diff options
Diffstat (limited to 'juick-www/src/main/java')
-rw-r--r-- | juick-www/src/main/java/com/juick/www/Main.java | 15 | ||||
-rw-r--r-- | juick-www/src/main/java/com/juick/www/PageTemplates.java | 3 | ||||
-rw-r--r-- | juick-www/src/main/java/com/juick/www/Settings.java | 264 |
3 files changed, 234 insertions, 48 deletions
diff --git a/juick-www/src/main/java/com/juick/www/Main.java b/juick-www/src/main/java/com/juick/www/Main.java index c67eced03..231c7f893 100644 --- a/juick-www/src/main/java/com/juick/www/Main.java +++ b/juick-www/src/main/java/com/juick/www/Main.java @@ -194,6 +194,7 @@ public class Main extends HttpServlet implements Stream.StreamListener { pm.doGetSent(sql, request, response, visitor); } catch (PebbleException e) { log("pebble exception", e); + response.sendError(500); } break; default: @@ -212,7 +213,12 @@ public class Main extends HttpServlet implements Stream.StreamListener { } else if (uri.equals("/logout")) { login.doGetLogout(sql, request, response); } else if (uri.equals("/settings")) { - settings.doGet(sql, request, response); + try { + settings.doGet(sql, request, response); + } catch (PebbleException e) { + log("pebble exception", e); + response.sendError(500); + } } else if (uri.equals("/_fblogin")) { loginFacebook.doGet(sql, request, response); } else if (uri.equals("/_vklogin")) { @@ -350,7 +356,12 @@ public class Main extends HttpServlet implements Stream.StreamListener { signup.doPost(sql, request, response); break; case "/settings": - settings.doPost(sql, request, response); + try { + settings.doPost(sql, request, response); + } catch (PebbleException e) { + log("pebble exception", e); + response.sendError(500); + } break; default: response.sendError(405); diff --git a/juick-www/src/main/java/com/juick/www/PageTemplates.java b/juick-www/src/main/java/com/juick/www/PageTemplates.java index c3b0d6f8f..a036ecba9 100644 --- a/juick-www/src/main/java/com/juick/www/PageTemplates.java +++ b/juick-www/src/main/java/com/juick/www/PageTemplates.java @@ -23,7 +23,6 @@ import com.juick.server.MessagesQueries; import com.juick.server.TagQueries; import com.juick.server.UserQueries; import org.apache.commons.lang3.StringEscapeUtils; -import com.mitchellbosecke.pebble.PebbleEngine; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.util.StringUtils; import ru.sape.Sape; @@ -39,8 +38,6 @@ import java.util.Date; import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import java.util.stream.Collectors; /** diff --git a/juick-www/src/main/java/com/juick/www/Settings.java b/juick-www/src/main/java/com/juick/www/Settings.java index 6364c8692..c04a63fb2 100644 --- a/juick-www/src/main/java/com/juick/www/Settings.java +++ b/juick-www/src/main/java/com/juick/www/Settings.java @@ -17,75 +17,253 @@ */ package com.juick.www; +import com.juick.server.CrosspostQueries; +import com.juick.server.SubscriptionsQueries; +import com.juick.server.TagQueries; +import com.juick.server.UserQueries; +import com.juick.server.helpers.NotifyOpts; +import com.juick.server.helpers.UserInfo; +import com.mitchellbosecke.pebble.error.PebbleException; +import com.mitchellbosecke.pebble.template.PebbleTemplate; +import org.apache.commons.lang3.StringUtils; +import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeMessage; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.stream.Collectors; +import java.util.stream.IntStream; /** * * @author Ugnich Anton */ public class Settings { + private static final Logger logger = Logger.getLogger(Settings.class.getName()); - protected void doGet(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + protected void doGet(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, PebbleException { com.juick.User visitor = Utils.getVisitorUser(sql, request, response); + if (visitor.getUID() == 0) { + response.sendRedirect("/login"); + } + List<String> pages = Arrays.asList("main", "password", "about", "auth-email", "privacy"); + String page = request.getParameter("page"); + if (StringUtils.isEmpty(page) || !pages.contains(page)) { + page = "main"; + } response.setContentType("text/html; charset=UTF-8"); try (PrintWriter out = response.getWriter()) { - PageTemplates.pageHead(out, visitor, "Логин", ""); - PageTemplates.pageNavigation(out, visitor, null); - - out.println("<div id=\"topwrapper\">"); - out.println("<div id=\"wrapper\">"); - out.println("<div id=\"content\">"); - out.println("<form action=\"/login\" method=\"post\">"); - out.println("<p>Имя пользователя: <input type=\"text\" name=\"username\"/></p>"); - out.println("<p>Пароль: <input type=\"password\" name=\"password\"/></p>"); - out.println("<p><input type=\"submit\" value=\" OK \"/></p>"); - out.println("</form>"); - out.println("</div>"); - out.println("</div>"); - out.println("</div>"); // topwrapper - - PageTemplates.pageFooter(request, out, visitor, false); - PageTemplates.pageEnd(out); + PebbleTemplate template = Utils.getEngine().getTemplate(String.format("views/settings_%s.html", page)); + Map<String, Object> context = new HashMap<>(); + context.put("title", "Настройки"); + context.put("visitor", visitor); + context.put("tags", TagQueries.getPopularTags(sql)); + context.put("auths", UserQueries.getAuthCodes(sql, visitor)); + context.put("eopts", UserQueries.getEmailOpts(sql, visitor)); + context.put("ehash", UserQueries.getEmailHash(sql, visitor)); + context.put("emails", UserQueries.getEmails(sql, visitor)); + context.put("jids", UserQueries.getAllJIDs(sql, visitor)); + List<String> hours = IntStream.rangeClosed(0, 23).boxed() + .map(i -> StringUtils.leftPad(String.format("%d", i), 2, "0")).collect(Collectors.toList()); + context.put("hours", hours); + context.put("fbstatus", CrosspostQueries.isFBCrossPostEnabled(sql, visitor.getUID())); + context.put("twitter_name", CrosspostQueries.getTwitterName(sql, visitor.getUID())); + context.put("telegram_name", CrosspostQueries.getTelegramName(sql, visitor.getUID())); + context.put("notify_options", SubscriptionsQueries.getNotifyOptions(sql, visitor)); + context.put("userinfo", UserQueries.getUserInfo(sql, visitor)); + if (page.equals("auth-email")) { + try { + String account = sql.queryForObject("SELECT account FROM auth WHERE user_id=? AND protocol='email' AND authcode=?", + String.class, visitor.getUID(), request.getParameter("code")); + sql.update("INSERT INTO emails(user_id,email) VALUES (?,?)", visitor.getUID(), account); + sql.update("DELETE FROM auth WHERE user_id=? AND authcode=?", visitor.getUID(), request.getParameter("code")); + context.put("result", "OK!"); + } catch (EmptyResultDataAccessException e) { + context.put("result", "Sorry, code unknown."); + } + } + template.evaluate(out, context); } } - protected void doPost(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String username = request.getParameter("username"); - String password = request.getParameter("password"); - if (username == null || password == null || username.length() > 32 || password.isEmpty()) { + protected void doPost(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, PebbleException { + com.juick.User visitor = Utils.getVisitorUser(sql, request, response); + if (visitor.getUID() == 0) { response.sendError(400); return; } + List<String> pages = Arrays.asList("main", "password", "about", "email", "email-add", "email-del", + "email-subscr", "auth-email", "privacy", "jid-del", "twitter-del", "telegram-del", "facebook-disable", + "facebook-enable", "vk-del"); + String page = request.getParameter("page"); + if (StringUtils.isEmpty(page) || !pages.contains(page)) { + response.sendError(400); + return; + } + String result = ""; + switch (page) { + case "password": + if (UserQueries.updatePassword(sql, visitor, request.getParameter("password"))) { + result = "<p>Password has been changed.</p>"; + String hash = com.juick.server.UserQueries.getHashByUID(sql, visitor.getUID()); + Cookie c = new Cookie("hash", hash); + c.setMaxAge(365 * 24 * 60 * 60); + response.addCookie(c); + } + break; + case "main": + NotifyOpts opts = new NotifyOpts(); + opts.setRepliesEnabled(StringUtils.isNotEmpty(request.getParameter("jnotify"))); + opts.setSubscriptionsEnabled(StringUtils.isNotEmpty(request.getParameter("subscr_notify"))); + opts.setRecommendationsEnabled(StringUtils.isNotEmpty(request.getParameter("recomm"))); + if (SubscriptionsQueries.setNotifyOptions(sql, visitor, opts)) { + result = "<p>Notification options has been updated</p>"; + } + break; + case "about": + UserInfo info = new UserInfo(); + info.setFullName(request.getParameter("fullname")); + info.setCountry(request.getParameter("country")); + info.setUrl(request.getParameter("url")); + info.setDescription(request.getParameter("descr")); + if (UserQueries.updateUserInfo(sql, visitor, info)) { + result = String.format("<p>Your info is updated.</p><p><a href='/%s/'>Back to blog</a>.</p>", visitor.getUName()); + } + break; + case "jid-del": + String[] params = request.getParameter("delete").split(";", 2); + int res = -1; + if (params[0].equals("xmpp")) { + res = sql.update("DELETE FROM jids WHERE user_id=? AND jid=?", visitor.getUID(), params[1]); + } else if (params[0].equals("xmpp-unauth")) { + res = sql.update("DELETE FROM auth WHERE user_id=? AND protocol='xmpp' AND account=?", visitor.getUID(), params[1]); + } + if (res == 1) { + result = "<p>Deleted. <a href=\"/settings\">Back</a>.</p>"; + } else { + result = "<p>Error</p>"; + } + break; + case "email": + String newHash = UserQueries.updateSecretEmail(sql, visitor); + if (StringUtils.isNotEmpty(newHash)) { + result = String.format("<p>New secret email: <strong>%s@mail.juick.com</strong></p>" + + "<p><a href=\"/settings\">Back</a>.