From ac6c86ddd482721e7011dcb727e4099b8cdf84b1 Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Sun, 11 Dec 2016 00:52:57 +0700 Subject: anonymous user support --- .../java/com/juick/api/controllers/Messages.java | 27 +++----- .../com/juick/api/controllers/Notifications.java | 28 ++++---- .../java/com/juick/api/controllers/Others.java | 8 +-- .../main/java/com/juick/api/controllers/PM.java | 13 +--- .../main/java/com/juick/api/controllers/Post.java | 14 ++-- .../com/juick/api/controllers/Subscriptions.java | 5 +- .../main/java/com/juick/api/controllers/Tags.java | 5 +- .../main/java/com/juick/api/controllers/Users.java | 10 +-- .../java/com/juick/api/tests/MessagesTests.java | 7 +- juick-core/src/main/java/com/juick/User.java | 6 ++ .../src/main/java/com/juick/entity/AnonymUser.java | 79 ++++++++++++++++++++++ .../src/main/java/com/juick/util/UserUtils.java | 27 +++++++- 12 files changed, 146 insertions(+), 83 deletions(-) create mode 100644 juick-server/src/main/java/com/juick/entity/AnonymUser.java diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java index 723d2f15..47053706 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java @@ -3,9 +3,9 @@ package com.juick.api.controllers; import com.juick.Tag; import com.juick.User; import com.juick.api.ApiServer; +import com.juick.server.helpers.Status; import com.juick.server.util.HttpBadRequestException; import com.juick.server.util.HttpForbiddenException; -import com.juick.server.helpers.Status; import com.juick.service.MessagesService; import com.juick.service.TagService; import com.juick.service.UserService; @@ -25,7 +25,6 @@ import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; import javax.inject.Inject; -import java.security.Principal; import java.util.Collections; import java.util.List; @@ -58,11 +57,9 @@ public class Messages { @RequestMapping("/home") public ResponseEntity> getHome( - @RequestParam(defaultValue = "0") int before_mid, - Principal principal) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); - if (visitor != null) { + @RequestParam(defaultValue = "0") int before_mid) { + User visitor = UserUtils.getCurrentUser(); + if (!visitor.isAnonym()) { int vuid = visitor.getUid(); List mids = messagesService.getMyFeed(vuid, before_mid); @@ -76,14 +73,12 @@ public class Messages { @RequestMapping("/messages") public ResponseEntity> getMessages( - Principal principal, @RequestParam(required = false) String uname, @RequestParam(defaultValue = "0") int before_mid, @RequestParam(required = false) String popular, @RequestParam(required = false) String media, @RequestParam(required = false) String tag) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); List mids; @@ -126,10 +121,8 @@ public class Messages { @RequestMapping("/thread") public ResponseEntity> getThread( - Principal principal, @RequestParam(defaultValue = "0") int mid) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); com.juick.Message msg = messagesService.getMessage(mid); if (msg != null) { @@ -146,10 +139,8 @@ public class Messages { @RequestMapping("/messages/recommended") public ResponseEntity> doGetRecommended( - Principal principal, @RequestParam(defaultValue = "0") int before_mid) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { return FORBIDDEN; @@ -169,10 +160,8 @@ public class Messages { @RequestMapping("/messages/set_privacy") @ResponseBody public ResponseEntity doSetPrivacy( - Principal principal, @RequestParam(defaultValue = "0") int mid) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); diff --git a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java index cd31ad39..9f2f675b 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java @@ -4,10 +4,10 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.databind.ObjectMapper; import com.juick.Message; import com.juick.User; -import com.juick.server.util.HttpBadRequestException; -import com.juick.server.util.HttpForbiddenException; import com.juick.server.helpers.Status; import com.juick.server.helpers.TokensList; +import com.juick.server.util.HttpBadRequestException; +import com.juick.server.util.HttpForbiddenException; import com.juick.service.MessagesService; import com.juick.service.PushQueriesService; import com.juick.service.SubscriptionService; @@ -42,12 +42,10 @@ public class Notifications { @RequestMapping(value = "/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity> doGet( - Principal principal, @RequestParam String type, @RequestParam(required = false, defaultValue = "0") int uid, @RequestParam(required = false, defaultValue = "0") int mid) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } @@ -95,10 +93,8 @@ public class Notifications { @RequestMapping(value = "/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doDelete( - Principal principal, @RequestBody String requestBody) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); // FIXME: it is possible to delete other user's tokens if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); @@ -124,12 +120,11 @@ public class Notifications { return Status.OK; } + @RequestMapping(value = "/notifications", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doPut( - Principal principal, @RequestBody String requestBody) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if (visitor.getUid() == 0) { throw new HttpForbiddenException(); } @@ -153,35 +148,36 @@ public class Notifications { } return Status.OK; } + @Deprecated @RequestMapping(value = "/android/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doAndroidRegister( - Principal principal, @RequestParam(name = "regid") String regId) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if (visitor.getUid() == 0) { throw new HttpForbiddenException(); } pushQueriesService.addGCMToken(visitor.getUid(), regId); return