aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick
diff options
context:
space:
mode:
Diffstat (limited to 'juick-server/src/main/java/com/juick')
-rw-r--r--juick-server/src/main/java/com/juick/server/TelegramBotManager.java1
-rw-r--r--juick-server/src/main/java/com/juick/server/api/ApiSocialLogin.java302
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Index.java4
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Messages.java12
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Notifications.java14
-rw-r--r--juick-server/src/main/java/com/juick/server/api/PM.java6
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Post.java12
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Service.java2
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Tags.java2
-rw-r--r--juick-server/src/main/java/com/juick/server/api/Users.java12
-rw-r--r--juick-server/src/main/java/com/juick/server/api/activity/Profile.java14
-rw-r--r--juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java127
-rw-r--r--juick-server/src/main/java/com/juick/server/configuration/PostConfig.java9
-rw-r--r--juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java37
-rw-r--r--juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java209
-rw-r--r--juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java116
-rw-r--r--juick-server/src/main/java/com/juick/server/www/HelpService.java69
-rw-r--r--juick-server/src/main/java/com/juick/server/www/Utils.java45
-rw-r--r--juick-server/src/main/java/com/juick/server/www/WebApp.java71
-rw-r--r--juick-server/src/main/java/com/juick/server/www/controllers/AnythingFilter.java64
-rw-r--r--juick-server/src/main/java/com/juick/server/www/controllers/AppSiteAssociation.java49
-rw-r--r--juick-server/src/main/java/com/juick/server/www/controllers/Help.java93
-rw-r--r--juick-server/src/main/java/com/juick/server/www/controllers/Login.java50
-rw-r--r--juick-server/src/main/java/com/juick/server/www/controllers/MessagesWWW.java595
-rw-r--r--juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java263
-rw-r--r--juick-server/src/main/java/com/juick/server/www/controllers/Settings.java262
-rw-r--r--juick-server/src/main/java/com/juick/server/www/controllers/SignUp.java172
-rw-r--r--juick-server/src/main/java/com/juick/server/www/controllers/SocialLogin.java (renamed from juick-server/src/main/java/com/juick/server/api/SocialLogin.java)83
-rw-r--r--juick-server/src/main/java/com/juick/server/www/facebook/User.java125
-rw-r--r--juick-server/src/main/java/com/juick/server/www/twitter/User.java38
-rw-r--r--juick-server/src/main/java/com/juick/server/www/vk/Token.java56
-rw-r--r--juick-server/src/main/java/com/juick/server/www/vk/User.java65
-rw-r--r--juick-server/src/main/java/com/juick/server/www/vk/UsersResponse.java38
-rw-r--r--juick-server/src/main/java/com/juick/service/EmailServiceImpl.java16
34 files changed, 2826 insertions, 207 deletions
diff --git a/juick-server/src/main/java/com/juick/server/TelegramBotManager.java b/juick-server/src/main/java/com/juick/server/TelegramBotManager.java
index 9f5be577..ac2febf7 100644
--- a/juick-server/src/main/java/com/juick/server/TelegramBotManager.java
+++ b/juick-server/src/main/java/com/juick/server/TelegramBotManager.java
@@ -46,6 +46,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.stereotype.Component;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
diff --git a/juick-server/src/main/java/com/juick/server/api/ApiSocialLogin.java b/juick-server/src/main/java/com/juick/server/api/ApiSocialLogin.java
new file mode 100644
index 00000000..2e484e3d
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/api/ApiSocialLogin.java
@@ -0,0 +1,302 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.server.api;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.scribejava.apis.FacebookApi;
+import com.github.scribejava.apis.VkontakteApi;
+import com.github.scribejava.core.builder.ServiceBuilder;
+import com.github.scribejava.core.model.OAuth2AccessToken;
+import com.github.scribejava.core.model.OAuthRequest;
+import com.github.scribejava.core.model.Verb;
+import com.github.scribejava.core.oauth.OAuth20Service;
+import com.juick.facebook.User;
+import com.juick.server.util.HttpBadRequestException;
+import com.juick.service.CrosspostService;
+import com.juick.service.EmailService;
+import com.juick.service.TelegramService;
+import com.juick.service.UserService;
+import com.juick.vk.UsersResponse;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.math.NumberUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import javax.annotation.PostConstruct;
+import javax.inject.Inject;
+import java.io.IOException;
+import java.util.UUID;
+import java.util.concurrent.ExecutionException;
+
+/**
+ *
+ * @author Ugnich Anton
+ */
+@Controller
+public class ApiSocialLogin {
+
+ private static final Logger logger = LoggerFactory.getLogger(ApiSocialLogin.class);
+
+ @Value("${facebook_appid:appid}")
+ private String FACEBOOK_APPID;
+ @Value("${facebook_secret:secret}")
+ private String FACEBOOK_SECRET;
+ private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin";
+ private static final String VK_REDIRECT = "https://api.juick.com/_vklogin";
+ private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json";
+ @Inject
+ private ObjectMapper jsonMapper;
+ private ServiceBuilder facebookBuilder, twitterBuilder, vkBuilder;
+
+ @Value("${twitter_consumer_key:appid}")
+ private String twitterConsumerKey;
+ @Value("${twitter_consumer_secret:secret}")
+ private String twitterConsumerSecret;
+ @Value("${vk_appid:appid}")
+ private String VK_APPID;
+ @Value("${vk_secret:secret}")
+ private String VK_SECRET;
+ @Value("${telegram_token:secret}")
+ private String telegramToken;
+
+ @Inject
+ private CrosspostService crosspostService;
+ @Inject
+ private UserService userService;
+ @Inject
+ private EmailService emailService;
+ @Inject
+ private TelegramService telegramService;
+
+ @PostConstruct
+ public void init() {
+ facebookBuilder = new ServiceBuilder(FACEBOOK_APPID);
+ twitterBuilder = new ServiceBuilder(twitterConsumerKey);
+ vkBuilder = new ServiceBuilder(VK_APPID);
+ }
+
+ @GetMapping("/api/_fblogin")
+ protected String doFacebookLogin(@RequestParam(required = false) String code,
+ @RequestParam(required = false) String state) throws IOException, ExecutionException, InterruptedException {
+ if (StringUtils.isBlank(code)) {
+ String fbstate = UUID.randomUUID().toString();
+ crosspostService.addFacebookState(fbstate, state);
+ OAuth20Service facebookAuthService = facebookBuilder
+ .apiSecret(FACEBOOK_SECRET)
+ .callback(FACEBOOK_REDIRECT)
+ .scope("email")
+ .state(fbstate)
+ .build(FacebookApi.instance());
+ return "redirect:" + facebookAuthService.getAuthorizationUrl();
+ }
+
+ String redirectUrl = crosspostService.verifyFacebookState(state);
+
+ if (StringUtils.isEmpty(redirectUrl)) {
+ logger.error("state is missing");
+ throw new HttpBadRequestException();
+ }
+ OAuth20Service facebookService = facebookBuilder
+ .apiKey(FACEBOOK_APPID)
+ .apiSecret(FACEBOOK_SECRET)
+ .callback(FACEBOOK_REDIRECT)
+ .scope("email")
+ .state(state)
+ .build(FacebookApi.instance());
+ OAuth2AccessToken token = facebookService.getAccessToken(code);
+ final OAuthRequest meRequest = new OAuthRequest(Verb.GET, "https://graph.facebook.com/v2.10/me?fields=id,name,link,verified,email");
+ facebookService.signRequest(token, meRequest);
+ String graph = facebookService.execute(meRequest).getBody();
+ if (StringUtils.isBlank(graph)) {
+ logger.error("FACEBOOK GRAPH ERROR");
+ throw new HttpBadRequestException();
+ }
+ User fb = jsonMapper.readValue(graph, User.class);
+ long fbID = NumberUtils.toLong(fb.getId(), 0);
+ if (fbID == 0 || StringUtils.isBlank(fb.getName()) || StringUtils.isBlank(fb.getLink())) {
+ logger.error("Missing required fields, id: {}, name: {}, link: {}", fbID, fb.getName(), fb.getLink());
+ throw new HttpBadRequestException();
+ }
+
+ int uid = crosspostService.getUIDbyFBID(fbID);
+ if (uid > 0) {
+ if (!crosspostService.updateFacebookUser(fbID, token.getAccessToken(), fb.getName(), fb.getLink())) {
+ logger.error("error updating facebook user, id: {}, token: {}", fbID, token.getAccessToken());
+ throw new HttpBadRequestException();
+ }
+ UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl);
+ uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid));
+ return "redirect:" + uriComponentsBuilder.build().toUriString();
+ } else if (fb.getVerified()) {
+ if (!crosspostService.createFacebookUser(fbID, state, token.getAccessToken(), fb.getName(), fb.getLink())) {
+ if (StringUtils.isNotEmpty(fb.getEmail())) {
+ logger.info("found {} for facebook user {}", fb.getEmail(), fb.getLink());
+ Integer userId = crosspostService.getUIDbyFBID(fbID);
+ if (!emailService.getEmails(userId, false).contains(fb.getEmail())) {
+ emailService.addEmail(userId, fb.getEmail());
+ }
+ }
+ logger.info("email not found for facebook user {}", fb.getLink());
+ throw new HttpBadRequestException();
+ }
+ return "redirect:/signup?type=fb&hash=" + state;
+ } else {
+ logger.error("Facebook account is not verified, id: {}", fbID);
+ throw new HttpBadRequestException();
+ }
+ }/*
+ @GetMapping("/_twitter")
+ protected void doTwitterLogin(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ExecutionException, InterruptedException {
+ String hash = StringUtils.EMPTY, request_token = StringUtils.EMPTY, request_token_secret = StringUtils.EMPTY;
+ String verifier = request.getParameter("oauth_verifier");
+ Cookie[] cookies = request.getCookies();
+ for (Cookie cookie : cookies) {
+ if (cookie.getName().equals("hash")) {
+ hash = cookie.getValue();
+ }
+ if (cookie.getName().equals("request_token")) {
+ request_token = cookie.getValue();
+ }
+ if (cookie.getName().equals("request_token_secret")) {
+ request_token_secret = cookie.getValue();
+ }
+ }
+ com.juick.User user = UserUtils.getCurrentUser();
+ OAuth10aService oAuthService = twitterBuilder
+ .apiSecret(twitterConsumerSecret)
+ .callback("http://juick.com/_twitter")
+ .build(TwitterApi.instance());
+
+ if (request_token.isEmpty() && request_token_secret.isEmpty()
+ && (verifier == null || verifier.isEmpty())) {
+ OAuth1RequestToken requestToken = oAuthService.getRequestToken();
+ String authUrl = oAuthService.getAuthorizationUrl(requestToken);
+ response.addCookie(new Cookie("request_token", requestToken.getToken()));
+ response.addCookie(new Cookie("request_token_secret", requestToken.getTokenSecret()));
+ response.setStatus(HttpServletResponse.SC_FOUND);
+ response.setHeader("Location", authUrl);
+ } else {
+ if (verifier != null && verifier.length() > 0) {
+ OAuth1RequestToken requestToken = new OAuth1RequestToken(request_token, request_token_secret);
+ OAuth1AccessToken accessToken = oAuthService.getAccessToken(requestToken, verifier);
+ OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, TWITTER_VERIFY_URL);
+ oAuthService.signRequest(accessToken, oAuthRequest);
+ com.juick.twitter.User twitterUser = jsonMapper.readValue(oAuthService.execute(oAuthRequest).getBody(),
+ com.juick.twitter.User.class);
+ if (userService.linkTwitterAccount(user, accessToken.getToken(), accessToken.getTokenSecret(),
+ twitterUser.getScreenName())) {
+ response.setStatus(HttpServletResponse.SC_FOUND);
+ response.setHeader("Location", "http://juick.com/settings");
+ } else {
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+ }
+ }
+ }*/
+ @GetMapping("/api/_vklogin")
+ protected String doVKLogin(@RequestParam(required = false) String code,
+ @RequestParam String state) throws IOException, ExecutionException, InterruptedException {
+ if (StringUtils.isBlank(code)) {
+ String vkstate = UUID.randomUUID().toString();
+ crosspostService.addVKState(vkstate, state);
+ OAuth20Service vkAuthService = vkBuilder
+ .apiSecret(VK_SECRET)
+ .scope("friends,wall,offline")
+ .state(vkstate)
+ .callback(VK_REDIRECT)
+ .build(VkontakteApi.instance());
+ return "redirect:" + vkAuthService.getAuthorizationUrl();
+ }
+
+ String redirectUrl = crosspostService.verifyVKState(state);
+ if (StringUtils.isBlank(redirectUrl)) {
+ logger.error("state is missing");
+ throw new HttpBadRequestException();
+ }
+
+ OAuth20Service vkService = vkBuilder
+ .apiKey(VK_APPID)
+ .apiSecret(VK_SECRET)
+ .build(VkontakteApi.instance());
+ OAuth2AccessToken token = vkService.getAccessToken(code);
+
+ OAuthRequest meRequest = new OAuthRequest(Verb.GET, "https://api.vk.com/method/users.get?fields=screen_name&v=5.73");
+ vkService.signRequest(token, meRequest);
+ String graph = vkService.execute(meRequest).getBody();
+
+ com.juick.vk.User jsonUser = jsonMapper.readValue(graph, UsersResponse.class).getUsers().get(0);
+ String vkName = jsonUser.getFirstName() + " " + jsonUser.getLastName();
+ String vkLink = jsonUser.getScreenName();
+
+ if (vkName.length() == 1 || StringUtils.isBlank(vkLink)) {
+ logger.error("vk user error");
+ throw new HttpBadRequestException();
+ }
+
+ Long vkID = NumberUtils.toLong(jsonUser.getId(), 0);
+ int uid = crosspostService.getUIDbyVKID(vkID);
+ if (uid > 0) {
+ UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl);
+ uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid));
+ return "redirect:" + uriComponentsBuilder.build().toUriString();
+ } else {
+ String loginhash = UUID.randomUUID().toString();
+ if (!crosspostService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) {
+ logger.error("create vk user error");
+ throw new HttpBadRequestException();
+ }
+ return "redirect:/signup?type=vk&hash=" + loginhash;
+ }
+ }
+ /*
+ @GetMapping("/_tglogin")
+ public String doDurovLogin(HttpServletRequest request,
+ @RequestParam Map<String, String> params,
+ HttpServletResponse response) {
+ String dataCheckString = params.entrySet().stream()
+ .filter(p -> !p.getKey().equals("hash"))
+ .sorted(Map.Entry.comparingByKey())
+ .map(p -> p.getKey() + "=" + p.getValue())
+ .collect(Collectors.joining("\n"));
+ String hash = params.get("hash");
+ byte[] secretKey = DigestUtils.sha256(telegramToken);
+ String resultString = new HmacUtils(HmacAlgorithms.HMAC_SHA_256, secretKey).hmacHex(dataCheckString);
+ if (hash.equals(resultString)) {
+ Long tgUser = Long.valueOf(params.get("id"));
+ int uid = telegramService.getUser(tgUser);
+ if (uid > 0) {
+ Cookie c = new Cookie("hash", userService.getHashByUID(uid));
+ c.setMaxAge(50 * 24 * 60 * 60);
+ response.addCookie(c);
+ return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
+ } else {
+ String username = StringUtils.defaultString(params.get("username"), params.get("first_name"));
+ telegramService.createTelegramUser(tgUser, username);
+ return "redirect:/signup?type=durov&hash=" + userService.getSignUpHashByTelegramID(tgUser, username);
+ }
+ } else {
+ logger.warn("invalid tg hash {} for {}", resultString, hash);
+ }
+ throw new HttpBadRequestException();
+ }*/
+}
diff --git a/juick-server/src/main/java/com/juick/server/api/Index.java b/juick-server/src/main/java/com/juick/server/api/Index.java
index 5ffa6341..0faf270f 100644
--- a/juick-server/src/main/java/com/juick/server/api/Index.java
+++ b/juick-server/src/main/java/com/juick/server/api/Index.java
@@ -46,7 +46,7 @@ public class Index {
@Inject
private XMPPServer xmpp;
- @RequestMapping(value = { "/", "/ws/" }, method = RequestMethod.GET, headers = "Connection!=Upgrade")
+ @RequestMapping(value = { "/api/", "/ws/" }, method = RequestMethod.GET, headers = "Connection!=Upgrade")
public ResponseEntity<Void> description() {
URI redirectUri = ServletUriComponentsBuilder.fromCurrentRequestUri().path("/swagger-ui.html").build().toUri();
return ResponseEntity.status(HttpStatus.MOVED_PERMANENTLY).location(redirectUri).build();
@@ -56,7 +56,7 @@ public class Index {
public Status status() {
return Status.getStatus(String.valueOf(wsHandler.getClients().size()));
}
- @RequestMapping(method = RequestMethod.GET, value = "/xmpp/status", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(method = RequestMethod.GET, value = "/api/xmpp-status", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public XMPPStatus xmppStatus() {
