1 files changed, 65 insertions, 0 deletions

diff --git a/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java b/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java
new file mode 100644
index 00000000..8a474c9b
--- /dev/null
+++ b/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java
@@ -0,0 +1,65 @@
+package com.juick.www.controllers;
+
+import com.juick.User;
+import com.juick.server.util.HttpBadRequestException;
+import com.juick.server.util.HttpForbiddenException;
+import com.juick.service.UserService;
+import com.juick.util.UserUtils;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import javax.inject.Inject;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+import java.net.URI;
+import java.security.Principal;
+import java.util.Optional;
+
+/**
+ * Created by vitalyster on 09.12.2016.
+ */
+@Controller
+public class LoginController {
+    @Inject
+    UserService userService;
+    @Inject
+    Environment env;
+
+    @RequestMapping(value = "/login", method = RequestMethod.GET)
+    public String doGetLoginForm(Principal principal) {
+        String name = UserUtils.getUsername(principal, null);
+        User visitor = userService.getUserByName(name);
+        if (visitor.getUid() > 0) {
+            return "redirect:/login";
+        }
+        return "views/login";
+    }
+    @RequestMapping(value = "/login", method = RequestMethod.POST)
+    protected String doPostLogin(
+            @RequestParam("username") Optional<String> username,
+            @RequestParam("password") Optional<String> password,
+            @RequestHeader("Referer") Optional<String> referer,
+            HttpServletResponse response) {
+        if (!username.isPresent() && password.isPresent()) {
+            throw new HttpBadRequestException();
+        }
+
+        int uid = userService.checkPassword(username.get(), password.get());
+        if (uid > 0) {
+            if (referer.isPresent()) {
+                URI refererURI = URI.create(referer.get());
+                if (refererURI.getHost().equals(env.getProperty("web_domain"))
+                        && !refererURI.getPath().equals("/login")) {
+                    return "redirect:" + referer.get();
+                } else {
+                    return "redirect:/";
+                }
+            }
+        }
+        throw new HttpForbiddenException();
+    }
+}