Status.OK; } + @Deprecated @RequestMapping(value = "/android/unregister", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doAndroidUnRegister(@RequestParam(name = "regid") String regId) { pushQueriesService.deleteGCMToken(regId); return Status.OK; } + @Deprecated @RequestMapping(value = "/winphone/register", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doWinphoneRegister( Principal principal, @RequestParam(name = "url") String regId) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); pushQueriesService.addMPNSToken(visitor.getUid(), regId); return Status.OK; } + @Deprecated @RequestMapping(value = "/winphone/unregister", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public Status doWinphoneUnRegister(@RequestParam(name = "url") String regId) { diff --git a/juick-api/src/main/java/com/juick/api/controllers/Others.java b/juick-api/src/main/java/com/juick/api/controllers/Others.java index 852c03d6..b23be483 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Others.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Others.java @@ -1,9 +1,9 @@ package com.juick.api.controllers; import com.juick.User; +import com.juick.server.helpers.PrivateChats; import com.juick.server.util.HttpForbiddenException; import com.juick.server.util.HttpNotFoundException; -import com.juick.server.helpers.PrivateChats; import com.juick.service.PMQueriesService; import com.juick.service.UserService; import com.juick.util.UserUtils; @@ -19,13 +19,11 @@ import java.security.Principal; import java.util.List; /** - * * @author ugnich */ @Controller @ResponseBody public class Others { - @Inject PMQueriesService pmQueriesService; @Inject @@ -33,10 +31,8 @@ public class Others { @RequestMapping(value = "groups_pms", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public PrivateChats doGetGroupsPMs( - Principal principal, @RequestParam(defaultValue = "5") int cnt) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); diff --git a/juick-api/src/main/java/com/juick/api/controllers/PM.java b/juick-api/src/main/java/com/juick/api/controllers/PM.java index 478ca75e..1bf1646b 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/PM.java +++ b/juick-api/src/main/java/com/juick/api/controllers/PM.java @@ -18,17 +18,14 @@ import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; import javax.inject.Inject; -import java.security.Principal; import java.util.List; /** - * * @author ugnich */ @Controller @ResponseBody public class PM { - @Inject UserService userService; @Inject @@ -38,10 +35,8 @@ public class PM { @RequestMapping(value = "/pm", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List doGetPM( - Principal principal, @RequestParam(required = false) String uname) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); @@ -60,11 +55,9 @@ public class PM { @RequestMapping(value = "/pm", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public com.juick.Message doPostPM( - Principal principal, @RequestParam String uname, @RequestParam String body) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); @@ -96,7 +89,7 @@ public class PM { apiServer.getXmpp().send(msg); List jids = userService.getJIDsbyUID(uid); - for (String jid: jids) { + for (String jid : jids) { Message mm = new Message(); mm.setTo(Jid.of(jid)); mm.setType(Message.Type.CHAT); diff --git a/juick-api/src/main/java/com/juick/api/controllers/Post.java b/juick-api/src/main/java/com/juick/api/controllers/Post.java index 53cfc3e5..72327ad0 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Post.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Post.java @@ -57,16 +57,14 @@ public class Post { @RequestMapping(value = "/post", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) @ResponseStatus(value = HttpStatus.OK) public void doPostMessage( - Principal principal, @RequestParam String body, @RequestParam(required = false) String img, @RequestParam(required = false) MultipartFile attach) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); - int vuid = visitor.getUid(); - if (vuid == 0) { + User visitor = UserUtils.getCurrentUser(); + + if (visitor.isAnonym()) throw new HttpForbiddenException(); - } + if (body == null || body.length() < 1 || body.length() > 4096) { throw new HttpBadRequestException(); } @@ -104,15 +102,13 @@ public class Post { @RequestMapping(value = "/comment", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public com.juick.Message doPostComment( - Principal principal, @RequestParam(defaultValue = "0") int mid, @RequestParam(defaultValue = "0") int rid, @RequestParam String body, @RequestParam(required = false) String img, @RequestParam(required = false) MultipartFile attach) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); diff --git a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java index b93ec1f3..5e8b89b1 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java @@ -17,7 +17,6 @@ import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; import java.io.IOException; -import java.security.Principal; import java.util.List; /** @@ -35,11 +34,9 @@ public class Subscriptions { @RequestMapping(value = "/subscriptions", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List doGet( - Principal principal, @RequestParam(defaultValue = "0") int mid, @RequestParam(defaultValue = "0") int uid) throws IOException { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if ((visitor.getUid() == 0) && !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } diff --git a/juick-api/src/main/java/com/juick/api/controllers/Tags.java b/juick-api/src/main/java/com/juick/api/controllers/Tags.java index 5548da17..bc412456 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Tags.