From 1679b35661297fd9a6693b03cadcdbc1ab5a4203 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 28 Nov 2016 13:09:34 +0300 Subject: juick-api: all controllers are using spring-security and @RequestParam --- .../com/juick/api/controllers/Notifications.java | 70 +++++++--------------- 1 file changed, 22 insertions(+), 48 deletions(-) (limited to 'juick-api/src/main/java/com/juick/api/controllers/Notifications.java') diff --git a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java index c3529645..35298095 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java @@ -12,17 +12,15 @@ import com.juick.service.MessagesService; import com.juick.service.PushQueriesService; import com.juick.service.SubscriptionService; import com.juick.service.UserService; -import org.apache.commons.lang3.math.NumberUtils; +import com.juick.util.UserUtils; import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.*; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; import java.io.IOException; +import java.security.Principal; import java.util.List; import java.util.stream.Collectors; @@ -43,36 +41,24 @@ public class Notifications { SubscriptionService subscriptionService; @RequestMapping(value = "/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List doGet(HttpServletRequest request) { - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } - if (vuid == 0) { - throw new HttpForbiddenException(); - } - User visitor = userService.getUserByUID(vuid).orElse(new User()); + public ResponseEntity> doGet( + Principal principal, + @RequestParam String type, + @RequestParam(required = false, defaultValue = "0") int uid, + @RequestParam(required = false, defaultValue = "0") int mid) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } - String type = request.getParameter("type"); - int uid = NumberUtils.toInt(request.getParameter("uid"), 0); - int mid = NumberUtils.toInt(request.getParameter("mid"), 0); if (uid > 0) { switch (type) { case "gcm": - return pushQueriesService.getAndroidRegID(uid); + return ResponseEntity.ok(pushQueriesService.getAndroidRegID(uid)); case "apns": - return pushQueriesService.getAPNSToken(uid); + return ResponseEntity.ok(pushQueriesService.getAPNSToken(uid)); case "mpns": - return pushQueriesService.getWinPhoneURL(uid); + return ResponseEntity.ok(pushQueriesService.getWinPhoneURL(uid)); default: throw new HttpBadRequestException(); } @@ -92,11 +78,11 @@ public class Notifications { switch (type) { case "gcm": - return pushQueriesService.getAndroidTokens(uids); + return ResponseEntity.ok(pushQueriesService.getAndroidTokens(uids)); case "apns": - return pushQueriesService.getAPNSTokens(uids); + return ResponseEntity.ok(pushQueriesService.getAPNSTokens(uids)); case "mpns": - return pushQueriesService.getWindowsTokens(uids); + return ResponseEntity.ok(pushQueriesService.getWindowsTokens(uids)); default: throw new HttpBadRequestException(); } @@ -107,23 +93,11 @@ public class Notifications { } @RequestMapping(value = "/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public Status doDelete(HttpServletRequest request, @RequestBody String requestBody) throws IOException { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } - if (vuid == 0) { - throw new HttpForbiddenException(); - } - User visitor = userService.getUserByUID(vuid).orElse(new User()); + public Status doDelete( + Principal principal, + @RequestBody String requestBody) throws IOException { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } -- cgit v1.2.3