aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/www/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/www/api')
-rw-r--r--src/main/java/com/juick/www/api/ApiSocialLogin.java18
-rw-r--r--src/main/java/com/juick/www/api/Messages.java93
-rw-r--r--src/main/java/com/juick/www/api/Notifications.java27
-rw-r--r--src/main/java/com/juick/www/api/Users.java7
-rw-r--r--src/main/java/com/juick/www/api/activity/Profile.java1
5 files changed, 62 insertions, 84 deletions
diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java
index e6116173..4b57ce89 100644
--- a/src/main/java/com/juick/www/api/ApiSocialLogin.java
+++ b/src/main/java/com/juick/www/api/ApiSocialLogin.java
@@ -34,14 +34,14 @@ import com.juick.service.CrosspostService;
import com.juick.service.EmailService;
import com.juick.service.UserService;
import com.juick.util.HttpBadRequestException;
+import com.juick.util.HttpForbiddenException;
+
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
@@ -230,7 +230,7 @@ public class ApiSocialLogin {
}
@ResponseBody
@PostMapping("/api/_google")
- public ResponseEntity<AuthResponse> googleSignIn(@RequestParam(name = "idToken") String idTokenString)
+ public AuthResponse googleSignIn(@RequestParam(name = "idToken") String idTokenString)
throws GeneralSecurityException, IOException {
logger.info("Token: {}", idTokenString);
logger.info("Client: {}", googleClientId);
@@ -241,16 +241,16 @@ public class ApiSocialLogin {
if (visitor.isAnonymous()) {
String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
emailService.addVerificationCode(null, email, verificationCode);
- return ResponseEntity.ok(new AuthResponse(null, email, verificationCode));
+ return new AuthResponse(null, email, verificationCode);
} else {
- return ResponseEntity.ok(new AuthResponse(users.getMe(visitor), null, null));
+ return new AuthResponse(users.getMe(visitor), null, null);
}
}
- return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null);
+ throw new HttpForbiddenException();
}
@ResponseBody
@PostMapping("/api/signup")
- public ResponseEntity<com.juick.model.User> signupWithEmail(String username, String password, String verificationCode) {
+ public com.juick.model.User signupWithEmail(String username, String password, String verificationCode) {
if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$")
|| password.length() < 6 || password.length() > 32) {
throw new HttpBadRequestException();
@@ -261,9 +261,9 @@ public class ApiSocialLogin {
com.juick.model.User newUser = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new);
emailService.addEmail(newUser.getUid(), verifiedEmail);
emailService.deleteAuthCode(verificationCode);
- return ResponseEntity.ok(newUser);
+ return newUser;
} else {
- return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null);
+ throw new HttpForbiddenException();
}
}
@GetMapping("/api/_applelogin")
diff --git a/src/main/java/com/juick/www/api/Messages.java b/src/main/java/com/juick/www/api/Messages.java
index 395d00d8..7b003220 100644
--- a/src/main/java/com/juick/www/api/Messages.java
+++ b/src/main/java/com/juick/www/api/Messages.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2020, Juick
+ * Copyright (C) 2008-2021, Juick
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -24,6 +24,8 @@ import com.juick.util.WebUtils;
import com.juick.www.WebApp;
import com.juick.model.CommandResult;
import com.juick.util.HttpBadRequestException;
+import com.juick.util.HttpForbiddenException;
+import com.juick.util.HttpNotFoundException;
import com.juick.service.MessagesService;
import com.juick.service.TagService;
import com.juick.service.UserService;
@@ -34,9 +36,8 @@ import org.apache.commons.lang3.tuple.Pair;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.core.io.Resource;
-import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
-import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
@@ -52,14 +53,6 @@ import java.util.stream.Collectors;
@RequestMapping(produces = MediaType.APPLICATION_JSON_VALUE)
public class Messages {
