From 1679b35661297fd9a6693b03cadcdbc1ab5a4203 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 28 Nov 2016 13:09:34 +0300 Subject: juick-api: all controllers are using spring-security and @RequestParam --- .../java/com/juick/api/controllers/Messages.java | 74 +++--------- .../com/juick/api/controllers/Notifications.java | 70 ++++------- .../java/com/juick/api/controllers/Others.java | 39 +++--- .../main/java/com/juick/api/controllers/PM.java | 46 +++---- .../main/java/com/juick/api/controllers/Post.java | 134 +++++++++------------ .../com/juick/api/controllers/Subscriptions.java | 30 ++--- .../main/java/com/juick/api/controllers/Users.java | 61 +++------- .../main/java/com/juick/api/util/HttpUtils.java | 32 +++-- 8 files changed, 175 insertions(+), 311 deletions(-) (limited to 'juick-api/src/main/java/com') diff --git a/juick-api/src/main/java/com/juick/api/controllers/Messages.java b/juick-api/src/main/java/com/juick/api/controllers/Messages.java index 0f8e7e07..f30a7687 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Messages.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Messages.java @@ -25,7 +25,6 @@ import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; import java.security.Principal; import java.util.Collections; import java.util.List; @@ -77,23 +76,15 @@ public class Messages { @RequestMapping("/messages") public ResponseEntity> getMessages( - HttpServletRequest request, - @RequestParam(required = false) String hash, + Principal principal, @RequestParam(required = false) String uname, @RequestParam(defaultValue = "0") int before_mid, @RequestParam(required = false) String popular, @RequestParam(required = false) String media, @RequestParam(required = false) String tag) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) - return FORBIDDEN; - - if (vuid == 0) { - if (hash != null && hash.length() == 16) - vuid = userService.getUIDbyHash(hash); - } + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); List mids; if (!StringUtils.isEmpty(uname)) { @@ -135,20 +126,11 @@ public class Messages { @RequestMapping("/thread") public ResponseEntity> getThread( - HttpServletRequest request, + Principal principal, @RequestParam(defaultValue = "0") int mid) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - return FORBIDDEN; - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); com.juick.Message msg = messagesService.getMessage(mid); if (msg != null) { if (!messagesService.canViewThread(mid, vuid)) { @@ -164,20 +146,11 @@ public class Messages { @RequestMapping("/messages/recommended") public ResponseEntity> doGetRecommended( - HttpServletRequest request, + Principal principal, @RequestParam(defaultValue = "0") int before_mid) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - return FORBIDDEN; - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { return FORBIDDEN; } @@ -195,29 +168,20 @@ public class Messages { @RequestMapping("/messages/set_privacy") @ResponseBody - public Status doSetPrivacy( - HttpServletRequest request, + public ResponseEntity doSetPrivacy( + Principal principal, @RequestParam(defaultValue = "0") int mid) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } com.juick.User user = messagesService.getMessageAuthor(mid); if (user != null && user.getUid() == vuid && messagesService.setMessagePrivacy(mid)) { - return Status.OK; + return ResponseEntity.ok(Status.OK); } - throw new HttpBadRequestException(); + throw new HttpForbiddenException(); } @RequestMapping("/messages/set_popular") diff --git a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java index c3529645..35298095 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Notifications.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Notifications.java @@ -12,17 +12,15 @@ import com.juick.service.MessagesService; import com.juick.service.PushQueriesService; import com.juick.service.SubscriptionService; import com.juick.service.UserService; -import org.apache.commons.lang3.math.NumberUtils; +import com.juick.util.UserUtils; import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.*; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; import java.io.IOException; +import java.security.Principal; import java.util.List; import java.util.stream.Collectors; @@ -43,36 +41,24 @@ public class Notifications { SubscriptionService subscriptionService; @RequestMapping(value = "/notifications", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List doGet(HttpServletRequest request) { - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } - if (vuid == 0) { - throw new HttpForbiddenException(); - } - User visitor = userService.getUserByUID(vuid).orElse(new User()); + public ResponseEntity> doGet( + Principal principal, + @RequestParam String type, + @RequestParam(required = false, defaultValue = "0") int uid, + @RequestParam(required = false, defaultValue = "0") int mid) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } - String type = request.getParameter("type"); - int uid = NumberUtils.toInt(request.getParameter("uid"), 0); - int mid = NumberUtils.toInt(request.getParameter("mid"), 0); if (uid > 0) { switch (type) { case "gcm": - return pushQueriesService.getAndroidRegID(uid); + return ResponseEntity.ok(pushQueriesService.getAndroidRegID(uid)); case "apns": - return pushQueriesService.getAPNSToken(uid); + return ResponseEntity.ok(pushQueriesService.getAPNSToken(uid)); case "mpns": - return pushQueriesService.getWinPhoneURL(uid); + return ResponseEntity.ok(pushQueriesService.getWinPhoneURL(uid)); default: throw new HttpBadRequestException(); } @@ -92,11 +78,11 @@ public class Notifications { switch (type) { case "gcm": - return pushQueriesService.getAndroidTokens(uids); + return ResponseEntity.ok(pushQueriesService.getAndroidTokens(uids)); case "apns": - return pushQueriesService.getAPNSTokens(uids); + return ResponseEntity.ok(pushQueriesService.getAPNSTokens(uids)); case "mpns": - return pushQueriesService.getWindowsTokens(uids); + return ResponseEntity.ok(pushQueriesService.getWindowsTokens(uids)); default: throw new HttpBadRequestException(); } @@ -107,23 +93,11 @@ public class Notifications { } @RequestMapping(value = "/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public Status doDelete(HttpServletRequest request, @RequestBody String requestBody) throws IOException { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } - if (vuid == 0) { - throw new HttpForbiddenException(); - } - User visitor = userService.getUserByUID(vuid).orElse(new User()); + public Status doDelete( + Principal principal, + @RequestBody String requestBody) throws IOException { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); if ((visitor.getUid() == 0) || !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } diff --git a/juick-api/src/main/java/com/juick/api/controllers/Others.java b/juick-api/src/main/java/com/juick/api/controllers/Others.java index ad620444..e2d802d8 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Others.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Others.java @@ -6,14 +6,16 @@ import com.juick.api.util.HttpNotFoundException; import com.juick.server.helpers.PrivateChats; import com.juick.service.PMQueriesService; import com.juick.service.UserService; +import com.juick.util.UserUtils; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; +import java.security.Principal; import java.util.List; /** @@ -30,33 +32,20 @@ public class Others { UserService userService; @RequestMapping(value = "groups_pms", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public PrivateChats doGetGroupsPMs(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public PrivateChats doGetGroupsPMs( + Principal principal, + @RequestParam(defaultValue = "5") int cnt) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } - int cnt = 5; - try { - String cntStr = request.getParameter("cnt"); - cnt = Integer.parseInt(cntStr); - if (cnt < 3) { - cnt = 3; - } - if (cnt > 10) { - cnt = 10; - } - } catch (Exception e) { + if (cnt < 3) { + cnt = 3; + } + if (cnt > 10) { + cnt = 10; } List lastconv = pmQueriesService.getPMLastConversationsUsers(vuid, cnt); diff --git a/juick-api/src/main/java/com/juick/api/controllers/PM.java b/juick-api/src/main/java/com/juick/api/controllers/PM.java index 3d9893b1..c928a11e 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/PM.java +++ b/juick-api/src/main/java/com/juick/api/controllers/PM.java @@ -1,5 +1,6 @@ package com.juick.api.controllers; +import com.juick.User; import com.juick.api.ApiServer; import com.juick.api.util.HttpBadRequestException; import com.juick.api.util.HttpForbiddenException; @@ -10,12 +11,13 @@ import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import rocks.xmpp.addr.Jid; import rocks.xmpp.core.stanza.model.Message; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; +import java.security.Principal; import java.util.List; /** @@ -34,23 +36,15 @@ public class PM { ApiServer apiServer; @RequestMapping(value = "/pm", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List doGetPM(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public List doGetPM( + Principal principal, + @RequestParam(required = false) String uname) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } - String uname = request.getParameter("uname"); int uid = 0; if (uname != null && uname.matches("^[a-zA-Z0-9\\-]{2,16}$")) { uid = userService.getUIDbyName(uname); @@ -64,29 +58,21 @@ public class PM { } @RequestMapping(value = "/pm", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public com.juick.Message doPostPM(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public com.juick.Message doPostPM( + Principal principal, + @RequestParam String uname, + @RequestParam String body) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } - String uname = request.getParameter("uname"); int uid = 0; if (UserUtils.checkUserNameValid(uname)) { uid = userService.getUIDbyName(uname); } - String body = request.getParameter("body"); if (uid == 0 || body == null || body.length() < 1 || body.length() > 10240) { throw new HttpBadRequestException(); } diff --git a/juick-api/src/main/java/com/juick/api/controllers/Post.java b/juick-api/src/main/java/com/juick/api/controllers/Post.java index fb1914e9..18f417d8 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Post.