From 1679b35661297fd9a6693b03cadcdbc1ab5a4203 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Mon, 28 Nov 2016 13:09:34 +0300
Subject: juick-api: all controllers are using spring-security and
 @RequestParam

---
 .../com/juick/api/controllers/Subscriptions.java   | 30 +++++++---------------
 1 file changed, 9 insertions(+), 21 deletions(-)

(limited to 'juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java')

diff --git a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java
index 5426f853..42be9903 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java
@@ -7,16 +7,17 @@ import com.juick.api.util.HttpForbiddenException;
 import com.juick.service.MessagesService;
 import com.juick.service.SubscriptionService;
 import com.juick.service.UserService;
-import org.apache.commons.lang3.math.NumberUtils;
+import com.juick.util.UserUtils;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
+import java.security.Principal;
 import java.util.List;
 
 /**
@@ -33,28 +34,15 @@ public class Subscriptions {
     MessagesService messagesService;
 
     @RequestMapping(value = "/subscriptions", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
-    public List<User> doGet(HttpServletRequest request) throws IOException {
-        // TODO: use spring-security
-        String auth = request.getHeader("Authorization");
-        int vuid = userService.getUIDByHttpAuth(auth);
-        if (vuid == -1) {
-            throw new HttpForbiddenException();
-        }
-        if (vuid == 0) {
-            String hash = request.getParameter("hash");
-            if (hash != null && hash.length() == 16) {
-                vuid  = userService.getUIDbyHash(hash);
-            }
-        }
-        if (vuid == 0) {
-            throw new HttpForbiddenException();
-        }
-        User visitor = userService.getUserByUID(vuid).orElse(new User());
+    public List<User> doGet(
+            Principal principal,
+            @RequestParam(defaultValue = "0") int mid,
+            @RequestParam(defaultValue = "0") int uid) throws IOException {
+        String name = UserUtils.getUsername(principal, null);
+        User visitor = userService.getUserByName(name);
         if ((visitor.getUid() == 0) && !(visitor.getName().equals("juick"))) {
             throw new HttpForbiddenException();
         }
-        int uid = NumberUtils.toInt(request.getParameter("uid"), 0);
-        int mid = NumberUtils.toInt(request.getParameter("mid"), 0);
         if (uid > 0) {
             return subscriptionService.getSubscribedUsers(uid, mid);
         } else {
-- 
cgit v1.2.3