aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick/www/Settings.java
diff options
context:
space:
mode:
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/Settings.java')
-rw-r--r--juick-www/src/main/java/com/juick/www/Settings.java264
1 files changed, 221 insertions, 43 deletions
diff --git a/juick-www/src/main/java/com/juick/www/Settings.java b/juick-www/src/main/java/com/juick/www/Settings.java
index 6364c869..c04a63fb 100644
--- a/juick-www/src/main/java/com/juick/www/Settings.java
+++ b/juick-www/src/main/java/com/juick/www/Settings.java
@@ -17,75 +17,253 @@
*/
package com.juick.www;
+import com.juick.server.CrosspostQueries;
+import com.juick.server.SubscriptionsQueries;
+import com.juick.server.TagQueries;
+import com.juick.server.UserQueries;
+import com.juick.server.helpers.NotifyOpts;
+import com.juick.server.helpers.UserInfo;
+import com.mitchellbosecke.pebble.error.PebbleException;
+import com.mitchellbosecke.pebble.template.PebbleTemplate;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
+import javax.mail.Message;
+import javax.mail.MessagingException;
+import javax.mail.Session;
+import javax.mail.Transport;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeMessage;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
/**
*
* @author Ugnich Anton
*/
public class Settings {
+ private static final Logger logger = Logger.getLogger(Settings.class.getName());
- protected void doGet(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ protected void doGet(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, PebbleException {
com.juick.User visitor = Utils.getVisitorUser(sql, request, response);
+ if (visitor.getUID() == 0) {
+ response.sendRedirect("/login");
+ }
+ List<String> pages = Arrays.asList("main", "password", "about", "auth-email", "privacy");
+ String page = request.getParameter("page");
+ if (StringUtils.isEmpty(page) || !pages.contains(page)) {
+ page = "main";
+ }
response.setContentType("text/html; charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
- PageTemplates.pageHead(out, visitor, "Логин", "");
- PageTemplates.pageNavigation(out, visitor, null);
-
- out.println("<div id=\"topwrapper\">");
- out.println("<div id=\"wrapper\">");
- out.println("<div id=\"content\">");
- out.println("<form action=\"/login\" method=\"post\">");
- out.println("<p>Имя пользователя: <input type=\"text\" name=\"username\"/></p>");
- out.println("<p>Пароль: <input type=\"password\" name=\"password\"/></p>");
- out.println("<p><input type=\"submit\" value=\" OK \"/></p>");
- out.println("</form>");
- out.println("</div>");
- out.println("</div>");
- out.println("</div>"); // topwrapper
-
- PageTemplates.pageFooter(request, out, visitor, false);
- PageTemplates.pageEnd(out);
+ PebbleTemplate template = Utils.getEngine().getTemplate(String.format("views/settings_%s.html", page));
+ Map<String, Object> context = new HashMap<>();
+ context.put("title", "Настройки");
+ context.put("visitor", visitor);
+ context.put("tags", TagQueries.getPopularTags(sql));
+ context.put("auths", UserQueries.getAuthCodes(sql, visitor));
+ context.put("eopts", UserQueries.getEmailOpts(sql, visitor));
+ context.put("ehash", UserQueries.getEmailHash(sql, visitor));
+ context.put("emails", UserQueries.getEmails(sql, visitor));
+ context.put("jids", UserQueries.getAllJIDs(sql, visitor));
+ List<String> hours = IntStream.rangeClosed(0, 23).boxed()
+ .map(i -> StringUtils.leftPad(String.format("%d", i), 2, "0")).collect(Collectors.toList());
+ context.put("hours", hours);
+ context.put("fbstatus", CrosspostQueries.isFBCrossPostEnabled(sql, visitor.getUID()));
+ context.put("twitter_name", CrosspostQueries.getTwitterName(sql, visitor.getUID()));
+ context.put("telegram_name", CrosspostQueries.getTelegramName(sql, visitor.getUID()));
+ context.put("notify_options", SubscriptionsQueries.getNotifyOptions(sql, visitor));
+ context.put("userinfo", UserQueries.getUserInfo(sql, visitor));
+ if (page.equals("auth-email")) {
+ try {
+ String account = sql.queryForObject("SELECT account FROM auth WHERE user_id=? AND protocol='email' AND authcode=?",