XMPPStatus status = new XMPPStatus();
if (xmpp != null) {
diff --git a/juick-server/src/main/java/com/juick/server/api/Messages.java b/juick-server/src/main/java/com/juick/server/api/Messages.java
index 2b171489..672f328f 100644
--- a/juick-server/src/main/java/com/juick/server/api/Messages.java
+++ b/juick-server/src/main/java/com/juick/server/api/Messages.java
@@ -71,7 +71,7 @@ public class Messages {
// TODO: serialize image urls
- @GetMapping("/home")
+ @GetMapping("/api/home")
public ResponseEntity<List<com.juick.Message>> getHome(
@RequestParam(defaultValue = "0") int before_mid) {
User visitor = UserUtils.getCurrentUser();
@@ -83,7 +83,7 @@ public class Messages {
return FORBIDDEN;
}
- @GetMapping("/messages")
+ @GetMapping("/api/messages")
public ResponseEntity<List<com.juick.Message>> getMessages(
@RequestParam(required = false) String uname,
@RequestParam(name = "before_mid", defaultValue = "0") Integer before,
@@ -142,7 +142,7 @@ public class Messages {
}
return ResponseEntity.ok(messagesService.getMessages(visitor, mids));
}
- @DeleteMapping("/messages")
+ @DeleteMapping("/api/messages")
public CommandResult deleteMessage(@RequestParam int mid, @RequestParam(required = false, defaultValue = "0") int rid) {
User visitor = UserUtils.getCurrentUser();
if (rid > 0) {
@@ -155,12 +155,12 @@ public class Messages {
}
throw new HttpBadRequestException();
}
- @GetMapping("/messages/discussions")
+ @GetMapping("/api/messages/discussions")
public List<Message> getDiscussions(
@RequestParam(required = false, defaultValue = "0") Long to) {
return messagesService.getMessages(UserUtils.getCurrentUser(), messagesService.getDiscussions(UserUtils.getCurrentUser().getUid(), to));
}
- @GetMapping("/thread")
+ @GetMapping("/api/thread")
public ResponseEntity<List<com.juick.Message>> getThread(
@RequestParam(defaultValue = "0") int mid) {
User visitor = UserUtils.getCurrentUser();
@@ -183,7 +183,7 @@ public class Messages {
}
return NOT_FOUND;
}
- @GetMapping(value = "/thread/mark_read/{mid}-{rid}.gif", produces = MediaType.IMAGE_GIF_VALUE)
+ @GetMapping(value = "/api/thread/mark_read/{mid}-{rid}.gif", produces = MediaType.IMAGE_GIF_VALUE)
public byte[] markThreadRead(@PathVariable int mid, @PathVariable int rid) throws IOException {
User visitor = UserUtils.getCurrentUser();
if (!visitor.isAnonymous()) {
diff --git a/juick-server/src/main/java/com/juick/server/api/Notifications.java b/juick-server/src/main/java/com/juick/server/api/Notifications.java
index e068cbe9..0b34f275 100644
--- a/juick-server/src/main/java/com/juick/server/api/Notifications.java
+++ b/juick-server/src/main/java/com/juick/server/api/Notifications.java
@@ -67,7 +67,7 @@ public class Notifications {
}
@ApiIgnore
- @RequestMapping(value = "/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<List<User>> doGet(
@RequestParam(required = false, defaultValue = "0") int uid,
@RequestParam(required = false, defaultValue = "0") int mid,
@@ -101,7 +101,7 @@ public class Notifications {
}
@ApiIgnore
- @RequestMapping(value = "/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public Status doDelete(
@RequestBody List<ExternalToken> list) {
User visitor = UserUtils.getCurrentUser();
@@ -129,7 +129,7 @@ public class Notifications {
}
@ApiIgnore
- @RequestMapping(value = "/notifications", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/notifications", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public Status doPut(
@RequestBody List<ExternalToken> list) throws IOException {
User visitor = UserUtils.getCurrentUser();
@@ -155,7 +155,7 @@ public class Notifications {
}
@Deprecated
- @RequestMapping(value = "/android/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/android/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public Status doAndroidRegister(
@RequestParam(name = "regid") String regId) {
User visitor = UserUtils.getCurrentUser();
@@ -167,14 +167,14 @@ public class Notifications {
}
@Deprecated
- @RequestMapping(value = "/android/unregister", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/android/unregister", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public Status doAndroidUnRegister(@RequestParam(name = "regid") String regId) {
pushQueriesService.deleteGCMToken(regId);
return Status.OK;
}
@Deprecated
- @RequestMapping(value = "/winphone/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/winphone/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public Status doWinphoneRegister(
Principal principal,
@RequestParam(name = "url") String regId) {
@@ -184,7 +184,7 @@ public class Notifications {
}
@Deprecated
- @RequestMapping(value = "/winphone/unregister", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/winphone/unregister", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public Status doWinphoneUnRegister(@RequestParam(name = "url") String regId) {
pushQueriesService.deleteMPNSToken(regId);
return Status.OK;
diff --git a/juick-server/src/main/java/com/juick/server/api/PM.java b/juick-server/src/main/java/com/juick/server/api/PM.java
index cbd70bed..d3619662 100644
--- a/juick-server/src/main/java/com/juick/server/api/PM.java
+++ b/juick-server/src/main/java/com/juick/server/api/PM.java
@@ -47,7 +47,7 @@ public class PM {
@Inject
private ApplicationEventPublisher applicationEventPublisher;
- @RequestMapping(value = "/pm", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/pm", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public List<com.juick.Message> doGetPM(
@RequestParam(required = false) String uname) {
User visitor = UserUtils.getCurrentUser();
@@ -66,7 +66,7 @@ public class PM {
return pmQueriesService.getPMMessages(visitor.getUid(), uid);
}
- @RequestMapping(value = "/pm", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/pm", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public com.juick.Message doPostPM(
@RequestParam String uname,
@RequestParam String body) {
@@ -98,7 +98,7 @@ public class PM {
}
throw new HttpBadRequestException();
}
- @RequestMapping(value = "groups_pms", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/groups_pms", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public PrivateChats doGetGroupsPMs(
@RequestParam(defaultValue = "5") int cnt) {
User visitor = UserUtils.getCurrentUser();
diff --git a/juick-server/src/main/java/com/juick/server/api/Post.java b/juick-server/src/main/java/com/juick/server/api/Post.java
index b0be50b6..99d118c3 100644
--- a/juick-server/src/main/java/com/juick/server/api/Post.java
+++ b/juick-server/src/main/java/com/juick/server/api/Post.java
@@ -62,7 +62,7 @@ public class Post {
@Inject
CommandsManager commandsManager;
- @RequestMapping(value = "/post", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/post", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
@ResponseStatus(value = HttpStatus.OK)
public CommandResult doPostMessage(
@RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
@@ -101,7 +101,7 @@ public class Post {
return commandsManager.processCommand(visitor, body, attachmentFName);
}
- @RequestMapping(value = "/comment", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/comment", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public com.juick.Message doPostComment(
@RequestParam(defaultValue = "0") int mid,
@RequestParam(defaultValue = "0") int rid,
@@ -154,7 +154,7 @@ public class Post {
return commandsManager.processCommand(visitor, String.format("#%d/%d %s", mid, rid, body), attachmentFName).getNewMessage().get();
}
- @PostMapping("/like")
+ @PostMapping("/api/like")
@ResponseStatus(value = HttpStatus.OK)
public Status doPostRecomm(@RequestParam Integer mid) throws Exception {
com.juick.User visitor = UserUtils.getCurrentUser();
@@ -173,13 +173,13 @@ public class Post {
return Status.getStatus(status.getText());
}
- @GetMapping("/reactions")
+ @GetMapping("/api/reactions")
@ResponseStatus(value = HttpStatus.OK)
public List<Reaction> reactionsList() {
return messagesService.listReactions();
}
- @PostMapping("/react")
+ @PostMapping("/api/react")
@ResponseStatus(value = HttpStatus.OK)
public Status doPostReact(@RequestParam Integer mid,@RequestParam @NotNull int reactionId,
@RequestParam (required = false, defaultValue = "1") int count) {
@@ -204,7 +204,7 @@ public class Post {
return recommendStatus == MessagesService.RecommendStatus.Error ? Status.ERROR :Status.OK;
}
- @PostMapping("/update")
+ @PostMapping("/api/update")
public CommandResult updateMessage(@RequestParam Integer mid,
@RequestParam(required = false, defaultValue = "0") Integer rid,
@RequestParam String body) {
diff --git a/juick-server/src/main/java/com/juick/server/api/Service.java b/juick-server/src/main/java/com/juick/server/api/Service.java
index 3a01317b..0da5d46c 100644
--- a/juick-server/src/main/java/com/juick/server/api/Service.java
+++ b/juick-server/src/main/java/com/juick/server/api/Service.java
@@ -54,7 +54,7 @@ public class Service {
Session session = Session.getDefaultInstance(new Properties());
@ApiIgnore
- @PostMapping("/mail")
+ @PostMapping("/api/mail")
@ResponseStatus(value = HttpStatus.OK)
public void processMail(InputStream data) throws Exception {
if (UserUtils.getCurrentUser().getName().equals(serviceUser)) {
diff --git a/juick-server/src/main/java/com/juick/server/api/Tags.java b/juick-server/src/main/java/com/juick/server/api/Tags.java
index 8ced4ec9..38e71e3a 100644
--- a/juick-server/src/main/java/com/juick/server/api/Tags.java
+++ b/juick-server/src/main/java/com/juick/server/api/Tags.java
@@ -38,7 +38,7 @@ public class Tags {
@Inject
private TagService tagService;
- @RequestMapping(value = "/tags", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/tags", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public List<TagStats> tags(
@RequestParam(required = false, defaultValue = "0") int user_id
) {
diff --git a/juick-server/src/main/java/com/juick/server/api/Users.java b/juick-server/src/main/java/com/juick/server/api/Users.java
index 237b7ed6..7f29a327 100644
--- a/juick-server/src/main/java/com/juick/server/api/Users.java
+++ b/juick-server/src/main/java/com/juick/server/api/Users.java
@@ -52,12 +52,12 @@ public class Users {
private EmailService emailService;
@ApiOperation(value = "This returns user token", notes = "Pass login and password using HTTP Basic")
- @RequestMapping(value = "/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public String getAuthToken() {
return userService.getHashByUID(UserUtils.getCurrentUser().getUid());
}
- @RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public List<User> doGetUsers(
@RequestParam(value = "uname", required = false) List<String> unames) {
List<com.juick.User> users = new ArrayList<>();
@@ -78,7 +78,7 @@ public class Users {
throw new HttpNotFoundException();
}
- @GetMapping("/me")
+ @GetMapping("/api/me")
public SecureUser getMe() {
User visitor = UserUtils.getCurrentUser();
SecureUser me = new SecureUser();
@@ -93,7 +93,7 @@ public class Users {
return me;
}
- @RequestMapping(value = "/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public List<User> doGetUserRead(
@RequestParam String uname) {
User visitor = UserUtils.getCurrentUser();
@@ -118,7 +118,7 @@ public class Users {
throw new HttpNotFoundException();
}
- @RequestMapping(value = "/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+ @RequestMapping(value = "/api/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public List<User> doGetUserReaders(
@RequestParam String uname) {
User visitor = UserUtils.getCurrentUser();
@@ -144,7 +144,7 @@ public class Users {
}
@ApiOperation(value = "This returns detailed user info")
- @GetMapping("/info/{uname}")
+ @GetMapping("/api/info/{uname}")
public UserInfo getUserInfo(@PathVariable String uname) {
User user = userService.getUserByName(uname);
if (!user.isBanned()) {
diff --git a/juick-server/src/main/java/com/juick/server/api/activity/Profile.java b/juick-server/src/main/java/com/juick/server/api/activity/Profile.java
index 0d987b58..89236f03 100644
--- a/juick-server/src/main/java/com/juick/server/api/activity/Profile.java
+++ b/juick-server/src/main/java/com/juick/server/api/activity/Profile.java
@@ -38,7 +38,7 @@ public class Profile {
@Value("${img_url:http://localhost:8080/i/}")
private String baseImagesUri;
- @GetMapping(value = "/u/{userName}", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
+ @GetMapping(value = "/api/u/{userName}", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
public Person getUser(@PathVariable String userName) {
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
@@ -67,7 +67,7 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/blog/toc", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
+ @GetMapping(value = "/api/u/{userName}/blog/toc", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
public OrderedCollection getOutbox(@PathVariable String userName) {
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
@@ -80,7 +80,7 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/blog", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
+ @GetMapping(value = "/api/u/{userName}/blog", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
public OrderedCollectionPage getOutboxPage(@PathVariable String userName,
@RequestParam(required = false, defaultValue = "0") int before) {
User visitor = UserUtils.getCurrentUser();
@@ -128,7 +128,7 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/followers/toc", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
+ @GetMapping(value = "/api/u/{userName}/followers/toc", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
public OrderedCollection getFollowers(@PathVariable String userName) {
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
@@ -141,7 +141,7 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/followers", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
+ @GetMapping(value = "/api/u/{userName}/followers", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
public OrderedCollectionPage getFollowersPage(@PathVariable String userName,
@RequestParam(required = false, defaultValue = "0") int page) {
User user = userService.getUserByName(userName);
@@ -171,7 +171,7 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/following/toc", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
+ @GetMapping(value = "/api/u/{userName}/following/toc", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
public OrderedCollection getFollowing(@PathVariable String userName) {
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
@@ -184,7 +184,7 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/following", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
+ @GetMapping(value = "/api/u/{userName}/following", produces = { ActivityObject.LD_JSON_MEDIA_TYPE, ActivityObject.ACTIVITY_JSON_MEDIA_TYPE })
public OrderedCollectionPage getFollowingPage(@PathVariable String userName,
@RequestParam(required = false, defaultValue = "0") int page) {
User user = userService.getUserByName(userName);
diff --git a/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
deleted file mode 100644
index 2f263a78..00000000
--- a/juick-server/src/main/java/com/juick/server/configuration/ApiSecurityConfig.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (C) 2008-2017, Juick
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.juick.server.configuration;
-
-import com.juick.service.UserService;
-import com.juick.service.security.JuickUserDetailsService;
-import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.authentication.HttpStatusEntryPoint;
-import org.springframework.security.web.authentication.RememberMeServices;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-
-import javax.inject.Inject;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.concurrent.TimeUnit;
-
-/**
- * Created by aalexeev on 11/21/16.
