From 1679b35661297fd9a6693b03cadcdbc1ab5a4203 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 28 Nov 2016 13:09:34 +0300 Subject: juick-api: all controllers are using spring-security and @RequestParam --- .../main/java/com/juick/api/controllers/PM.java | 46 ++++++++-------------- 1 file changed, 16 insertions(+), 30 deletions(-) (limited to 'juick-api/src/main/java/com/juick/api/controllers/PM.java') diff --git a/juick-api/src/main/java/com/juick/api/controllers/PM.java b/juick-api/src/main/java/com/juick/api/controllers/PM.java index 3d9893b1..c928a11e 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/PM.java +++ b/juick-api/src/main/java/com/juick/api/controllers/PM.java @@ -1,5 +1,6 @@ package com.juick.api.controllers; +import com.juick.User; import com.juick.api.ApiServer; import com.juick.api.util.HttpBadRequestException; import com.juick.api.util.HttpForbiddenException; @@ -10,12 +11,13 @@ import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; +import java.security.Principal; import java.util.List; /** @@ -34,23 +36,15 @@ public class PM { ApiServer apiServer; @RequestMapping(value = "/pm", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List doGetPM(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public List doGetPM( + Principal principal, + @RequestParam(required = false) String uname) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } - String uname = request.getParameter("uname"); int uid = 0; if (uname != null && uname.matches("^[a-zA-Z0-9\\-]{2,16}$")) { uid = userService.getUIDbyName(uname); @@ -64,29 +58,21 @@ public class PM { } @RequestMapping(value = "/pm", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public com.juick.Message doPostPM(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public com.juick.Message doPostPM( + Principal principal, + @RequestParam String uname, + @RequestParam String body) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } - String uname = request.getParameter("uname"); int uid = 0; if (UserUtils.checkUserNameValid(uname)) { uid = userService.getUIDbyName(uname); } - String body = request.getParameter("body"); if (uid == 0 || body == null || body.length() < 1 || body.length() > 10240) { throw new HttpBadRequestException(); } -- cgit v1.2.3