diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/main/java/com/juick/www/api/ApiSocialLogin.java | 18 | ||||
-rw-r--r-- | src/main/java/com/juick/www/api/Messages.java | 93 | ||||
-rw-r--r-- | src/main/java/com/juick/www/api/Notifications.java | 27 | ||||
-rw-r--r-- | src/main/java/com/juick/www/api/Users.java | 7 | ||||
-rw-r--r-- | src/main/java/com/juick/www/api/activity/Profile.java | 1 |
5 files changed, 62 insertions, 84 deletions
diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java index e6116173..4b57ce89 100644 --- a/src/main/java/com/juick/www/api/ApiSocialLogin.java +++ b/src/main/java/com/juick/www/api/ApiSocialLogin.java @@ -34,14 +34,14 @@ import com.juick.service.CrosspostService; import com.juick.service.EmailService; import com.juick.service.UserService; import com.juick.util.HttpBadRequestException; +import com.juick.util.HttpForbiddenException; + import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.math.NumberUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; @@ -230,7 +230,7 @@ public class ApiSocialLogin { } @ResponseBody @PostMapping("/api/_google") - public ResponseEntity<AuthResponse> googleSignIn(@RequestParam(name = "idToken") String idTokenString) + public AuthResponse googleSignIn(@RequestParam(name = "idToken") String idTokenString) throws GeneralSecurityException, IOException { logger.info("Token: {}", idTokenString); logger.info("Client: {}", googleClientId); @@ -241,16 +241,16 @@ public class ApiSocialLogin { if (visitor.isAnonymous()) { String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); emailService.addVerificationCode(null, email, verificationCode); - return ResponseEntity.ok(new AuthResponse(null, email, verificationCode)); + return new AuthResponse(null, email, verificationCode); } else { - return ResponseEntity.ok(new AuthResponse(users.getMe(visitor), null, null)); + return new AuthResponse(users.getMe(visitor), null, null); } } - return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); + throw new HttpForbiddenException(); } @ResponseBody @PostMapping("/api/signup") - public ResponseEntity<com.juick.model.User> signupWithEmail(String username, String password, String verificationCode) { + public com.juick.model.User signupWithEmail(String username, String password, String verificationCode) { if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$") || password.length() < 6 || password.length() > 32) { throw new HttpBadRequestException(); @@ -261,9 +261,9 @@ public class ApiSocialLogin { com.juick.model.User newUser = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new); emailService.addEmail(newUser.getUid(), verifiedEmail); emailService.deleteAuthCode(verificationCode); - return ResponseEntity.ok(newUser); + return newUser; } else { - return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); + throw new HttpForbiddenException(); } } @GetMapping("/api/_applelogin") diff --git a/src/main/java/com/juick/www/api/Messages.java b/src/main/java/com/juick/www/api/Messages.java index 395d00d8..7b003220 100644 --- a/src/main/java/com/juick/www/api/Messages.java +++ b/src/main/java/com/juick/www/api/Messages.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2020, Juick + * Copyright (C) 2008-2021, Juick * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -24,6 +24,8 @@ import com.juick.util.WebUtils; import com.juick.www.WebApp; import com.juick.model.CommandResult; import com.juick.util.HttpBadRequestException; +import com.juick.util.HttpForbiddenException; +import com.juick.util.HttpNotFoundException; import com.juick.service.MessagesService; import com.juick.service.TagService; import com.juick.service.UserService; @@ -34,9 +36,8 @@ import org.apache.commons.lang3.tuple.Pair; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.ApplicationEventPublisher; import org.springframework.core.io.Resource; -import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; +import org.springframework.security.access.annotation.Secured; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @@ -52,14 +53,6 @@ import