- */
-@Configuration
-@EnableWebSecurity
-public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
- @Value("${auth_remember_me_key:secret}")
- private String rememberMeKey;
- @Inject
- private UserService userService;
-
- ApiSecurityConfig() {
- super(true);
- }
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
- .antMatchers(HttpMethod.OPTIONS).permitAll()
- .antMatchers("/", "/messages", "/users", "/thread", "/tags", "/tlgmbtwbhk", "/fbwbhk",
- "/skypebotendpoint", "/_fblogin", "/_vklogin", "_tglogin", "/u/**", "/.well-known/webfinger").permitAll()
- .anyRequest().hasRole("USER")
- .and().httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
- .and().anonymous()
- .and().cors().configurationSource(corsConfigurationSource())
- .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
- .and()
- .rememberMe()
- .alwaysRemember(true)
- .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
- .rememberMeServices(rememberMeServices())
- .key(rememberMeKey)
- .and().authenticationProvider(authenticationProvider())
- .headers().defaultsDisabled().cacheControl();
- }
-
- @Bean
- public AuthenticationProvider authenticationProvider() {
- DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
-
- authenticationProvider.setUserDetailsService(userDetailsService());
-
- return authenticationProvider;
- }
-
- @Bean
- public UserDetailsService userDetailsService() {
- return new JuickUserDetailsService(userService);
- }
-
- @Bean
- public RememberMeServices rememberMeServices() {
- return new RequestParamHashRememberMeServices(rememberMeKey, userService);
- }
-
- @Bean
- public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
- return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
- }
-
- @Bean
- public CorsConfigurationSource corsConfigurationSource() {
- CorsConfiguration configuration = new CorsConfiguration();
-
- configuration.setAllowedOrigins(Collections.singletonList("*"));
- configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
- configuration.setAllowedHeaders(Collections.singletonList("*"));
-
- UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
- source.registerCorsConfiguration("/**", configuration);
-
- return source;
- }
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**",
- "/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**", "/h2-console/**");
- }
-}
diff --git a/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java b/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java
deleted file mode 100644
index 598a7435..00000000
--- a/juick-server/src/main/java/com/juick/server/configuration/PostConfig.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package com.juick.server.configuration;
-
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.context.annotation.ComponentScan;
-
-@EnableAutoConfiguration
-@ComponentScan({"com.juick.server", "com.juick.service"})
-public class PostConfig {
-}
diff --git a/juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java b/juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java
new file mode 100644
index 00000000..53b29415
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/configuration/SapeConfiguration.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.configuration;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import ru.sape.Sape;
+
+/**
+ * Created by vitalyster on 29.03.2017.
+ */
+@Configuration
+public class SapeConfiguration {
+ @Value("${sape_user:secret}")
+ private String token;
+
+ @Bean
+ public Sape sape() {
+ return new Sape(token, "juick.com", 2000, 3600);
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
new file mode 100644
index 00000000..cd2ab13a
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/configuration/SecurityConfig.java
@@ -0,0 +1,209 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.configuration;
+
+import com.juick.service.UserService;
+import com.juick.service.security.HashParamAuthenticationFilter;
+import com.juick.service.security.JuickUserDetailsService;
+import com.juick.service.security.deprecated.RequestParamHashRememberMeServices;
+import com.juick.service.security.entities.JuickUser;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import javax.annotation.Resource;
+import javax.inject.Inject;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+@EnableWebSecurity
+public class SecurityConfig {
+ @Resource
+ private UserService userService;
+ @Value("${auth_remember_me_key:secret}")
+ private String rememberMeKey;
+ @Value("${web_domain:localhost}")
+ private String webDomain;
+
+ private static final String COOKIE_NAME = "juick-remember-me";
+
+ @Bean
+ public UserDetailsService userDetailsService() {
+ return new JuickUserDetailsService(userService);
+ }
+ @Bean
+ public RememberMeServices rememberMeServices() throws Exception {
+ TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(
+ rememberMeKey, userDetailsService());
+
+ services.setCookieName(COOKIE_NAME);
+ services.setCookieDomain(webDomain);
+ services.setAlwaysRemember(true);
+ services.setTokenValiditySeconds(6 * 30 * 24 * 3600);
+ services.setUseSecureCookie(false); // TODO set true if https is supports
+
+ return services;
+ }
+ @Bean
+ public HashParamAuthenticationFilter hashParamAuthenticationFilter() throws Exception {
+ return new HashParamAuthenticationFilter(userService, rememberMeServices());
+ }
+
+
+ @Configuration
+ @Order(1)
+ public static class ApiConfig extends WebSecurityConfigurerAdapter {
+ @Value("${auth_remember_me_key:secret}")
+ private String rememberMeKey;
+ @Value("${web_domain:localhost}")
+ private String webDomain;
+ @Resource
+ private UserService userService;
+ @Inject
+ private HashParamAuthenticationFilter hashParamAuthenticationFilter;
+ ApiConfig() {
+ super(true);
+ }
+ @Bean
+ RememberMeServices rememberMeServices(){
+ return new RequestParamHashRememberMeServices(rememberMeKey, userService);
+ }
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.addFilterAfter(hashParamAuthenticationFilter, BasicAuthenticationFilter.class);
+ http.antMatcher("/api/**").authorizeRequests()
+ .antMatchers(HttpMethod.OPTIONS).permitAll()
+ .antMatchers("/api/", "/api/messages", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk",
+ "/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin", "/api/u/**", "/.well-known/webfinger").permitAll()
+ .anyRequest().hasRole("USER")
+ .and()
+ .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
+ .and()
+ .httpBasic().authenticationEntryPoint(juickAuthenticationEntryPoint())
+ .and().cors().configurationSource(corsConfigurationSource())
+ .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+ .and().exceptionHandling().authenticationEntryPoint(juickAuthenticationEntryPoint())
+ .and()
+ .rememberMe()
+ .alwaysRemember(true)
+ .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30))
+ .rememberMeServices(rememberMeServices())
+ .key(rememberMeKey)
+ .and()
+ .headers().defaultsDisabled().cacheControl();
+ }
+
+ @Bean
+ public AuthenticationEntryPoint juickAuthenticationEntryPoint() {
+ return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
+ }
+
+ @Bean
+ public CorsConfigurationSource corsConfigurationSource() {
+ CorsConfiguration configuration = new CorsConfiguration();
+
+ configuration.setAllowedOrigins(Collections.singletonList("*"));
+ configuration.setAllowedMethods(Arrays.asList("POST", "GET", "PUT", "OPTIONS", "DELETE"));
+ configuration.setAllowedHeaders(Collections.singletonList("*"));
+
+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+ source.registerCorsConfiguration("/api/**", configuration);
+
+ return source;
+ }
+ @Override
+ public void configure(WebSecurity web) {
+ web.debug(false);
+ web.ignoring().antMatchers("/api/v2/api-docs", "/api/configuration/ui", "/api/swagger-resources/**",
+ "/api/configuration/**", "/swagger-ui.html", "/webjars/**", "/ws/**", "/rss/**", "/h2-console/**");
+ }
+ }
+
+ @Configuration
+ public static class WebConfig extends WebSecurityConfigurerAdapter {
+ @Inject
+ private RememberMeServices rememberMeServices;
+ @Value("${auth_remember_me_key:secret}")
+ private String rememberMeKey;
+ @Value("${web_domain:localhost}")
+ private String webDomain;
+ @Resource
+ private UserService userService;
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http
+ .authorizeRequests()
+ .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2", "/comment")
+ .authenticated()
+ .anyRequest().permitAll()
+ .and()
+ .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
+ .and()
+ .sessionManagement().invalidSessionUrl("/")
+ .and()
+ .logout()
+ .invalidateHttpSession(true)
+ .logoutUrl("/logout")
+ .logoutSuccessUrl("/login?logout")
+ .deleteCookies("hash", COOKIE_NAME)
+ .and()
+ .formLogin()
+ .loginPage("/login")
+ .permitAll()
+ .defaultSuccessUrl("/")
+ .loginProcessingUrl("/login")
+ .usernameParameter("username")
+ .passwordParameter("password")
+ .failureUrl("/login?error=1")
+ .and()
+ .rememberMe()
+ .rememberMeCookieDomain(webDomain).key(rememberMeKey)
+ .rememberMeServices(rememberMeServices)
+ .and()
+ .csrf().disable()
+ .headers().defaultsDisabled().cacheControl();
+ }
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ web.debug(false);
+ web.ignoring().antMatchers("/style.css*", "/scripts.js*", "/h2-console/**", "/.well-known/**");
+ }
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java b/juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java
new file mode 100644
index 00000000..16d32ee4
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/configuration/WwwAppConfiguration.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.configuration;
+
+import com.juick.service.TagService;
+import com.juick.service.UserService;
+import com.juick.server.www.HelpService;
+import com.mitchellbosecke.pebble.PebbleEngine;
+import com.mitchellbosecke.pebble.extension.FormatterExtension;
+import com.mitchellbosecke.pebble.loader.ClasspathLoader;
+import com.mitchellbosecke.pebble.loader.Loader;
+import com.mitchellbosecke.pebble.spring.PebbleViewResolver;
+import com.mitchellbosecke.pebble.spring.extension.SpringExtension;
+import org.apache.commons.codec.CharEncoding;
+import org.commonmark.ext.autolink.AutolinkExtension;
+import org.commonmark.node.Link;
+import org.commonmark.parser.Parser;
+import org.commonmark.renderer.html.HtmlRenderer;
+import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.cache.caffeine.CaffeineCacheManager;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.web.servlet.ViewResolver;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import javax.inject.Inject;
+import java.util.Collections;
+
+/**
+ * Created by aalexeev on 11/22/16.
+ */
+@Configuration
+@EnableCaching
+@Import({ BaseWebConfiguration.class, SecurityConfig.class, SapeConfiguration.class,
+ StorageConfiguration.class})
+public class WwwAppConfiguration implements WebMvcConfigurer {
+ @Inject
+ private UserService userService;
+ @Inject
+ private TagService tagService;
+ @Bean
+ public CaffeineCacheManager cacheManager() {
+ return new CaffeineCacheManager("help");
+ }
+
+ @Bean
+ public HelpService helpService() {
+ return new HelpService("help");
+ }
+
+ @Bean
+ public Parser cmParser() {
+ return Parser.builder().extensions(Collections.singletonList(AutolinkExtension.create())).build();
+ }
+ @Bean
+ public HtmlRenderer helpRenderer() {
+ return HtmlRenderer.builder()
+ .attributeProviderFactory(context -> (node, tagName, attributes) -> {
+ if (node instanceof Link) {
+ Link link = (Link) node;
+ if (link.getDestination().startsWith("/")) {
+ String destination = "/" + helpService().getHelpPath() + link.getDestination();
+ link.setDestination(destination);
+ attributes.put("href", destination);
+ }
+ }
+ })
+ .build();
+ }
+ @Bean
+ public Loader templateLoader() {
+ return new ClasspathLoader();
+ }
+
+ @Bean
+ public SpringExtension springExtension() {
+ return new SpringExtension();
+ }
+
+ @Bean
+ public PebbleEngine pebbleEngine() {
+ return new PebbleEngine.Builder()
+ .loader(this.templateLoader())
+ .extension(springExtension())
+ .extension(new FormatterExtension())
+ .strictVariables(true)
+ .build();
+ }
+
+ @Bean
+ public ViewResolver viewResolver() {
+ PebbleViewResolver viewResolver = new PebbleViewResolver();
+ viewResolver.setPrefix("templates");
+ viewResolver.setSuffix(".html");
+ viewResolver.setPebbleEngine(pebbleEngine());
+ viewResolver.setCharacterEncoding(CharEncoding.UTF_8);
+ return viewResolver;
+ }
+
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/HelpService.java b/juick-server/src/main/java/com/juick/server/www/HelpService.java
new file mode 100644
index 00000000..25727962
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/HelpService.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.www;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.cache.annotation.Cacheable;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.regex.Pattern;
+
+/**
+ * Created by aalexeev on 12/11/16.
