1 files changed, 15 insertions, 15 deletions

diff --git a/src/main/java/com/juick/server/api/Users.java b/src/main/java/com/juick/server/api/Users.java
index 33b3704b..1a046ad8 100644
--- a/src/main/java/com/juick/server/api/Users.java
+++ b/src/main/java/com/juick/server/api/Users.java
@@ -22,10 +22,11 @@ import com.juick.model.AnonymousUser;
 import com.juick.model.ApplicationStatus;
 import com.juick.server.util.HttpNotFoundException;
 import com.juick.server.util.HttpUtils;
-import com.juick.server.util.UserUtils;
 import com.juick.server.util.WebUtils;
 import com.juick.server.www.WebApp;
 import com.juick.service.*;
+import com.juick.service.security.annotation.Visitor;
+import com.juick.service.security.entities.JuickUser;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Value;
@@ -61,12 +62,13 @@ public class Users {
     private String tmpDir;
 
     @RequestMapping(value = "/api/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
-    public String getAuthToken() {
-        return userService.getHashByUID(UserUtils.getCurrentUser().getUid());
+    public String getAuthToken(@Visitor User visitor) {
+        return userService.getHashByUID(visitor.getUid());
     }
 
     @RequestMapping(value = "/api/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
     public List<User> doGetUsers(
+            @Visitor User visitor,
             @RequestParam(value = "uname", required = false) List<String> unames) {
         List<com.juick.User> users = new ArrayList<>();
 
@@ -79,8 +81,7 @@ public class Users {
         users.forEach(u -> u.setAvatar(webApp.getAvatarUrl(u)));
         if (!users.isEmpty())
             return users;
-        if (!UserUtils.getCurrentUser().isAnonymous()) {
-            User visitor = UserUtils.getCurrentUser();
+        if (!visitor.isAnonymous()) {
             visitor.setAvatar(webApp.getAvatarUrl(visitor));
             return Collections.singletonList(visitor);
         }
@@ -89,12 +90,11 @@ public class Users {
     }
 
     @GetMapping("/api/me")
-    public SecureUser getMe() {
-        User visitor = UserUtils.getCurrentUser();
+    public SecureUser getMe(@Visitor User visitor) {
         SecureUser me = new SecureUser();
         me.setUid(visitor.getUid());
         me.setName(visitor.getName());
-        me.setAuthHash(getAuthToken());
+        me.setAuthHash(getAuthToken(visitor));
         List<Integer> unread = messagesService.getUnread(visitor);
         me.setUnread(unread);
         me.setUnreadCount(unread.size());
@@ -104,8 +104,8 @@ public class Users {
         return (SecureUser)userService.getUserInfo(me);
     }
     @PostMapping("/api/me/upload")
-    public void updateInfo(@RequestParam MultipartFile avatar) throws IOException {
-        User visitor = UserUtils.getCurrentUser();
+    public void updateInfo(@Visitor User visitor,
+                           @RequestParam MultipartFile avatar) throws IOException {
         String avatarTmpPath = HttpUtils.receiveMultiPartFile(avatar, tmpDir).getHost();
         if (StringUtils.isNotEmpty(avatarTmpPath)) {
             imagesService.saveAvatar(avatarTmpPath, visitor.getUid());
@@ -114,8 +114,8 @@ public class Users {
 
     @RequestMapping(value = "/api/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
     public List<User> doGetUserRead(
+            @Visitor User visitor,
             @RequestParam String uname) {
-        User visitor = UserUtils.getCurrentUser();
         int uid = 0;
         if (uname == null) {
             uid = visitor.getUid();
@@ -138,8 +138,8 @@ public class Users {
 
     @RequestMapping(value = "/api/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
     public List<User> doGetUserReaders(
+            @Visitor User visitor,
             @RequestParam String uname) {
-        User visitor = UserUtils.getCurrentUser();
         int uid = 0;
         if (uname == null) {
             uid = visitor.getUid();
@@ -161,11 +161,11 @@ public class Users {
     }
 
     @GetMapping("/api/info/{uname}")
-    public User getUserInfo(@PathVariable String uname) {
+    public User getUserInfo(@Visitor User visitor, @PathVariable String uname) {
         User user = userService.getUserByName(uname);
         if (!user.isBanned()) {
-            user.setRead(doGetUserRead(uname));
-            user.setReaders(doGetUserReaders(uname));
+            user.setRead(doGetUserRead(visitor, uname));
+            user.setReaders(doGetUserReaders(visitor, uname));
             user.setAvatar(webApp.getAvatarUrl(user));
             return userService.getUserInfo(user);
         }