aboutsummaryrefslogtreecommitdiff
path: root/juick-www
diff options
context:
space:
mode:
Diffstat (limited to 'juick-www')
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java39
-rw-r--r--juick-www/src/main/webapp/WEB-INF/views/login.html8
2 files changed, 44 insertions, 3 deletions
diff --git a/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java b/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java
index 4a502637..b9d3c9c7 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java
@@ -28,10 +28,14 @@ import com.juick.server.util.HttpBadRequestException;
import com.juick.server.util.UserUtils;
import com.juick.service.CrosspostService;
import com.juick.service.EmailService;
+import com.juick.service.TelegramService;
import com.juick.service.UserService;
import com.juick.www.Utils;
import com.juick.www.facebook.User;
import com.juick.www.vk.UsersResponse;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.codec.digest.HmacAlgorithms;
+import org.apache.commons.codec.digest.HmacUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
@@ -48,8 +52,10 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
+import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
+import java.util.stream.Collectors;
/**
*
@@ -79,6 +85,8 @@ public class SocialLogin {
private String VK_APPID;
@Value("${vk_secret}")
private String VK_SECRET;
+ @Value("${telegram_token}")
+ private String telegramToken;
@Inject
private CrosspostService crosspostService;
@@ -86,6 +94,8 @@ public class SocialLogin {
private UserService userService;
@Inject
private EmailService emailService;
+ @Inject
+ private TelegramService telegramService;
@PostConstruct
public void init() {
@@ -279,4 +289,33 @@ public class SocialLogin {
return "redirect:/signup?type=vk&hash=" + loginhash;
}
}
+
+ @GetMapping("/_tglogin")
+ public String doDurovLogin(HttpServletRequest request,
+ @RequestParam Map<String, String> params,
+ HttpServletResponse response) {
+ String dataCheckString = params.entrySet().stream()
+ .filter(p -> !p.getKey().equals("hash"))
+ .sorted(Map.Entry.comparingByKey())
+ .map(p -> p.getKey() + "=" + p.getValue())
+ .collect(Collectors.joining("\n"));
+ String hash = params.get("hash");
+ byte[] secretKey = DigestUtils.sha256(telegramToken);
+ String resultString = new HmacUtils(HmacAlgorithms.HMAC_SHA_256, secretKey).hmacHex(dataCheckString);
+ if (hash.equals(resultString)) {
+ Long tgUser = Long.valueOf(params.get("id"));
+ int uid = telegramService.getUser(tgUser);
+ if (uid > 0) {
+ Cookie c = new Cookie("hash", userService.getHashByUID(uid));
+ c.setMaxAge(50 * 24 * 60 * 60);
+ response.addCookie(c);
+ return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
+ } else {
+ logger.warn("invalid user {}", tgUser);
+ }
+ } else {
+ logger.warn("invalid tg hash {} for {}", resultString, hash);
+ }
+ throw new HttpBadRequestException();
+ }
}
diff --git a/juick-www/src/main/webapp/WEB-INF/views/login.html b/juick-www/src/main/webapp/WEB-INF/views/login.html
index f1ea75d2..1ddc5f90 100644
--- a/juick-www/src/main/webapp/WEB-INF/views/login.html
+++ b/juick-www/src/main/webapp/WEB-INF/views/login.html
@@ -123,9 +123,11 @@
{{ i18n("messages","label.register") }}:
<div id="facebook"><a href="/_fblogin" rel="nofollow">Facebook</a></div>
<div id="vk"><a href="/_vklogin" rel="nofollow">ВКонтакте</a></div>
- <div id="xmpp"><a href="#" onclick="$('#xmppinfo').toggle(); return false">XMPP</a>
- <div id="xmppinfo">{{ i18n("messages","message.sendLoginToXmpp") | raw }}</a></div>
- </div>
+ <div id="tg">
+ <script src="https://telegram.org/js/telegram-widget.js?3"
+ data-telegram-login="Juick_bot" data-size="medium" data-radius="0"
+ data-auth-url="https://juick.com/_tglogin" data-request-access="write"></script>
+ </div>
</div>
<div id="signin">
<a href="#" onclick="$('#signinform').toggle(); $('#nickinput').focus(); return false">