- private static final ResponseEntity<List<Message>> NOT_FOUND = ResponseEntity
- .status(HttpStatus.NOT_FOUND)
- .body(Collections.emptyList());
-
- private static final ResponseEntity<List<Message>> FORBIDDEN = ResponseEntity
- .status(HttpStatus.FORBIDDEN)
- .body(Collections.emptyList());
-
@Inject
private MessagesService messagesService;
@Inject
@@ -76,31 +69,25 @@ public class Messages {
// TODO: serialize image urls
@GetMapping("/api/home")
- public ResponseEntity<List<Message>> getHome(
- @Visitor User visitor,
+ @Secured("ROLE_USER")
+ public List<Message> getHome(@Visitor User visitor,
@RequestParam(defaultValue = "0") int before_mid) {
- if (!visitor.isAnonymous()) {
- int vuid = visitor.getUid();
- List<Integer> mids = messagesService.getMyFeed(vuid, before_mid, true);
- List<Message> msgs = messagesService.getMessages(visitor, mids);
- msgs.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser())));
- return ResponseEntity.ok(msgs);
- }
- return FORBIDDEN;
+ int vuid = visitor.getUid();
+ List<Integer> mids = messagesService.getMyFeed(vuid, before_mid, true);
+ List<Message> msgs = messagesService.getMessages(visitor, mids);
+ msgs.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser())));
+ return msgs;
}
@GetMapping("/api/messages")
- public ResponseEntity<List<Message>> getMessages(
- @Visitor User visitor,
+ public List<Message> getMessages(@Visitor User visitor,
@RequestParam(required = false) String uname,
@RequestParam(name = "before_mid", defaultValue = "0") Integer before,
@RequestParam(required = false, defaultValue = "0") Integer daysback,
- @RequestParam(required = false) String withrecommended,
- @RequestParam(required = false) String popular,
+ @RequestParam(required = false) String withrecommended, @RequestParam(required = false) String popular,
@RequestParam(required = false) String search,
@RequestParam(required = false, defaultValue = "0") Integer page,
- @RequestParam(required = false) String media,
- @RequestParam(required = false) String tag) {
+ @RequestParam(required = false) String media, @RequestParam(required = false) String tag) {
List<Integer> mids;
if (StringUtils.hasText(uname)) {
User user = userService.getUserByName(uname);
@@ -112,19 +99,20 @@ public class Messages {
if (tagObject != null) {
mids = messagesService.getUserTag(user.getUid(), tagObject.TID, 0, before);
} else {
- return NOT_FOUND;
+ throw new HttpNotFoundException();
}
} else if (StringUtils.hasText(withrecommended)) {
mids = messagesService.getUserBlogWithRecommendations(user.getUid(), 0, before);
} else if (daysback > 0) {
mids = messagesService.getUserBlogAtDay(user.getUid(), 0, daysback);
} else if (StringUtils.hasText(search)) {
- mids = messagesService.getUserSearch(visitor, user.getUid(), WebUtils.encodeSphinx(search), 0, page);
+ mids = messagesService.getUserSearch(visitor, user.getUid(), WebUtils.encodeSphinx(search), 0,
+ page);
} else {
mids = messagesService.getUserBlog(user.getUid(), 0, before);
}
} else {
- return NOT_FOUND;
+ throw new HttpNotFoundException();
}
} else {
if (StringUtils.hasText(popular)) {
@@ -136,7 +124,7 @@ public class Messages {
if (tagObject != null) {
mids = messagesService.getTag(tagObject.TID, visitor.getUid(), before, 20);
} else {
- return NOT_FOUND;
+ throw new HttpNotFoundException();
}
} else if (StringUtils.hasText(search)) {
mids = messagesService.getSearch(visitor, WebUtils.encodeSphinx(search), page);
@@ -146,12 +134,12 @@ public class Messages {
}
List<Message> msgs = messagesService.getMessages(visitor, mids);
msgs.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser())));
- return ResponseEntity.ok(msgs);
+ return msgs;
}
+
@DeleteMapping("/api/messages")
- public CommandResult deleteMessage(
- @Visitor User visitor,
- @RequestParam int mid, @RequestParam(required = false, defaultValue = "0") int rid) {
+ public CommandResult deleteMessage(@Visitor User visitor, @RequestParam int mid,
+ @RequestParam(required = false, defaultValue = "0") int rid) {
if (rid > 0) {
if (messagesService.deleteReply(visitor.getUid(), mid, rid)) {
return CommandResult.fromString("Reply deleted");
@@ -164,52 +152,47 @@ public class Messages {
}
@GetMapping("/api/messages/discussions")
- public List<Message> getDiscussions(
- @Visitor User visitor,
+ public List<Message> getDiscussions(@Visitor User visitor,
@RequestParam(required = false, defaultValue = "0") Long to) {
- List<Message> msgs = messagesService.getMessages(visitor,
- messagesService.getDiscussions(visitor.getUid(), to));
+ List<Message> msgs = messagesService.getMessages(visitor, messagesService.getDiscussions(visitor.getUid(), to));
msgs.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser())));
return msgs;
}
+
@GetMapping("/api/thread")
- public ResponseEntity<List<Message>> getThread(
- @Visitor User visitor,
- @RequestParam(defaultValue = "0") int mid) {
+ public List<Message> getThread(@Visitor User visitor, @RequestParam(defaultValue = "0") int mid) {
Optional<Message> message = messagesService.getMessage(mid);
if (message.isPresent()) {
Message msg = message.get();
if (!messagesService.canViewThread(mid, visitor.getUid())) {
- return FORBIDDEN;
+ throw new HttpForbiddenException();
} else {
msg.getUser().setAvatar(webApp.getAvatarUrl(msg.getUser()));
- msg.setRecommendations(new HashSet<>(messagesService.getMessagesRecommendations(
- Collections.singletonList(msg.getMid()))
- .stream().map(Pair::getRight).collect(Collectors.toList())));
+ msg.setRecommendations(new HashSet<>(
+ messagesService.getMessagesRecommendations(Collections.singletonList(msg.getMid())).stream()
+ .map(Pair::getRight).collect(Collectors.toList())));
msg.getRecommendations().forEach(r -> r.setAvatar(webApp.getAvatarUrl(r)));
List<Message> replies = messagesService.getReplies(visitor, mid);
replies.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser())));
if (!visitor.isAnonymous()) {
userService.updateLastSeen(visitor);
- applicationEventPublisher.publishEvent(
- new SystemEvent(this, SystemActivity.read(visitor, msg)));
+ applicationEventPublisher.publishEvent(new SystemEvent(this, SystemActivity.read(visitor, msg)));
}
replies.add(0, msg);
- return ResponseEntity.ok(replies);
+ return replies;
}
}
- return NOT_FOUND;
+ throw new HttpNotFoundException();
}
+
@GetMapping(value = "/api/thread/mark_read/{mid}-{rid}.gif", produces = MediaType.IMAGE_GIF_VALUE)
- public byte[] markThreadRead(
- @Visitor User visitor,
- @PathVariable int mid, @PathVariable int rid) throws IOException {
+ public byte[] markThreadRead(@Visitor User visitor, @PathVariable int mid, @PathVariable int rid)
+ throws IOException {
if (!visitor.isAnonymous()) {
messagesService.setLastReadComment(visitor, mid, rid);
Message msg = messagesService.getMessage(mid).orElseThrow(IllegalStateException::new);
userService.updateLastSeen(visitor);
- applicationEventPublisher.publishEvent(
- new SystemEvent(this, SystemActivity.read(visitor, msg)));
+ applicationEventPublisher.publishEvent(new SystemEvent(this, SystemActivity.read(visitor, msg)));
return IOUtils.toByteArray(invisiblePixel.getInputStream());
}
throw new HttpBadRequestException();
diff --git a/src/main/java/com/juick/www/api/Notifications.java b/src/main/java/com/juick/www/api/Notifications.java
index 524e4da4..d00fe4ca 100644
--- a/src/main/java/com/juick/www/api/Notifications.java
+++ b/src/main/java/com/juick/www/api/Notifications.java
@@ -23,6 +23,7 @@ import com.juick.model.Status;
import com.juick.model.User;
import com.juick.model.AnonymousUser;
import com.juick.util.HttpBadRequestException;
+import com.juick.util.HttpForbiddenException;
import com.juick.service.MessagesService;
import com.juick.service.PushQueriesService;
import com.juick.service.SubscriptionService;
@@ -33,9 +34,7 @@ import io.swagger.v3.oas.annotations.Hidden;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
-import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@@ -86,17 +85,17 @@ public class Notifications {
@Hidden
