From c471503ede9aad91193ff6f93966196e6aff15d6 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 4 Jan 2023 03:38:19 +0300
Subject: OAuth authentication for Mastodon and ActivityPub C2S

---
 src/main/java/com/juick/www/api/Users.java | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

(limited to 'src/main/java/com/juick/www/api/Users.java')

diff --git a/src/main/java/com/juick/www/api/Users.java b/src/main/java/com/juick/www/api/Users.java
index dd620380..f7c24d8d 100644
--- a/src/main/java/com/juick/www/api/Users.java
+++ b/src/main/java/com/juick/www/api/Users.java
@@ -36,7 +36,6 @@ import com.juick.service.TelegramService;
 import com.juick.service.UserService;
 import com.juick.service.activities.UpdateUserEvent;
 import com.juick.service.component.MailVerificationEvent;
-import com.juick.service.security.annotation.Visitor;
 import com.juick.util.HttpBadRequestException;
 import com.juick.util.HttpNotFoundException;
 import com.juick.util.HttpUtils;
@@ -48,13 +47,7 @@ import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.MediaType;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
 /**
@@ -80,13 +73,13 @@ public class Users {
     private ApplicationEventPublisher applicationEventPublisher;
 
     @RequestMapping(value = "/api/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
-    public String getAuthToken(@Visitor User visitor) {
+    public String getAuthToken(@ModelAttribute User visitor) {
         return userService.getHashByUID(visitor.getUid());
     }
 
     @RequestMapping(value = "/api/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
     public List<User> doGetUsers(
-            @Visitor User visitor,
+            @ModelAttribute User visitor,
             @RequestParam(value = "uname", required = false) List<String> unames) {
         List<User> users = new ArrayList<>();
 
@@ -108,7 +101,7 @@ public class Users {
     }
 
     @GetMapping("/api/me")
-    public SecureUser getMe(@Visitor User visitor) {
+    public SecureUser getMe(@ModelAttribute User visitor) {
         SecureUser me = new SecureUser();
         me.setUid(visitor.getUid());
         me.setName(visitor.getName());
@@ -127,7 +120,7 @@ public class Users {
         return (SecureUser)userService.getUserInfo(me);
     }
     @PostMapping("/api/me")
-    public void updateMe(@Visitor User visitor,
+    public void updateMe(@ModelAttribute User visitor,
                                          @RequestParam(required = false) String password,
                                          @RequestParam(value = "jid-del", required = false) String jidForDeletion,
                                          @RequestParam(value = "email-add", required = false) String newEmail,
@@ -171,12 +164,12 @@ public class Users {
         }
     }
     @PostMapping("/api/me/subscribe")
-    public void subscribeMe(@Visitor User visitor, String email) {
+    public void subscribeMe(@ModelAttribute User visitor, String email) {
         // TODO: check status
         emailService.setNotificationsEmail(visitor.getUid(), email);
     }
     @PostMapping("/api/me/upload")
-    public void updateInfo(@Visitor User visitor,
+    public void updateInfo(@ModelAttribute User visitor,
                            @RequestParam MultipartFile avatar) throws IOException {
         String avatarTmpPath = HttpUtils.receiveMultiPartFile(avatar, storageService.getTemporaryDirectory()).getHost();
         if (StringUtils.isNotEmpty(avatarTmpPath)) {
@@ -187,7 +180,7 @@ public class Users {
 
     @RequestMapping(value = "/api/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
     public List<User> doGetUserRead(
-            @Visitor User visitor,
+            @ModelAttribute User visitor,
             @RequestParam String uname) {
         int uid = 0;
         if (uname == null) {
@@ -211,7 +204,7 @@ public class Users {
 
     @RequestMapping(value = "/api/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
     public List<User> doGetUserReaders(
-            @Visitor User visitor,
+            @ModelAttribute User visitor,
             @RequestParam String uname) {
         int uid = 0;
         if (uname == null) {
@@ -234,7 +227,7 @@ public class Users {
     }
 
     @GetMapping("/api/info/{uname}")
-    public User getUserInfo(@Visitor User visitor, @PathVariable String uname) {
+    public User getUserInfo(@ModelAttribute User visitor, @PathVariable String uname) {
         User user = userService.getUserByName(uname);
         if (!user.isBanned()) {
             user.setRead(doGetUserRead(visitor, uname));
-- 
cgit v1.2.3