From 990ca2bf911181c3af9cd6375534553b9355b3a2 Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Fri, 9 Dec 2016 22:57:52 +0700 Subject: security settings --- .../com/juick/www/controllers/IndexController.java | 41 +++++++++++---------- .../com/juick/www/controllers/LoginController.java | 43 +++------------------- 2 files changed, 28 insertions(+), 56 deletions(-) (limited to 'juick-spring-www/src/main/java/com/juick/www/controllers') diff --git a/juick-spring-www/src/main/java/com/juick/www/controllers/IndexController.java b/juick-spring-www/src/main/java/com/juick/www/controllers/IndexController.java index 91efd8aa..c6de2fbf 100644 --- a/juick-spring-www/src/main/java/com/juick/www/controllers/IndexController.java +++ b/juick-spring-www/src/main/java/com/juick/www/controllers/IndexController.java @@ -9,6 +9,7 @@ import com.juick.util.UserUtils; import com.juick.www.util.EncodeUtils; import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; +import org.springframework.context.MessageSource; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.*; @@ -27,32 +28,31 @@ import java.util.stream.Collectors; */ @Controller public class IndexController { - @Inject - UserService userService; + private MessageSource messageSource; + @Inject + private UserService userService; @Inject - MessagesService messagesService; + private MessagesService messagesService; @Inject - TagService tagService; + private TagService tagService; @RequestMapping(value = "/", method = RequestMethod.GET) - protected String doGet( + public String indexPage( Principal principal, @CookieValue("ref") Optional ref, @RequestHeader("Referer") Optional referer, @RequestParam("show") Optional paramShow, @RequestParam("tag") Optional paramTagStr, - @RequestParam(value = "before", required = false) Integer paramBefore, + @RequestParam(value = "before") Optional paramBefore, @RequestParam(value = "search", required = false) String paramSearch, ModelMap model) throws IOException { - if (paramTagStr.isPresent()) { + if (paramTagStr.isPresent()) return "redirect:/tag/" + URLEncoder.encode(paramTagStr.get(), "UTF-8"); - } - if (StringUtils.isNotEmpty(paramSearch) && paramSearch.length() > 64) { + if (StringUtils.isNotEmpty(paramSearch) && paramSearch.length() > 64) paramSearch = ""; - } String name = UserUtils.getUsername(principal, null); User visitor = userService.getUserByName(name); @@ -63,34 +63,37 @@ public class IndexController { } else { title = "Микроблоги Juick: популярные записи"; } + + int before = paramBefore.orElse(0); + List mids = new ArrayList<>(); if (StringUtils.isNotEmpty(paramSearch)) { title = "Поиск: " + StringEscapeUtils.escapeHtml4(paramSearch); mids = messagesService.getSearch(EncodeUtils.encodeSphinx(paramSearch), - paramBefore); + before); } else if (!paramShow.isPresent()) { - mids = messagesService.getPopular(visitor.getUid(), paramBefore); + mids = messagesService.getPopular(visitor.getUid(), before); } else if (paramShow.get().equals("top")) { return "redirect:/"; } else if (paramShow.get().equals("my") && visitor.getUid() > 0) { title = "Моя лента"; - mids = messagesService.getMyFeed(visitor.getUid(), paramBefore); + mids = messagesService.getMyFeed(visitor.getUid(), before); } else if (paramShow.get().equals("private") && visitor.getUid() > 0) { title = "Приватные"; - mids = messagesService.getPrivate(visitor.getUid(), paramBefore); + mids = messagesService.getPrivate(visitor.getUid(), before); } else if (paramShow.get().equals("discuss") && visitor.getUid() > 0) { title = "Обсуждения"; - mids = messagesService.getDiscussions(visitor.getUid(), paramBefore); + mids = messagesService.getDiscussions(visitor.getUid(), before); } else if (paramShow.get().equals("recommended") && visitor.getUid() > 0) { title = "Рекомендации"; - mids = messagesService.getRecommended(visitor.getUid(), paramBefore); + mids = messagesService.getRecommended(visitor.getUid(), before); } else if (paramShow.get().equals("photos")) { title = "Фотографии"; - mids = messagesService.getPhotos(visitor.getUid(), paramBefore); + mids = messagesService.getPhotos(visitor.getUid(), before); } else if (paramShow.get().equals("all")) { title = "Все сообщения"; - mids = messagesService.getAll(visitor.getUid(), paramBefore); + mids = messagesService.getAll(visitor.getUid(), before); } model.addAttribute("title", title); model.addAttribute("visitor", visitor); @@ -116,6 +119,6 @@ public class IndexController { model.addAttribute("nextpage", nextpage); } //model.addAttribute("isModerator", userService.getModerators().contains(visitor.getUid())); - return "blog/index"; + return "index"; } } diff --git a/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java b/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java index 8a474c9b..8827d948 100644 --- a/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java +++ b/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java @@ -1,23 +1,15 @@ package com.juick.www.controllers; import com.juick.User; -import com.juick.server.util.HttpBadRequestException; -import com.juick.server.util.HttpForbiddenException; import com.juick.service.UserService; import com.juick.util.UserUtils; import org.springframework.core.env.Environment; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; import javax.inject.Inject; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletResponse; -import java.net.URI; import java.security.Principal; -import java.util.Optional; /** * Created by vitalyster on 09.12.2016. @@ -25,41 +17,18 @@ import java.util.Optional; @Controller public class LoginController { @Inject - UserService userService; + private UserService userService; @Inject - Environment env; + private Environment env; @RequestMapping(value = "/login", method = RequestMethod.GET) - public String doGetLoginForm(Principal principal) { + public String getLoginForm(Principal principal) { String name = UserUtils.getUsername(principal, null); User visitor = userService.getUserByName(name); - if (visitor.getUid() > 0) { + + if (visitor.getUid() > 0) return "redirect:/login"; - } - return "views/login"; - } - @RequestMapping(value = "/login", method = RequestMethod.POST) - protected String doPostLogin( - @RequestParam("username") Optional username, - @RequestParam("password") Optional password, - @RequestHeader("Referer") Optional referer, - HttpServletResponse response) { - if (!username.isPresent() && password.isPresent()) { - throw new HttpBadRequestException(); - } - int uid = userService.checkPassword(username.get(), password.get()); - if (uid > 0) { - if (referer.isPresent()) { - URI refererURI = URI.create(referer.get()); - if (refererURI.getHost().equals(env.getProperty("web_domain")) - && !refererURI.getPath().equals("/login")) { - return "redirect:" + referer.get(); - } else { - return "redirect:/"; - } - } - } - throw new HttpForbiddenException(); + return "views/login"; } } -- cgit v1.2.3