java.util.stream.Collectors; @RequestMapping(produces = MediaType.APPLICATION_JSON_VALUE) public class Messages { - private static final ResponseEntity<List<Message>> NOT_FOUND = ResponseEntity - .status(HttpStatus.NOT_FOUND) - .body(Collections.emptyList()); - - private static final ResponseEntity<List<Message>> FORBIDDEN = ResponseEntity - .status(HttpStatus.FORBIDDEN) - .body(Collections.emptyList()); - @Inject private MessagesService messagesService; @Inject @@ -76,31 +69,25 @@ public class Messages { // TODO: serialize image urls @GetMapping("/api/home") - public ResponseEntity<List<Message>> getHome( - @Visitor User visitor, + @Secured("ROLE_USER") + public List<Message> getHome(@Visitor User visitor, @RequestParam(defaultValue = "0") int before_mid) { - if (!visitor.isAnonymous()) { - int vuid = visitor.getUid(); - List<Integer> mids = messagesService.getMyFeed(vuid, before_mid, true); - List<Message> msgs = messagesService.getMessages(visitor, mids); - msgs.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser()))); - return ResponseEntity.ok(msgs); - } - return FORBIDDEN; + int vuid = visitor.getUid(); + List<Integer> mids = messagesService.getMyFeed(vuid, before_mid, true); + List<Message> msgs = messagesService.getMessages(visitor, mids); + msgs.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser()))); + return msgs; } @GetMapping("/api/messages") - public ResponseEntity<List<Message>> getMessages( - @Visitor User visitor, + public List<Message> getMessages(@Visitor User visitor, @RequestParam(required = false) String uname, @RequestParam(name = "before_mid", defaultValue = "0") Integer before, @RequestParam(required = false, defaultValue = "0") Integer daysback, - @RequestParam(required = false) String withrecommended, - @RequestParam(required = false) String popular, + @RequestParam(required = false) String withrecommended, @RequestParam(required = false) String popular, @RequestParam(required = false) String search, @RequestParam(required = false, defaultValue = "0") Integer page, - @RequestParam(required = false) String media, - @RequestParam(required = false) String tag) { + @RequestParam(required = false) String media, @RequestParam(required = false) String tag) { List<Integer> mids; if (StringUtils.hasText(uname)) { User user = userService.getUserByName(uname); @@ -112,19 +99,20 @@ public class Messages { if (tagObject != null) { mids = messagesService.getUserTag(user.getUid(), tagObject.TID, 0, before); } else { - return NOT_FOUND; + throw new HttpNotFoundException(); } } else if (StringUtils.hasText(withrecommended)) { mids = messagesService.getUserBlogWithRecommendations(user.getUid(), 0, before); } else if (daysback > 0) { mids = messagesService.getUserBlogAtDay(user.getUid(), 0, daysback); } else if (StringUtils.hasText(search)) { - mids = messagesService.getUserSearch(visitor, user.getUid(), WebUtils.encodeSphinx(search), 0, page); + mids = messagesService.getUserSearch(visitor, user.getUid(), WebUtils.encodeSphinx(search), 0, + page); } else { mids = messagesService.getUserBlog(user.getUid(), 0, before); } } else { - return NOT_FOUND; + throw new HttpNotFoundException(); } } else { if (StringUtils.hasText(popular)) { @@ -136,7 +124,7 @@ public class Messages { if (tagObject != null) { mids = messagesService.getTag(tagObject.TID, visitor.getUid(), before, 20); } else { - return NOT_FOUND; + throw new HttpNotFoundException(); } } else if (StringUtils.hasText(search)) { mids = messagesService.getSearch(visitor, WebUtils.encodeSphinx(search), page); @@ -146,12 +134,12 @@ public class Messages { } List<Message> msgs = messagesService.getMessages(visitor, mids); msgs.