+ */
+public class HelpService {
+ private static final Pattern LANG_PATTERN = Pattern.compile("[a-z]{2}");
+
+ private static final Pattern PAGE_PATTERN = Pattern.compile("[a-zA-Z0-9\\-_]+");
+
+ private final String helpPath;
+
+
+ public HelpService(String helpPath) {
+ this.helpPath = helpPath;
+ }
+
+ @Cacheable("help")
+ public String getHelp(final String page, final String lang) {
+ if (canBePage(page) && canBeLang(lang)) {
+ String path = StringUtils.joinWith("/", helpPath, lang, page + ".md");
+
+ try (InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path)) {
+ if (is != null)
+ return IOUtils.toString(is, StandardCharsets.UTF_8);
+ } catch (IOException e) {
+ }
+ }
+ return null;
+ }
+
+ public boolean canBePage(final String anything) {
+ return anything != null && PAGE_PATTERN.matcher(anything).matches();
+ }
+
+ public boolean canBeLang(final String anything) {
+ return anything != null && LANG_PATTERN.matcher(anything).matches();
+ }
+
+ public String getHelpPath() {
+ return helpPath;
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/Utils.java b/juick-server/src/main/java/com/juick/server/www/Utils.java
new file mode 100644
index 00000000..61278e17
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/Utils.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.server.www;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Optional;
+
+/**
+ *
+ * @author Ugnich Anton
+ */
+public class Utils {
+
+
+ public static String encodeSphinx(String str) {
+ return str.replaceAll("@", "\\\\@")
+ .replaceAll("\\'", "\\\\'");
+ }
+
+ /**
+ * Returns the viewName to return for coming back to the sender url
+ *
+ * @param request Instance of {@link HttpServletRequest} or use an injected instance
+ * @return Optional with the view name. Recomended to use an alternativa url with
+ * {@link Optional#orElse(java.lang.Object)}
+ */
+ public static Optional<String> getPreviousPageByRequest(HttpServletRequest request)
+ {
+ return Optional.ofNullable(request.getHeader("Referer")).map(requestUrl -> "redirect:" + requestUrl);
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/WebApp.java b/juick-server/src/main/java/com/juick/server/www/WebApp.java
new file mode 100644
index 00000000..98327a5d
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/WebApp.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.server.www;
+
+import com.juick.Tag;
+import com.juick.service.TagService;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.resource.ResourceUrlProvider;
+
+import javax.annotation.PostConstruct;
+import javax.inject.Inject;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Stream;
+
+/**
+ *
+ * @author Ugnich Anton
+ */
+@Component
+public class WebApp {
+ @Inject
+ private TagService tagService;
+ @Inject
+ private ResourceUrlProvider resourceUrlProvider;
+
+ public List<Tag> parseTags(String tagsStr) {
+ List<Tag> tags = new ArrayList<>();
+ if (tagsStr != null && !tagsStr.isEmpty()) {
+ Stream<String> tagsList = Arrays.stream(tagsStr.split("[ \\,]"))
+ .distinct().map( t -> {
+ if (t.startsWith("*")) {
+ t = t.substring(1);
+ }
+ if (t.length() > 64) {
+ t = t.substring(0, 64);
+ }
+ return t;
+ });
+ tags = tagService.getTags(tagsList, true);
+ while (tags.size() > 5) {
+ tags.remove(5);
+ }
+ }
+ return tags;
+ }
+
+ public String getStyleUrl() {
+ return resourceUrlProvider.getForLookupPath("/style.css");
+ }
+
+ public String getScriptsUrl() {
+ return resourceUrlProvider.getForLookupPath("/scripts.js");
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/AnythingFilter.java b/juick-server/src/main/java/com/juick/server/www/controllers/AnythingFilter.java
new file mode 100644
index 00000000..9ab20003
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/AnythingFilter.java
@@ -0,0 +1,64 @@
+package com.juick.server.www.controllers;
+
+import com.juick.server.util.WebUtils;
+import com.juick.service.MessagesService;
+import com.juick.service.UserService;
+import org.apache.commons.lang3.math.NumberUtils;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+import org.springframework.web.util.UriComponents;
+
+import javax.annotation.Nonnull;
+import javax.inject.Inject;
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class AnythingFilter extends OncePerRequestFilter {
+ @Inject
+ private MessagesService messagesService;
+ @Inject
+ private UserService userService;
+
+ @Override
+ public void doFilterInternal(@Nonnull HttpServletRequest servletRequest,
+ @Nonnull HttpServletResponse servletResponse,
+ @Nonnull FilterChain filterChain) throws IOException, ServletException {
+ UriComponents components = ServletUriComponentsBuilder.fromCurrentRequestUri().build();
+ String anything = components.getPath().substring(1);
+ int before = NumberUtils.toInt(components.getQueryParams().getFirst("before"), 0);
+ if (before == 0) {
+ boolean isPostNumber = WebUtils.isPostNumber(anything);
+ int messageId = isPostNumber ?
+ NumberUtils.toInt(anything) : 0;
+
+ if (isPostNumber && anything.equals(Integer.toString(messageId))) {
+ if (messageId > 0) {
+ com.juick.User author = messagesService.getMessageAuthor(messageId);
+
+ if (author != null) {
+ servletResponse.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
+ servletResponse.setHeader("Location", "/" + author.getName() + "/" + anything);
+ return;
+ }
+ }
+ }
+ com.juick.User user = userService.getUserByName(anything);
+ if (user.getUid() > 0) {
+ ((HttpServletResponse)servletResponse).sendRedirect("/" + user.getName() + "/");
+ } else {
+ filterChain.doFilter(servletRequest, servletResponse);
+ }
+ } else {
+ com.juick.User user = userService.getUserByName(anything);
+ if (!user.isAnonymous()) {
+ ((HttpServletResponse) servletResponse).sendRedirect("/" + user.getName() + "/?before=" + before);
+ } else {
+ filterChain.doFilter(servletRequest, servletResponse);
+ }
+ }
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/AppSiteAssociation.java b/juick-server/src/main/java/com/juick/server/www/controllers/AppSiteAssociation.java
new file mode 100644
index 00000000..7ba7405a
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/AppSiteAssociation.java
@@ -0,0 +1,49 @@
+package com.juick.server.www.controllers;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Collections;
+import java.util.List;
+
+@RestController
+public class AppSiteAssociation {
+ @Value("${ios_app_id:}")
+ private String appId;
+
+ @GetMapping("/.well-known/apple-app-site-association")
+ @ResponseBody
+ public SiteAssociations appSiteAssociations() {
+ WebCredentials webCredentials = new WebCredentials();
+ webCredentials.setApps(Collections.singletonList(appId));
+ SiteAssociations siteAssociations = new SiteAssociations();
+ siteAssociations.setWebcredentials(webCredentials);
+ return siteAssociations;
+ }
+
+ private class SiteAssociations {
+ private WebCredentials webcredentials;
+
+ public WebCredentials getWebcredentials() {
+ return webcredentials;
+ }
+
+ public void setWebcredentials(WebCredentials webcredentials) {
+ this.webcredentials = webcredentials;
+ }
+ }
+
+ private class WebCredentials {
+ private List<String> apps;
+
+ public List<String> getApps() {
+ return apps;
+ }
+
+ public void setApps(List<String> apps) {
+ this.apps = apps;
+ }
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/Help.java b/juick-server/src/main/java/com/juick/server/www/controllers/Help.java
new file mode 100644
index 00000000..61b58a9d
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/Help.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.www.controllers;
+
+import com.juick.server.util.HttpNotFoundException;
+import com.juick.server.util.UserUtils;
+import com.juick.service.MessagesService;
+import com.juick.server.www.HelpService;
+import org.commonmark.parser.Parser;
+import org.commonmark.renderer.html.HtmlRenderer;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+
+import javax.inject.Inject;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.Locale;
+import java.util.Objects;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+@Controller
+public class Help {
+ @Inject
+ private HelpService helpService;
+ @Inject
+ private MessagesService messagesService;
+ @Inject
+ private Parser cmParser;
+ @Inject
+ private HtmlRenderer helpRenderer;
+
+ @GetMapping({"/help/", "/help", "/help/{langOrPage}", "/help/{lang}/{page}"})
+ public String showHelp(
+ Locale locale,
+ @PathVariable(required = false, name = "lang") String lang,
+ @PathVariable(required = false, name = "page") String page,
+ @PathVariable(required = false, name = "langOrPage") String langOrPage,
+ Model model) throws IOException, URISyntaxException {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+
+ String navigation = null;
+
+ if (langOrPage != null) {
+ if (helpService.canBeLang(langOrPage)) {
+ navigation = helpService.getHelp("navigation", langOrPage);
+ if (navigation != null)
+ lang = langOrPage;
+ }
+
+ if (navigation == null && helpService.canBePage(langOrPage))
+ page = langOrPage;
+ }
+
+ if (lang == null) {
+ lang = locale.getLanguage();
+ }
+
+ String content = helpService.getHelp(page, lang);
+ if (content == null && !Objects.equals("tos", page))
+ content = helpService.getHelp("tos", lang);
+
+ if (navigation == null)
+ navigation = helpService.getHelp("navigation", lang);
+
+ if (content == null || navigation == null)
+ throw new HttpNotFoundException();
+
+ model.addAttribute("navigation", helpRenderer.render(cmParser.parse(navigation)));
+ model.addAttribute("content", helpRenderer.render(cmParser.parse(content)));
+ model.addAttribute("visitor", visitor);
+
+ return "views/help";
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/Login.java b/juick-server/src/main/java/com/juick/server/www/controllers/Login.java
new file mode 100644
index 00000000..d933934e
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/Login.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.server.www.controllers;
+
+import com.juick.server.util.UserUtils;
+import com.juick.service.UserService;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import javax.inject.Inject;
+
+/**
+ * @author Ugnich Anton
+ */
+@Controller
+public class Login {
+ @Inject
+ private UserService userService;
+
+ @GetMapping("/login")
+ public String getloginForm(@RequestParam(required = false, defaultValue = "true") boolean redirect) {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+
+ if (!visitor.isAnonymous()) {
+ return redirect ? "redirect:/" : "redirect:/login/success";
+ }
+ return "views/login";
+ }
+ @GetMapping("/login/success")
+ public String getSuccessLogin(ModelMap model) {
+ model.addAttribute("hash", userService.getHashByUID(UserUtils.getCurrentUser().getUid()));
+ return "views/login_success";
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/MessagesWWW.java b/juick-server/src/main/java/com/juick/server/www/controllers/MessagesWWW.java
new file mode 100644
index 00000000..10136fcf
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/MessagesWWW.java
@@ -0,0 +1,595 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.server.www.controllers;
+
+import com.juick.Message;
+import com.juick.Tag;
+import com.juick.formatters.PlainTextFormatter;
+import com.juick.server.util.HttpForbiddenException;
+import com.juick.server.util.HttpNotFoundException;
+import com.juick.server.util.UserUtils;
+import com.juick.server.util.WebUtils;
+import com.juick.service.*;
+import com.juick.util.MessageUtils;
+import com.juick.server.www.Utils;
+import org.apache.commons.codec.CharEncoding;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+import org.springframework.web.util.UriComponents;
+import ru.sape.Sape;
+
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ *
+ * @author Ugnich Anton
+ */
+@Controller
+public class MessagesWWW {
+ @Inject
+ private UserService userService;
+ @Inject
+ private TagService tagService;
+ @Inject
+ private MessagesService messagesService;
+ @Inject
+ private Sape sape;
+ @Inject
+ private PMQueriesService pmQueriesService;
+ @Inject
+ private CrosspostService crosspostService;
+ @Inject
+ private ApplicationEventPublisher applicationEventPublisher;
+
+ void fillUserModel(ModelMap model, com.juick.User user, com.juick.User visitor) {
+ model.addAttribute("user", user);
+ model.addAttribute("isSubscribed", userService.isSubscribed(visitor.getUid(), user.getUid()));
+ model.addAttribute("isInBL", userService.isInBL(visitor.getUid(), user.getUid()));
+ model.addAttribute("isInBLAny", userService.isInBLAny(user.getUid(), visitor.getUid()));
+ model.addAttribute("statsIRead", userService.getUserFriends(user.getUid()));
+ model.addAttribute("statsMyReaders", userService.getStatsMyReaders(user.getUid()));
+ model.addAttribute("statsMyBL", userService.getUserBLUsers(user.getUid()).size());
+ model.addAttribute("statsMessages", userService.getStatsMessages(user.getUid()));
+ model.addAttribute("statsReplies", userService.getStatsReplies(user.getUid()));
+ model.addAttribute("iread", userService.getUserReadLeastPopular(user.getUid(), 8));
+ model.addAttribute("tagStats", tagService.getUserTagStats(user.getUid())
+ .stream().sorted((e1, e2) -> Integer.compare(e2.getUsageCount(), e1.getUsageCount())).limit(20).map(t -> t.getTag().getName()).collect(Collectors.toList()));
+ }
+
+ @GetMapping("/")
+ protected String doGet(
+ @RequestParam(required = false) String tag,
+ @RequestParam(name = "show", required = false) String paramShow,
+ @RequestParam(name = "search", required = false) String paramSearch,
+ @RequestParam(name = "before", required = false, defaultValue = "0") Integer paramBefore,
+ @RequestParam(name = "to", required = false, defaultValue = "0") Long paramTo,
+ @RequestParam(name = "page", required = false, defaultValue = "0") Integer page,
+ @CookieValue(name = "sape_cookie", required = false, defaultValue = StringUtils.EMPTY) String sapeCookie,
+ ModelMap model) throws IOException {
+ if (tag != null) {
+ return "redirect:/tag/" + URLEncoder.encode(tag, CharEncoding.UTF_8);
+ }
+ com.juick.User visitor = UserUtils.getCurrentUser();
+
+ if (paramSearch != null && paramSearch.length() > 64) {
+ paramSearch = null;
+ }
+
+ model.addAttribute("discover", false);
+
+ String title;
+ List<Integer> mids;
+
+ if (paramSearch != null) {
