From c471503ede9aad91193ff6f93966196e6aff15d6 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Wed, 4 Jan 2023 03:38:19 +0300 Subject: OAuth authentication for Mastodon and ActivityPub C2S --- src/main/java/com/juick/www/controllers/Help.java | 4 +-- .../java/com/juick/www/controllers/Settings.java | 8 +++--- .../java/com/juick/www/controllers/SignUp.java | 6 ++-- src/main/java/com/juick/www/controllers/Site.java | 32 +++++++++------------- .../com/juick/www/controllers/SocialLogin.java | 11 ++------ 5 files changed, 25 insertions(+), 36 deletions(-) (limited to 'src/main/java/com/juick/www/controllers') diff --git a/src/main/java/com/juick/www/controllers/Help.java b/src/main/java/com/juick/www/controllers/Help.java index ae1dafbe..ae7ba9d1 100644 --- a/src/main/java/com/juick/www/controllers/Help.java +++ b/src/main/java/com/juick/www/controllers/Help.java @@ -20,13 +20,13 @@ package com.juick.www.controllers; import com.juick.model.User; import com.juick.util.HttpNotFoundException; import com.juick.service.HelpService; -import com.juick.service.security.annotation.Visitor; import com.juick.www.WebApp; import org.commonmark.parser.Parser; import org.commonmark.renderer.html.HtmlRenderer; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.PathVariable; import javax.inject.Inject; @@ -49,7 +49,7 @@ public class Help { @GetMapping({"/help/", "/help", "/help/{langOrPage}", "/help/{lang}/{page}"}) public String showHelp( - @Visitor User visitor, + @ModelAttribute User visitor, Locale locale, @PathVariable(required = false, name = "lang") String lang, @PathVariable(required = false, name = "page") String page, diff --git a/src/main/java/com/juick/www/controllers/Settings.java b/src/main/java/com/juick/www/controllers/Settings.java index b990bf41..4d7deece 100644 --- a/src/main/java/com/juick/www/controllers/Settings.java +++ b/src/main/java/com/juick/www/controllers/Settings.java @@ -35,7 +35,6 @@ import com.juick.service.TagService; import com.juick.service.TelegramService; import com.juick.service.UserService; import com.juick.service.activities.UpdateUserEvent; -import com.juick.service.security.annotation.Visitor; import com.juick.util.HttpBadRequestException; import com.juick.util.HttpUtils; import com.juick.www.WebApp; @@ -58,6 +57,7 @@ import org.springframework.context.ApplicationEventPublisher; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.multipart.MultipartFile; @@ -89,7 +89,7 @@ public class Settings { @GetMapping("/settings") protected String doGet( - @Visitor User visitor, + @ModelAttribute User visitor, Locale locale, @RequestParam(required = false, defaultValue = "main") String page, @RequestParam(required = false) String code, ModelMap model) throws IOException { @@ -126,7 +126,7 @@ public class Settings { @PostMapping("/settings") protected String doPost( - @Visitor User visitor, + @ModelAttribute User visitor, HttpServletRequest request, HttpServletResponse response, @RequestParam(required = false) MultipartFile avatar, ModelMap model) @@ -272,7 +272,7 @@ public class Settings { } @PostMapping("/settings/unsubscribe") public String unsubscribeOneClick( - @Visitor User user, + @ModelAttribute User user, @RequestParam(name = "List-Unsubscribe") String unsubscribe, ModelMap model) { if (!user.isAnonymous()) { diff --git a/src/main/java/com/juick/www/controllers/SignUp.java b/src/main/java/com/juick/www/controllers/SignUp.java index 9fc04dd5..8318dabd 100644 --- a/src/main/java/com/juick/www/controllers/SignUp.java +++ b/src/main/java/com/juick/www/controllers/SignUp.java @@ -23,13 +23,13 @@ import com.juick.util.UsernameTakenException; import com.juick.www.WebApp; import com.juick.service.EmailService; import com.juick.service.UserService; -import com.juick.service.security.annotation.Visitor; import com.juick.service.security.entities.JuickUser; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -52,7 +52,7 @@ public class SignUp { @GetMapping("/signup") protected String doGet( - @Visitor User visitor, + @ModelAttribute User visitor, @RequestParam String type, @RequestParam