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser()))); - return ResponseEntity.ok(msgs); + return msgs; } + @DeleteMapping("/api/messages") - public CommandResult deleteMessage( - @Visitor User visitor, - @RequestParam int mid, @RequestParam(required = false, defaultValue = "0") int rid) { + public CommandResult deleteMessage(@Visitor User visitor, @RequestParam int mid, + @RequestParam(required = false, defaultValue = "0") int rid) { if (rid > 0) { if (messagesService.deleteReply(visitor.getUid(), mid, rid)) { return CommandResult.fromString("Reply deleted"); @@ -164,52 +152,47 @@ public class Messages { } @GetMapping("/api/messages/discussions") - public List<Message> getDiscussions( - @Visitor User visitor, + public List<Message> getDiscussions(@Visitor User visitor, @RequestParam(required = false, defaultValue = "0") Long to) { - List<Message> msgs = messagesService.getMessages(visitor, - messagesService.getDiscussions(visitor.getUid(), to)); + List<Message> msgs = messagesService.getMessages(visitor, messagesService.getDiscussions(visitor.getUid(), to)); msgs.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser()))); return msgs; } + @GetMapping("/api/thread") - public ResponseEntity<List<Message>> getThread( - @Visitor User visitor, - @RequestParam(defaultValue = "0") int mid) { + public List<Message> getThread(@Visitor User visitor, @RequestParam(defaultValue = "0") int mid) { Optional<Message> message = messagesService.getMessage(mid); if (message.isPresent()) { Message msg = message.get(); if (!messagesService.canViewThread(mid, visitor.getUid())) { - return FORBIDDEN; + throw new HttpForbiddenException(); } else { msg.getUser().setAvatar(webApp.getAvatarUrl(msg.getUser())); - msg.setRecommendations(new HashSet<>(messagesService.getMessagesRecommendations( - Collections.singletonList(msg.getMid())) - .stream().map(Pair::getRight).collect(Collectors.toList()))); + msg.setRecommendations(new HashSet<>( + messagesService.getMessagesRecommendations(Collections.singletonList(msg.getMid())).stream() + .map(Pair::getRight).collect(Collectors.toList()))); msg.getRecommendations().forEach(r -> r.setAvatar(webApp.getAvatarUrl(r))); List<Message> replies = messagesService.getReplies(visitor, mid); replies.forEach(m -> m.getUser().setAvatar(webApp.getAvatarUrl(m.getUser()))); if (!visitor.isAnonymous()) { userService.updateLastSeen(visitor); - applicationEventPublisher.publishEvent( - new SystemEvent(this, SystemActivity.read(visitor, msg))); + applicationEventPublisher.publishEvent(new SystemEvent(this, SystemActivity.read(visitor, msg))); } replies.add(0, msg); - return ResponseEntity.ok(replies); + return replies; } } - return NOT_FOUND; + throw new HttpNotFoundException(); } + @GetMapping(value = "/api/thread/mark_read/{mid}-{rid}.gif", produces = MediaType.IMAGE_GIF_VALUE) - public byte[] markThreadRead( - @Visitor User visitor, - @PathVariable int mid, @PathVariable int rid) throws IOException { + public byte[] markThreadRead(@Visitor User visitor, @PathVariable int mid, @PathVariable int rid) + throws IOException { if (!visitor.isAnonymous()) { messagesService.setLastReadComment(visitor, mid, rid); Message msg = messagesService.getMessage(mid).orElseThrow(IllegalStateException::new); userService.updateLastSeen(visitor); - applicationEventPublisher.publishEvent( - new SystemEvent(this, SystemActivity.read(visitor, msg))); + applicationEventPublisher.publishEvent(new SystemEvent(this, SystemActivity.read(visitor, msg))); return IOUtils.toByteArray(invisiblePixel.getInputStream()); } throw new HttpBadRequestException(); diff --git a/src/main/java/com/juick/www/api/Notifications.java b/src/main/java/com/juick/www/api/Notifications.java index 524e4da4..d00fe4ca 100644 --- a/src/main/java/com/juick/www/api/Notifications.java +++ b/src/main/java/com/juick/www/api/Notifications.java @@ -23,6 +23,7 @@ import com.juick.model.Status; import com.juick.model.User; import com.juick.model.AnonymousUser; import com.juick.util.HttpBadRequestException; +import com.juick.util.HttpForbiddenException; import com.juick.service.MessagesService; import com.juick.service.PushQueriesService; import com.juick.service.SubscriptionService; @@ -33,9 +34,7 @@ import io.swagger.v3.oas.annotations.Hidden; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; -import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -86,17 +85,17 @@ public class Notifications { @Hidden @RequestMapping(value = "/api/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public ResponseEntity<List<User>> doGet( + public List<User> doGet( @Visitor User visitor, @RequestParam(required = false, defaultValue = "0") int uid, @RequestParam(required = false, defaultValue = "0") int mid, @RequestParam(required = false, defaultValue = "0") int rid) { if (!