diff options
Diffstat (limited to 'src/main/java/com/juick/server/api/Notifications.java')
-rw-r--r-- | src/main/java/com/juick/server/api/Notifications.java | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/src/main/java/com/juick/server/api/Notifications.java b/src/main/java/com/juick/server/api/Notifications.java index 6829653c..f2c2d712 100644 --- a/src/main/java/com/juick/server/api/Notifications.java +++ b/src/main/java/com/juick/server/api/Notifications.java @@ -17,18 +17,19 @@ package com.juick.server.api; +import com.juick.ExternalToken; import com.juick.Message; import com.juick.Status; -import com.juick.ExternalToken; import com.juick.User; import com.juick.model.AnonymousUser; import com.juick.server.util.HttpBadRequestException; -import com.juick.server.util.UserUtils; import com.juick.service.MessagesService; import com.juick.service.PushQueriesService; import com.juick.service.SubscriptionService; import com.juick.service.TelegramService; import com.juick.service.UserService; +import com.juick.service.security.annotation.Visitor; +import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; @@ -41,7 +42,6 @@ import springfox.documentation.annotations.ApiIgnore; import javax.inject.Inject; import java.io.IOException; -import java.security.Principal; import java.util.Collections; import java.util.List; import java.util.stream.Collectors; @@ -62,6 +62,8 @@ public class Notifications { private UserService userService; @Inject private TelegramService telegramService; + @Value("${api_user:juick}") + private String serviceUser; private User collectTokens(Integer uid) { @@ -84,11 +86,11 @@ public class Notifications { @ApiIgnore @RequestMapping(value = "/api/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<List<User>> doGet( + @Visitor User visitor, @RequestParam(required = false, defaultValue = "0") int uid, @RequestParam(required = false, defaultValue = "0") int mid, @RequestParam(required = false, defaultValue = "0") int rid) { - User visitor = UserUtils.getCurrentUser(); - if (!(visitor.getName().equals("juick"))) { + if (!(visitor.getName().equals(serviceUser))) { return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); } if (uid > 0 && mid == 0) { @@ -119,9 +121,9 @@ public class Notifications { @ApiIgnore @RequestMapping(value = "/api/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<Status> doDelete( + @Visitor User visitor, @RequestBody List<ExternalToken> list) { - User visitor = UserUtils.getCurrentUser(); - if (!visitor.getName().equals("juick")) { + if (!visitor.getName().equals(serviceUser)) { return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); } list.forEach(t -> { @@ -145,9 +147,9 @@ public class Notifications { @ApiIgnore @RequestMapping(value = "/api/notifications/delete", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<Status> doDeleteTokens( + @Visitor User visitor, @RequestBody List<ExternalToken> list) { - User visitor = UserUtils.getCurrentUser(); - if (!visitor.getName().equals("juick")) { + if (!visitor.getName().equals(serviceUser)) { return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); } list.forEach(t -> { @@ -172,8 +174,8 @@ public class Notifications { @ApiIgnore @RequestMapping(value = "/api/notifications", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doPut( + @Visitor User visitor, @RequestBody List<ExternalToken> list) throws IOException { - User visitor = UserUtils.getCurrentUser(); list.forEach(t -> { switch (t.getType()) { case "gcm": @@ -195,8 +197,8 @@ public class Notifications { @Deprecated @RequestMapping(value = "/api/android/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doAndroidRegister( + @Visitor User visitor, @RequestParam(name = "regid") String regId) { - User visitor = UserUtils.getCurrentUser(); pushQueriesService.addGCMToken(visitor.getUid(), regId); return Status.OK; } @@ -204,9 +206,8 @@ public class Notifications { @Deprecated @RequestMapping(value = "/api/winphone/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doWinphoneRegister( - Principal principal, + @Visitor User visitor, @RequestParam(name = "url") String regId) { - User visitor = UserUtils.getCurrentUser(); pushQueriesService.addMPNSToken(visitor.getUid(), regId); return Status.OK; } |