aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick
diff options
context:
space:
mode:
Diffstat (limited to 'juick-www/src/main/java/com/juick')
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java2
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/Messages.java15
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/NewMessage.java16
3 files changed, 17 insertions, 16 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 3dc7bc76..231c6e2e 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -72,7 +72,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
- .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter").authenticated()
+ .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/comment").authenticated()
.anyRequest().permitAll()
.and()
.anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
diff --git a/juick-www/src/main/java/com/juick/www/controllers/Messages.java b/juick-www/src/main/java/com/juick/www/controllers/Messages.java
index 7c96705f..75e81b94 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/Messages.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/Messages.java
@@ -542,8 +542,16 @@ public class Messages {
headers += "<meta name=\"robots\" content=\"noindex\"/>";
}
String cardType = StringUtils.isNotEmpty(msg.getAttachmentType()) ? "summary_large_image" : "summary";
- String msgImage = StringUtils.isNotEmpty(msg.getAttachmentType()) ? msg.getAttachment().getMedium().getUrl()
- : "https://i.juick.com/a/" + msg.getUser().getUid() + ".png";
+ if (StringUtils.isNotEmpty(msg.getAttachmentType())) {
+ // additional check in case of broken images
+ if (msg.getAttachment() != null) {
+ String msgImage = msg.getAttachment().getMedium().getUrl();
+ headers += "<meta property=\"og:image\" content=\"" + msgImage + "\" />";
+ }
+ } else {
+ String msgImage ="https://i.juick.com/a/" + msg.getUser().getUid() + ".png";
+ headers += "<meta property=\"og:image\" content=\"" + msgImage + "\" />";
+ }
model.addAttribute("ogtype", "article");
String cardDescription = StringEscapeUtils.escapeHtml4(PlainTextFormatter.formatTwitterCard(msg));
headers += "<meta name=\"twitter:card\" content=\"" + cardType + "\" />\n" +
@@ -551,8 +559,7 @@ public class Messages {
"<meta property=\"og:url\" content=\"" + pageUrl + "\" />\n" +
"<meta property=\"og:title\" content=\"" + msg.getUser().getName() + " at Juick\" />\n" +
"<meta property=\"og:description\" content=\"" + cardDescription + "\" />\n" +
- "<meta name=\"Description\" content=\"" + cardDescription + "\" />\n" +
- "<meta property=\"og:image\" content=\"" + msgImage + "\" />";
+ "<meta name=\"Description\" content=\"" + cardDescription + "\" />\n";
String twitterName = crosspostService.getTwitterName(msg.getUser().getUid());
if (StringUtils.isNotEmpty(twitterName)) {
headers += "<meta name=\"twitter:creator\" content=\"@" + twitterName + "\" />\n";
diff --git a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
index 2de6a2ad..2b411523 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/NewMessage.java
@@ -91,14 +91,11 @@ public class NewMessage {
@PostMapping("/post")
public String postResult(@RequestParam(required = false) String img,
- @RequestParam String body,
+ @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
@RequestParam(required = false, name = "tags") String tagsStr,
@RequestParam(required = false) MultipartFile attach, ModelMap model) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
- if (visitor.getUid() == 0) {
- throw new HttpForbiddenException();
- }
- if (body == null || body.length() < 1 || body.length() > 4096) {
+ if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img) && attach == null) {
throw new HttpBadRequestException();
}
body = body.replace("\r", StringUtils.EMPTY);
@@ -107,7 +104,7 @@ public class NewMessage {
String attachmentFName = HttpUtils.receiveMultiPartFile(attach, webApp.getTmpDir());
- if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) {
+ if (StringUtils.isBlank(attachmentFName) && StringUtils.isNotBlank(img)) {
try {
URL imgUrl = new URL(img);
attachmentFName = HttpUtils.downloadImage(imgUrl, webApp.getTmpDir());
@@ -200,13 +197,10 @@ public class NewMessage {
public String doPostComment(
@RequestParam(required = false, defaultValue = "0") Integer mid,
@RequestParam(required = false, defaultValue = "0") Integer rid,
- @RequestParam String body,
+ @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body,
@RequestParam(required = false) String img,
@RequestParam(required = false) MultipartFile attach) throws IOException {
com.juick.User visitor = UserUtils.getCurrentUser();
- if (visitor.getUid() == 0) {
- throw new HttpForbiddenException();
- }
if (mid == 0) {
throw new HttpBadRequestException();
}
@@ -223,7 +217,7 @@ public class NewMessage {
}
}
- if (body.length() < 1 || body.length() > 4096) {
+ if ((StringUtils.isEmpty(body) || body.length() > 4096) && StringUtils.isEmpty(img)) {
throw new HttpBadRequestException();
}
body = body.replace("\r", StringUtils.EMPTY);