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Post.java @@ -1,6 +1,7 @@ package com.juick.api.controllers; import com.juick.Tag; +import com.juick.User; import com.juick.api.ApiServer; import com.juick.api.util.HttpBadRequestException; import com.juick.api.util.HttpForbiddenException; @@ -10,23 +11,25 @@ import com.juick.service.MessagesService; import com.juick.service.SubscriptionService; import com.juick.service.TagService; import com.juick.service.UserService; +import com.juick.util.UserUtils; import net.coobird.thumbnailator.Thumbnails; -import org.apache.commons.lang3.math.NumberUtils; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.core.env.Environment; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.multipart.MultipartFile; import rocks.xmpp.addr.Jid; -import rocks.xmpp.core.session.XmppSession; import rocks.xmpp.core.stanza.model.Message; import rocks.xmpp.extensions.nick.model.Nickname; import rocks.xmpp.extensions.oob.model.x.OobX; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; @@ -34,6 +37,7 @@ import java.net.URL; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.security.Principal; import java.util.ArrayList; import java.util.List; @@ -55,50 +59,31 @@ public class Post { MessagesService messagesService; @Inject SubscriptionService subscriptionService; + @Inject + Environment env; @RequestMapping(value = "/post", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - protected com.juick.Message doPost(HttpServletRequest request) throws IOException { - String uri = request.getRequestURI(); - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public com.juick.Message doPostMessage( + Principal principal, + @RequestParam String body, + @RequestParam String tags, + @RequestParam(required = false) String img, + @RequestParam(required = false) MultipartFile attach) throws IOException { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } - switch (uri) { - case "/post": - int mid = NumberUtils.toInt(request.getParameter("mid"), 0); - if (mid == 0) { - return doPostMessage(request, apiServer.getXmpp(), vuid); - } else { - return doPostComment(request, apiServer.getXmpp(), vuid); - } - default: - throw new HttpBadRequestException(); - } - } - - public com.juick.Message doPostMessage(HttpServletRequest request, XmppSession xmpp, int vuid) throws IOException { - String body = request.getParameter("body"); if (body == null || body.length() < 1 || body.length() > 4096) { throw new HttpBadRequestException(); } body = body.replace("\r", ""); - String tagsStr = request.getParameter("tags"); - List tags = new ArrayList<>(); + List tagsList = new ArrayList<>(); String tagsArr[] = new String[1]; - if (tagsStr != null && !tagsStr.isEmpty()) { - tagsArr = tagsStr.split("[ \\,]"); + if (tags != null && !tags.isEmpty()) { + tagsArr = tags.split("[ \\,]"); for (int i = 0; i < tagsArr.length; i++) { if (tagsArr[i].startsWith("*")) { tagsArr[i] = tagsArr[i].substring(1); @@ -107,24 +92,18 @@ public class Post { tagsArr[i] = tagsArr[i].substring(0, 64); } } - tags = tagService.getTags(tagsArr, true); - while (tags.size() > 5) { - tags.remove(5); + tagsList = tagService.getTags(tagsArr, true); + while (tagsList.size() > 5) { + tagsList.remove(5); } } - String attachmentFName = null; - try { - attachmentFName = HttpUtils.receiveMultiPartFile(request, "attach"); - } catch (Exception e) { - logger.error("MULTIPART ERROR", e); - throw new HttpBadRequestException(); - } + String attachmentFName = HttpUtils.receiveMultiPartFile(attach, env.getProperty("upload_tmp_dir", + "/var/www/juick.com/i/tmp/")); - String paramImg = request.getParameter("img"); - if (attachmentFName == null && paramImg != null && paramImg.length() > 10) { + if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) { try { - URL imgUrl = new URL(paramImg); + URL imgUrl = new URL(img); attachmentFName = HttpUtils.downloadImage(imgUrl); } catch (Exception e) { logger.error("DOWNLOAD ERROR", e); @@ -133,10 +112,10 @@ public class Post { } String attachmentType = attachmentFName != null ? attachmentFName.substring(attachmentFName.length() - 3) : null; - int mid = messagesService.createMessage(vuid, body, attachmentType, tags); + int mid = messagesService.createMessage(vuid, body, attachmentType, tagsList); subscriptionService.subscribeMessage(mid, vuid); com.juick.Message jmsg = messagesService.getMessage(mid); - if (xmpp != null) { + if (apiServer.getXmpp() != null) { Message xmsg = new Message(); xmsg.setFrom(Jid.of("juick@juick.com")); xmsg.setType(Message.Type.CHAT); @@ -174,30 +153,41 @@ public class Post { xmsg.setBody("@" + jmsg.getUser().getName() + ":" + tagsStr2 + "\n" + body + "\n\n#" + mid + " http://juick.com/" + mid); xmsg.setTo(Jid.of("juick@s2s.