From b10719e4c69b489830001c9707f6e2eba265abad Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Wed, 21 Aug 2019 11:09:54 +0300 Subject: Settings API --- src/main/java/com/juick/server/api/Users.java | 77 ++++++++++++++++++++++++++- 1 file changed, 76 insertions(+), 1 deletion(-) (limited to 'src/main/java/com/juick/server/api/Users.java') diff --git a/src/main/java/com/juick/server/api/Users.java b/src/main/java/com/juick/server/api/Users.java index 0db710c9..74a720d4 100644 --- a/src/main/java/com/juick/server/api/Users.java +++ b/src/main/java/com/juick/server/api/Users.java @@ -20,6 +20,8 @@ package com.juick.server.api; import com.juick.User; import com.juick.model.AnonymousUser; import com.juick.model.ApplicationStatus; +import com.juick.server.EmailManager; +import com.juick.server.util.HttpBadRequestException; import com.juick.server.util.HttpNotFoundException; import com.juick.server.util.HttpUtils; import com.juick.server.util.WebUtils; @@ -28,19 +30,31 @@ import com.juick.service.*; import com.juick.service.security.annotation.Visitor; import com.juick.service.security.entities.JuickUser; import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import javax.inject.Inject; +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeMessage; import java.io.IOException; import java.net.URI; import java.util.ArrayList; import java.util.Collections; import java.util.List; +import static org.springframework.http.ResponseEntity.ok; +import static org.springframework.http.ResponseEntity.status; + /** * @author ugnich */ @@ -53,6 +67,8 @@ public class Users { @Inject private CrosspostService crosspostService; @Inject + private TelegramService telegramService; + @Inject private EmailService emailService; @Inject private TagService tagService; @@ -62,6 +78,8 @@ public class Users { private ImagesService imagesService; @Value("${upload_tmp_dir:#{systemEnvironment['TEMP'] ?: '/tmp'}}") private String tmpDir; + @Inject + private EmailManager emailManager; @RequestMapping(value = "/api/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public String getAuthToken(@Visitor User visitor) { @@ -106,6 +124,63 @@ public class Users { me.getTagStats().addAll(tagService.getUserTagStats(me.getUid())); return (SecureUser)userService.getUserInfo(me); } + @PostMapping("/api/me") + public ResponseEntity updateMe(@Visitor User visitor, + @RequestParam(required = false) String password, + @RequestParam(value = "jid-del", required = false) String jidForDeletion, + @RequestParam(value = "email-add", required = false) String newEmail, + @RequestParam(value = "email-del", required = false) String emailForDeletion, + @RequestParam(value = "account-del", required = false) String accountToDelete) { + if (StringUtils.isNotEmpty(password)) { + if (!userService.updatePassword(visitor, password)) { + throw new HttpBadRequestException(); + } + } + if (StringUtils.isNotEmpty(jidForDeletion)) { + if (!userService.deleteJID(visitor.getUid(), jidForDeletion)) { + throw new HttpBadRequestException(); + } + } + if (StringUtils.isNotEmpty(newEmail)) { + if (!emailService.verifyAddressByCode(visitor.getUid(), newEmail)) { + String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); + if (emailService.addVerificationCode(visitor.getUid(), newEmail, authCode)) { + if (!emailManager.sendEmail("noreply@juick.com", newEmail, "Juick authorization link", + String.format("Follow link to attach this email to Juick account:\n" + + "http://juick.com/settings?page=auth-email&code=%s\n\n" + + "If you don't know, what this mean - just ignore this mail.\n", authCode), + StringUtils.EMPTY, Collections.emptyMap())) { + throw new HttpBadRequestException(); + }; + } + } + } + if (StringUtils.isNotEmpty(emailForDeletion)) { + if (!emailService.deleteEmail(visitor.getUid(), emailForDeletion)) { + throw new HttpBadRequestException(); + } + } + if (StringUtils.isNotEmpty(accountToDelete)) { + switch (accountToDelete) { + case "twitter": + crosspostService.deleteTwitterToken(visitor.getUid()); + break; + case "vk": + crosspostService.deleteVKUser(visitor.getUid()); + break; + case "durov": + telegramService.deleteTelegramUser(visitor.getUid()); + break; + } + } + return ResponseEntity.ok().build(); + } + @PostMapping("/api/me/subscribe") + public ResponseEntity subscribeMe(@Visitor User visitor, String email) { + // TODO: check status + emailService.setNotificationsEmail(visitor.getUid(), email); + return ResponseEntity.ok().build(); + } @PostMapping("/api/me/upload") public void updateInfo(@Visitor User visitor, @RequestParam MultipartFile avatar) throws IOException { @@ -190,7 +265,7 @@ public class Users { } return IOUtils.toByteArray(URI.create(webApp.getAvatarUrl(user))); } - class SecureUser extends User { + public class SecureUser extends User { public String getHash() { return getAuthHash(); } -- cgit v1.2.3