String hash, ModelMap model) { if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) { @@ -91,7 +91,7 @@ public class SignUp { @PostMapping("/signup") protected String doPost( - @Visitor User visitor, + @ModelAttribute User visitor, @RequestParam String type, @RequestParam String hash, @RequestParam String action, diff --git a/src/main/java/com/juick/www/controllers/Site.java b/src/main/java/com/juick/www/controllers/Site.java index f45fe8f2..e8acc650 100644 --- a/src/main/java/com/juick/www/controllers/Site.java +++ b/src/main/java/com/juick/www/controllers/Site.java @@ -30,7 +30,6 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpSession; import com.juick.service.*; -import com.juick.service.security.annotation.Visitor; import com.juick.util.MessageUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.Pair; @@ -43,12 +42,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.WebAttributes; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.CookieValue; -import org.springframework.web.bind.annotation.ExceptionHandler; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestHeader; -import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.*; import javax.inject.Inject; import java.net.URLEncoder; @@ -99,7 +93,7 @@ public class Site { } @GetMapping("/login") - public String getloginForm(@Visitor User visitor, + public String getloginForm(@ModelAttribute User visitor, @RequestParam(name = "retpath", required = false, defaultValue = "/") String retPath, HttpSession session, ModelMap model) { @@ -125,7 +119,7 @@ public class Site { } @GetMapping("/") - protected String doGet(@Visitor User visitor, Locale locale, @RequestParam(required = false) String tag, + protected String doGet(@ModelAttribute User visitor, Locale locale, @RequestParam(required = false) String tag, @RequestParam(name = "show", required = false) String paramShow, @RequestParam(name = "search", required = false) String paramSearch, @RequestParam(name = "before", required = false, defaultValue = "0") Integer paramBefore, @@ -217,7 +211,7 @@ public class Site { } @GetMapping(path = "/{uname}/", headers = "Connection!=Upgrade") - protected String doGetBlog(@Visitor User visitor, @RequestParam(required = false, name = "show") String paramShow, + protected String doGetBlog(@ModelAttribute User visitor, @RequestParam(required = false, name = "show") String paramShow, @RequestParam(required = false, name = "tag") String paramTagStr, @RequestParam(required = false, name = "search") String paramSearch, @RequestParam(required = false, name = "page", defaultValue = "0") Integer page, @PathVariable String uname, @@ -324,7 +318,7 @@ public class Site { } @GetMapping("/{uname}/tags") - protected String doGetTags(@Visitor User visitor, @PathVariable String uname, ModelMap model) { + protected String doGetTags(@ModelAttribute User visitor, @PathVariable String uname, ModelMap model) { User user = userService.getUserByName(uname); if (visitor.isBanned()) { throw new HttpNotFoundException(); @@ -344,7 +338,7 @@ public class Site { } @GetMapping("/{uname}/friends") - protected String doGetFriends(@Visitor User visitor, @PathVariable String uname, ModelMap model) { + protected String doGetFriends(@ModelAttribute User visitor, @PathVariable String uname, ModelMap model) { User user = userService.getUserByName(uname); if (visitor.isBanned()) { throw new HttpNotFoundException(); @@ -360,7 +354,7 @@ public class Site { } @GetMapping("/{uname}/readers") - protected String doGetReaders(@Visitor User visitor, @PathVariable String uname, ModelMap model) { + protected String doGetReaders(@ModelAttribute User visitor, @PathVariable String uname, ModelMap model) { User user = userService.getUserByName(uname); visitor.setAvatar(webApp.getAvatarWebPath(visitor)); model.addAttribute("title", "Читатели " + user.getName()); @@ -373,7 +367,7 @@ public class Site { } @GetMapping("/{uname}/bl") - protected String doGetBL(@Visitor User visitor, @PathVariable String uname, ModelMap model) { + protected String doGetBL(@ModelAttribute User visitor, @PathVariable