From 1679b35661297fd9a6693b03cadcdbc1ab5a4203 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 28 Nov 2016 13:09:34 +0300 Subject: juick-api: all controllers are using spring-security and @RequestParam --- .../main/java/com/juick/api/controllers/Post.java | 134 +++++++++------------ 1 file changed, 58 insertions(+), 76 deletions(-) (limited to 'juick-api/src/main/java/com/juick/api/controllers/Post.java') diff --git a/juick-api/src/main/java/com/juick/api/controllers/Post.java b/juick-api/src/main/java/com/juick/api/controllers/Post.java index fb1914e9..18f417d8 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Post.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Post.java @@ -1,6 +1,7 @@ package com.juick.api.controllers; import com.juick.Tag; +import com.juick.User; import com.juick.api.ApiServer; import com.juick.api.util.HttpBadRequestException; import com.juick.api.util.HttpForbiddenException; @@ -10,23 +11,25 @@ import com.juick.service.MessagesService; import com.juick.service.SubscriptionService; import com.juick.service.TagService; import com.juick.service.UserService; +import com.juick.util.UserUtils; import net.coobird.thumbnailator.Thumbnails; -import org.apache.commons.lang3.math.NumberUtils; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.core.env.Environment; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.multipart.MultipartFile; import rocks.xmpp.addr.Jid; -import rocks.xmpp.core.session.XmppSession; import rocks.xmpp.core.stanza.model.Message; import rocks.xmpp.extensions.nick.model.Nickname; import rocks.xmpp.extensions.oob.model.x.OobX; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; @@ -34,6 +37,7 @@ import java.net.URL; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.security.Principal; import java.util.ArrayList; import java.util.List; @@ -55,50 +59,31 @@ public class Post { MessagesService messagesService; @Inject SubscriptionService subscriptionService; + @Inject + Environment env; @RequestMapping(value = "/post", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - protected com.juick.Message doPost(HttpServletRequest request) throws IOException { - String uri = request.getRequestURI(); - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public com.juick.Message doPostMessage( + Principal principal, + @RequestParam String body, + @RequestParam String tags, + @RequestParam(required = false) String img, + @RequestParam(required = false) MultipartFile attach) throws IOException { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } - switch (uri) { - case "/post": - int mid = NumberUtils.toInt(request.getParameter("mid"), 0); - if (mid == 0) { - return doPostMessage(request, apiServer.getXmpp(), vuid); - } else { - return doPostComment(request, apiServer.getXmpp(), vuid); - } - default: - throw new HttpBadRequestException(); - } - } - - public com.juick.Message doPostMessage(HttpServletRequest request, XmppSession xmpp, int vuid) throws IOException { - String body = request.getParameter("body"); if (body == null || body.length() < 1 || body.length() > 4096) { throw new HttpBadRequestException(); } body = body.replace("\r", ""); - String tagsStr = request.getParameter("tags"); - List tags = new ArrayList<>(); + List tagsList = new ArrayList<>(); String tagsArr[] = new String[1]; - if (tagsStr != null && !tagsStr.isEmpty()) { - tagsArr = tagsStr.split("[ \\,]"); + if (tags != null && !tags.isEmpty()) { + tagsArr = tags.split("[ \\,]"); for (int i = 0; i < tagsArr.length; i++) { if (tagsArr[i].startsWith("*")) { tagsArr[i] = tagsArr[i].substring(1); @@ -107,24 +92,18 @@ public class Post { tagsArr[i] = tagsArr[i].substring(0, 64); } } - tags = tagService.getTags(tagsArr, true); - while (tags.size() > 5) { - tags.remove(5); + tagsList = tagService.getTags(tagsArr, true); + while (tagsList.size() > 5) { + tagsList.remove(5); } } - String attachmentFName = null; - try { - attachmentFName = HttpUtils.receiveMultiPartFile(request, "attach"); - } catch (Exception e) { - logger.error("MULTIPART ERROR", e); - throw new HttpBadRequestException(); - } + String attachmentFName = HttpUtils.receiveMultiPartFile(attach, env.getProperty("upload_tmp_dir", + "/var/www/juick.com/i/tmp/")); - String paramImg = request.getParameter("img"); - if (attachmentFName == null && paramImg != null && paramImg.length() > 10) { + if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) { try { - URL imgUrl = new URL(paramImg); + URL imgUrl = new URL(img); attachmentFName = HttpUtils.downloadImage(imgUrl); } catch (Exception e) { logger.error("DOWNLOAD ERROR", e); @@ -133,10 +112,10 @@ public class Post { } String attachmentType = attachmentFName != null ? attachmentFName.substring(attachmentFName.length() - 3) : null; - int mid = messagesService.createMessage(vuid, body, attachmentType, tags); + int mid = messagesService.createMessage(vuid, body, attachmentType, tagsList); subscriptionService.subscribeMessage(mid, vuid); com.juick.Message jmsg = messagesService.getMessage(mid); - if (xmpp != null) { + if (apiServer.getXmpp() != null) { Message xmsg = new Message(); xmsg.setFrom(Jid.of("juick@juick.com")); xmsg.setType(Message.Type.CHAT); @@ -174,30 +153,41 @@ public class Post { xmsg.setBody("@" + jmsg.getUser().getName() + ":" + tagsStr2 + "\n" + body + "\n\n#" + mid + " http://juick.com/" + mid); xmsg.setTo(Jid.of("juick@s2s.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("juick@ws.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("juick@push.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("twitter@crosspost.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("fb@crosspost.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("jubo@nologin.ru")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); } else { logger.error("XMPP unavailable"); } return jmsg; } - - public com.juick.Message doPostComment(HttpServletRequest request, XmppSession xmpp, int vuid) + @RequestMapping(value = "/comment", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) + public com.juick.Message doPostComment( + Principal principal, + @RequestParam(defaultValue = "0") int mid, + @RequestParam(defaultValue = "0") int rid, + @RequestParam String body, + @RequestParam(required = false) String img, + @RequestParam(required = false) MultipartFile attach) throws IOException { - int mid = NumberUtils.toInt(request.getParameter("mid"), 0); + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); + if (vuid == 0) { + throw new HttpForbiddenException(); + } if (mid == 0) { throw new HttpBadRequestException(); } @@ -206,7 +196,6 @@ public class Post { throw new HttpNotFoundException(); } - int rid = NumberUtils.toInt(request.getParameter("rid"), 0); com.juick.Message reply = null; if (rid > 0) { reply = messagesService.getReply(mid, rid); @@ -215,7 +204,6 @@ public class Post { } } - String body = request.getParameter("body"); if (body == null || body.length() < 1 || body.length() > 4096) { throw new HttpBadRequestException(); } @@ -226,18 +214,12 @@ public class Post { throw new HttpForbiddenException(); } - String attachmentFName = null; - try { - attachmentFName = HttpUtils.receiveMultiPartFile(request, "attach"); - } catch (Exception e) { - logger.error("MULTIPART ERROR", e); - throw new HttpBadRequestException(); - } + String attachmentFName = HttpUtils.receiveMultiPartFile(attach, env.getProperty("upload_tmp_dir", + "/var/www/juick.com/i/tmp/")); - String paramImg = request.getParameter("img"); - if (attachmentFName == null && paramImg != null && paramImg.length() > 10) { + if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) { try { - attachmentFName = HttpUtils.downloadImage(new URL(paramImg)); + attachmentFName = HttpUtils.downloadImage(new URL(img)); } catch (Exception e) { logger.error("DOWNLOAD ERROR", e); throw new HttpBadRequestException(); @@ -250,7 +232,7 @@ public class Post { com.juick.Message jmsg = messagesService.getReply(mid, ridnew); - if (xmpp != null) { + if (apiServer.getXmpp() != null) { Message xmsg = new Message(); xmsg.setFrom(Jid.of("juick@juick.com")); xmsg.setType(Message.Type.CHAT); @@ -289,13 +271,13 @@ public class Post { mid + "/" + ridnew + " http://juick.com/" + mid + "#" + ridnew); xmsg.setTo(Jid.of("juick@s2s.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("juick@ws.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("juick@push.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); } else { logger.error("XMPP unavailable"); } -- cgit v1.2.3