From 1679b35661297fd9a6693b03cadcdbc1ab5a4203 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Mon, 28 Nov 2016 13:09:34 +0300
Subject: juick-api: all controllers are using spring-security and
 @RequestParam

---
 .../main/java/com/juick/api/controllers/Users.java | 61 ++++++----------------
 1 file changed, 17 insertions(+), 44 deletions(-)

(limited to 'juick-api/src/main/java/com/juick/api/controllers/Users.java')

diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java
index 8b1bc6cd..75dea5f5 100644
--- a/juick-api/src/main/java/com/juick/api/controllers/Users.java
+++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java
@@ -9,10 +9,11 @@ import org.springframework.http.MediaType;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Iterator;
@@ -30,22 +31,11 @@ public class Users {
     UserService userService;
 
     @RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
-    public List<User> doGetUsers(HttpServletRequest request) {
-        // TODO: use spring-security
-        String auth = request.getHeader("Authorization");
-        int vuid = userService.getUIDByHttpAuth(auth);
-        if (vuid == -1) {
-            throw new HttpForbiddenException();
-        }
-        if (vuid == 0) {
-            String hash = request.getParameter("hash");
-            if (hash != null && hash.length() == 16) {
-                vuid  = userService.getUIDbyHash(hash);
-            }
-        }
+    public List<User> doGetUsers(
+            @RequestParam(value = "uname", required = false) String[] punames,
+            @RequestParam(value = "jid", required = false) String[] pjids) {
         List<com.juick.User> users = new ArrayList<>();
 
-        String punames[] = request.getParameterValues("uname");
         if (punames != null) {
             ArrayList<String> unames = new ArrayList<>(Arrays.asList(punames));
             Iterator<String> i = unames.iterator();
@@ -59,7 +49,6 @@ public class Users {
             }
         }
 
-        String pjids[] = request.getParameterValues("jid");
         if (pjids != null) {
             List<String> jids = new ArrayList<>(Arrays.asList(pjids));
             Iterator<String> ii = jids.iterator();
@@ -80,24 +69,16 @@ public class Users {
     }
 
     @RequestMapping(value = "/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
-    public List<User> doGetUserRead(HttpServletRequest request) {
-        // TODO: use spring-security
-        String auth = request.getHeader("Authorization");
-        int vuid = userService.getUIDByHttpAuth(auth);
-        if (vuid == -1) {
-            throw new HttpForbiddenException();
-        }
-        if (vuid == 0) {
-            String hash = request.getParameter("hash");
-            if (hash != null && hash.length() == 16) {
-                vuid  = userService.getUIDbyHash(hash);
-            }
-        }
+    public List<User> doGetUserRead(
+            Principal principal,
+            @RequestParam String uname) {
+        String name = UserUtils.getUsername(principal, null);
+        User visitor = userService.getUserByName(name);
+        int vuid = visitor.getUid();
         if (vuid == 0) {
             throw new HttpForbiddenException();
         }
         int uid = 0;
-        String uname = request.getParameter("uname");
         if (uname == null) {
             uid = vuid;
         } else {
@@ -122,24 +103,16 @@ public class Users {
     }
 
     @RequestMapping(value = "/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
-    public List<User> doGetUserReaders(HttpServletRequest request) {
-        // TODO: use spring-security
-        String auth = request.getHeader("Authorization");
-        int vuid = userService.getUIDByHttpAuth(auth);
-        if (vuid == -1) {
-            throw new HttpForbiddenException();
-        }
-        if (vuid == 0) {
-            String hash = request.getParameter("hash");
-            if (hash != null && hash.length() == 16) {
-                vuid  = userService.getUIDbyHash(hash);
-            }
-        }
+    public List<User> doGetUserReaders(
+            Principal principal,
+            @RequestParam String uname) {
+        String name = UserUtils.getUsername(principal, null);
+        User visitor = userService.getUserByName(name);
+        int vuid = visitor.getUid();
         if (vuid == 0) {
             throw new HttpForbiddenException();
         }
         int uid = 0;
-        String uname = request.getParameter("uname");
         if (uname == null) {
             uid = vuid;
         } else {
-- 
cgit v1.2.3