@RequestMapping(value = "/api/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
- public ResponseEntity<List<User>> doGet(
+ public List<User> doGet(
@Visitor User visitor,
@RequestParam(required = false, defaultValue = "0") int uid,
@RequestParam(required = false, defaultValue = "0") int mid,
@RequestParam(required = false, defaultValue = "0") int rid) {
if (!(visitor.getName().equals(serviceUser))) {
- return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null);
+ throw new HttpForbiddenException();
}
if (uid > 0 && mid == 0) {
// PM
- return ResponseEntity.ok(Collections.singletonList(collectTokens(uid)));
+ return Collections.singletonList(collectTokens(uid));
} else {
if (mid > 0) {
// reply
@@ -114,22 +113,22 @@ public class Notifications {
users = subscriptionService.getSubscribedUsers(msg.getUser().getUid(), msg);
}
- return ResponseEntity.ok(users.stream().map(User::getUid)
- .map(this::collectTokens).collect(Collectors.toList()));
+ return users.stream().map(User::getUid)
+ .map(this::collectTokens).collect(Collectors.toList());
} else {
// read
- return ResponseEntity.ok(Collections.singletonList(collectTokens(uid)));
+ return Collections.singletonList(collectTokens(uid));
}
}
}
@Hidden
@RequestMapping(value = "/api/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE)
- public ResponseEntity<Status> doDelete(
+ public Status doDelete(
@Visitor User visitor,
@RequestBody List<ExternalToken> list) {
if (!visitor.getName().equals(serviceUser)) {
- return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null);
+ throw new HttpForbiddenException();
}
list.forEach(t -> {
switch (t.getType()) {
@@ -147,15 +146,15 @@ public class Notifications {
}
});
- return ResponseEntity.ok(Status.OK);
+ return Status.OK;
}
@Hidden
@RequestMapping(value = "/api/notifications/delete", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
- public ResponseEntity<Status> doDeleteTokens(
+ public Status doDeleteTokens(
@Visitor User visitor,
@RequestBody List<ExternalToken> list) {
if (!visitor.getName().equals(serviceUser)) {
- return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null);
+ throw new HttpForbiddenException();
}
list.forEach(t -> {
switch (t.getType()) {
@@ -173,7 +172,7 @@ public class Notifications {
}
});
- return ResponseEntity.ok(Status.OK);
+ return Status.OK;
}
@Hidden
diff --git a/src/main/java/com/juick/www/api/Users.java b/src/main/java/com/juick/www/api/Users.java
index 030d8ced..06d040ff 100644
--- a/src/main/java/com/juick/www/api/Users.java
+++ b/src/main/java/com/juick/www/api/Users.java
@@ -35,7 +35,6 @@ import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.http.MediaType;
-import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
@@ -120,7 +119,7 @@ public class Users {
return (SecureUser)userService.getUserInfo(me);
}
@PostMapping("/api/me")
- public ResponseEntity<Void> updateMe(@Visitor User visitor,
+ public void updateMe(@Visitor User visitor,
@RequestParam(required = false) String password,
@RequestParam(value = "jid-del", required = false) String jidForDeletion,
@RequestParam(value = "email-add", required = false) String newEmail,
@@ -162,13 +161,11 @@ public class Users {
break;
}
}
- return ResponseEntity.ok().build();
}
@PostMapping("/api/me/subscribe")
- public ResponseEntity<Void> subscribeMe(@Visitor User visitor, String email) {
+ public void subscribeMe(@Visitor User visitor, String email) {
// TODO: check status
emailService.setNotificationsEmail(visitor.getUid(), email);
- return ResponseEntity.ok().build();
}
@PostMapping("/api/me/upload")
public void updateInfo(@Visitor User visitor,
diff --git a/src/main/java/com/juick/www/api/activity/Profile.java b/src/main/java/com/juick/www/api/activity/Profile.java
index 618ae387..3dc717e9 100644
--- a/src/main/java/com/juick/www/api/activity/Profile.java
+++ b/src/main/java/com/juick/www/api/activity/Profile.java
@@ -56,7 +56,6 @@ import com.juick.service.security.annotation.Visitor;
import com.overzealous.remark.Remark;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;