From e5c8298beee5dde90ca98cc4707faac4bf0e2f0c Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Thu, 7 Jul 2016 15:13:47 +0300
Subject: reorganize project

---
 .../src/main/java/com/juick/www/FacebookLogin.java | 152 +++++++++++++++++++++
 1 file changed, 152 insertions(+)
 create mode 100644 juick-www/src/main/java/com/juick/www/FacebookLogin.java

(limited to 'juick-www/src/main/java/com/juick/www/FacebookLogin.java')

diff --git a/juick-www/src/main/java/com/juick/www/FacebookLogin.java b/juick-www/src/main/java/com/juick/www/FacebookLogin.java
new file mode 100644
index 00000000..22b081a5
--- /dev/null
+++ b/juick-www/src/main/java/com/juick/www/FacebookLogin.java
@@ -0,0 +1,152 @@
+/*
+ * Juick
+ * Copyright (C) 2008-2013, Ugnich Anton
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.www;
+
+import com.juick.server.UserQueries;
+import org.json.JSONObject;
+import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.jdbc.core.JdbcTemplate;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.util.UUID;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ *
+ * @author Ugnich Anton
+ */
+public class FacebookLogin {
+
+    private static final Logger logger = Logger.getLogger(FacebookLogin.class.getName());
+
+    private static final String FACEBOOK_APPID = "130568668304";
+    private static final String FACEBOOK_SECRET = "95813bfb6ab8f473410c50d4f971649e";
+    private static final String FACEBOOK_REDIRECT = "http://juick.com/_fblogin";
+
+    protected void doGet(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        String fbstate;
+
+        String code = request.getParameter("code");
+        if (code == null || code.equals("")) {
+            fbstate = UUID.randomUUID().toString();
+
+            Cookie c = new Cookie("fbstate", fbstate);
+            response.addCookie(c);
+
+            response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
+            response.setHeader("Location", "https://www.facebook.com/dialog/oauth?scope=publish_stream&client_id=" + FACEBOOK_APPID + "&redirect_uri=" + URLEncoder.encode(FACEBOOK_REDIRECT, "utf-8") + "&state=" + fbstate);
+            return;
+        }
+
+        fbstate = Utils.getCookie(request, "fbstate");
+        if (fbstate == null || fbstate.isEmpty() || !fbstate.equals(request.getParameter("state"))) {
+            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+            return;
+        } else {
+            Cookie c = new Cookie("fbstate", "-");
+            c.setMaxAge(0);
+            response.addCookie(c);
+        }
+
+        String token = Utils.fetchURL("https://graph.facebook.com/oauth/access_token?client_id=" + FACEBOOK_APPID + "&redirect_uri=" + URLEncoder.encode(FACEBOOK_REDIRECT, "utf-8") + "&client_secret=" + FACEBOOK_SECRET + "&code=" + URLEncoder.encode(code, "utf-8"));
+        if (token == null || token.isEmpty() || !token.startsWith("access_token=")) {
+            logger.log(Level.SEVERE, "FACEBOOK TOKEN ERROR: " + token);
+            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            return;
+        }
+        token = token.substring(13); // access_token=...
+        int tokenamp = token.indexOf('&'); // &expires=
+        if (tokenamp > 0) {
+            token = token.substring(0, tokenamp);
+        }
+
+        String graph = Utils.fetchURL("https://graph.facebook.com/me?access_token=" + token);
+        if (graph == null || graph.isEmpty()) {
+            System.err.println("FACEBOOK GRAPH ERROR");
+            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            return;
+        }
+
+        try {
+            JSONObject json = new JSONObject(graph);
+            String fbIDStr = json.getString("id");
+            String fbName = json.getString("name");
+            String fbLink = json.getString("link");
+            boolean fbVerified = json.getBoolean("verified");
+
+            long fbID = 0;
+            if (fbIDStr != null && !fbIDStr.isEmpty()) {
+                fbID = Long.parseLong(fbIDStr);
+            }
+
+            if (fbID == 0 || fbName == null || fbLink == null || fbName.isEmpty() || fbLink.isEmpty()) {
+                throw new Exception();
+            }
+
+            int uid = getUIDbyFBID(sql, fbID);
+            if (uid > 0) {
+                if (!updateDB(sql, fbID, token, fbName, fbLink)) {
+                    throw new Exception();
+                }
+                Cookie c = new Cookie("hash", UserQueries.getHashByUID(sql, uid));
+                c.setMaxAge(50 * 24 * 60 * 60);
+                response.addCookie(c);
+                response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
+                response.setHeader("Location", "/");
+            } else if (fbVerified) {
+                String loginhash = UUID.randomUUID().toString();
+                if (!insertDB(sql, fbID, loginhash, token, fbName, fbLink)) {
+                    throw new Exception();
+                }
+                response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
+                response.setHeader("Location", "/signup?type=fb&hash=" + loginhash);
+            } else {
+                throw new Exception();
+            }
+        } catch (Exception e) {
+            logger.log(Level.WARNING, "fb error", e);
+            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            return;
+        }
+    }
+
+    private int getUIDbyFBID(JdbcTemplate sql, long fbID) {
+        try {
+            return sql.queryForObject("SELECT user_id FROM facebook WHERE fb_id=? AND user_id IS NOT NULL",
+                    Integer.class, fbID);
+        } catch (EmptyResultDataAccessException e) {
+            return 0;
+        }
+    }
+
+    private boolean insertDB(JdbcTemplate sql, long fbID, String loginhash, String token, String fbName, String fbLink) {
+        return sql.update("INSERT INTO facebook(fb_id,loginhash,access_token,fb_name,fb_link) VALUES (?,?,?,?,?)",
+                fbID, loginhash, token, fbName, fbLink) > 0;
+    }
+
+    private boolean updateDB(JdbcTemplate sql, long fbID, String token, String fbName, String fbLink) {
+        return sql.update("UPDATE facebook SET access_token=?,fb_name=?,fb_link=? WHERE fb_id=?",
+                token, fbName, fbLink, fbID) > 0;
+    }
+}
-- 
cgit v1.2.3