package com.juick.www.controllers; import com.fasterxml.jackson.databind.ObjectMapper; import com.github.scribejava.apis.TwitterApi; import com.github.scribejava.core.builder.ServiceBuilder; import com.github.scribejava.core.model.OAuth1AccessToken; import com.github.scribejava.core.model.OAuth1RequestToken; import com.github.scribejava.core.model.OAuthRequest; import com.github.scribejava.core.model.Verb; import com.github.scribejava.core.oauth.OAuth10aService; import com.juick.service.UserService; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import javax.inject.Inject; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.concurrent.ExecutionException; /** * Created by vt on 01.12.2015. */ @Controller public class TwitterAuth { private final static String VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json"; @Value("${twitter_consumer_key}") private String consumerKey; @Value("${twitter_consumer_secret}") private String consumerSecret; @Inject private ObjectMapper jsonMapper; @Inject UserService userService; private ServiceBuilder serviceBuilder; public TwitterAuth() { serviceBuilder = new ServiceBuilder(); } @GetMapping("/_twitter") protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ExecutionException, InterruptedException { String hash = StringUtils.EMPTY, request_token = StringUtils.EMPTY, request_token_secret = StringUtils.EMPTY; String verifier = request.getParameter("oauth_verifier"); Cookie[] cookies = request.getCookies(); for (Cookie cookie : cookies) { if (cookie.getName().equals("hash")) { hash = cookie.getValue(); } if (cookie.getName().equals("request_token")) { request_token = cookie.getValue(); } if (cookie.getName().equals("request_token_secret")) { request_token_secret = cookie.getValue(); } } com.juick.User user = userService.getUserByHash(hash); if ( user == null || user.getUid() == 0) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return; } OAuth10aService oAuthService = serviceBuilder .apiKey(consumerKey) .apiSecret(consumerSecret) .callback("http://juick.com/_twitter") .build(TwitterApi.instance()); if (request_token.isEmpty() && request_token_secret.isEmpty() && (verifier == null || verifier.isEmpty())) { OAuth1RequestToken requestToken = oAuthService.getRequestToken(); String authUrl = oAuthService.getAuthorizationUrl(requestToken); response.addCookie(new Cookie("request_token", requestToken.getToken())); response.addCookie(new Cookie("request_token_secret", requestToken.getTokenSecret())); response.setStatus(HttpServletResponse.SC_FOUND); response.setHeader("Location", authUrl); } else { if (verifier != null && verifier.length() > 0) { OAuth1RequestToken requestToken = new OAuth1RequestToken(request_token, request_token_secret); OAuth1AccessToken accessToken = oAuthService.getAccessToken(requestToken, verifier); OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, VERIFY_URL); oAuthService.signRequest(accessToken, oAuthRequest); com.juick.www.twitter.User twitterUser = jsonMapper.readValue(oAuthService.execute(oAuthRequest).getBody(), com.juick.www.twitter.User.class); if (userService.linkTwitterAccount(user, accessToken.getToken(), accessToken.getTokenSecret(), twitterUser.getScreenName())) { response.setStatus(HttpServletResponse.SC_FOUND); response.setHeader("Location", "http://juick.com/settings"); } else { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } } } }