diff options
Diffstat (limited to 'src/main/java/com/juick')
21 files changed, 167 insertions, 549 deletions
diff --git a/src/main/java/com/juick/EmailManager.java b/src/main/java/com/juick/EmailManager.java index df02fe1c..37c8e3c5 100644 --- a/src/main/java/com/juick/EmailManager.java +++ b/src/main/java/com/juick/EmailManager.java @@ -33,7 +33,6 @@ import jakarta.mail.internet.MimeMessage; import jakarta.mail.internet.MimeMultipart; import com.juick.util.HttpBadRequestException; -import com.juick.www.WebApp; import com.juick.service.EmailService; import com.juick.service.MessagesService; import com.juick.service.UserService; @@ -67,8 +66,6 @@ public class EmailManager implements NotificationListener { private UserService userService; @Inject private ObjectMapper jsonMapper; - @Inject - private WebApp webApp; @Value("${web_domain:localhost}") private String webDomain; @Value("${service_email:}") diff --git a/src/main/java/com/juick/config/AppConfig.java b/src/main/java/com/juick/config/AppConfig.java index 32cc5899..a48c7ee0 100644 --- a/src/main/java/com/juick/config/AppConfig.java +++ b/src/main/java/com/juick/config/AppConfig.java @@ -20,15 +20,8 @@ package com.juick.config; import com.juick.*; import com.juick.model.User; import com.juick.service.*; -import com.mitchellbosecke.pebble.extension.FormatterExtension; import com.overzealous.remark.Options; import com.overzealous.remark.Remark; -import io.pebbletemplates.pebble.PebbleEngine; -import io.pebbletemplates.pebble.loader.ClasspathLoader; -import io.pebbletemplates.pebble.loader.Loader; -import io.pebbletemplates.spring.extension.SpringExtension; -import io.pebbletemplates.spring.servlet.PebbleViewResolver; - import org.commonmark.ext.autolink.AutolinkExtension; import org.commonmark.node.Link; import org.commonmark.parser.Parser; @@ -40,11 +33,9 @@ import org.springframework.context.annotation.Configuration; import org.springframework.core.io.Resource; import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler; import org.springframework.security.web.firewall.RequestRejectedHandler; -import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.resource.ResourceUrlEncodingFilter; import org.springframework.web.servlet.resource.ResourceUrlProvider; -import java.nio.charset.StandardCharsets; import java.util.Collections; import jakarta.inject.Inject; diff --git a/src/main/java/com/juick/config/HttpClientConfig.java b/src/main/java/com/juick/config/HttpClientConfig.java index 9f5182e8..fd94ae4f 100644 --- a/src/main/java/com/juick/config/HttpClientConfig.java +++ b/src/main/java/com/juick/config/HttpClientConfig.java @@ -18,7 +18,6 @@ package com.juick.config; import com.juick.util.ActivityPubRequestInterceptor; -import okhttp3.Dispatcher; import okhttp3.OkHttpClient; import okhttp3.logging.HttpLoggingInterceptor; import org.slf4j.Logger; diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index 820ebf74..a93a4a5c 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -202,13 +202,10 @@ public class SecurityConfig { "/api/messages/discussions", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk", "/api/_patreon", "/api/_vk", - "/api/skypebotendpoint", "/api/_fblogin", - "/api/_vklogin", "/api/_tglogin", - "/api/_google", "/api/_applelogin", "/api/signup", + "/api/skypebotendpoint", "/api/signup", "/api/inbox", "/api/events", "/api/u/", "/u/**", "/n/**", "/api/info/**", "/api/v1/apps", "/api/v1/instance", - "/api/v2/instance", "/api/nodeinfo/2.0", "/oauth/**") .permitAll() .anyRequest().hasAnyAuthority("SCOPE_write", "ROLE_USER")) diff --git a/src/main/java/com/juick/model/User.java b/src/main/java/com/juick/model/User.java index 7b0b7099..dd0feda1 100644 --- a/src/main/java/com/juick/model/User.java +++ b/src/main/java/com/juick/model/User.java @@ -64,6 +64,7 @@ public class User implements Serializable { private boolean premium; @XmlTransient private boolean admin; + private String language; public User() { tokens = new ArrayList<>(); @@ -298,4 +299,12 @@ public class User implements Serializable { public void setAdmin(boolean admin) { this.admin = admin; } + + public String getLanguage() { + return language; + } + + public void setLanguage(String language) { + this.language = language; + } } diff --git a/src/main/java/com/juick/service/MessagesServiceImpl.java b/src/main/java/com/juick/service/MessagesServiceImpl.java index bad080a0..de342977 100644 --- a/src/main/java/com/juick/service/MessagesServiceImpl.java +++ b/src/main/java/com/juick/service/MessagesServiceImpl.java @@ -38,8 +38,6 @@ import org.springframework.jdbc.core.ConnectionCallback; import org.springframework.jdbc.core.RowMapper; import org.springframework.jdbc.core.namedparam.MapSqlParameterSource; import org.springframework.jdbc.core.namedparam.SqlParameterSource; -import org.springframework.jdbc.core.simple.SimpleJdbcInsert; -import org.springframework.jdbc.support.GeneratedKeyHolder; import org.springframework.lang.NonNull; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; diff --git a/src/main/java/com/juick/service/TagServiceImpl.java b/src/main/java/com/juick/service/TagServiceImpl.java index 9f5c9356..1eea6812 100644 --- a/src/main/java/com/juick/service/TagServiceImpl.java +++ b/src/main/java/com/juick/service/TagServiceImpl.java @@ -27,15 +27,12 @@ import org.springframework.jdbc.core.BatchPreparedStatementSetter; import org.springframework.jdbc.core.PreparedStatementCallback; import org.springframework.jdbc.core.RowMapper; import org.springframework.jdbc.core.namedparam.MapSqlParameterSource; -import org.springframework.jdbc.support.GeneratedKeyHolder; -import org.springframework.jdbc.support.KeyHolder; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; -import java.sql.Statement; import java.time.Instant; import java.time.ZoneOffset; import java.time.temporal.ChronoUnit; diff --git a/src/main/java/com/juick/service/UserService.java b/src/main/java/com/juick/service/UserService.java index 6f7cb58f..845028f7 100644 --- a/src/main/java/com/juick/service/UserService.java +++ b/src/main/java/com/juick/service/UserService.java @@ -32,7 +32,6 @@ import org.springframework.cache.annotation.Cacheable; import java.util.Collection; import java.util.List; -import java.util.Map; import java.util.Optional; /** @@ -83,6 +82,8 @@ public interface UserService { boolean updateUserInfo(User info); + boolean updateLanguage(User user); + boolean isInWL(int uid, int check); boolean isInBL(int uid, int check); @@ -170,7 +171,7 @@ public interface UserService { boolean updateFacebookUser(long fbID, String token, String fbName); - int getUIDbyVKID(long vkID); + Optional<User> getUserByVKID(long vkID); boolean createVKUser(long vkID, String loginhash, String token, String vkName, String vkLink); diff --git a/src/main/java/com/juick/service/UserServiceImpl.java b/src/main/java/com/juick/service/UserServiceImpl.java index 0bbeea91..bad1378a 100644 --- a/src/main/java/com/juick/service/UserServiceImpl.java +++ b/src/main/java/com/juick/service/UserServiceImpl.java @@ -27,16 +27,10 @@ import org.apache.commons.lang3.tuple.Pair; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; -import org.springframework.dao.DataAccessException; import org.springframework.dao.DataIntegrityViolationException; import org.springframework.dao.EmptyResultDataAccessException; -import org.springframework.jdbc.UncategorizedSQLException; -import org.springframework.jdbc.core.PreparedStatementCallback; import org.springframework.jdbc.core.RowMapper; import org.springframework.jdbc.core.namedparam.MapSqlParameterSource; -import org.springframework.jdbc.core.simple.SimpleJdbcInsert; -import org.springframework.jdbc.support.GeneratedKeyHolder; -import org.springframework.jdbc.support.KeyHolder; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; @@ -71,6 +65,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { user.setVerified(rs.getLong(6) > 0); user.setPremium(rs.getInt(7) > 0); user.setAdmin(adminUsers.contains(user.getName())); + user.setLanguage(rs.getString("lang")); return user; } } @@ -125,7 +120,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { public Optional<User> getUserByUID(final int uid) { var list = getJdbcTemplate().query(""" SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen, - COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium + COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang FROM users u LEFT JOIN facebook f ON f.user_id = u.id LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id LEFT JOIN emails e ON e.user_id = u.id WHERE u.id = ?""", userMapper, uid); @@ -139,7 +134,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { if (StringUtils.isNotBlank(username)) { var list = getJdbcTemplate().query(""" SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen, - COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium + COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang FROM users u LEFT JOIN facebook f ON f.user_id = u.id LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id LEFT JOIN emails e ON e.user_id = u.id @@ -164,7 +159,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { try { List<User> list = getJdbcTemplate().query( "SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen, " + - "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium " + + "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang " + "FROM users u LEFT JOIN facebook f ON f.user_id = u.id " + "LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id " + "LEFT JOIN emails e ON e.user_id = u.id " + @@ -190,7 +185,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { if (StringUtils.isNotBlank(jid)) { List<User> list = getJdbcTemplate().query( "SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen," + - "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium " + + "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang " + "FROM users u LEFT JOIN facebook f ON f.user_id = u.id " + "LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id " + "LEFT JOIN emails e ON e.user_id = u.id " + @@ -212,7 +207,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { return getNamedParameterJdbcTemplate().query( "SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen," + - "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium " + + "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang " + "FROM users u LEFT JOIN facebook f ON f.user_id = u.id " + "LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id " + "LEFT JOIN emails e ON e.user_id = u.id " + @@ -229,7 +224,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { return getNamedParameterJdbcTemplate().query( "SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen," + - "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium " + + "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang " + "FROM users u LEFT JOIN facebook f ON f.user_id = u.id " + "LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id " + "LEFT JOIN emails e ON e.user_id = u.id " + @@ -264,7 +259,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { if (StringUtils.isNotBlank(hash)) { List<User> list = getJdbcTemplate().query( "SELECT DISTINCT logins.user_id, u.nick, u.passw, u.banned, u.last_seen," + - "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium " + + "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang " + "FROM logins INNER JOIN users u ON logins.user_id = u.id " + "LEFT JOIN facebook f ON f.user_id = u.id " + "LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id " + @@ -302,7 +297,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { if (StringUtils.isNotBlank(username)) { List<User> list = getJdbcTemplate().query( "SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen," + - "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium " + + "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang " + "FROM users u LEFT JOIN facebook f ON f.user_id = u.id " + "LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id " + "LEFT JOIN emails e ON e.user_id = u.id " + @@ -368,6 +363,15 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { } } + @Transactional + @Override + public boolean updateLanguage(final User user) { + return getJdbcTemplate().update( + "UPDATE users SET lang=? WHERE id=?", + user.getLanguage(), + user.getUid()) > 0; + } + @Transactional(readOnly = true) @Override public boolean isInWL(final int uid, final int check) { @@ -758,7 +762,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { List<User> list = getJdbcTemplate().query( """ SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen, - COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium + COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang FROM users u LEFT JOIN facebook f ON f.user_id = u.id LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id LEFT JOIN emails e ON e.user_id = u.id @@ -791,7 +795,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { public Optional<User> getUserByFacebookId(long facebookId) { List<User> list = getJdbcTemplate().query( "SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen, " + - "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium " + + "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang " + "FROM users u LEFT JOIN facebook f ON f.user_id = u.id " + "LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id " + "LEFT JOIN emails e ON e.user_id = u.id WHERE f.fb_id = ?", new UserMapper(), facebookId); @@ -815,10 +819,15 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { @Transactional(readOnly = true) @Override - public int getUIDbyVKID(long vkID) { - var users = getJdbcTemplate().queryForList(""" - SELECT user_id FROM vk WHERE vk_id=? AND user_id IS NOT NULL""", Integer.class, vkID); - return users.isEmpty() ? 0 : users.get(0); + public Optional<User> getUserByVKID(long vkID) { + List<User> list = getJdbcTemplate().query( + "SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen, " + + "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium, lang " + + "FROM users u LEFT JOIN facebook f ON f.user_id = u.id " + + "LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id " + + "LEFT JOIN emails e ON e.user_id = u.id WHERE vk.vk_id = ?", new UserMapper(), vkID); + + return list.isEmpty() ? Optional.empty() : Optional.of(list.get(0)); } @Transactional diff --git a/src/main/java/com/juick/service/VKService.java b/src/main/java/com/juick/service/VKService.java index b9b2483f..7f6b2516 100644 --- a/src/main/java/com/juick/service/VKService.java +++ b/src/main/java/com/juick/service/VKService.java @@ -30,6 +30,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; +import org.springframework.web.util.UriComponentsBuilder; import jakarta.inject.Inject; @@ -40,7 +41,8 @@ public class VKService { private String VK_APPID; @Value("${vk_secret:secret}") private String VK_SECRET; - private static final String VK_REDIRECT = "https://juick.com/_vklogin"; + @Value("${ap_base_uri:http://localhost:8080/}") + private String baseUri; @Inject private ObjectMapper jsonMapper; @Inject @@ -49,10 +51,12 @@ public class VKService { @PostConstruct public void init() { + UriComponentsBuilder redirectBuilder = UriComponentsBuilder.fromUriString(baseUri); + String redirectUri = redirectBuilder.replacePath("/_vklogin").build().toUriString(); ServiceBuilder vkBuilder = new ServiceBuilder(VK_APPID); setVkAuthService(vkBuilder.apiSecret(VK_SECRET) .defaultScope("friends,wall,offline,groups") - .callback(VK_REDIRECT) + .callback(redirectUri) .build(VkontakteApi.instance())); } diff --git a/src/main/java/com/juick/util/MessageUtils.java b/src/main/java/com/juick/util/MessageUtils.java index 316adb90..5418ae64 100644 --- a/src/main/java/com/juick/util/MessageUtils.java +++ b/src/main/java/com/juick/util/MessageUtils.java @@ -42,13 +42,20 @@ public class MessageUtils { } public static String formatQuote(final String quote) { + return formatQuote(quote, false); + } + + public static String formatQuote(final String quote, final boolean isHtml) { String result = quote; + var prefix = isHtml ? "<blockquote>" : ">"; + var suffix = isHtml ? "</blockquote>" : "\n"; + if (quote != null) { if (quote.length() > 50) { - result = ">" + StringUtils.abbreviate(quote, "…", 47).replace('\n', ' ') + "\n"; + result = prefix + StringUtils.abbreviate(quote, "…", 47).replace('\n', ' ') + suffix; } else if (!quote.isEmpty()) { - result = ">" + quote.replace('\n', ' ') + "\n"; + result = prefix + quote.replace('\n', ' ') + suffix; } } @@ -57,7 +64,7 @@ public class MessageUtils { private final static String urlWhiteSpacePrefix = "((?<=\\s)|(?<=\\A))"; - private final static String urlRegex = "((?:(?:ht|f)tps?://(?:www\\.)?([^\\s()<>/?#]+)([^\\s()<>]*)?))"; + private final static String urlRegex = "((?:(?:ht|f)tps?://(?:www\\.)?([^\\s()<>/?#]+)([^\\s()<>«»]*)?))"; private final static String urlWithWhitespacesRegex = urlWhiteSpacePrefix + urlRegex; @@ -220,11 +227,11 @@ public class MessageUtils { m.appendTail(sb); msg = sb.toString(); + + // > citate + msg = msg.replaceAll(citateRegex, "<blockquote>$1</blockquote>"); + msg = msg.replaceAll("</blockquote><blockquote>", "\n"); if (!compatibleWithDurov) { - // > citate - msg = msg.replaceAll(citateRegex, "<blockquote>$1</blockquote>"); - msg = msg.replaceAll("</blockquote><blockquote>", "\n"); - msg = msg.replaceAll("\n", "<br/>\n"); } return msg; diff --git a/src/main/java/com/juick/util/xmpp/JidConverter.java b/src/main/java/com/juick/util/xmpp/JidConverter.java index 4f457164..5c40d470 100644 --- a/src/main/java/com/juick/util/xmpp/JidConverter.java +++ b/src/main/java/com/juick/util/xmpp/JidConverter.java @@ -18,13 +18,14 @@ package com.juick.util.xmpp; import org.springframework.core.convert.converter.Converter; +import org.springframework.lang.NonNull; import org.springframework.lang.Nullable; import rocks.xmpp.addr.Jid; public class JidConverter implements Converter<String, Jid> { @Nullable @Override - public Jid convert(String jidStr) { + public Jid convert(@NonNull String jidStr) { return Jid.of(jidStr); } } diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java deleted file mode 100644 index 6ea1c89f..00000000 --- a/src/main/java/com/juick/www/api/ApiSocialLogin.java +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright (C) 2008-2020, Juick - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ -package com.juick.www.api; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.github.scribejava.apis.AppleClientSecretGenerator; -import com.github.scribejava.apis.AppleSignInApi; -import com.github.scribejava.apis.FacebookApi; -import com.github.scribejava.apis.GoogleTokenVerifier; -import com.github.scribejava.apis.VkontakteApi; -import com.github.scribejava.core.builder.ServiceBuilder; -import com.github.scribejava.core.model.OAuth2AccessToken; -import com.github.scribejava.core.model.OAuthRequest; -import com.github.scribejava.core.model.Verb; -import com.github.scribejava.core.oauth.OAuth20Service; -import com.juick.model.AuthResponse; -import com.juick.model.ext.facebook.User; -import com.juick.model.ext.vk.UsersResponse; -import com.juick.service.EmailService; -import com.juick.service.UserService; -import com.juick.util.HttpBadRequestException; -import com.juick.util.HttpForbiddenException; - -import org.apache.commons.lang3.RandomStringUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.commons.lang3.math.NumberUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.ResponseBody; -import org.springframework.web.util.UriComponentsBuilder; - -import jakarta.annotation.PostConstruct; -import jakarta.inject.Inject; -import java.io.IOException; -import java.util.Map; -import java.util.Optional; -import java.util.UUID; -import java.util.concurrent.ExecutionException; - -/** - * - * @author Ugnich Anton - */ -@Controller -public class ApiSocialLogin { - - private static final Logger logger = LoggerFactory.getLogger(ApiSocialLogin.class); - - @Value("${facebook_appid:appid}") - private String FACEBOOK_APPID; - @Value("${facebook_secret:secret}") - private String FACEBOOK_SECRET; - private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin"; - private static final String VK_REDIRECT = "https://api.juick.com/_vklogin"; - @Inject - private ObjectMapper jsonMapper; - private OAuth20Service facebookAuthService, vkAuthService, appleSignInService; - - @Value("${twitter_consumer_key:appid}") - private String twitterConsumerKey; - @Value("${twitter_consumer_secret:secret}") - private String twitterConsumerSecret; - @Value("${vk_appid:appid}") - private String VK_APPID; - @Value("${vk_secret:secret}") - private String VK_SECRET; - @Value("${google_client_id:}") - private String googleClientId; - @Value("${apple_app_id:appid}") - private String appleApplicationId; - @Value("${ap_base_uri:http://localhost:8080/}") - private String baseUri; - - @Inject - private UserService userService; - @Inject - private EmailService emailService; - @Inject - private AppleClientSecretGenerator clientSecretGenerator; - @Inject - private Users users; - - @PostConstruct - public void init() { - ServiceBuilder facebookBuilder = new ServiceBuilder(FACEBOOK_APPID); - ServiceBuilder vkBuilder = new ServiceBuilder(VK_APPID); - facebookAuthService = facebookBuilder - .apiSecret(FACEBOOK_SECRET) - .callback(FACEBOOK_REDIRECT) - .defaultScope("email") - .build(FacebookApi.instance()); - vkAuthService = vkBuilder - .apiSecret(VK_SECRET) - .defaultScope("friends,wall,offline,groups") - .callback(VK_REDIRECT) - .build(VkontakteApi.instance()); - ServiceBuilder appleSignInBuilder = new ServiceBuilder(appleApplicationId); - UriComponentsBuilder redirectBuilder = UriComponentsBuilder.fromUriString(baseUri); - String appleSignInRedirectUri = redirectBuilder.replacePath("/api/_applelogin").build().toUriString(); - appleSignInService = appleSignInBuilder - .callback(appleSignInRedirectUri) - .defaultScope("email") - .build(new AppleSignInApi(clientSecretGenerator, appleApplicationId)); - } - - @GetMapping("/api/_fblogin") - protected String doFacebookLogin(@RequestParam(required = false) String code, - @RequestParam(required = false) String state) throws IOException, ExecutionException, InterruptedException { - if (StringUtils.isBlank(code)) { - String fbstate = UUID.randomUUID().toString(); - userService.addFacebookState(fbstate, state); - return "redirect:" + facebookAuthService.getAuthorizationUrl(fbstate); - } - - String redirectUrl = userService.verifyFacebookState(state); - - if (StringUtils.isEmpty(redirectUrl)) { - logger.error("state is missing"); - throw new HttpBadRequestException(); - } - OAuth2AccessToken token = facebookAuthService.getAccessToken(code); - final OAuthRequest meRequest = new OAuthRequest(Verb.GET, "https://graph.facebook.com/me?fields=id,name,email"); - facebookAuthService.signRequest(token, meRequest); - String graph = facebookAuthService.execute(meRequest).getBody(); - if (StringUtils.isBlank(graph)) { - logger.error("FACEBOOK GRAPH ERROR"); - throw new HttpBadRequestException(); - } - User fb = jsonMapper.readValue(graph, User.class); - long fbID = NumberUtils.toLong(fb.id(), 0); - if (fbID == 0 || StringUtils.isBlank(fb.name())) { - logger.error("Missing required fields, id: {}, name: {}", fbID, fb.name()); - throw new HttpBadRequestException(); - } - - Optional<com.juick.model.User> existingFacebookUser = userService.getUserByFacebookId(fbID); - if (existingFacebookUser.isPresent()) { - if (!userService.updateFacebookUser(fbID, token.getAccessToken(), fb.name())) { - logger.error("error updating facebook user, id: {}, token: {}", fbID, token.getAccessToken()); - throw new HttpBadRequestException(); - } - if (StringUtils.isNotEmpty(fb.email())) { - logger.info("found {} for facebook user {}", fb.email(), fb.name()); - Integer userId = existingFacebookUser.get().getUid(); - if (!emailService.getEmails(userId, false).contains(fb.email())) { - emailService.addEmail(userId, fb.email()); - } - } - UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl); - uriComponentsBuilder.queryParam("hash", userService.getHashByUID(existingFacebookUser.get().getUid())); - uriComponentsBuilder.queryParam("retpath", redirectUrl); - return "redirect:" + uriComponentsBuilder.build().toUriString(); - } else { - if (!userService.createFacebookUser(fbID, state, token.getAccessToken(), fb.name())) { - throw new HttpBadRequestException(); - } - return "redirect:/signup?type=fb&hash=" + state; - } - } - @GetMapping("/api/_vklogin") - protected String doVKLogin(@RequestParam(required = false) String code, - @RequestParam String state) throws IOException, ExecutionException, InterruptedException { - if (StringUtils.isBlank(code)) { - String vkstate = UUID.randomUUID().toString(); - userService.addVKState(vkstate, state); - return "redirect:" + vkAuthService.getAuthorizationUrl(vkstate); - } - - String