+ title = "Поиск: " + StringEscapeUtils.escapeHtml4(paramSearch);
+ mids = messagesService.getSearch(Utils.encodeSphinx(paramSearch), page);
+ } else if (paramShow == null) {
+ if (!visitor.isAnonymous()) {
+ title = "Популярные";
+ mids = messagesService.getPopular(visitor.getUid(), paramBefore);
+ model.addAttribute("discover", true);
+ } else {
+ title = "Микроблоги Juick: популярные записи";
+ mids = messagesService.getPopular(0, paramBefore);
+ }
+
+ } else if (paramShow.equals("top")) {
+ return "redirect:/";
+ } else if (paramShow.equals("my") && !visitor.isAnonymous()) {
+ title = "Моя лента";
+ mids = messagesService.getMyFeed(visitor.getUid(), paramBefore, true);
+ } else if (paramShow.equals("private") && !visitor.isAnonymous()) {
+ title = "Приватные";
+ mids = messagesService.getPrivate(visitor.getUid(), paramBefore);
+ } else if (paramShow.equals("discuss") && !visitor.isAnonymous()) {
+ title = "Обсуждения";
+ mids = messagesService.getDiscussions(visitor.getUid(), paramTo);
+ } else if (paramShow.equals("recommended") && !visitor.isAnonymous()) {
+ title = "Рекомендации";
+ mids = messagesService.getRecommended(visitor.getUid(), paramBefore);
+ } else if (paramShow.equals("photos")) {
+ title = "Фотографии";
+ mids = messagesService.getPhotos(visitor.getUid(), paramBefore);
+ model.addAttribute("discover", true);
+ } else if (paramShow.equals("all")) {
+ title = "Все сообщения";
+ mids = messagesService.getAll(visitor.getUid(), paramBefore);
+ model.addAttribute("discover", true);
+ } else {
+ throw new HttpNotFoundException();
+ }
+
+ String head = StringUtils.EMPTY;
+ if (paramBefore > 0 || paramShow != null) {
+ head = "<meta name=\"robots\" content=\"noindex\"/>";
+ }
+ model.addAttribute("title", title);
+ model.addAttribute("headers", head);
+ model.addAttribute("visitor", visitor);
+ model.addAttribute("noindex", !(paramShow == null && paramBefore == 0));
+ List<com.juick.Message> msgs = messagesService.getMessages(visitor, mids);
+
+ if (!visitor.isAnonymous()) {
+ fillUserModel(model, visitor, visitor);
+ List<Integer> unread = messagesService.getUnread(visitor);
+ visitor.setUnreadCount(unread.size());
+ List<Integer> blUIDs = userService.checkBL(visitor.getUid(),
+ msgs.stream().map(m -> m.getUser().getUid()).collect(Collectors.toList()));
+ msgs.forEach(m -> {
+ m.ReadOnly |= blUIDs.contains(m.getUser().getUid());
+ m.setUnread(unread.contains(m.getMid()));
+ });
+ }
+ model.addAttribute("msgs", msgs);
+ model.addAttribute("tags", tagService.getPopularTags());
+ model.addAttribute("headers", head);
+ model.addAttribute("showAdv",
+ paramShow == null && paramBefore == 0 && paramSearch == null && visitor.isAnonymous());
+ if (mids.size() >= 20) {
+ String nextpage = (paramShow != null && paramShow.equals("discuss")) ? "?to=" + msgs.get(msgs.size() - 1).getUpdated().toEpochMilli() : paramSearch != null ? String.format("?page=%d", page + 1) : "?before=" + mids.get(mids.size() - 1);
+ if (paramShow != null) {
+ nextpage += "&amp;show=" + paramShow;
+ }
+ if (paramSearch != null) {
+ nextpage += "&amp;search=" + URLEncoder.encode(paramSearch, CharEncoding.UTF_8);
+ }
+ model.addAttribute("nextpage", nextpage);
+ }
+ UriComponents builder = ServletUriComponentsBuilder.fromCurrentRequestUri().build();
+ String queryString = builder.getQuery();
+ String requestURI = builder.toUri().getPath();
+ if (sape != null && visitor.isAnonymous() && queryString == null) {
+ String links = sape.getPageLinks(requestURI, sapeCookie).render();
+ model.addAttribute("links", links);
+ }
+ return "views/index";
+ }
+
+ @GetMapping("/{uname}/")
+ protected String doGetBlog(
+ @RequestParam(required = false, name = "show") String paramShow,
+ @RequestParam(required = false, name = "tag") String paramTagStr,
+ @RequestParam(required = false, name = "search") String paramSearch,
+ @RequestParam(required = false, name = "page", defaultValue = "0") Integer page,
+ @PathVariable String uname,
+ @RequestParam(required = false, defaultValue = "0") Integer before,
+ @CookieValue(name = "sape_cookie", required = false, defaultValue = StringUtils.EMPTY) String sapeCookie,
+ ModelMap model) throws IOException {
+ com.juick.User user = userService.getUserByName(uname);
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (user.isBanned() || user.isAnonymous()) {
+ throw new HttpNotFoundException();
+ }
+
+ List<Integer> mids;
+
+ com.juick.Tag paramTag = null;
+ if (paramTagStr != null) {
+ if (paramTagStr.length() < 64) {
+ paramTag = tagService.getTag(paramTagStr, false);
+ }
+ if (paramTag == null) {
+ throw new HttpNotFoundException();
+ } else if (!paramTag.getName().equals(paramTagStr)) {
+ String url = user.getName() + "/?tag=" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8);
+ return "redirect:/" + url;
+ }
+ }
+ if (paramSearch != null && paramSearch.length() > 64) {
+ paramSearch = null;
+ }
+
+ int privacy = 0;
+ if (!visitor.isAnonymous()) {
+ if (user.getUid() == visitor.getUid() || visitor.getUid() == 1) {
+ privacy = -3;
+ } else if (userService.isInWL(user.getUid(), visitor.getUid())) {
+ privacy = -2;
+ }
+ }
+
+ String title;
+ if (paramShow == null) {
+ if (paramTag != null) {
+ title = "Блог " + user.getName() + ": *" + StringEscapeUtils.escapeHtml4(paramTag.getName());
+ mids = messagesService.getUserTag(user.getUid(), paramTag.TID, privacy, before);
+ } else if (paramSearch != null) {
+ title = "Блог " + user.getName() + ": " + StringEscapeUtils.escapeHtml4(paramSearch);
+ mids = messagesService.getUserSearch(user.getUid(), Utils.encodeSphinx(paramSearch), privacy, page);
+ } else {
+ title = "Блог " + user.getName();
+ mids = messagesService.getUserBlog(user.getUid(), privacy, before);
+ }
+ } else if (paramShow.equals("recomm")) {
+ title = "Рекомендации " + user.getName();
+ mids = messagesService.getUserRecommendations(user.getUid(), before);
+ } else if (paramShow.equals("photos")) {
+ title = "Фотографии " + user.getName();
+ mids = messagesService.getUserPhotos(user.getUid(), privacy, before);
+ } else {
+ throw new HttpNotFoundException();
+ }
+
+ String head = "<link rel=\"alternate\" type=\"application/rss+xml\" title=\"@" +
+ user.getName() + "\" href=\"//rss.juick.com/" + user.getName() + "/blog\"/>";
+ if (paramTag != null && tagService.getTagNoIndex(paramTag.TID)) {
+ head += "<meta name=\"robots\" content=\"noindex,nofollow\"/>";
+ } else if (before > 0 || paramShow != null) {
+ head += "<meta name=\"robots\" content=\"noindex\"/>";
+ }
+ model.addAttribute("pageUrl", "http://juick.com/" + user.getName());
+ model.addAttribute("title", title);
+ model.addAttribute("headers", head);
+ model.addAttribute("visitor", visitor);
+ model.addAttribute("noindex", paramShow == null && before == 0);
+ fillUserModel(model, user, visitor);
+ model.addAttribute("paramTag", paramTag);
+ List<com.juick.Message> msgs = messagesService.getMessages(visitor, mids);
+
+ if (!visitor.isAnonymous()) {
+ List<Integer> unread = messagesService.getUnread(visitor);
+ visitor.setUnreadCount(unread.size());
+ List<Integer> blUIDs = userService.checkBL(visitor.getUid(),
+ msgs.stream().map(m -> m.getUser().getUid()).collect(Collectors.toList()));
+ msgs.forEach(m -> {
+ m.ReadOnly |= blUIDs.contains(m.getUser().getUid());
+ m.setUnread(unread.contains(m.getMid()));
+ });
+ }
+ model.addAttribute("msgs", msgs);
+ model.addAttribute("headers", head);
+ model.addAttribute("showAdv",
+ paramShow == null && before == 0 && paramSearch == null && visitor.getUid() == 0);
+ if (mids.size() >= 20) {
+ String nextpage = paramSearch != null ? String.format("?page=%d", page + 1) : "?before=" + mids.get(mids.size() - 1);
+ if (paramShow != null) {
+ nextpage += "&amp;show=" + paramShow;
+ }
+ if (paramSearch != null) {
+ nextpage += "&amp;search=" + URLEncoder.encode(paramSearch, CharEncoding.UTF_8);
+ }
+ if (paramTag != null) {
+ nextpage += "&amp;tag=" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8);
+ }
+ model.addAttribute("nextpage", nextpage);
+ }
+ UriComponents builder = ServletUriComponentsBuilder.fromCurrentRequestUri().build();
+ String queryString = builder.getQuery();
+ String requestURI = builder.toUri().getPath();
+ if (sape != null && visitor.isAnonymous() && queryString == null) {
+ String links = sape.getPageLinks(requestURI, sapeCookie).render();
+ model.addAttribute("links", links);
+ }
+ return "views/blog";
+ }
+
+ @GetMapping("/{uname}/tags")
+ protected String doGetTags(@PathVariable String uname, ModelMap model) throws IOException {
+ com.juick.User user = userService.getUserByName(uname);
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isBanned()) {
+ throw new HttpNotFoundException();
+ }
+
+ model.addAttribute("title", "Теги " + user.getName());
+ model.addAttribute("headers", "<meta name=\"robots\" content=\"noindex,nofollow\"/>");
+ model.addAttribute("visitor", visitor);
+ fillUserModel(model, user, visitor);
+ model.addAttribute("tags", tagService.getUserTagStats(user.getUid()).stream()
+ .sorted((e1, e2) -> Integer.compare(e2.getUsageCount(), e1.getUsageCount())).map(t -> t.getTag().getName()).collect(Collectors.toList()));
+
+ return "views/blog_tags";
+ }
+
+ @GetMapping("/{uname}/friends")
+ protected String doGetFriends(@PathVariable String uname, ModelMap model) throws IOException {
+ com.juick.User user = userService.getUserByName(uname);
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isBanned()) {
+ throw new HttpNotFoundException();
+ }
+ model.addAttribute("title", "Подписки " + user.getName());
+ model.addAttribute("headers", "<meta name=\"robots\" content=\"noindex\"/>");
+ model.addAttribute("visitor", visitor);
+ fillUserModel(model, user, visitor);
+ model.addAttribute("users", userService.getUserFriends(user.getUid()));
+
+ return "views/users";
+ }
+
+ @GetMapping("/{uname}/readers")
+ protected String doGetReaders(@PathVariable String uname, ModelMap model) throws IOException {
+ com.juick.User user = userService.getUserByName(uname);
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isBanned()) {
+ throw new HttpForbiddenException();
+ }
+ model.addAttribute("title", "Читатели " + user.getName());
+ model.addAttribute("headers", "<meta name=\"robots\" content=\"noindex\"/>");
+ model.addAttribute("visitor", visitor);
+ fillUserModel(model, user, visitor);
+ model.addAttribute("users", userService.getUserReaders(user.getUid()));
+
+ return "views/users";
+ }
+
+ @GetMapping("/{uname}/bl")
+ protected String doGetBL(@PathVariable String uname, ModelMap model) throws IOException {
+ com.juick.User user = userService.getUserByName(uname);
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isBanned() || visitor.getUid() != user.getUid()) {
+ throw new HttpForbiddenException();
+ }
+ model.addAttribute("title", "Черный список " + user.getName());
+ model.addAttribute("headers", "<meta name=\"robots\" content=\"noindex\"/>");
+ model.addAttribute("visitor", visitor);
+ fillUserModel(model, user, visitor);
+ model.addAttribute("users", userService.getUserBLUsers(user.getUid()));
+
+ return "views/users";
+ }
+ @GetMapping("/tag/{tagName}")
+ protected String tagAction(HttpServletRequest request,
+ @PathVariable String tagName,
+ @CookieValue(name = "sape_cookie", required = false, defaultValue = StringUtils.EMPTY) String sapeCookie,
+ @RequestParam(required = false, defaultValue = "0") int before,
+ ModelMap model) throws IOException {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+
+ String paramTagStr = StringEscapeUtils.unescapeHtml4(tagName);
+ com.juick.Tag paramTag = tagService.getTag(paramTagStr, false);
+ if (paramTag == null) {
+ throw new HttpNotFoundException();
+ } else if (paramTag.SynonymID > 0 && paramTag.TID != paramTag.SynonymID) {
+ com.juick.Tag synTag = tagService.getTag(paramTag.SynonymID);
+ String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(synTag.getName()), CharEncoding.UTF_8);
+ if (request.getQueryString() != null) {
+ url += "?" + request.getQueryString();
+ }
+ return "redirect:" + url;
+ } else if (!paramTag.getName().equals(paramTagStr)) {
+ String url = "/tag/" + URLEncoder.encode(StringEscapeUtils.escapeHtml4(paramTag.getName()), CharEncoding.UTF_8);
+ if (request.getQueryString() != null) {
+ url += "?" + request.getQueryString();
+ }
+ return "redirect:" + url;
+ }
+
+ String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName());
+ model.addAttribute("title", title);
+ List<Integer> mids = messagesService.getTag(paramTag.TID, visitor.getUid(), before, (visitor.isAnonymous()) ? 40 : 20);
+ List<com.juick.Message> msgs = messagesService.getMessages(visitor, mids);
+ if (!visitor.isAnonymous()) {
+ List<Integer> unread = messagesService.getUnread(visitor);
+ visitor.setUnreadCount(unread.size());
+ List<Integer> blUIDs = userService.checkBL(
+ visitor.getUid(),
+ msgs.stream().map(m -> m.getUser().getUid()).collect(Collectors.toList())
+ );
+ msgs.forEach(m -> {
+ m.ReadOnly |= blUIDs.contains(m.getUser().getUid());
+ m.setUnread(unread.contains(m.getMid()));
+ });
+ fillUserModel(model, visitor, visitor);
+ }
+
+ String head = StringUtils.EMPTY;
+ if (tagService.getTagNoIndex(paramTag.TID)) {
+ head = "<meta name=\"robots\" content=\"noindex,nofollow\"/>";
+ } else if (before > 0 || mids.size() < 5) {
+ head = "<meta name=\"robots\" content=\"noindex\"/>";
+ }
+ model.addAttribute("headers", head);
+ model.addAttribute("visitor", visitor);
+ model.addAttribute("tag", paramTag);
+ model.addAttribute("title", title);
+ model.addAttribute("msgs", msgs);
+ model.addAttribute("tags", tagService.getPopularTags());
+ model.addAttribute("noindex", before > 0);
+ model.addAttribute("showAdv", before == 0 && visitor.isAnonymous());
+ model.addAttribute("isSubscribed", tagService.isSubscribed(visitor, paramTag));
+ model.addAttribute("isInBL", tagService.isInBL(visitor, paramTag));
+ if (mids.size() >= 20) {
+ String nextpage = "/tag/" + URLEncoder.encode(paramTag.getName(), CharEncoding.UTF_8) + "?before=" + mids.get(mids.size() - 1);
+ model.addAttribute("nextpage", nextpage);
+ }
+ UriComponents builder = ServletUriComponentsBuilder.fromCurrentRequestUri().build();
+ String queryString = builder.getQuery();
+ String requestURI = builder.toUri().getPath();
+ if (sape != null && visitor.isAnonymous() && queryString == null) {