</p>", newHash); + } else { + response.sendError(500); + return; + } + break; + case "email-add": + try { + sql.queryForObject("SELECT authcode FROM auth WHERE user_id=? AND protocol='email' " + + "AND account=?", String.class, visitor.getUID(), request.getParameter("account")); + } catch (EmptyResultDataAccessException e) { + String authCode = UserQueries.generateHash(8); + if (sql.update("INSERT INTO auth(user_id,protocol,account,authcode) VALUES (?,'email',?,?)", + visitor.getUID(), request.getParameter("account"), authCode) > 0) { + Session session = Session.getDefaultInstance(System.getProperties()); + try { + MimeMessage message = new MimeMessage(session); + message.setFrom(new InternetAddress("noreply@mail.juick.com")); + message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account"))); + message.setSubject("Juick authorization link"); + message.setText(String.format("Follow link to attach this email to Juick account:\n" + + "http://juick.com/settings?page=auth-email&code=%s\n\n" + + "If you don't know, what this mean - just ignore this mail.\n", authCode)); + Transport.send(message); + result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" + + "<p><a href=\"/settings\">Back</a></p>"; - int uid = com.juick.server.UserQueries.checkPassword(sql, username, password); - if (uid > 0) { - String hash = com.juick.server.UserQueries.getHashByUID(sql, uid); - Cookie c = new Cookie("hash", hash); - c.setDomain(".juick.com"); - c.setMaxAge(365 * 24 * 60 * 60); - response.addCookie(c); - - - if (uid > 0) { - throw new IOException("Settings"); - } - - String referer = request.getHeader("Referer"); - if (referer != null && referer.startsWith("http://juick.com/") && !referer.equals("http://juick.com/login")) { - response.sendRedirect(referer); - } else { - response.sendRedirect("/"); - } - } else { - response.sendError(403); + } catch (MessagingException ex) { + logger.log(Level.SEVERE, "mail exception", ex); + response.sendError(500); + return; + } + } + } + break; + case "email-del": + if (sql.update("DELETE FROM emails WHERE user_id=? AND email=?", visitor.getUID(), request.getParameter("account")) > 0) { + result = "<p>Deleted. <a href=\"/settings\">Back</a>.</p>"; + } else { + result = "<p>An error occured while deleting.</p>"; + } + break; + case "email-subscr": + sql.update("UPDATE emails SET subscr_hour=NULL WHERE user_id=?", visitor.getUID()); + String email = request.getParameter("account"); + if (StringUtils.isNotEmpty(email)) { + sql.update("UPDATE emails SET subscr_hour=? WHERE user_id=? AND email=?", + request.getParameter("time"), visitor.getUID(), email); + result = String.format("<p>Saved! Will send to <strong>%s</strong> at <strong>%s:00 GMT</strong>." + + "</p><p><a href=\"/settings\">Back</a></p>", email, request.getParameter("time")); + } else { + result = "<p>Disabled.</p><p><a href=\"/settings\">Back</a></p>"; + } + break; + case "twitter-del": + sql.update("DELETE FROM twitter WHERE user_id=?", visitor.getUID()); + sql.update("DELETE FROM subscr_users WHERE user_id=? AND suser_id=1741", visitor.getUID()); + for (Cookie cookie : request.getCookies()) { + if (cookie.getName().equals("request_token")) { + cookie.setMaxAge(0); + response.addCookie(cookie); + } + if (cookie.getName().equals("request_token_secret")) { + cookie.setMaxAge(0); + response.addCookie(cookie); + } + } + result = "<p><a href=\"/settings\">Back</a></p>"; + break; + case "telegram-del": + sql.update("DELETE FROM telegram WHERE user_id=?", visitor.getUID()); + result = "<p><a href=\"/settings\">Back</a></p>"; + break; + case "facebook-disable": + sql.update("UPDATE facebook SET crosspost=0 WHERE user_id=?", visitor.getUID()); + sql.update("DELETE FROM subscr_users WHERE user_id=? AND suser_id=5863", visitor.getUID()); + result = "<p><a href=\"/settings\">Back</a></p>"; + break; + case "facebook-enable": + sql.update("UPDATE facebook SET crosspost=1 WHERE user_id=?", visitor.getUID()); + sql.update("INSERT INTO subscr_users(user_id,suser_id,jid,active) VALUES (?,5863,'juick@facebook.juick.com',1)", visitor.getUID()); + result = "<p><a href=\"/settings\">Back</a></p>"; + break; + case "vk-del": + sql.update("DELETE FROM vk WHERE user_id=?", visitor.getUID()); + result = "<p><a href=\"/settings\">Back</a></p>"; + break; + default: + response.sendError(400); + return; + } + response.setContentType("text/html; charset=UTF-8"); + try (PrintWriter out = response.getWriter()) { + PebbleTemplate template = Utils.getEngine().getTemplate("views/settings_result.html"); + Map<String, Object> context = new HashMap<>(); + context.put("title", "Настройки"); + context.put("visitor", visitor); + context.put("result", result); + template.evaluate(out, context); } } } |