String uname, ModelMap model) { User user = userService.getUserByName(uname); if (visitor.getUid() != user.getUid()) { throw new HttpForbiddenException(); @@ -389,7 +383,7 @@ public class Site { } @GetMapping("/tag/{tagName}") - protected String tagAction(@Visitor User visitor, HttpServletRequest request, @PathVariable String tagName, + protected String tagAction(@ModelAttribute User visitor, HttpServletRequest request, @PathVariable String tagName, @RequestParam(required = false, defaultValue = "0") int before, ModelMap model) { visitor.setAvatar(webApp.getAvatarWebPath(visitor)); String paramTagStr = StringEscapeUtils.unescapeHtml4(tagName); @@ -452,7 +446,7 @@ public class Site { } @GetMapping("/pm/inbox") - protected String doGetInbox(@Visitor User visitor, ModelMap model) { + protected String doGetInbox(@ModelAttribute User visitor, ModelMap model) { visitor.setAvatar(webApp.getAvatarWebPath(visitor)); String title = "PM: Inbox"; List msgs = chatService.getInbox(visitor.getUid()); @@ -466,7 +460,7 @@ public class Site { } @GetMapping("/pm/sent") - protected String doGetSent(@Visitor User visitor, @RequestParam(required = false) String uname, ModelMap model) { + protected String doGetSent(@ModelAttribute User visitor, @RequestParam(required = false) String uname, ModelMap model) { visitor.setAvatar(webApp.getAvatarWebPath(visitor)); String title = "PM: Sent"; List msgs = chatService.getOutbox(visitor.getUid()); @@ -485,7 +479,7 @@ public class Site { @GetMapping(value = "/{uname}/{mid}", produces = { MediaType.TEXT_HTML_VALUE, Context.ACTIVITY_MEDIA_TYPE, Context.LD_JSON_MEDIA_TYPE }) - protected String threadAction(@Visitor User visitor, ModelMap model, @PathVariable String uname, + protected String threadAction(@ModelAttribute User visitor, ModelMap model, @PathVariable String uname, @PathVariable int mid, @RequestHeader(name = HttpHeaders.ACCEPT, required = false) String acceptHeader, @CookieValue(name = "sape_cookie", required = false, defaultValue = StringUtils.EMPTY) String sapeCookie) { @@ -589,7 +583,7 @@ public class Site { } @GetMapping("/post") - protected String postAction(@Visitor User visitor, @RequestParam(required = false) String body, ModelMap model) { + protected String postAction(@ModelAttribute User visitor, @RequestParam(required = false) String body, ModelMap model) { fillUserModel(model, visitor, visitor); visitor.setAvatar(webApp.getAvatarWebPath(visitor)); model.addAttribute("title", "Написать"); diff --git a/src/main/java/com/juick/www/controllers/SocialLogin.java b/src/main/java/com/juick/www/controllers/SocialLogin.java index c9611543..24bf97f6 100644 --- a/src/main/java/com/juick/www/controllers/SocialLogin.java +++ b/src/main/java/com/juick/www/controllers/SocialLogin.java @@ -27,7 +27,6 @@ import com.juick.model.ext.vk.UsersResponse; import com.juick.service.EmailService; import com.juick.service.TelegramService; import com.juick.service.UserService; -import com.juick.service.security.annotation.Visitor; import com.juick.util.HttpBadRequestException; import jakarta.annotation.PostConstruct; @@ -46,11 +45,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.CookieValue; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestHeader; -import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.*; import org.springframework.web.util.UriComponentsBuilder; import javax.inject.Inject; @@ -191,8 +186,8 @@ public class SocialLogin { } @GetMapping("/_twitter") - protected void doTwitterLogin(@Visitor com.juick.model.User user, HttpServletRequest request, - HttpServletResponse response) throws IOException, ExecutionException, InterruptedException { + protected void doTwitterLogin(@ModelAttribute com.juick.model.User user, HttpServletRequest request, + HttpServletResponse response) throws IOException, ExecutionException, InterruptedException { String hash = StringUtils.EMPTY, request_token = StringUtils.EMPTY, request_token_secret = StringUtils.EMPTY; String verifier = request.getParameter("oauth_verifier"); Cookie[] cookies = request.getCookies(); -- cgit v1.2.3