+ String links = sape.getPageLinks(requestURI, sapeCookie).render();
+ model.addAttribute("links", links);
+ }
+ return "views/index";
+ }
+ @GetMapping("/pm/inbox")
+ protected String doGetInbox(ModelMap model) {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isAnonymous()) {
+ return "redirect:/login";
+ }
+ String title = "PM: Inbox";
+ List<com.juick.Message> msgs = pmQueriesService.getLastPMInbox(visitor.getUid());
+ fillUserModel(model, visitor, visitor);
+ model.addAttribute("title", title);
+ model.addAttribute("visitor", visitor);
+ model.addAttribute("msgs", msgs);
+ model.addAttribute("tags", tagService.getPopularTags());
+ return "views/pm_inbox";
+ }
+
+ @GetMapping("/pm/sent")
+ protected String doGetSent(@RequestParam(required = false) String uname,
+ ModelMap model) {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isAnonymous()) {
+ return "redirect:/login";
+ }
+ String title = "PM: Sent";
+ List<com.juick.Message> msgs = pmQueriesService.getLastPMSent(visitor.getUid());
+
+ if (WebUtils.isNotUserName(uname)) {
+ uname = StringUtils.EMPTY;
+ }
+ fillUserModel(model, visitor, visitor);
+ model.addAttribute("title", title);
+ model.addAttribute("visitor", visitor);
+ model.addAttribute("msgs", msgs);
+ model.addAttribute("tags", tagService.getPopularTags());
+ model.addAttribute("uname", uname);
+ return "views/pm_sent";
+ }
+ @GetMapping("/{uname}/{mid}")
+ protected String threadAction(ModelMap model,
+ @PathVariable String uname,
+ @PathVariable int mid,
+ @CookieValue(name = "sape_cookie",
+ required = false, defaultValue = StringUtils.EMPTY) String sapeCookie) {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+
+ if (!messagesService.canViewThread(mid, visitor.getUid())) {
+ throw new HttpForbiddenException();
+ }
+
+ com.juick.Message msg = messagesService.getMessage(mid);
+
+ if (msg == null || msg.getUser().isBanned()) {
+ throw new HttpNotFoundException();
+ }
+
+ com.juick.User user = userService.getUserByName(uname);
+ if (user.isAnonymous() || !msg.getUser().equals(user)) {
+ return String.format("redirect:/%s/%d", msg.getUser().getName(), mid);
+ }
+ msg.VisitorCanComment = !visitor.isAnonymous();
+ List<com.juick.Message> replies = messagesService.getReplies(visitor, msg.getMid());
+ // this should be after getReplies to mark thread as read
+ fillUserModel(model, user, visitor);
+ if (!visitor.isAnonymous()) {
+ List<Integer> unread = messagesService.getUnread(visitor);
+ visitor.setUnreadCount(unread.size());
+ boolean isMsgAuthor = visitor.getUid() == msg.getUser().getUid();
+ boolean isInBL = userService.isInBLAny(msg.getUser().getUid(), visitor.getUid());
+ msg.VisitorCanComment = isMsgAuthor || !(msg.ReadOnly || isInBL);
+ }
+ model.addAttribute("msg", msg);
+
+ String title = msg.getUser().getName() + ": " + MessageUtils.getTagsString(msg);
+
+ model.addAttribute("title", title);
+ model.addAttribute("visitor", visitor);
+ String headers = "<link rel=\"alternate\" type=\"application/rss+xml\" title=\"@" + msg.getUser().getName() + "\" href=\"//rss.juick.com/" + msg.getUser().getName() + "/blog\"/>";
+ String pageUrl = "https://juick.com/" + msg.getUser().getName() + "/" + msg.getMid();
+ if (msg.Hidden) {
+ headers += "<meta name=\"robots\" content=\"noindex\"/>";
+ }
+ String cardType = StringUtils.isNotEmpty(msg.getAttachmentType()) ? "summary_large_image" : "summary";
+ if (StringUtils.isNotEmpty(msg.getAttachmentType())) {
+ // additional check in case of broken images
+ if (msg.getAttachment() != null) {
+ String msgImage = msg.getAttachment().getMedium().getUrl();
+ headers += "<meta property=\"og:image\" content=\"" + msgImage + "\" />";
+ }
+ } else {
+ String msgImage ="https://i.juick.com/a/" + msg.getUser().getUid() + ".png";
+ headers += "<meta property=\"og:image\" content=\"" + msgImage + "\" />";
+ }
+ model.addAttribute("ogtype", "article");
+ String cardDescription = StringEscapeUtils.escapeHtml4(PlainTextFormatter.formatTwitterCard(msg));
+ headers += "<meta name=\"twitter:card\" content=\"" + cardType + "\" />\n" +
+ "<meta name=\"twitter:site\" content=\"@juick\" />\n" +
+ "<meta property=\"og:url\" content=\"" + pageUrl + "\" />\n" +
+ "<meta property=\"og:title\" content=\"" + msg.getUser().getName() + " at Juick\" />\n" +
+ "<meta property=\"og:description\" content=\"" + cardDescription + "\" />\n" +
+ "<meta name=\"Description\" content=\"" + cardDescription + "\" />\n";
+ String twitterName = crosspostService.getTwitterName(msg.getUser().getUid());
+ if (StringUtils.isNotEmpty(twitterName)) {
+ headers += "<meta name=\"twitter:creator\" content=\"@" + twitterName + "\" />\n";
+ }
+ if (msg.getTags().size() > 0) {
+ headers += "<meta name=\"Keywords\" content=\"" + msg.getTags().stream().map(Tag::getName)
+ .collect(Collectors.joining(", ")) + "\" />\n";
+ }
+ model.addAttribute("headers", headers);
+ model.addAttribute("visitorSubscribed", messagesService.isSubscribed(visitor.getUid(), msg.getMid()));
+ model.addAttribute("visitorInBL", userService.isInBL(msg.getUser().getUid(), visitor.getUid()));
+ model.addAttribute("recomm", messagesService.getMessageRecommendations(msg.getMid()));
+ List<Integer> blUIDs = new ArrayList<>();
+ for (Message reply : replies) {
+ if (reply.getUser().getUid() != msg.getUser().getUid()
+ && !blUIDs.contains(reply.getUser().getUid())) {
+ blUIDs.add(reply.getUser().getUid());
+ }
+ reply.VisitorCanComment = !visitor.isAnonymous();
+ if (!visitor.isAnonymous()) {
+ boolean isMsgAuthor = visitor.getUid() == msg.getUser().getUid();
+ boolean isReplyAuthor = visitor.getUid() == reply.getUser().getUid();
+ reply.VisitorCanComment = isMsgAuthor || (!msg.ReadOnly
+ && msg.VisitorCanComment && (isReplyAuthor || !userService.isInBLAny(visitor.getUid(), reply.getUser().getUid())));
+ }
+ }
+ model.addAttribute("replies", replies);
+ model.addAttribute("showAdv", visitor.isAnonymous());
+ UriComponents builder = ServletUriComponentsBuilder.fromCurrentRequestUri().build();
+ String queryString = builder.getQuery();
+ String requestURI = builder.toUri().getPath();
+ if (sape != null && visitor.isAnonymous() && queryString == null) {
+ String links = sape.getPageLinks(requestURI, sapeCookie).render();
+ model.addAttribute("links", links);
+ }
+ return "views/thread";
+ }
+
+ // when message id is not fit to int
+ @ExceptionHandler(NumberFormatException.class)
+ public ResponseEntity<String> notFoundAction() {
+ return new ResponseEntity<>(HttpStatus.NOT_FOUND);
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java b/juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java
new file mode 100644
index 00000000..9e364ff8
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/NewMessage.java
@@ -0,0 +1,263 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.server.www.controllers;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.juick.Message;
+import com.juick.User;
+import com.juick.server.helpers.AnonymousUser;
+import com.juick.server.helpers.CommandResult;
+import com.juick.server.util.*;
+import com.juick.server.www.WebApp;
+import com.juick.service.*;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.multipart.MultipartFile;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import javax.inject.Inject;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URL;
+import java.util.stream.Collectors;
+
+/**
+ * @author Ugnich Anton
+ */
+@Controller
+public class NewMessage {
+
+ @Inject
+ private TagService tagService;
+ @Inject
+ private MessagesService messagesService;
+ @Inject
+ private UserService userService;
+ @Inject
+ private SubscriptionService subscriptionService;
+ @Inject
+ private CrosspostService crosspostService;
+ @Inject
+ private PMQueriesService pmQueriesService;
+ @Inject
+ private WebApp webApp;
+ @Inject
+ private ObjectMapper jsonMapper;
+ @Inject
+ private ImagesService imagesService;
+ @Value("${img_path:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
+ private String imgDir;
+ @Value("${upload_tmp_dir:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
+ private String tmpDir;
+ @Value("${api_url:http://localhost:8080}")
+ private String apiUrl;
+ private RestTemplate rest = new RestTemplate();
+
+ private static final Logger logger = LoggerFactory.getLogger(NewMessage.class);
+
+ @GetMapping("/post")
+ protected String postAction(@RequestParam(required = false) String body, ModelMap model) {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ model.addAttribute("title", "Написать");
+ model.addAttribute("headers", "");
+ model.addAttribute("visitor", visitor);
+ if (body == null) {
+ body = StringUtils.EMPTY;
+ } else {
+ if (body.length() > 4096) {
+ body = body.substring(0, 4096);
+ }
+ body = StringEscapeUtils.escapeHtml4(body);
+ }
+ model.addAttribute("body", body);
+ model.addAttribute("visitor", visitor);
+ model.addAttribute("tags", tagService.getUserTagStats(visitor.getUid()).stream()
+ .sorted((e1, e2) -> Integer.compare(e2.getUsageCount(), e1.getUsageCount())).map(t -> t.getTag().getName()).collect(Collectors.toList()));
+ return "views/post";
+ }
+
+ @PostMapping("/comment")
+ public String doPostComment(
+ @RequestParam Integer mid,
+ @RequestParam(required = false, defaultValue = "0") Integer rid,
+ @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
+ @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String img,
+ @RequestParam(required = false) MultipartFile attach) throws IOException {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isAnonymous() || visitor.isBanned()) {
+ throw new HttpForbiddenException();
+ }
+ com.juick.Message msg = messagesService.getMessage(mid);
+ if (msg == null) {
+ throw new HttpNotFoundException();
+ }
+
+ com.juick.Message reply = null;
+ if (rid > 0) {
+ reply = messagesService.getReply(mid, rid);
+ if (reply == null) {
+ throw new HttpNotFoundException();
+ }
+ }
+
+ if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) {
+ throw new HttpBadRequestException();
+ }
+ body = body.replace("\r", StringUtils.EMPTY);
+
+ if ((msg.ReadOnly && msg.getUser().getUid() != visitor.getUid())
+ || userService.isInBLAny(msg.getUser().getUid(), visitor.getUid())
+ || (reply != null && userService.isInBLAny(reply.getUser().getUid(), visitor.getUid()))) {
+ throw new HttpForbiddenException();
+ }
+
+ URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir);
+
+ if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) {
+ try {
+ URL imgUrl = new URL(img);
+ attachmentFName = HttpUtils.downloadImage(imgUrl, tmpDir);
+ } catch (Exception e) {
+ logger.error("DOWNLOAD ERROR", e);
+ throw new HttpBadRequestException();
+ }
+ }
+
+ HttpHeaders headers = new HttpHeaders();
+ headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+ MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+ HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
+
+
+ params.add("body", rid == 0 ? String.format("#%d %s", mid, body) : String.format("#%d/%d %s", mid, rid, body));
+ params.add("hash", userService.getHashByUID(visitor.getUid()));
+ if (StringUtils.isNotEmpty(attachmentFName.toString())) {
+ params.add("img", attachmentFName.toASCIIString());
+ }
+ URI postUri = UriComponentsBuilder.fromUriString(apiUrl).path("/api/post").build().toUri();
+ ResponseEntity<CommandResult> result = rest.postForEntity(
+ postUri,
+ request, CommandResult.class);
+ logger.info("/comment: {}", jsonMapper.writeValueAsString(result.getBody()));
+ boolean wasReply = result.getBody().getNewMessage().isPresent();
+ return wasReply ? "redirect:/" + msg.getUser().getName() + "/" + mid + "#" + result.getBody().getNewMessage().get().getRid() : "redirect:/" + msg.getUser().getName() + "/" + mid;
+ }
+
+ @PostMapping("/pm/send")
+ public String doPostPM(@RequestParam(name = "uname", required = false) String unameParam,
+ @RequestParam String body) throws IOException {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isAnonymous() || visitor.isBanned()) {
+ throw new HttpForbiddenException();
+ }
+ String uname = unameParam;
+ if (uname.startsWith("@")) {
+ uname = uname.substring(1);
+ }
+ User userTo = AnonymousUser.INSTANCE;
+ if (WebUtils.isUserName(uname)) {
+ userTo = userService.getUserByName(uname);
+ }
+
+ if (userTo.isAnonymous() || body.length() > 10240) {
+ throw new HttpBadRequestException();
+ }
+
+ if (userService.isInBLAny(userTo.getUid(), visitor.getUid())) {
+ throw new HttpForbiddenException();
+ }
+
+ HttpHeaders headers = new HttpHeaders();
+ headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+ MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+ HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
+
+ params.add("body", String.format("@%s %s", userTo.getName(), body));
+ params.add("hash", userService.getHashByUID(visitor.getUid()));
+ URI postUri = UriComponentsBuilder.fromUriString(apiUrl).path("/api/post").build().toUri();
+ ResponseEntity<CommandResult> result = rest.postForEntity(
+ postUri,
+ request, CommandResult.class);
+ logger.info("/pm: {}", jsonMapper.writeValueAsString(result.getBody()));
+ return "redirect:/pm/sent";
+
+ }
+ @PostMapping("/post2")
+ public String doPostMessage(@RequestParam(name = "body", required = false) String bodyParam,
+ @RequestParam(required = false) String img,
+ @RequestParam(required = false) MultipartFile attach) throws IOException {
+
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isAnonymous() || visitor.isBanned()) {
+ throw new HttpForbiddenException();
+ }
+ String body = StringUtils.isNotEmpty(bodyParam) ? bodyParam.replace("\r", StringUtils.EMPTY) : StringUtils.EMPTY;
+
+ URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, tmpDir);
+
+ if (StringUtils.isBlank(attachmentFName.toString()) && StringUtils.isNotBlank(img)) {
+ try {
+ URL imgUrl = new URL(img);
+ attachmentFName = HttpUtils.downloadImage(imgUrl, tmpDir);
+ } catch (Exception e) {
+ logger.error("DOWNLOAD ERROR", e);
+ throw new HttpBadRequestException();
+ }
+ }
+ HttpHeaders headers = new HttpHeaders();
+ headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+ MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+ HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
+
+ params.add("body", body);
+ params.add("hash", userService.getHashByUID(visitor.getUid()));
