package com.juick.api.controllers; import com.juick.Message; import com.juick.User; import com.juick.api.util.HttpBadRequestException; import com.juick.api.util.HttpForbiddenException; import com.juick.service.MessagesService; import com.juick.service.SubscriptionService; import com.juick.service.UserService; import org.apache.commons.lang3.math.NumberUtils; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.util.List; /** * Created by vitalyster on 24.10.2016. */ @Controller @ResponseBody public class Subscriptions { @Inject UserService userService; @Inject SubscriptionService subscriptionService; @Inject MessagesService messagesService; @RequestMapping(value = "/subscriptions", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List doGet(HttpServletRequest request) throws IOException { // TODO: use spring-security String auth = request.getHeader("Authorization"); int vuid = userService.getUIDByHttpAuth(auth); if (vuid == -1) { throw new HttpForbiddenException(); } if (vuid == 0) { String hash = request.getParameter("hash"); if (hash != null && hash.length() == 16) { vuid = userService.getUIDbyHash(hash); } } if (vuid == 0) { throw new HttpForbiddenException(); } User visitor = userService.getUserByUID(vuid).orElse(new User()); if ((visitor.getUid() == 0) && !(visitor.getName().equals("juick"))) { throw new HttpForbiddenException(); } int uid = NumberUtils.toInt(request.getParameter("uid"), 0); int mid = NumberUtils.toInt(request.getParameter("mid"), 0); if (uid > 0) { return subscriptionService.getSubscribedUsers(uid, mid); } else { // thread Message msg = messagesService.getMessage(mid); if (msg != null) { return subscriptionService.getUsersSubscribedToComments(mid, msg.getUser().getUid()); } } throw new HttpBadRequestException(); } }