package com.juick.www; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.databind.ObjectMapper; import com.github.scribejava.apis.TwitterApi; import com.github.scribejava.core.builder.ServiceBuilder; import com.github.scribejava.core.model.OAuth1AccessToken; import com.github.scribejava.core.model.OAuth1RequestToken; import com.github.scribejava.core.model.OAuthRequest; import com.github.scribejava.core.model.Verb; import com.github.scribejava.core.oauth.OAuth10aService; import com.juick.server.UserQueries; import org.springframework.jdbc.core.JdbcTemplate; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * Created by vt on 01.12.2015. */ public class TwitterAuth { private final static String VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json"; private String consumerKey, consumerSecret; private final ObjectMapper mapper; public TwitterAuth(String consumerKey, String consumerSecret) { this.consumerKey = consumerKey; this.consumerSecret = consumerSecret; mapper = new ObjectMapper(); mapper.setSerializationInclusion(JsonInclude.Include.NON_EMPTY); mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL); mapper.setSerializationInclusion(JsonInclude.Include.NON_DEFAULT); } protected void doGet(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String hash = "", request_token = "", request_token_secret = ""; String verifier = request.getParameter("oauth_verifier"); Cookie[] cookies = request.getCookies(); for (Cookie cookie : cookies) { if (cookie.getName().equals("hash")) { hash = cookie.getValue(); } if (cookie.getName().equals("request_token")) { request_token = cookie.getValue(); } if (cookie.getName().equals("request_token_secret")) { request_token_secret = cookie.getValue(); } } com.juick.User user = UserQueries.getUserByHash(sql, hash); if ( user == null || user.getUid() == 0) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return; } OAuth10aService oAuthService = new ServiceBuilder() .apiKey(consumerKey) .apiSecret(consumerSecret) .callback("http://juick.com/_twitter") .build(TwitterApi.instance()); if (request_token.isEmpty() && request_token_secret.isEmpty() && (verifier == null || verifier.isEmpty())) { OAuth1RequestToken requestToken = oAuthService.getRequestToken(); String authUrl = oAuthService.getAuthorizationUrl(requestToken); response.addCookie(new Cookie("request_token", requestToken.getToken())); response.addCookie(new Cookie("request_token_secret", requestToken.getTokenSecret())); response.setStatus(HttpServletResponse.SC_FOUND); response.setHeader("Location", authUrl); } else { if (verifier != null && verifier.length() > 0) { OAuth1RequestToken requestToken = new OAuth1RequestToken(request_token, request_token_secret); OAuth1AccessToken accessToken = oAuthService.getAccessToken(requestToken, verifier); OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, VERIFY_URL, oAuthService); oAuthService.signRequest(accessToken, oAuthRequest); com.juick.www.twitter.User twitterUser = mapper.readValue(oAuthRequest.send().getBody(), com.juick.www.twitter.User.class); if (UserQueries.linkTwitterAccount(sql, user, accessToken.getToken(), accessToken.getTokenSecret(), twitterUser.getScreenName())) { response.setStatus(HttpServletResponse.SC_FOUND); response.setHeader("Location", "http://juick.com/settings"); } else { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } } } }