package com.juick.api.controllers; import com.juick.User; import com.juick.api.util.HttpForbiddenException; import com.juick.api.util.HttpNotFoundException; import com.juick.service.UserService; import com.juick.util.UserUtils; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; import java.util.List; /** * * @author ugnich */ @Controller @ResponseBody public class Users { @Inject UserService userService; @RequestMapping(value = "/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List doGetUsers(HttpServletRequest request) { // TODO: use spring-security String auth = request.getHeader("Authorization"); int vuid = userService.getUIDByHttpAuth(auth); if (vuid == -1) { throw new HttpForbiddenException(); } if (vuid == 0) { String hash = request.getParameter("hash"); if (hash != null && hash.length() == 16) { vuid = userService.getUIDbyHash(hash); } } List users = new ArrayList<>(); String punames[] = request.getParameterValues("uname"); if (punames != null) { ArrayList unames = new ArrayList<>(Arrays.asList(punames)); Iterator i = unames.iterator(); while (i.hasNext()) { if (!i.next().matches("^[a-zA-Z0-9\\-]{2,16}$")) { i.remove(); } } if (!unames.isEmpty() && unames.size() < 20) { users.addAll(userService.getUsersByName(unames)); } } String pjids[] = request.getParameterValues("jid"); if (pjids != null) { List jids = new ArrayList<>(Arrays.asList(pjids)); Iterator ii = jids.iterator(); while (ii.hasNext()) { if (!ii.next().matches("^[a-zA-Z0-9\\-\\_\\@\\.]{6,64}$")) { ii.remove(); } } if (!jids.isEmpty() && jids.size() < 20) { users.addAll(userService.getUsersByJID(jids)); } } if (!users.isEmpty()) { return users; } throw new HttpNotFoundException(); } @RequestMapping(value = "/users/read", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List doGetUserRead(HttpServletRequest request) { // TODO: use spring-security String auth = request.getHeader("Authorization"); int vuid = userService.getUIDByHttpAuth(auth); if (vuid == -1) { throw new HttpForbiddenException(); } if (vuid == 0) { String hash = request.getParameter("hash"); if (hash != null && hash.length() == 16) { vuid = userService.getUIDbyHash(hash); } } if (vuid == 0) { throw new HttpForbiddenException(); } int uid = 0; String uname = request.getParameter("uname"); if (uname == null) { uid = vuid; } else { if (UserUtils.checkUserNameValid(uname)) { com.juick.User u = userService.getUserByName(uname); if (u != null && u.getUid() > 0) { uid = u.getUid(); } } } if (uid > 0) { List uids = userService.getUserRead(uid); if (uids.size() > 0) { List users = userService.getUsersByID(uids); if (users.size() > 0) { return users; } } } throw new HttpNotFoundException(); } @RequestMapping(value = "/users/readers", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public List doGetUserReaders(HttpServletRequest request) { // TODO: use spring-security String auth = request.getHeader("Authorization"); int vuid = userService.getUIDByHttpAuth(auth); if (vuid == -1) { throw new HttpForbiddenException(); } if (vuid == 0) { String hash = request.getParameter("hash"); if (hash != null && hash.length() == 16) { vuid = userService.getUIDbyHash(hash); } } if (vuid == 0) { throw new HttpForbiddenException(); } int uid = 0; String uname = request.getParameter("uname"); if (uname == null) { uid = vuid; } else { if (UserUtils.checkUserNameValid(uname)) { com.juick.User u = userService.getUserByName(uname); if (u != null && u.getUid() > 0) { uid = u.getUid(); } } } if (uid > 0) { return userService.getUserReaders(uid); } throw new HttpNotFoundException(); } }