+ String.class, visitor.getUID(), request.getParameter("code"));
+ sql.update("INSERT INTO emails(user_id,email) VALUES (?,?)", visitor.getUID(), account);
+ sql.update("DELETE FROM auth WHERE user_id=? AND authcode=?", visitor.getUID(), request.getParameter("code"));
+ context.put("result", "OK!");
+ } catch (EmptyResultDataAccessException e) {
+ context.put("result", "Sorry, code unknown.");
+ }
+ }
+ template.evaluate(out, context);
}
}
- protected void doPost(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
- String username = request.getParameter("username");
- String password = request.getParameter("password");
- if (username == null || password == null || username.length() > 32 || password.isEmpty()) {
+ protected void doPost(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, PebbleException {
+ com.juick.User visitor = Utils.getVisitorUser(sql, request, response);
+ if (visitor.getUID() == 0) {
response.sendError(400);
return;
}
+ List<String> pages = Arrays.asList("main", "password", "about", "email", "email-add", "email-del",
+ "email-subscr", "auth-email", "privacy", "jid-del", "twitter-del", "telegram-del", "facebook-disable",
+ "facebook-enable", "vk-del");
+ String page = request.getParameter("page");
+ if (StringUtils.isEmpty(page) || !pages.contains(page)) {
+ response.sendError(400);
+ return;
+ }
+ String result = "";
+ switch (page) {
+ case "password":
+ if (UserQueries.updatePassword(sql, visitor, request.getParameter("password"))) {
+ result = "<p>Password has been changed.</p>";
+ String hash = com.juick.server.UserQueries.getHashByUID(sql, visitor.getUID());
+ Cookie c = new Cookie("hash", hash);
+ c.setMaxAge(365 * 24 * 60 * 60);
+ response.addCookie(c);
+ }
+ break;
+ case "main":
+ NotifyOpts opts = new NotifyOpts();
+ opts.setRepliesEnabled(StringUtils.isNotEmpty(request.getParameter("jnotify")));
+ opts.setSubscriptionsEnabled(StringUtils.isNotEmpty(request.getParameter("subscr_notify")));
+ opts.setRecommendationsEnabled(StringUtils.isNotEmpty(request.getParameter("recomm")));
+ if (SubscriptionsQueries.setNotifyOptions(sql, visitor, opts)) {
+ result = "<p>Notification options has been updated</p>";
+ }
+ break;
+ case "about":
+ UserInfo info = new UserInfo();
+ info.setFullName(request.getParameter("fullname"));
+ info.setCountry(request.getParameter("country"));
+ info.setUrl(request.getParameter("url"));
+ info.setDescription(request.getParameter("descr"));
+ if (UserQueries.updateUserInfo(sql, visitor, info)) {
+ result = String.format("<p>Your info is updated.</p><p><a href='/%s/'>Back to blog</a>.</p>", visitor.getUName());
+ }
+ break;
+ case "jid-del":
+ String[] params = request.getParameter("delete").split(";", 2);
+ int res = -1;
+ if (params[0].equals("xmpp")) {
+ res = sql.update("DELETE FROM jids WHERE user_id=? AND jid=?", visitor.getUID(), params[1]);
+ } else if (params[0].equals("xmpp-unauth")) {
+ res = sql.update("DELETE FROM auth WHERE user_id=? AND protocol='xmpp' AND account=?", visitor.getUID(), params[1]);
+ }
+ if (res == 1) {
+ result = "<p>Deleted. <a href=\"/settings\">Back</a>.</p>";
+ } else {
+ result = "<p>Error</p>";
+ }
+ break;
+ case "email":
+ String newHash = UserQueries.updateSecretEmail(sql, visitor);
+ if (StringUtils.isNotEmpty(newHash)) {
+ result = String.format("<p>New secret email: <strong>%s@mail.juick.com</strong></p>" +
+ "<p><a href=\"/settings\">Back</a>.</p>", newHash);
+ } else {
+ response.sendError(500);
+ return;
+ }
+ break;
+ case "email-add":
+ try {
+ sql.queryForObject("SELECT authcode FROM auth WHERE user_id=? AND protocol='email' " +
+ "AND account=?", String.class, visitor.getUID(), request.getParameter("account"));
+ } catch (EmptyResultDataAccessException e) {
+ String authCode = UserQueries.generateHash(8);
+ if (sql.update("INSERT INTO auth(user_id,protocol,account,authcode) VALUES (?,'email',?,?)",
+ visitor.getUID(), request.getParameter("account"), authCode) > 0) {
+ Session session = Session.getDefaultInstance(System.getProperties());