redirectUrl = userService.verifyVKState(state); - if (StringUtils.isBlank(redirectUrl)) { - logger.error("state is missing"); - throw new HttpBadRequestException(); - } - OAuth2AccessToken token = vkAuthService.getAccessToken(code); - - OAuthRequest meRequest = new OAuthRequest(Verb.GET, "https://api.vk.com/method/users.get?fields=screen_name&v=5.131"); - vkAuthService.signRequest(token, meRequest); - String graph = vkAuthService.execute(meRequest).getBody(); - - com.juick.model.ext.vk.User jsonUser = jsonMapper.readValue(graph, UsersResponse.class).users().get(0); - String vkName = jsonUser.firstName() + " " + jsonUser.lastName(); - String vkLink = jsonUser.screenName(); - - if (vkName.length() == 1 || StringUtils.isBlank(vkLink)) { - logger.error("vk user error"); - throw new HttpBadRequestException(); - } - - long vkID = NumberUtils.toLong(jsonUser.id(), 0); - int uid = userService.getUIDbyVKID(vkID); - if (uid > 0) { - UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl); - uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid)); - uriComponentsBuilder.queryParam("retpath", redirectUrl); - return "redirect:" + uriComponentsBuilder.build().toUriString(); - } else { - String loginhash = UUID.randomUUID().toString(); - if (!userService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) { - logger.error("create vk user error"); - throw new HttpBadRequestException(); - } - return "redirect:/signup?type=vk&hash=" + loginhash; - } - } - @ResponseBody - @PostMapping("/api/_google") - public AuthResponse googleSignIn(@RequestParam(name = "idToken") String idTokenString) { - logger.info("Token: {}", idTokenString); - logger.info("Client: {}", googleClientId); - Optional<String> verifiedEmail = GoogleTokenVerifier.validateToken(googleClientId, idTokenString); - if (verifiedEmail.isPresent()) { - String email = verifiedEmail.get(); - com.juick.model.User visitor = userService.getUserByEmail(email); - if (visitor.isAnonymous()) { - String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); - emailService.addVerificationCode(null, email, verificationCode); - return new AuthResponse(null, email, verificationCode); - } else { - return new AuthResponse(users.getMe(visitor), null, null); - } - } - throw new HttpForbiddenException(); - } - @ResponseBody - @PostMapping("/api/signup") - public com.juick.model.User signupWithEmail(String username, String password, String verificationCode) { - if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$") - || password.length() < 6 || password.length() > 32) { - throw new HttpBadRequestException(); - } - - String verifiedEmail = emailService.getEmailByAuthCode(verificationCode); - if (StringUtils.isNotEmpty(verifiedEmail)) { - com.juick.model.User newUser = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new); - emailService.addEmail(newUser.getUid(), verifiedEmail); - emailService.deleteAuthCode(verificationCode); - return newUser; - } else { - throw new HttpForbiddenException(); - } - } - @GetMapping("/api/_applelogin") - public String doAppleLogin(@RequestParam(required = false) String code, @RequestParam String state) { - if (StringUtils.isBlank(code)) { - String astate = UUID.randomUUID().toString(); - userService.addVKState(astate, state); - return "redirect:" + appleSignInService.getAuthorizationUrl(astate); - } - throw new HttpBadRequestException(); - } - @PostMapping("/api/_applelogin") - public String doVerifyAppleResponse(@RequestParam Map<String, String> body) throws InterruptedException, ExecutionException, IOException { - OAuth2AccessToken token = appleSignInService.getAccessToken(body.get("code")); - var jsonNode = jsonMapper.readTree(token.getRawResponse()); - var idToken = jsonNode.get("id_token").textValue(); - logger.info("Token: {}", idToken); - AppleSignInApi api = (AppleSignInApi) appleSignInService.getApi(); - var email = api.validateToken(idToken); - - if (email.isPresent()) { - com.juick.model.User user = userService.getUserByEmail(email.get()); - if (!user.isAnonymous()) { - String redirectUrl = userService.verifyVKState(body.get("state")); - if (StringUtils.isBlank(redirectUrl)) { - logger.error("state is missing"); - throw new HttpBadRequestException(); - } - UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl); - uriComponentsBuilder.queryParam("hash", userService.getHashByUID(user.getUid())); - uriComponentsBuilder.queryParam("retpath", redirectUrl); - return "redirect:" + uriComponentsBuilder.build().toUriString(); - } else { - String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); - emailService.addVerificationCode(null, email.get(), verificationCode); - return "redirect:/signup?type=email&hash=" + verificationCode; - } - } - throw new HttpBadRequestException(); - } -} diff --git a/src/main/java/com/juick/www/api/Mastodon.java b/src/main/java/com/juick/www/api/Mastodon.java index 220963c1..ca3687e7 100644 --- a/src/main/java/com/juick/www/api/Mastodon.java +++ b/src/main/java/com/juick/www/api/Mastodon.java @@ -164,7 +164,7 @@ public class Mastodon { ) { } - @GetMapping({"/api/v1/instance", "/api/v2/instance"}) + @GetMapping("/api/v1/instance") public Instance getInstance() { return new Instance(domain, "Microblogging service", "Juick", "2.x","support@juick.com"); } diff --git a/src/main/java/com/juick/www/api/Post.java b/src/main/java/com/juick/www/api/Post.java index 18b02445..57c23703 100644 --- a/src/main/java/com/juick/www/api/Post.java +++ b/src/main/java/com/juick/www/api/Post.java @@ -48,7 +48,9 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.ApplicationEventPublisher; import org.springframework.http.HttpStatus; +import org.springframework.http.HttpStatusCode; import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -74,38 +76,36 @@ public class Post { @RequestMapping(value = "/api/post", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseStatus(value = HttpStatus.OK) - public CommandResult doPostMessage( + public ResponseEntity<?