package com.juick.http.www; import com.github.scribejava.apis.TwitterApi; import com.github.scribejava.core.builder.ServiceBuilder; import com.github.scribejava.core.model.OAuthRequest; import com.github.scribejava.core.model.Token; import com.github.scribejava.core.model.Verb; import com.github.scribejava.core.model.Verifier; import com.github.scribejava.core.oauth.OAuthService; import com.juick.server.UserQueries; import org.json.JSONObject; import org.springframework.jdbc.core.JdbcTemplate; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * Created by vt on 01.12.2015. */ public class TwitterAuth { private final static String VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json"; private String consumerKey, consumerSecret; public TwitterAuth(String consumerKey, String consumerSecret) { this.consumerKey = consumerKey; this.consumerSecret = consumerSecret; } protected void doGet(JdbcTemplate sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String hash = "", request_token = "", request_token_secret = ""; String verifier = request.getParameter("oauth_verifier"); Cookie[] cookies = request.getCookies(); for (Cookie cookie : cookies) { if (cookie.getName().equals("hash")) { hash = cookie.getValue(); } if (cookie.getName().equals("request_token")) { request_token = cookie.getValue(); } if (cookie.getName().equals("request_token_secret")) { request_token_secret = cookie.getValue(); } } com.juick.User user = UserQueries.getUserByHash(sql, hash); if ( user == null || user.getUID() == 0) { response.sendError(403); return; } OAuthService oAuthService = new ServiceBuilder() .provider(TwitterApi.class) .apiKey(consumerKey) .apiSecret(consumerSecret) .callback("http://juick.com/_twitter") .build(); if (request_token.isEmpty() && request_token_secret.isEmpty() && (verifier == null || verifier.isEmpty())) { Token requestToken = oAuthService.getRequestToken(); String authUrl = oAuthService.getAuthorizationUrl(requestToken); response.addCookie(new Cookie("request_token", requestToken.getToken())); response.addCookie(new Cookie("request_token_secret", requestToken.getSecret())); response.setStatus(HttpServletResponse.SC_FOUND); response.setHeader("Location", authUrl); } else { if (verifier != null && verifier.length() > 0) { Token requestToken = new Token(request_token, request_token_secret); Token accessToken = oAuthService.getAccessToken(requestToken, new Verifier(verifier)); OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, VERIFY_URL, oAuthService); oAuthService.signRequest(accessToken, oAuthRequest); JSONObject jsonResponse = new JSONObject(oAuthRequest.send().getBody()); String screenName = jsonResponse.getString("screen_name"); if (UserQueries.linkTwitterAccount(sql, user, accessToken.getToken(), accessToken.getSecret(), screenName)) { response.setStatus(HttpServletResponse.SC_FOUND); response.setHeader("Location", "http://juick.com/settings"); } else { response.sendError(500); } } } } }