+ try {
+ MimeMessage message = new MimeMessage(session);
+ message.setFrom(new InternetAddress("noreply@mail.juick.com"));
+ message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
+ message.setSubject("Juick authorization link");
+ message.setText(String.format("Follow link to attach this email to Juick account:\n" +
+ "http://juick.com/settings?page=auth-email&code=%s\n\n" +
+ "If you don't know, what this mean - just ignore this mail.\n", authCode));
+ Transport.send(message);
+ result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
+ "<p><a href=\"/settings\">Back</a></p>";
- int uid = com.juick.server.UserQueries.checkPassword(sql, username, password);
- if (uid > 0) {
- String hash = com.juick.server.UserQueries.getHashByUID(sql, uid);
- Cookie c = new Cookie("hash", hash);
- c.setDomain(".juick.com");
- c.setMaxAge(365 * 24 * 60 * 60);
- response.addCookie(c);
-
-
- if (uid > 0) {
- throw new IOException("Settings");
- }
-
- String referer = request.getHeader("Referer");
- if (referer != null && referer.startsWith("http://juick.com/") && !referer.equals("http://juick.com/login")) {
- response.sendRedirect(referer);
- } else {
- response.sendRedirect("/");
- }
- } else {
- response.sendError(403);
+ } catch (MessagingException ex) {
+ logger.log(Level.SEVERE, "mail exception", ex);
+ response.sendError(500);
+ return;
+ }
+ }
+ }
+ break;
+ case "email-del":
+ if (sql.update("DELETE FROM emails WHERE user_id=? AND email=?", visitor.getUID(), request.getParameter("account")) > 0) {
+ result = "<p>Deleted. <a href=\"/settings\">Back</a>.</p>";
+ } else {
+ result = "<p>An error occured while deleting.</p>";
+ }
+ break;
+ case "email-subscr":
+ sql.update("UPDATE emails SET subscr_hour=NULL WHERE user_id=?", visitor.getUID());
+ String email = request.getParameter("account");
+ if (StringUtils.isNotEmpty(email)) {
+ sql.update("UPDATE emails SET subscr_hour=? WHERE user_id=? AND email=?",
+ request.getParameter("time"), visitor.getUID(), email);
+ result = String.format("<p>Saved! Will send to <strong>%s</strong> at <strong>%s:00 GMT</strong>." +
+ "</p><p><a href=\"/settings\">Back</a></p>", email, request.getParameter("time"));
+ } else {
+ result = "<p>Disabled.</p><p><a href=\"/settings\">Back</a></p>";
+ }
+ break;
+ case "twitter-del":
+ sql.update("DELETE FROM twitter WHERE user_id=?", visitor.getUID());
+ sql.update("DELETE FROM subscr_users WHERE user_id=? AND suser_id=1741", visitor.getUID());
+ for (Cookie cookie : request.getCookies()) {
+ if (cookie.getName().equals("request_token")) {
+ cookie.setMaxAge(0);
+ response.addCookie(cookie);
+ }
+ if (cookie.getName().equals("request_token_secret")) {
+ cookie.setMaxAge(0);
+ response.addCookie(cookie);
+ }
+ }
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ case "telegram-del":
+ sql.update("DELETE FROM telegram WHERE user_id=?", visitor.getUID());
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ case "facebook-disable":
+ sql.update("UPDATE facebook SET crosspost=0 WHERE user_id=?", visitor.getUID());
+ sql.update("DELETE FROM subscr_users WHERE user_id=? AND suser_id=5863", visitor.getUID());
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ case "facebook-enable":
+ sql.update("UPDATE facebook SET crosspost=1 WHERE user_id=?", visitor.getUID());
+ sql.update("INSERT INTO subscr_users(user_id,suser_id,jid,active) VALUES (?,5863,'juick@facebook.juick.com',1)", visitor.getUID());
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ case "vk-del":
+ sql.update("DELETE FROM vk WHERE user_id=?", visitor.getUID());
+ result = "<p><a href=\"/settings\">Back</a></p>";
+ break;
+ default:
+ response.sendError(400);
+ return;
+ }
+ response.setContentType("text/html; charset=UTF-8");
+ try (PrintWriter out = response.getWriter()) {
+ PebbleTemplate template = Utils.getEngine().getTemplate("views/settings_result.html");
+ Map<String, Object> context = new HashMap<>();
+ context.put("title", "Настройки");
+ context.put("visitor", visitor);
+ context.put("result", result);
+ template.evaluate(out, context);
}
}
}