+ if (StringUtils.isNotEmpty(attachmentFName.toString())) {
+ params.add("img", attachmentFName.toASCIIString());
+ }
+ URI postUri = UriComponentsBuilder.fromUriString(apiUrl).path("/api/post").build().toUri();
+ try {
+ ResponseEntity<CommandResult> result = rest.postForEntity(postUri,
+ request, CommandResult.class);
+ Message newMessage = result.getBody().getNewMessage().orElse(new Message());
+ if (newMessage.getMid() > 0) {
+ logger.info("/post: {}", jsonMapper.writeValueAsString(result.getBody()));
+ return String.format("redirect:/%d", newMessage.getMid());
+ } else {
+ logger.info("{} : {}", body, result.getBody().getText());
+ }
+ } catch (HttpClientErrorException e) {
+ logger.error("post error", e);
+ }
+ return "redirect:/?show=my";
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/Settings.java b/juick-server/src/main/java/com/juick/server/www/controllers/Settings.java
new file mode 100644
index 00000000..f2ecccf6
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/Settings.java
@@ -0,0 +1,262 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.server.www.controllers;
+
+import com.juick.server.helpers.NotifyOpts;
+import com.juick.server.helpers.UserInfo;
+import com.juick.server.util.*;
+import com.juick.service.*;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.multipart.MultipartFile;
+
+import javax.inject.Inject;
+import javax.mail.Message;
+import javax.mail.MessagingException;
+import javax.mail.Session;
+import javax.mail.Transport;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeMessage;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
+
+/**
+ *
+ * @author Ugnich Anton
+ */
+@Controller
+public class Settings {
+ private static final Logger logger = LoggerFactory.getLogger(Settings.class);
+
+ @Value("${img_path:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
+ private String imgDir;
+ @Value("${upload_tmp_dir:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
+ private String tmpDir;
+ @Inject
+ private TagService tagService;
+ @Inject
+ private UserService userService;
+ @Inject
+ private CrosspostService crosspostService;
+ @Inject
+ private SubscriptionService subscriptionService;
+ @Inject
+ private EmailService emailService;
+ @Inject
+ private TelegramService telegramService;
+ @Inject
+ private ImagesService imagesService;
+
+ @GetMapping("/settings")
+ protected String doGet(HttpServletRequest request, HttpServletResponse response, ModelMap model) throws IOException {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isAnonymous()) {
+ response.sendRedirect("/login");
+ }
+ List<String> pages = Arrays.asList("main", "password", "about", "auth-email", "privacy");
+ String page = request.getParameter("page");
+ if (StringUtils.isEmpty(page) || !pages.contains(page)) {
+ page = "main";
+ }
+
+ model.addAttribute("title", "Настройки");
+ model.addAttribute("visitor", visitor);
+ model.addAttribute("tags", tagService.getPopularTags());
+ model.addAttribute("auths", userService.getAuthCodes(visitor));
+ model.addAttribute("email_active", emailService.getNotificationsEmail(visitor.getUid()));
+ model.addAttribute("ehash", userService.getEmailHash(visitor));
+ model.addAttribute("emails", userService.getEmails(visitor));
+ model.addAttribute("jids", userService.getAllJIDs(visitor));
+ List<String> hours = IntStream.rangeClosed(0, 23).boxed()
+ .map(i -> StringUtils.leftPad(String.format("%d", i), 2, "0")).collect(Collectors.toList());
+ model.addAttribute("hours", hours);
+ model.addAttribute("fbstatus", crosspostService.getFbCrossPostStatus(visitor.getUid()));
+ model.addAttribute("twitter_name", crosspostService.getTwitterName(visitor.getUid()));
+ model.addAttribute("telegram_name", crosspostService.getTelegramName(visitor.getUid()));
+ model.addAttribute("notify_options", subscriptionService.getNotifyOptions(visitor));
+ model.addAttribute("userinfo", userService.getUserInfo(visitor));
+ if (page.equals("auth-email")) {
+ if (emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("code"))) {
+ ;
+ model.addAttribute("result", "OK!");
+ } else {
+ model.addAttribute("result", "Sorry, code unknown.");
+ }
+ }
+ return String.format("views/settings_%s", page);
+ }
+
+ @PostMapping("/settings")
+ protected String doPost(HttpServletRequest request, HttpServletResponse response,
+ @RequestParam(required = false) MultipartFile avatar,
+ ModelMap model)
+ throws IOException {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ if (visitor.isAnonymous()) {
+ throw new HttpBadRequestException();
+ }
+ List<String> pages = Arrays.asList("main", "password", "about", "email", "email-add", "email-del",
+ "email-subscr", "auth-email", "privacy", "jid-del", "twitter-del", "telegram-del", "facebook-disable",
+ "facebook-enable", "vk-del");
+ String page = request.getParameter("page");
+ if (StringUtils.isEmpty(page) || !pages.contains(page)) {
+ throw new HttpBadRequestException();
+ }
+ String result = StringUtils.EMPTY;
+ switch (page) {
+ case "password":
+ if (userService.updatePassword(visitor, request.getParameter("password"))) {
+ result = "<p>Password has been changed.</p>";
+ String hash = userService.getHashByUID(visitor.getUid());
+ Cookie c = new Cookie("hash", hash);
+ c.setMaxAge(365 * 24 * 60 * 60);
+ response.addCookie(c);
+ }
+ break;
+ case "main":
+ NotifyOpts opts = new NotifyOpts();
+ opts.setRepliesEnabled(StringUtils.isNotEmpty(request.getParameter("jnotify")));
+ opts.setSubscriptionsEnabled(StringUtils.isNotEmpty(request.getParameter("subscr_notify")));
+ opts.setRecommendationsEnabled(StringUtils.isNotEmpty(request.getParameter("recomm")));
+ if (subscriptionService.setNotifyOptions(visitor, opts)) {
+ result = "<p>Notification options has been updated</p>";
+ }
+ break;
+ case "about":
+ UserInfo info = new UserInfo();
+ info.setFullName(request.getParameter("fullname"));
+ info.setCountry(request.getParameter("country"));
+ info.setUrl(request.getParameter("url"));
+ info.setDescription(request.getParameter("descr"));
+ String avatarTmpPath = HttpUtils.receiveMultiPartFile(avatar, tmpDir).getHost();
+ if (StringUtils.isNotEmpty(avatarTmpPath)) {
+ imagesService.saveAvatar(avatarTmpPath, visitor.getUid());
+ }
+ if (userService.updateUserInfo(visitor, info)) {
+ result = String.format("<p>Your info is updated.</p><p><a href='/%s/'>Back to blog</a>.</p>", visitor.getName());
+ }
+ break;
+ case "jid-del":
+ // FIXME: stop using ugnich-csv in parameters
+ String[] params = request.getParameter("delete").split(";", 2);
+ boolean res = false;
+ if (params[0].equals("xmpp")) {
+ res = userService.deleteJID(visitor.getUid(), params[1]);
+ } else if (params[0].equals("xmpp-unauth")) {
+ res = userService.unauthJID(visitor.getUid(), params[1]);
+ }
+ if (res) {
+ result = "<p>Deleted. <a href=\"/settings\">Back</a>.</p>";
+ } else {
+ result = "<p>Error</p>";
+ }
+ break;
+ case "email-add":
+ if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) {
+ String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
+ if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) {
+ Session session = Session.getDefaultInstance(System.getProperties());
+ try {
+ MimeMessage message = new MimeMessage(session);
+ message.setFrom(new InternetAddress("noreply@mail.juick.com"));
+ message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
+ message.setSubject("Juick authorization link");
+ message.setText(String.format("Follow link to attach this email to Juick account:\n" +
+ "http://juick.com/settings?page=auth-email&code=%s\n\n" +
+ "If you don't know, what this mean - just ignore this mail.\n", authCode));
+ Transport.send(message);
+ result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
+ "<p><a href=\"/settings\">Back</a></p>";
+
+ } catch (MessagingException ex) {
+ logger.error("mail exception", ex);
+ throw new HttpBadRequestException();
+ }
+ }
+ }
+ break;
+ case "email-del":
+ if (emailService.deleteEmail(visitor.getUid(), request.getParameter("account"))) {
+ result = "<p>Deleted. <a href=\"/settings\">Back</a>.</p>";
+ } else {
+ result = "<p>An error occured while deleting.</p>";
+ }
+ break;
+ case "email-subscr":
+ if (emailService.setNotificationsEmail(visitor.getUid(), request.getParameter("account"))) {
+ result = String.format("<p>Saved! Will send notifications to <strong>%s</strong>." +
+ "</p><p><a href=\"/settings\">Back</a></p>", request.getParameter("account"));
+ } else {
+ result = "<p>Disabled.</p><p><a href=\"/settings\">Back</a></p>";
+ }
+ break;
+ case "twitter-del":
+ crosspostService.deleteTwitterToken(visitor.getUid());
+ for (Cookie cookie : request.getCookies()) {
+ if (cookie.getName().equals("request_token")) {
+ cookie.setMaxAge(0);
+ response.addCookie(cookie);
+ }
+ if (cookie.getName().equals("request_token_secret")) {
+ cookie.setMaxAge(0);
+ response.addCookie(cookie);
+ }
+ }
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ case "telegram-del":
+ telegramService.deleteTelegramUser(visitor.getUid());
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ case "facebook-disable":
+ crosspostService.disableFBCrosspost(visitor.getUid());
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ case "facebook-enable":
+ crosspostService.enableFBCrosspost(visitor.getUid());
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ case "vk-del":
+ crosspostService.deleteVKUser(visitor.getUid());
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ default:
+ throw new HttpBadRequestException();
+ }
+
+ model.addAttribute("title", "Настройки");
+ model.addAttribute("visitor", visitor);
+ model.addAttribute("result", result);
+ return "views/settings_result";
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/controllers/SignUp.java b/juick-server/src/main/java/com/juick/server/www/controllers/SignUp.java
new file mode 100644
index 00000000..6d72aecc
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/SignUp.java
@@ -0,0 +1,172 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.server.www.controllers;
+
+import com.juick.server.util.HttpBadRequestException;
+import com.juick.server.util.HttpForbiddenException;
+import com.juick.server.util.UserUtils;
+import com.juick.service.CrosspostService;
+import com.juick.service.EmailService;
+import com.juick.service.MessengerService;
+import com.juick.service.UserService;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import javax.inject.Inject;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ *
+ * @author Ugnich Anton
+ */
+@Controller
+public class SignUp {
+
+ @Inject
+ private UserService userService;
+ @Inject
+ private CrosspostService crosspostService;
+ @Inject
+ private MessengerService messengerService;
+ @Inject
+ private EmailService emailService;
+
+
+ @GetMapping("/signup")
+ protected String doGet(@RequestParam String type, @RequestParam String hash, ModelMap model) {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+
+ if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$")
+ || !hash.matches("^[a-zA-Z0-9\\-]+$")) {
+ throw new HttpBadRequestException();
+ }
+
+ String account = null;
+ switch (type) {
+ case "fb":
+ account = crosspostService.getFacebookNameByHash(hash);
+ break;
+ case "vk":
+ account = crosspostService.getVKNameByHash(hash);
+ break;
+ case "xmpp":
+ account = crosspostService.getJIDByHash(hash);
+ break;
+ case "durov":
+ account = crosspostService.getTelegramNameByHash(hash);
+ break;
+ case "messenger":
+ account = messengerService.getDisplayName(hash);
+ break;
+ case "email":
+ account = emailService.getEmailByAuthCode(hash);
+ }
+ if (account == null) {
+ throw new HttpBadRequestException();
+ }
+
+ model.addAttribute("title", "Новый пользователь");
+ model.addAttribute("visitor", visitor);
+ model.addAttribute("account", account);
+ model.addAttribute("type", type);
+ model.addAttribute("hash", hash);
+ return "views/signup";
+ }
+
+ @PostMapping("/signup")
+ protected String doPost(
+ HttpServletResponse response,
+ @RequestParam String type,
+ @RequestParam String hash,
+ @RequestParam String action,
+ @RequestParam(required = false) String username,
+ @RequestParam(required = false) String password) {
+ com.juick.User visitor = UserUtils.getCurrentUser();
+ int uid = 0;
+
+ if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) {
+ throw new HttpBadRequestException();
+ }
+
+ if (action.charAt(0) == 'l') {
+
+ if (visitor.isAnonymous()) {
+ if (username.length() > 32) {
+ throw new HttpBadRequestException();
+ }
+ uid = userService.checkPassword(username, password);
+ } else {
+ uid = visitor.getUid();
+ }
+
+ if (uid <= 0) {
+ throw new HttpForbiddenException();
+ }
+
+ if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid))
+ && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid))
+ && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))
+ && !(type.charAt(0) == 'x' && crosspostService.setJIDUser(hash, uid))
+ && !(type.charAt(0) == 'm' && messengerService.linkMessengerUser(hash, uid))) {
+ if (type.equals("email")) {
+ String email = emailService.getEmailByAuthCode(hash);
+ emailService.addEmail(uid, email);
+ emailService.deleteAuthCode(hash);
+ } else {
+ throw new HttpBadRequestException();
+ }
+ }
+
+ } else { // Create new account
+ if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$") || password.length() < 6 || password.length() > 32) {
+ throw new HttpBadRequestException();
+ }
+
+ // CHECK USERNAME
+
+ uid = userService.createUser(username, password);
+ if (uid <= 0) {
+ throw new HttpBadRequestException();
+ }
+
+ if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid))
+ && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid))
+ && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))
+ && !(type.charAt(0) == 'm' && messengerService.linkMessengerUser(hash, uid))) {
+ if (type.equals("email")) {
+ String email = emailService.getEmailByAuthCode(hash);
+ emailService.addEmail(uid, email);
+ emailService.deleteAuthCode(hash);
+ } else {
+ throw new HttpBadRequestException();
+ }
+ }
+ }
+
+ if (visitor.isAnonymous()) {
+ hash = userService.getHashByUID(uid);
+ Cookie c = new Cookie("hash", hash);
+ c.setMaxAge(365 * 24 * 60 * 60);
+ response.addCookie(c);
+ }
+ return "redirect:/";
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java b/juick-server/src/main/java/com/juick/server/www/controllers/SocialLogin.java