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Tags.java @@ -13,7 +13,6 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; -import java.security.Principal; import java.util.List; /** @@ -29,11 +28,9 @@ public class Tags { @RequestMapping(value = "/tags", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List tags( - Principal principal, @RequestParam(required = false, defaultValue = "0") int user_id ) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); if (user_id == 0) { user_id = visitor.getUid(); } diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java index 78f6175f..079ff4f3 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Users.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java @@ -14,7 +14,6 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; -import java.security.Principal; import java.util.ArrayList; import java.util.List; @@ -24,7 +23,6 @@ import java.util.List; @Controller @ResponseBody public class Users { - @Inject UserService userService; @@ -56,10 +54,8 @@ public class Users { @RequestMapping(value = "/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List doGetUserRead( - Principal principal, @RequestParam String uname) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); @@ -90,10 +86,8 @@ public class Users { @RequestMapping(value = "/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List doGetUserReaders( - Principal principal, @RequestParam String uname) { - String name = UserUtils.getUsername(principal, null); - User visitor = userService.getUserByName(name); + User visitor = UserUtils.getCurrentUser(); int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java index 9f74c00d..2a5dba18 100644 --- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java +++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java @@ -36,9 +36,7 @@ import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.is; import static org.mockito.Mockito.when; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; /** @@ -156,7 +154,6 @@ public class MessagesTests { Message msg = getMessage(ugnich, msgText); - when(messagesService.getMyFeed(1, 0)) .thenReturn(Collections.singletonList(1)); when(messagesService.getMessages(Collections.singletonList(1))) @@ -263,6 +260,7 @@ public class MessagesTests { .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8)) .andExpect(jsonPath("$", hasSize(2))); } + @Test public void tags() throws Exception { Tag weather = new Tag("weather"); @@ -284,6 +282,7 @@ public class MessagesTests { .andExpect(jsonPath("$", hasSize(1))) .andExpect(jsonPath("$[0].messages", is(5))); } + @Test public void postWithReferer() throws Exception { mockMvc.perform(post("/post") diff --git a/juick-core/src/main/java/com/juick/User.java b/juick-core/src/main/java/com/juick/User.java index e0bc490c..84f2b396 100644 --- a/juick-core/src/main/java/com/juick/User.java +++ b/juick-core/src/main/java/com/juick/User.java @@ -184,4 +184,10 @@ public class User { public void setMessagesCount(int messagesCount) { this.messagesCount = messagesCount; } + + @XmlTransient + @JsonIgnore + public boolean isAnonym() { + return false; + } } diff --git a/juick-server/src/main/java/com/juick/entity/AnonymUser.java b/juick-server/src/main/java/com/juick/entity/AnonymUser.java new file mode 100644 index 00000000..071f5434 --- /dev/null +++ b/juick-server/src/main/java/com/juick/entity/AnonymUser.java @@ -0,0 +1,79 @@ +package com.juick.entity; + +import com.juick.User; + +/** + * Created by aalexeev on 12/11/16. + */ +public class AnonymUser extends User { + public static final AnonymUser INSTANCE = new AnonymUser(); + + + private AnonymUser() { + } + + @Override + public boolean equals(Object obj) { + return obj == this || obj instanceof AnonymUser; + } + + @Override + public int getUid() { + return 0; + } + + @Override + public String getName() { + return "Anonymous"; + } + + @Override + public String getFullName() { + return getName(); + } + + @Override + public String getJid() { + return "anonym@localhost"; + } + + @Override + public String getAuthHash() { + return null; + } + + @Override + public Integer getUnreadCount() { + return 0; + } + + @Override + public boolean isBanned() { + return false; + } + + @Override + public Object getAvatar() { + return null; + } + + @Override + public String getCredentials() { + return null; + } + + @Override + public String getLang() { + return "__"; + } + + @Override + public int getMessagesCount() { + return 0; + } + + @Override + public boolean isAnonym() { + return true; + } +} diff --git a/juick-server/src/main/java/com/juick/util/UserUtils.java b/juick-server/src/main/java/com/juick/util/UserUtils.java index ba1bd1ab..ddeedbbd 100644 --- a/juick-server/src/main/java/com/juick/util/UserUtils.java +++ b/juick-server/src/main/java/com/juick/util/UserUtils.java @@ -1,6 +1,11 @@ package com.juick.util; -import java.security.Principal; +import com.juick.User; +import com.juick.entity.AnonymUser; +import com.juick.server.security.entities.JuickUser; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; + import java.util.Random; /** @@ -22,7 +27,23 @@ public class UserUtils { return sb.toString(); } - public static String getUsername(final Principal principal, final String defaultUsername) { - return principal == null ? defaultUsername : principal.getName(); + public static Authentication getAuthentication() { + return SecurityContextHolder.getContext().getAuthentication(); + } + + public static Object getPrincipal(final Authentication authentication) { + return authentication == null ? null : authentication.getPrincipal(); + } + + public static User getCurrentUser() { + Object principal = getPrincipal(getAuthentication()); + + if (principal instanceof JuickUser) + return ((JuickUser) principal).getUser(); + + if (principal instanceof User) + return (User) principal; + + return AnonymUser.INSTANCE; } } -- cgit v1.2.3