From d233943fc29508dc37714852b11b96b0b46b55d9 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 24 Nov 2016 21:38:52 +0300 Subject: juick-api: now on spring-webmvc --- .../main/java/com/juick/api/controllers/Users.java | 159 +++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 juick-api/src/main/java/com/juick/api/controllers/Users.java (limited to 'juick-api/src/main/java/com/juick/api/controllers/Users.java') diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java new file mode 100644 index 00000000..8b1bc6cd --- /dev/null +++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java @@ -0,0 +1,159 @@ +package com.juick.api.controllers; + +import com.juick.User; +import com.juick.api.util.HttpForbiddenException; +import com.juick.api.util.HttpNotFoundException; +import com.juick.service.UserService; +import com.juick.util.UserUtils; +import org.springframework.http.MediaType; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.ResponseBody; + +import javax.inject.Inject; +import javax.servlet.http.HttpServletRequest; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Iterator; +import java.util.List; + +/** + * + * @author ugnich + */ +@Controller +@ResponseBody +public class Users { + + @Inject + UserService userService; + + @RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) + public List doGetUsers(HttpServletRequest request) { + // TODO: use spring-security + String auth = request.getHeader("Authorization"); + int vuid = userService.getUIDByHttpAuth(auth); + if (vuid == -1) { + throw new HttpForbiddenException(); + } + if (vuid == 0) { + String hash = request.getParameter("hash"); + if (hash != null && hash.length() == 16) { + vuid = userService.getUIDbyHash(hash); + } + } + List users = new ArrayList<>(); + + String punames[] = request.getParameterValues("uname"); + if (punames != null) { + ArrayList unames = new ArrayList<>(Arrays.asList(punames)); + Iterator i = unames.iterator(); + while (i.hasNext()) { + if (!i.next().matches("^[a-zA-Z0-9\\-]{2,16}$")) { + i.remove(); + } + } + if (!unames.isEmpty() && unames.size() < 20) { + users.addAll(userService.getUsersByName(unames)); + } + } + + String pjids[] = request.getParameterValues("jid"); + if (pjids != null) { + List jids = new ArrayList<>(Arrays.asList(pjids)); + Iterator ii = jids.iterator(); + while (ii.hasNext()) { + if (!ii.next().matches("^[a-zA-Z0-9\\-\\_\\@\\.]{6,64}$")) { + ii.remove(); + } + } + if (!jids.isEmpty() && jids.size() < 20) { + users.addAll(userService.getUsersByJID(jids)); + } + } + + if (!users.isEmpty()) { + return users; + } + throw new HttpNotFoundException(); + } + + @RequestMapping(value = "/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) + public List doGetUserRead(HttpServletRequest request) { + // TODO: use spring-security + String auth = request.getHeader("Authorization"); + int vuid = userService.getUIDByHttpAuth(auth); + if (vuid == -1) { + throw new HttpForbiddenException(); + } + if (vuid == 0) { + String hash = request.getParameter("hash"); + if (hash != null && hash.length() == 16) { + vuid = userService.getUIDbyHash(hash); + } + } + if (vuid == 0) { + throw new HttpForbiddenException(); + } + int uid = 0; + String uname = request.getParameter("uname"); + if (uname == null) { + uid = vuid; + } else { + if (UserUtils.checkUserNameValid(uname)) { + com.juick.User u = userService.getUserByName(uname); + if (u != null && u.getUid() > 0) { + uid = u.getUid(); + } + } + } + + if (uid > 0) { + List uids = userService.getUserRead(uid); + if (uids.size() > 0) { + List users = userService.getUsersByID(uids); + if (users.size() > 0) { + return users; + } + } + } + throw new HttpNotFoundException(); + } + + @RequestMapping(value = "/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) + public List doGetUserReaders(HttpServletRequest request) { + // TODO: use spring-security + String auth = request.getHeader("Authorization"); + int vuid = userService.getUIDByHttpAuth(auth); + if (vuid == -1) { + throw new HttpForbiddenException(); + } + if (vuid == 0) { + String hash = request.getParameter("hash"); + if (hash != null && hash.length() == 16) { + vuid = userService.getUIDbyHash(hash); + } + } + if (vuid == 0) { + throw new HttpForbiddenException(); + } + int uid = 0; + String uname = request.getParameter("uname"); + if (uname == null) { + uid = vuid; + } else { + if (UserUtils.checkUserNameValid(uname)) { + com.juick.User u = userService.getUserByName(uname); + if (u != null && u.getUid() > 0) { + uid = u.getUid(); + } + } + } + + if (uid > 0) { + return userService.getUserReaders(uid); + } + throw new HttpNotFoundException(); + } +} -- cgit v1.2.3