(visitor.getName().equals(serviceUser))) { - return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); + throw new HttpForbiddenException(); } if (uid > 0 && mid == 0) { // PM - return ResponseEntity.ok(Collections.singletonList(collectTokens(uid))); + return Collections.singletonList(collectTokens(uid)); } else { if (mid > 0) { // reply @@ -114,22 +113,22 @@ public class Notifications { users = subscriptionService.getSubscribedUsers(msg.getUser().getUid(), msg); } - return ResponseEntity.ok(users.stream().map(User::getUid) - .map(this::collectTokens).collect(Collectors.toList())); + return users.stream().map(User::getUid) + .map(this::collectTokens).collect(Collectors.toList()); } else { // read - return ResponseEntity.ok(Collections.singletonList(collectTokens(uid))); + return Collections.singletonList(collectTokens(uid)); } } } @Hidden @RequestMapping(value = "/api/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) - public ResponseEntity<Status> doDelete( + public Status doDelete( @Visitor User visitor, @RequestBody List<ExternalToken> list) { if (!visitor.getName().equals(serviceUser)) { - return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); + throw new HttpForbiddenException(); } list.forEach(t -> { switch (t.getType()) { @@ -147,15 +146,15 @@ public class Notifications { } }); - return ResponseEntity.ok(Status.OK); + return Status.OK; } @Hidden @RequestMapping(value = "/api/notifications/delete", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) - public ResponseEntity<Status> doDeleteTokens( + public Status doDeleteTokens( @Visitor User visitor, @RequestBody List<ExternalToken> list) { if (!visitor.getName().equals(serviceUser)) { - return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); + throw new HttpForbiddenException(); } list.forEach(t -> { switch (t.getType()) { @@ -173,7 +172,7 @@ public class Notifications { } }); - return ResponseEntity.ok(Status.OK); + return Status.OK; } @Hidden diff --git a/src/main/java/com/juick/www/api/Users.java b/src/main/java/com/juick/www/api/Users.java index 030d8ced..06d040ff 100644 --- a/src/main/java/com/juick/www/api/Users.java +++ b/src/main/java/com/juick/www/api/Users.java @@ -35,7 +35,6 @@ import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.ApplicationEventPublisher; import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -120,7 +119,7 @@ public class Users { return (SecureUser)userService.getUserInfo(me); } @PostMapping("/api/me") - public ResponseEntity<Void> updateMe(@Visitor User visitor, + public void updateMe(@Visitor User visitor, @RequestParam(required = false) String password, @RequestParam(value = "jid-del", required = false) String jidForDeletion, @RequestParam(value = "email-add", required = false) String newEmail, @@ -162,13 +161,11 @@ public class Users { break; } } - return ResponseEntity.ok().build(); } @PostMapping("/api/me/subscribe") - public ResponseEntity<Void> subscribeMe(@Visitor User visitor, String email) { + public void subscribeMe(@Visitor User visitor, String email) { // TODO: check status emailService.setNotificationsEmail(visitor.getUid(), email); - return ResponseEntity.ok().build(); } @PostMapping("/api/me/upload") public void updateInfo(@Visitor User visitor, diff --git a/src/main/java/com/juick/www/api/activity/Profile.java b/src/main/java/com/juick/www/api/activity/Profile.java index 618ae387..3dc717e9 100644 --- a/src/main/java/com/juick/www/api/activity/Profile.java +++ b/src/main/java/com/juick/www/api/activity/Profile.java @@ -56,7 +56,6 @@ import com.juick.service.security.annotation.Visitor; import com.overzealous.remark.Remark; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; -import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; |