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("juick@ws.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("juick@push.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("twitter@crosspost.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("fb@crosspost.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("jubo@nologin.ru")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); } else { logger.error("XMPP unavailable"); } return jmsg; } - - public com.juick.Message doPostComment(HttpServletRequest request, XmppSession xmpp, int vuid) + @RequestMapping(value = "/comment", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) + public com.juick.Message doPostComment( + Principal principal, + @RequestParam(defaultValue = "0") int mid, + @RequestParam(defaultValue = "0") int rid, + @RequestParam String body, + @RequestParam(required = false) String img, + @RequestParam(required = false) MultipartFile attach) throws IOException { - int mid = NumberUtils.toInt(request.getParameter("mid"), 0); + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); + if (vuid == 0) { + throw new HttpForbiddenException(); + } if (mid == 0) { throw new HttpBadRequestException(); } @@ -206,7 +196,6 @@ public class Post { throw new HttpNotFoundException(); } - int rid = NumberUtils.toInt(request.getParameter("rid"), 0); com.juick.Message reply = null; if (rid > 0) { reply = messagesService.getReply(mid, rid); @@ -215,7 +204,6 @@ public class Post { } } - String body = request.getParameter("body"); if (body == null || body.length() < 1 || body.length() > 4096) { throw new HttpBadRequestException(); } @@ -226,18 +214,12 @@ public class Post { throw new HttpForbiddenException(); } - String attachmentFName = null; - try { - attachmentFName = HttpUtils.receiveMultiPartFile(request, "attach"); - } catch (Exception e) { - logger.error("MULTIPART ERROR", e); - throw new HttpBadRequestException(); - } + String attachmentFName = HttpUtils.receiveMultiPartFile(attach, env.getProperty("upload_tmp_dir", + "/var/www/juick.com/i/tmp/")); - String paramImg = request.getParameter("img"); - if (attachmentFName == null && paramImg != null && paramImg.length() > 10) { + if (StringUtils.isBlank(attachmentFName) && img != null && img.length() > 10) { try { - attachmentFName = HttpUtils.downloadImage(new URL(paramImg)); + attachmentFName = HttpUtils.downloadImage(new URL(img)); } catch (Exception e) { logger.error("DOWNLOAD ERROR", e); throw new HttpBadRequestException(); @@ -250,7 +232,7 @@ public class Post { com.juick.Message jmsg = messagesService.getReply(mid, ridnew); - if (xmpp != null) { + if (apiServer.getXmpp() != null) { Message xmsg = new Message(); xmsg.setFrom(Jid.of("juick@juick.com")); xmsg.setType(Message.Type.CHAT); @@ -289,13 +271,13 @@ public class Post { mid + "/" + ridnew + " http://juick.com/" + mid + "#" + ridnew); xmsg.setTo(Jid.of("juick@s2s.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("juick@ws.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); xmsg.setTo(Jid.of("juick@push.juick.com")); - xmpp.send(xmsg); + apiServer.getXmpp().send(xmsg); } else { logger.error("XMPP unavailable"); } diff --git a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java index 5426f853..42be9903 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Subscriptions.java @@ -7,16 +7,17 @@ import com.juick.api.util.HttpForbiddenException; import com.juick.service.MessagesService; import com.juick.service.SubscriptionService; import com.juick.service.UserService; -import org.apache.commons.lang3.math.NumberUtils; +import com.juick.util.UserUtils; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; import java.io.IOException; +import java.security.Principal; import java.util.List; /** @@ -33,28 +34,15 @@ public class Subscriptions { MessagesService messagesService; @RequestMapping(value = "/subscriptions", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List doGet(HttpServletRequest request) throws IOException { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } - if (vuid == 0) { - throw new HttpForbiddenException(); - } - User visitor = userService.getUserByUID(vuid).orElse(new User()); + public List doGet( + Principal principal, + @RequestParam(defaultValue = "0") int mid, + @RequestParam(defaultValue = "0") int uid) throws IOException { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); if ((visitor.getUid() == 0) && !