index dc7425e1..014a728d 100644
--- a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
+++ b/juick-server/src/main/java/com/juick/server/www/controllers/SocialLogin.java
@@ -14,38 +14,48 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-package com.juick.server.api;
+package com.juick.server.www.controllers;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.scribejava.apis.FacebookApi;
+import com.github.scribejava.apis.TwitterApi;
import com.github.scribejava.apis.VkontakteApi;
import com.github.scribejava.core.builder.ServiceBuilder;
-import com.github.scribejava.core.model.OAuth2AccessToken;
-import com.github.scribejava.core.model.OAuthRequest;
-import com.github.scribejava.core.model.Verb;
+import com.github.scribejava.core.model.*;
+import com.github.scribejava.core.oauth.OAuth10aService;
import com.github.scribejava.core.oauth.OAuth20Service;
-import com.juick.facebook.User;
import com.juick.server.util.HttpBadRequestException;
+import com.juick.server.util.UserUtils;
import com.juick.service.CrosspostService;
import com.juick.service.EmailService;
import com.juick.service.TelegramService;
import com.juick.service.UserService;
-import com.juick.vk.UsersResponse;
+import com.juick.server.www.Utils;
+import com.juick.server.www.facebook.User;
+import com.juick.server.www.vk.UsersResponse;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.codec.digest.HmacAlgorithms;
+import org.apache.commons.codec.digest.HmacUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.util.UriComponentsBuilder;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
+import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
+import java.util.stream.Collectors;
/**
*
@@ -60,8 +70,8 @@ public class SocialLogin {
private String FACEBOOK_APPID;
@Value("${facebook_secret:secret}")
private String FACEBOOK_SECRET;
- private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin";
- private static final String VK_REDIRECT = "https://api.juick.com/_vklogin";
+ private static final String FACEBOOK_REDIRECT = "https://juick.com/_fblogin";
+ private static final String VK_REDIRECT = "http://juick.com/_vklogin";
private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json";
@Inject
private ObjectMapper jsonMapper;
@@ -95,8 +105,10 @@ public class SocialLogin {
}
@GetMapping("/_fblogin")
- protected String doFacebookLogin(@RequestParam(required = false) String code,
- @RequestParam(required = false) String state) throws IOException, ExecutionException, InterruptedException {
+ protected String doFacebookLogin(HttpServletRequest request,
+ @RequestParam(required = false) String code,
+ @RequestParam(required = false) String state,
+ HttpServletResponse response) throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
String fbstate = UUID.randomUUID().toString();
crosspostService.addFacebookState(fbstate, state);
@@ -110,7 +122,6 @@ public class SocialLogin {
}
String redirectUrl = crosspostService.verifyFacebookState(state);
-
if (StringUtils.isEmpty(redirectUrl)) {
logger.error("state is missing");
throw new HttpBadRequestException();
@@ -143,9 +154,10 @@ public class SocialLogin {
logger.error("error updating facebook user, id: {}, token: {}", fbID, token.getAccessToken());
throw new HttpBadRequestException();
}
- UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl);
- uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid));
- return "redirect:" + uriComponentsBuilder.build().toUriString();
+ Cookie c = new Cookie("hash", userService.getHashByUID(uid));
+ c.setMaxAge(50 * 24 * 60 * 60);
+ response.addCookie(c);
+ return "redirect:" + redirectUrl;
} else if (fb.getVerified()) {
if (!crosspostService.createFacebookUser(fbID, state, token.getAccessToken(), fb.getName(), fb.getLink())) {
if (StringUtils.isNotEmpty(fb.getEmail())) {
@@ -163,7 +175,7 @@ public class SocialLogin {
logger.error("Facebook account is not verified, id: {}", fbID);
throw new HttpBadRequestException();
}
- }/*
+ }
@GetMapping("/_twitter")
protected void doTwitterLogin(HttpServletRequest request, HttpServletResponse response)
throws IOException, ExecutionException, InterruptedException {
@@ -201,8 +213,8 @@ public class SocialLogin {
OAuth1AccessToken accessToken = oAuthService.getAccessToken(requestToken, verifier);
OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, TWITTER_VERIFY_URL);
oAuthService.signRequest(accessToken, oAuthRequest);
- com.juick.twitter.User twitterUser = jsonMapper.readValue(oAuthService.execute(oAuthRequest).getBody(),
- com.juick.twitter.User.class);
+ com.juick.server.www.twitter.User twitterUser = jsonMapper.readValue(oAuthService.execute(oAuthRequest).getBody(),
+ com.juick.server.www.twitter.User.class);
if (userService.linkTwitterAccount(user, accessToken.getToken(), accessToken.getTokenSecret(),
twitterUser.getScreenName())) {
response.setStatus(HttpServletResponse.SC_FOUND);
@@ -212,13 +224,17 @@ public class SocialLogin {
}
}
}
- }*/
+ }
@GetMapping("/_vklogin")
- protected String doVKLogin(@RequestParam(required = false) String code,
- @RequestParam String state) throws IOException, ExecutionException, InterruptedException {
+ protected String doVKLogin(HttpServletRequest request,
+ @RequestParam(required = false) String code,
+ @RequestParam(required = false) String state,
+ @CookieValue(required = false) String vkstate,
+ HttpServletResponse response) throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
- String vkstate = UUID.randomUUID().toString();
- crosspostService.addVKState(vkstate, state);
+ vkstate = UUID.randomUUID().toString();
+ Cookie c = new Cookie("vkstate", vkstate);
+ response.addCookie(c);
OAuth20Service vkAuthService = vkBuilder
.apiSecret(VK_SECRET)
.scope("friends,wall,offline")
@@ -228,10 +244,12 @@ public class SocialLogin {
return "redirect:" + vkAuthService.getAuthorizationUrl();
}
- String redirectUrl = crosspostService.verifyVKState(state);
- if (StringUtils.isBlank(redirectUrl)) {
- logger.error("state is missing");
+ if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) {
throw new HttpBadRequestException();
+ } else {
+ Cookie c = new Cookie("vkstate", "-");
+ c.setMaxAge(0);
+ response.addCookie(c);
}
OAuth20Service vkService = vkBuilder
@@ -244,7 +262,7 @@ public class SocialLogin {
vkService.signRequest(token, meRequest);
String graph = vkService.execute(meRequest).getBody();
- com.juick.vk.User jsonUser = jsonMapper.readValue(graph, UsersResponse.class).getUsers().get(0);
+ com.juick.server.www.vk.User jsonUser = jsonMapper.readValue(graph, UsersResponse.class).getUsers().get(0);
String vkName = jsonUser.getFirstName() + " " + jsonUser.getLastName();
String vkLink = jsonUser.getScreenName();
@@ -256,9 +274,10 @@ public class SocialLogin {
Long vkID = NumberUtils.toLong(jsonUser.getId(), 0);
int uid = crosspostService.getUIDbyVKID(vkID);
if (uid > 0) {
- UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl);
- uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid));
- return "redirect:" + uriComponentsBuilder.build().toUriString();
+ Cookie c = new Cookie("hash", userService.getHashByUID(uid));
+ c.setMaxAge(50 * 24 * 60 * 60);
+ response.addCookie(c);
+ return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
} else {
String loginhash = UUID.randomUUID().toString();
if (!crosspostService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) {
@@ -268,7 +287,7 @@ public class SocialLogin {
return "redirect:/signup?type=vk&hash=" + loginhash;
}
}
- /*
+
@GetMapping("/_tglogin")
public String doDurovLogin(HttpServletRequest request,
@RequestParam Map<String, String> params,
@@ -298,5 +317,5 @@ public class SocialLogin {
logger.warn("invalid tg hash {} for {}", resultString, hash);
}
throw new HttpBadRequestException();
- }*/
+ }
}
diff --git a/juick-server/src/main/java/com/juick/server/www/facebook/User.java b/juick-server/src/main/java/com/juick/server/www/facebook/User.java
new file mode 100644
index 00000000..b85cf65c
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/facebook/User.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.www.facebook;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * Created by vitalyster on 28.11.2016.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class User {
+ private String id;
+ private String name;
+ private String link;
+ private boolean verified;
+ private String firstName;
+ private String lastName;
+ private String gender;
+ private String locale;
+ private String timezone;
+ private String updatedTime;
+ private String email;
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getLink() {
+ return link;
+ }
+
+ public void setLink(String link) {
+ this.link = link;
+ }
+
+ public boolean getVerified() {
+ return verified;
+ }
+
+ public void setVerified(boolean verified) {
+ this.verified = verified;
+ }
+
+ @JsonProperty("first_name")
+ public String getFirstName() {
+ return firstName;
+ }
+ public void setFirstName(String firstName) {
+ this.firstName = firstName;
+ }
+
+ public String getGender() {
+ return gender;
+ }
+
+ public void setGender(String gender) {
+ this.gender = gender;
+ }
+
+ @JsonProperty("last_name")
+ public String getLastName() {
+ return lastName;
+ }
+
+ public void setLastName(String lastName) {
+ this.lastName = lastName;
+ }
+
+ public String getLocale() {
+ return locale;
+ }
+
+ public void setLocale(String locale) {
+ this.locale = locale;
+ }
+
+ public String getTimezone() {
+ return timezone;
+ }
+
+ public void setTimezone(String timezone) {
+ this.timezone = timezone;
+ }
+
+ @JsonProperty("updated_time")
+ public String getUpdatedTime() {
+ return updatedTime;
+ }
+
+ public void setUpdatedTime(String updatedTime) {
+ this.updatedTime = updatedTime;
+ }
+
+ public String getEmail() {
+ return email;
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/twitter/User.java b/juick-server/src/main/java/com/juick/server/www/twitter/User.java
new file mode 100644
index 00000000..35f708f7
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/twitter/User.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.www.twitter;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * Created by vitalyster on 28.11.2016.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class User {
+ private String screenName;
+
+ @JsonProperty("screen_name")
+ public String getScreenName() {
+ return screenName;
+ }
+
+ public void setScreenName(String screenName) {
+ this.screenName = screenName;
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/vk/Token.java b/juick-server/src/main/java/com/juick/server/www/vk/Token.java
new file mode 100644
index 00000000..c6277245
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/vk/Token.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.www.vk;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * Created by vitalyster on 28.11.2016.
+ */
+public class Token {
+ private Long userId;
+ private String accessToken;
+ private String expiresIn;
+
+ @JsonProperty("user_id")
+ public Long getUserId() {
+ return userId;
+ }
+
+ public void setUserId(Long userId) {
+ this.userId = userId;
+ }
+
+ @JsonProperty("access_token")
+ public String getAccessToken() {
+ return accessToken;
+ }
+
+ public void setAccessToken(String accessToken) {
+ this.accessToken = accessToken;
+ }
+
+ @JsonProperty("expires_in")
+ public String getExpiresIn() {
+ return expiresIn;
+ }
+
+ public void setExpiresIn(String expiresIn) {
+ this.expiresIn = expiresIn;
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/vk/User.java b/juick-server/src/main/java/com/juick/server/www/vk/User.java
new file mode 100644
index 00000000..0c491166
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/vk/User.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.www.vk;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * Created by vitalyster on 28.11.2016.
+ */
+public class User {
+ private String id;
+ private String firstName;
+ private String lastName;
+ private String screenName;
+
+ @JsonProperty("first_name")
+ public String getFirstName() {
+ return firstName;
+ }
+
+ public void setFirstName(String firstName) {
+ this.firstName = firstName;
+ }
+
+ @JsonProperty("last_name")
+ public String getLastName() {
+ return lastName;
+ }
+
+ public void setLastName(String lastName) {
+ this.lastName = lastName;
+ }
+
+ @JsonProperty("screen_name")
+ public String getScreenName() {
+ return screenName;
+ }
+
+ public void setScreenName(String screenName) {
+ this.screenName = screenName;
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/www/vk/UsersResponse.java b/juick-server/src/main/java/com/juick/server/www/vk/UsersResponse.java
new file mode 100644
index 00000000..d16b9921
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/www/vk/UsersResponse.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2008-2017, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.juick.server.www.vk;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.util.List;
+
+/**
+ * Created by vitalyster on 28.11.2016.
+ */
+public class UsersResponse {
+ private List<User> users;
+
+ @JsonProperty("response")
+ public List<User> getUsers() {
+ return users;
+ }
+
+ public void setUsers(List<User> users) {
+ this.users = users;
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/service/EmailServiceImpl.java b/juick-server/src/main/java/com/juick/service/EmailServiceImpl.java
index 0cccc915..5ba44e24 100644
--- a/juick-server/src/main/java/com/juick/service/EmailServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/EmailServiceImpl.java
@@ -89,4 +89,20 @@ public class EmailServiceImpl extends BaseJdbcService implements EmailService {
return getJdbcTemplate().queryForList("SELECT email FROM emails WHERE user_id=? " +
(active ? "AND subscr_hour IS NOT NULL" : ""), String.class, userId);
}
+ @Transactional(readOnly = true)
+ @Override
+ public String getEmailByAuthCode(String code) {
+ try {
+ return getJdbcTemplate().queryForObject("SELECT account FROM auth WHERE protocol='email' AND authcode=?", String.class, code);
+ } catch (EmptyResultDataAccessException e) {
+ return StringUtils.EMPTY;
+ }
+ }
+
+ @Transactional
+ @Override
+ public void deleteAuthCode(String code) {
+ getJdbcTemplate().update("DELETE FROM auth WHERE authcode=?", code);
+ }
+
}