1 files changed, 41 insertions, 18 deletions

diff --git a/src/main/java/com/juick/server/api/Users.java b/src/main/java/com/juick/server/api/Users.java
index 6f9ab290..33b3704b 100644
--- a/src/main/java/com/juick/server/api/Users.java
+++ b/src/main/java/com/juick/server/api/Users.java
@@ -18,21 +18,24 @@
 package com.juick.server.api;
 
 import com.juick.User;
+import com.juick.model.AnonymousUser;
 import com.juick.model.ApplicationStatus;
-import com.juick.model.UserInfo;
-import com.juick.server.util.HttpForbiddenException;
 import com.juick.server.util.HttpNotFoundException;
-import com.juick.server.www.WebApp;
-import com.juick.service.CrosspostService;
-import com.juick.service.EmailService;
-import com.juick.service.MessagesService;
-import com.juick.service.UserService;
+import com.juick.server.util.HttpUtils;
 import com.juick.server.util.UserUtils;
 import com.juick.server.util.WebUtils;
+import com.juick.server.www.WebApp;
+import com.juick.service.*;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.multipart.MultipartFile;
 
 import javax.inject.Inject;
+import java.io.IOException;
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -52,6 +55,10 @@ public class Users {
     private EmailService emailService;
     @Inject
     private WebApp webApp;
+    @Inject
+    private ImagesService imagesService;
+    @Value("${upload_tmp_dir:#{systemEnvironment['TEMP'] ?: '/tmp'}}")
+    private String tmpDir;
 
     @RequestMapping(value = "/api/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
     public String getAuthToken() {
@@ -94,16 +101,21 @@ public class Users {
         me.setRead(userService.getUserFriends(visitor.getUid()));
         me.setReaders(userService.getUserReaders(visitor.getUid()));
         me.setAvatar(webApp.getAvatarUrl(visitor));
-        return me;
+        return (SecureUser)userService.getUserInfo(me);
+    }
+    @PostMapping("/api/me/upload")
+    public void updateInfo(@RequestParam MultipartFile avatar) throws IOException {
+        User visitor = UserUtils.getCurrentUser();
+        String avatarTmpPath = HttpUtils.receiveMultiPartFile(avatar, tmpDir).getHost();
+        if (StringUtils.isNotEmpty(avatarTmpPath)) {
+            imagesService.saveAvatar(avatarTmpPath, visitor.getUid());
+        }
     }
 
     @RequestMapping(value = "/api/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
     public List<User> doGetUserRead(
             @RequestParam String uname) {
         User visitor = UserUtils.getCurrentUser();
-        if (visitor.isAnonymous()) {
-            throw new HttpForbiddenException();
-        }
         int uid = 0;
         if (uname == null) {
             uid = visitor.getUid();
@@ -128,9 +140,6 @@ public class Users {
     public List<User> doGetUserReaders(
             @RequestParam String uname) {
         User visitor = UserUtils.getCurrentUser();
-        if (visitor.isAnonymous()) {
-            throw new HttpForbiddenException();
-        }
         int uid = 0;
         if (uname == null) {
             uid = visitor.getUid();
@@ -152,22 +161,36 @@ public class Users {
     }
 
     @GetMapping("/api/info/{uname}")
-    public UserInfo getUserInfo(@PathVariable String uname) {
+    public User getUserInfo(@PathVariable String uname) {
         User user = userService.getUserByName(uname);
         if (!user.isBanned()) {
+            user.setRead(doGetUserRead(uname));
+            user.setReaders(doGetUserReaders(uname));
             user.setAvatar(webApp.getAvatarUrl(user));
             return userService.getUserInfo(user);
         }
         throw new HttpNotFoundException();
     }
 
+    @Deprecated
+    @GetMapping(value = "/api/avatar", produces = MediaType.IMAGE_PNG_VALUE)
+    public byte[] getAvatarUrl(
+            @RequestParam(required = false) String uname,
+            @RequestParam(required = false) String jid)
+            throws IOException {
+        User user = AnonymousUser.INSTANCE;
+        if (StringUtils.isNotEmpty(uname)) {
+            user = userService.getUserByName(uname);
+        }
+        if (user.isAnonymous() && StringUtils.isNotEmpty(jid)) {
+            user = userService.getUserByJID(jid);
+        }
+        return IOUtils.toByteArray(URI.create(webApp.getAvatarUrl(user)));
+    }
     class SecureUser extends User {
         public String getHash() {
             return getAuthHash();
         }
-        public UserInfo getUserInfo() {
-            return userService.getUserInfo(this);
-        }
         public List<String> getJIDs() {
             return userService.getAllJIDs(this);
         }