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } - int uid = NumberUtils.toInt(request.getParameter("uid"), 0); - int mid = NumberUtils.toInt(request.getParameter("mid"), 0); if (uid > 0) { return subscriptionService.getSubscribedUsers(uid, mid); } else { diff --git a/juick-api/src/main/java/com/juick/api/controllers/Users.java b/juick-api/src/main/java/com/juick/api/controllers/Users.java index 8b1bc6cd..75dea5f5 100644 --- a/juick-api/src/main/java/com/juick/api/controllers/Users.java +++ b/juick-api/src/main/java/com/juick/api/controllers/Users.java @@ -9,10 +9,11 @@ import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; -import javax.servlet.http.HttpServletRequest; +import java.security.Principal; import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; @@ -30,22 +31,11 @@ public class Users { UserService userService; @RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List doGetUsers(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public List doGetUsers( + @RequestParam(value = "uname", required = false) String[] punames, + @RequestParam(value = "jid", required = false) String[] pjids) { List users = new ArrayList<>(); - String punames[] = request.getParameterValues("uname"); if (punames != null) { ArrayList unames = new ArrayList<>(Arrays.asList(punames)); Iterator i = unames.iterator(); @@ -59,7 +49,6 @@ public class Users { } } - String pjids[] = request.getParameterValues("jid"); if (pjids != null) { List jids = new ArrayList<>(Arrays.asList(pjids)); Iterator ii = jids.iterator(); @@ -80,24 +69,16 @@ public class Users { } @RequestMapping(value = "/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List doGetUserRead(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public List doGetUserRead( + Principal principal, + @RequestParam String uname) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } int uid = 0; - String uname = request.getParameter("uname"); if (uname == null) { uid = vuid; } else { @@ -122,24 +103,16 @@ public class Users { } @RequestMapping(value = "/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public List doGetUserReaders(HttpServletRequest request) { - // TODO: use spring-security - String auth = request.getHeader("Authorization"); - int vuid = userService.getUIDByHttpAuth(auth); - if (vuid == -1) { - throw new HttpForbiddenException(); - } - if (vuid == 0) { - String hash = request.getParameter("hash"); - if (hash != null && hash.length() == 16) { - vuid = userService.getUIDbyHash(hash); - } - } + public List doGetUserReaders( + Principal principal, + @RequestParam String uname) { + String name = UserUtils.getUsername(principal, null); + User visitor = userService.getUserByName(name); + int vuid = visitor.getUid(); if (vuid == 0) { throw new HttpForbiddenException(); } int uid = 0; - String uname = request.getParameter("uname"); if (uname == null) { uid = vuid; } else { diff --git a/juick-api/src/main/java/com/juick/api/util/HttpUtils.java b/juick-api/src/main/java/com/juick/api/util/HttpUtils.java index f20e10a8..2fe4322d 100644 --- a/juick-api/src/main/java/com/juick/api/util/HttpUtils.java +++ b/juick-api/src/main/java/com/juick/api/util/HttpUtils.java @@ -17,12 +17,19 @@ */ package com.juick.api.util; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.web.multipart.MultipartFile; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.Part; import java.io.FileOutputStream; +import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.net.URLConnection; +import java.nio.file.Files; +import java.nio.file.Paths; import java.util.UUID; /** @@ -30,6 +37,7 @@ import java.util.UUID; * @author Ugnich Anton */ public class HttpUtils { + private static final Logger logger = LoggerFactory.getLogger(HttpUtils.class); public static String getPartFilename(Part part) { for (String cd : part.getHeader("content-disposition").split(";")) { if (cd.trim().startsWith("filename")) { @@ -39,27 +47,27 @@ public class HttpUtils { } return null; } - public static String receiveMultiPartFile(HttpServletRequest request, String name) throws Exception { - String attachmentFName = null; - - Part filePart = request.getPart("attach"); - if (filePart != null) { - String partname = HttpUtils.getPartFilename(filePart); + public static String receiveMultiPartFile(MultipartFile attach, String tmpDir) { + if (!attach.isEmpty()) { + String partname = attach.getOriginalFilename(); if (partname != null && partname.length() > 0) { String attachmentType = partname.substring(partname.length() - 3).toLowerCase(); if (attachmentType.equals("jpg") || attachmentType.equals("peg") || attachmentType.equals("png")) { if (attachmentType.equals("peg")) { attachmentType = "jpg"; } - attachmentFName = UUID.randomUUID().toString() + "." + attachmentType; - filePart.write("/var/www/juick.com/i/tmp/" + attachmentFName); - } else { - throw new Exception("Wrong file type"); + String attachmentFName = UUID.randomUUID().toString() + "." + attachmentType; + try { + Files.write(Paths.get(tmpDir, attachmentFName), + attach.getBytes()); + return attachmentFName; + } catch (IOException e) { + logger.warn("file receive error", e); + } } } } - - return attachmentFName; + return ""; } public static String downloadImage(URL url) throws Exception { String attachmentFName = null; -- cgit v1.2.3