
+ }
+ @ApiIgnore
+ @RequestMapping(value = "/api/notifications/delete", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ public Status doDeleteTokens(
+ @RequestBody List<ExternalToken> list) {
+ User visitor = UserUtils.getCurrentUser();
if ((visitor.isAnonymous()) || !(visitor.getName().equals("juick"))) {
throw new HttpForbiddenException();
}