> doPostMessage( @Parameter(hidden = true) User visitor, @RequestParam(required = false, defaultValue = StringUtils.EMPTY) String body, @RequestParam(required = false) String img, @RequestParam(required = false) MultipartFile attach) throws Exception { body = body.replace("\r", StringUtils.EMPTY); - - URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, storageService.getTemporaryDirectory()); - - if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) { - URI juickUri = URI.create(img); - if (juickUri.getScheme().equals("juick")) { - attachmentFName = juickUri; - } else { - try { + try { + URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, storageService.getTemporaryDirectory()); + if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) { + URI juickUri = URI.create(img); + if (juickUri.getScheme().equals("juick")) { + attachmentFName = juickUri; + } else { URL imgUrl = new URL(img); attachmentFName = HttpUtils.downloadImage(imgUrl, storageService.getTemporaryDirectory()); - } catch (Exception e) { - logger.error("DOWNLOAD ERROR", e); - throw new HttpBadRequestException(); } } + if (StringUtils.isBlank(body) && StringUtils.isBlank(attachmentFName.toString())) { + // Should be there for compatibility + return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(CommandResult.fromString("Empty message")); + } + return ResponseEntity.ok(commandsManager.processCommand(visitor, body, attachmentFName)); + } catch (Exception e) { + logger.error("DOWNLOAD ERROR", e); + return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(CommandResult.fromString(e.getMessage())); } - if (StringUtils.isBlank(body) && StringUtils.isBlank(attachmentFName.toString())) { - // Should be there for compatibility - throw new HttpBadRequestException(); - } - return commandsManager.processCommand(visitor, body, attachmentFName); } @RequestMapping(value = "/api/comment", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) - public CommandResult doPostComment( + public ResponseEntity<?> doPostComment( @Parameter(hidden = true) User visitor, @RequestParam(defaultValue = "0") int mid, @RequestParam(defaultValue = "0") int rid, @@ -114,11 +114,11 @@ public class Post { @RequestParam(required = false) MultipartFile attach) throws Exception { if (mid == 0) { - throw new HttpBadRequestException(); + return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(CommandResult.fromString("Invalid mid")); } Optional<Message> message = messagesService.getMessage(mid); if (message.isEmpty()) { - throw new HttpNotFoundException(); + return ResponseEntity.status(HttpStatus.NOT_FOUND).body(CommandResult.fromString("Message not found")); } Message msg = message.get(); @@ -127,7 +127,7 @@ public class Post { if (rid > 0) { reply = messagesService.getReply(mid, rid); if (reply == null) { - throw new HttpNotFoundException(); + return ResponseEntity.status(HttpStatus.NOT_FOUND).body(CommandResult.fromString("Reply not found")); } } @@ -135,25 +135,23 @@ public class Post { || userService.isInBL(visitor.getUid(), msg.getUser().getUid()) || (reply != null && userService.isInBL(visitor.getUid(), reply.getUser().getUid()))) { // TODO: validator - throw new HttpForbiddenException(); + return ResponseEntity.status(HttpStatus.FORBIDDEN).body(CommandResult.fromString("Forbidden")); } - - URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, storageService.getTemporaryDirectory()); - - if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) { - try { + try { + URI attachmentFName = HttpUtils.receiveMultiPartFile(attach, storageService.getTemporaryDirectory()); + if (StringUtils.isBlank(attachmentFName.toString()) && img != null && img.length() > 10) { attachmentFName = HttpUtils.downloadImage(new URL(img), storageService.getTemporaryDirectory()); - } catch (Exception e) { - logger.error("DOWNLOAD ERROR", e); - throw new HttpBadRequestException(); } + if (StringUtils.isBlank(body) && StringUtils.isBlank(attachmentFName.toString())) { + // Should be there for compatibility + return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(CommandResult.fromString("Empty message")); + } + return ResponseEntity.ok(commandsManager.processCommand(visitor, String.format("#%d/%d %s", mid, rid, body), + attachmentFName)); + } catch (Exception e) { + logger.error("DOWNLOAD ERROR", e); + return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(CommandResult.fromString(e.getMessage())); } - if (StringUtils.isBlank(body) && StringUtils.isBlank(attachmentFName.toString())) { - // Should be there for compatibility - throw new HttpBadRequestException(); - } - return commandsManager.processCommand(visitor, String.format("#%d/%d %s", mid, rid, body), - attachmentFName); } @PostMapping("/api/like") diff --git a/src/main/java/com/juick/www/api/hostmeta/HostMeta.java b/src/main/java/com/juick/www/api/hostmeta/HostMeta.java deleted file mode 100644 index c6f1dce6..00000000 --- a/src/main/java/com/juick/www/api/hostmeta/HostMeta.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (C) 2008-2020, Juick - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -package com.juick.www.api.hostmeta; - -import com.cliqset.xrd.Link; -import com.cliqset.xrd.XRD; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RestController; - -import java.util.Collections; - -import static com.cliqset.xrd.XRDConstants.XRD_MEDIA_TYPE; - -@RestController -public class HostMeta { - @Value("${ap_base_uri:http://localhost:8080/}") - private String baseUri; - @GetMapping(value = "/.well-known/host-meta", produces = { XRD_MEDIA_TYPE, MediaType.APPLICATION_XML_VALUE }) - public XRD hostMetaResponse() { - Link webfinger = new Link(); - webfinger.setTemplate(String.format("%swebfinger?resource={uri}", baseUri)); - XRD xrd = new XRD(); - xrd.setLinks(Collections.singletonList(webfinger)); - return xrd; - } -} diff --git a/src/main/java/com/juick/www/api/webfinger/Resource.java b/src/main/java/com/juick/www/api/webfinger/Resource.java index 1de205df..3f04097c 100644 --- a/src/main/java/com/juick/www/api/webfinger/Resource.java +++ b/src/main/java/com/juick/www/api/webfinger/Resource.java @@ -17,53 +17,6 @@ package com.juick.www.api.webfinger; -import com.juick.model.User; -import com.juick.www.api.webfinger.model.Account; -import com.juick.www.api.webfinger.model.Link; -import com.juick.util.HttpNotFoundException; -import com.juick.service.UserService; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.util.UriComponentsBuilder; -import rocks.xmpp.addr.Jid; - -import jakarta.inject.Inject; -import java.util.List; - -import static com.juick.www.api.activity.model.Context.ACTIVITY_MEDIA_TYPE; - -@RestController public class Resource { public static final String MEDIA_TYPE = "application/jrd+json"; - @Inject - private UserService userService; - @Value("${web_domain:localhost}") - private String domain; - @Value("${ap_base_uri:http://localhost:8080/}") - private String baseUri; - - @GetMapping(value = "/.well-known/webfinger", produces = { - Resource.MEDIA_TYPE, MediaType.APPLICATION_JSON_VALUE }) - public Account getWebResource(@RequestParam String resource) { - if (resource.startsWith("acct:")) { - try { - Jid account = Jid.of(resource.substring(5)); - if (account.getDomain().equals(domain)) { - User user = userService.getUserByName(account.getLocal()); - if (!user.isAnonymous()) { - UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(baseUri); - builder.path(String.format("/u/%s", user.getName())); - Link blog = new Link("self", ACTIVITY_MEDIA_TYPE, builder.toUriString()); - return new Account(resource, List.of(blog)); - } - } - } catch (NullPointerException | IllegalArgumentException e) { - throw new HttpNotFoundException(); - } - } - throw new HttpNotFoundException(); - } } diff --git a/src/main/java/com/juick/www/api/webhooks/VkWebhook.java b/src/main/java/com/juick/www/api/webhooks/VkWebhook.java index 45e20d3f..d69d00be 100644 --- a/src/main/java/com/juick/www/api/webhooks/VkWebhook.java +++ b/src/main/java/com/juick/www/api/webhooks/VkWebhook.java @@ -62,9 +62,9 @@ public class VkWebhook { if (secretKey.equals(secret)) { if (type.startsWith("donut_")) { var vkId = json.get("object").get("user_id").asLong(0); - var userId = userService.getUIDbyVKID(vkId); - if (userId > 0) { - vkService.updatePremiumStatus(userId); + var user = userService.getUserByVKID(vkId); + if (user.isPresent()) { + vkService.updatePremiumStatus(user.get().getUid()); } } return "ok"; diff --git a/src/main/java/com/juick/www/api/xnodeinfo2/Info.java b/src/main/java/com/juick/www/api/xnodeinfo2/Info.java index fc27dc66..adbd5712 100644 --- a/src/main/java/com/juick/www/api/xnodeinfo2/Info.java +++ b/src/main/java/com/juick/www/api/xnodeinfo2/Info.java @@ -17,27 +17,14 @@ package com.juick.www.api.xnodeinfo2; -import com.cliqset.xrd.Link; -import com.cliqset.xrd.XRD; import com.fasterxml.jackson.annotation.JsonView; import com.juick.service.InfoService; import com.juick.www.api.xnodeinfo2.model.*; import org.springframework.beans.factory.annotation.Value; -import org.springframework.cache.annotation.Cacheable; import org.springframework.http.MediaType; -import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.util.UriComponentsBuilder; - import jakarta.inject.Inject; -import java.net.URI; -import java.time.ZonedDateTime; -import java.time.temporal.ChronoUnit; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; @RestController public class Info { @@ -53,18 +40,6 @@ public class Info { return infoService.getCurrentNodeInfo("1.0"); } - @GetMapping(value = "/.well-known/nodeinfo", produces = MediaType.APPLICATION_JSON_VALUE) - public XRD getNodeInfoLinks() { - Link nodeinfo = new Link(); - nodeinfo.setRel(URI.create("http://nodeinfo.diaspora.software/ns/schema/2.0")); - UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(baseUri); - uriComponentsBuilder.replacePath("/api/nodeinfo/2.0"); - nodeinfo.setHref(uriComponentsBuilder.build().toUri()); - XRD xrd = new XRD(); - xrd.setLinks(Collections.singletonList(nodeinfo)); - return xrd; - } - @GetMapping(value = "/api/nodeinfo/2.0", produces = MediaType.APPLICATION_JSON_VALUE) @JsonView(NodeInfo.NodeInfoView.class) public NodeInfo showNodeInfo() { diff --git a/src/main/java/com/juick/www/controllers/Settings.java b/src/main/java/com/juick/www/controllers/Settings.java index 8d66bd36..11f31efb 100644 --- a/src/main/java/com/juick/www/controllers/Settings.java +++ b/src/main/java/com/juick/www/controllers/Settings.java @@ -150,14 +150,20 @@ public class Settings { visitor.setCountry(request.getParameter("country")); visitor.setUrl(request.getParameter("url")); visitor.setDescription(request.getParameter("descr")); - String avatarTmpPath = HttpUtils.receiveMultiPartFile(newAvatar, storageService.getTemporaryDirectory()).getHost(); - if (StringUtils.isNotEmpty(avatarTmpPath)) { - storageService.saveAvatar(avatarTmpPath, visitor); - } - if (userService.updateUserInfo(visitor)) { - result = String.format("<p>Your info is updated.</p><p><a href='/%s/'>Back to blog</a>.</p>", visitor.getName()); + try { + String avatarTmpPath = HttpUtils + .receiveMultiPartFile(newAvatar, storageService.getTemporaryDirectory()).getHost(); + if (StringUtils.isNotEmpty(avatarTmpPath)) { + storageService.saveAvatar(avatarTmpPath, visitor); + } + if (userService.updateUserInfo(visitor)) { + result = String.format("<p>Your info is updated.</p><p><a href='/%s/'>Back to blog</a>.</p>", + visitor.getName()); + } + applicationEventPublisher.publishEvent(new UpdateUserEvent(this, visitor)); + } catch (Exception e) { + result = "<p>" + e.getMessage() + ". <a href=\"/settings\">Back</a>.</p>"; } - applicationEventPublisher.publishEvent(new UpdateUserEvent(this, visitor)); break; case "jid-del": // FIXME: stop using ugnich-csv in parameters @@ -188,7 +194,7 @@ public class Settings { message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account"))); message.setSubject("Juick authorization link"); message.setText(String.format("Follow link to attach this email to Juick account:\n" + - "http://juick.com/settings?page=auth-email&code=%s\n\n" + + "https://juick.com/settings?page=auth-email&code=%s\n\n" + "If you don't know, what this mean - just ignore this mail.\n", authCode)); Transport.send(message); result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" + diff --git a/src/main/java/com/juick/www/controllers/SocialLogin.java b/src/main/java/com/juick/www/controllers/SocialLogin.java index 7f8d5f73..510c7d62 100644 --- a/src/main/java/com/juick/www/controllers/SocialLogin.java +++ b/src/main/java/com/juick/www/controllers/SocialLogin.java @@ -58,6 +58,7 @@ import jakarta.inject.Inject; import java.io.IOException; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Optional; import java.util.UUID; import java.util.concurrent.ExecutionException; @@ -70,7 +71,7 @@ import java.util.stream.Collectors; @Controller public class SocialLogin { - private static final Logger logger = LoggerFactory.getLogger(SocialLogin.class); + private static final Logger logger = LoggerFactory.getLogger("Social"); public static final String AUTH_ERROR = "SocialLogin.AuthenticationError"; @@ -124,12 +125,12 @@ public class SocialLogin { @GetMapping("/_fblogin") protected String doFacebookLogin(HttpServletRequest request, @RequestParam(required = false) String code, @RequestParam(required = false) String state, - @RequestHeader(value = "referer", required = false) String referer, HttpServletResponse response, + HttpServletResponse response, HttpSession session) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { String fbstate = UUID.randomUUID().toString(); if (StringUtils.isBlank(state)) { - state = Optional.ofNullable(referer).orElse("https://juick.com/"); + state = UUID.randomUUID().toString(); } userService.addFacebookState(fbstate, state); return "redirect:" + facebookAuthService.getAuthorizationUrl(fbstate); @@ -170,10 +171,12 @@ public class SocialLogin { } } if (!existingFacebookUser.get().isBanned()) { - Cookie c = new Cookie("hash", userService.getHashByUID(existingFacebookUser.get().getUid())); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); - return "redirect:" + redirectUrl; + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(existingFacebookUser.get()), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + return "redirect:/"; } else { session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); return "redirect:/login"; @@ -188,9 +191,9 @@ public class SocialLogin { @GetMapping("/_twitter") protected String doTwitterLogin(@RequestParam(required = false) String code, - @RequestParam(required = false) String state, - com.juick.model.User user, - HttpServletRequest request) + @RequestParam(required = false) String state, + com.juick.model.User user, + HttpServletRequest request) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { @@ -229,14 +232,17 @@ public class SocialLogin { @GetMapping("/_vklogin") protected String doVKLogin(@RequestParam(required = false) String code, @RequestParam(required = false) String state, - @RequestHeader(value = "referer", required = false) String referer, - @CookieValue(required = false) String vkstate, HttpServletResponse response) + @CookieValue(required = false) String vkstate, + HttpServletRequest request, + HttpServletResponse response, + HttpSession session) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { vkstate = UUID.randomUUID().toString(); Cookie c = new Cookie("vkstate", vkstate); response.addCookie(c); - return "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate); + var redirect = "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate); + return redirect; } if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) { @@ -265,13 +271,19 @@ public class SocialLogin { } long vkID = NumberUtils.toLong(jsonUser.id(), 0); - int uid = userService.getUIDbyVKID(vkID); - if (uid > 0) { - userService.updateVkUser(vkID, token.getAccessToken(), vkName, vkLink); - Cookie c = new Cookie("hash", userService.getHashByUID(uid)); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); - return "redirect:/" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY); + var user = userService.getUserByVKID(vkID); + if (user.isPresent()) { + if (!user.get().isBanned()) { + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(user.get()), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + return "redirect:/"; + } else { + session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); + return "redirect:/login"; + } } else { String loginhash = UUID.randomUUID().toString(); if (!userService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) { @@ -290,8 +302,7 @@ public class SocialLogin { @GetMapping("/_tglogin") public String doDurovLogin(@RequestParam Map<String, String> params, @RequestParam String hash, - @RequestHeader(value = "referer", required = false) String referer, - HttpServletRequest request, HttpServletResponse response) { + HttpServletRequest request, HttpServletResponse response, HttpSession session) { String dataCheckString = params.entrySet().stream().filter(p -> !p.getKey().equals("hash")) .sorted(Map.Entry.comparingByKey()).map(p -> p.getKey() + "=" + p.getValue()) .collect(Collectors.joining("\n")); @@ -301,14 +312,19 @@ public class SocialLogin { long tgUser = Long.parseLong(params.get("id")); var user = userService.getUserByTelegramId(tgUser); if (user.isPresent()) { - var authentication = new RememberMeAuthenticationToken( - ((AbstractRememberMeServices) rememberMeServices).getKey(), - new JuickUser(user.get()), JuickUser.USER_AUTHORITY); - SecurityContextHolder.getContext().setAuthentication(authentication); - rememberMeServices.loginSuccess(request, response, authentication); - return "redirect:" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY); + if (!user.get().isBanned()) { + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(user.get()), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + return "redirect:/"; + } else { + session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); + return "redirect:/login"; + } } else { - String username = StringUtils.defaultString(params.get("username"), params.get("first_name")); + String username = Objects.toString(params.get("username"), params.get("first_name")); List<Long> chats = telegramService.getAnonymous(); if (!chats.contains(tgUser)) { logger.info("added chat with {}", username); @@ -347,9 +363,11 @@ public class SocialLogin { com.juick.model.User user = userService.getUserByEmail(email.get()); if (!user.isAnonymous()) { if (!user.isBanned()) { - Cookie c = new Cookie("hash", userService.getHashByUID(user.getUid())); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(user), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); return "redirect:/"; } else { session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); |