/* * Juick * Copyright (C) 2008-2013, Ugnich Anton * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ package com.juick.http.www; import com.juick.server.UserQueries; import java.io.IOException; import java.net.URLEncoder; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.util.UUID; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.json.JSONException; import org.json.JSONObject; /** * * @author Ugnich Anton */ public class VKontakteLogin { private static final String VK_APPID = "3544101"; private static final String VK_SECRET = "z2afNI8jA5lIpZ2jsTm1"; private static final String VK_REDIRECT = "http://juick.com/_vklogin"; protected void doGet(Connection sql, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String code = request.getParameter("code"); if (code == null || code.equals("")) { response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); response.setHeader("Location", "https://oauth.vk.com/authorize?client_id=" + VK_APPID + "&redirect_uri=" + URLEncoder.encode(VK_REDIRECT, "utf-8") + "&scope=friends,wall,offline&response_type=code"); return; } String tokenjson = Utils.fetchURL("https://oauth.vk.com/access_token?client_id=" + VK_APPID + "&redirect_uri=" + URLEncoder.encode(VK_REDIRECT, "utf-8") + "&client_secret=" + VK_SECRET + "&code=" + URLEncoder.encode(code, "utf-8")); if (tokenjson == null || tokenjson.isEmpty()) { System.err.println("VK TOKEN EMPTY"); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } String token = null; long vkID = 0; try { JSONObject json = new JSONObject(tokenjson); token = json.getString("access_token"); vkID = json.getLong("user_id"); } catch (JSONException e) { System.err.println("VK TOKEN EXCEPTION: " + e); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } if (token == null || vkID == 0) { System.err.println("VK TOKEN EMPTY: " + tokenjson); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } String graph = Utils.fetchURL("https://api.vk.com/method/users.get?uids=" + vkID + "&fields=screen_name&access_token=" + token); if (graph == null || graph.isEmpty()) { System.err.println("VK GRAPH ERROR"); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } try { JSONObject json = new JSONObject(graph).getJSONArray("response").getJSONObject(0); String vkName = json.getString("first_name") + " " + json.getString("last_name"); String vkLink = json.getString("screen_name"); if (vkName == null || vkLink == null || vkName.isEmpty() || vkName.length() == 1 || vkLink.isEmpty()) { throw new Exception(); } int uid = getUIDbyVKID(sql, vkID); if (uid > 0) { Cookie c = new Cookie("hash", UserQueries.getHashByUID(sql, uid)); c.setMaxAge(50 * 24 * 60 * 60); response.addCookie(c); response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); response.setHeader("Location", "/"); } else { String loginhash = UUID.randomUUID().toString(); if (!insertDB(sql, vkID, loginhash, token, vkName, vkLink)) { throw new Exception(); } response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); response.setHeader("Location", "/signup?type=vk&hash=" + loginhash); } } catch (Exception e) { System.err.println("JSON ERROR: " + e); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } } private int getUIDbyVKID(Connection sql, long vkID) { int uid = 0; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT user_id FROM vk WHERE vk_id=? AND user_id IS NOT NULL"); stmt.setLong(1, vkID); rs = stmt.executeQuery(); if (rs.first()) { uid = rs.getInt(1); } } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(rs, stmt); } return uid; } private boolean insertDB(Connection sql, long vkID, String loginhash, String token, String vkName, String vkLink) { boolean ret = false; PreparedStatement stmt = null; try { stmt = sql.prepareStatement("INSERT INTO vk(vk_id,loginhash,access_token,vk_name,vk_link) VALUES (?,?,?,?,?)"); stmt.setLong(1, vkID); stmt.setString(2, loginhash); stmt.setString(3, token); stmt.setString(4, vkName); stmt.setString(5, vkLink); stmt.executeUpdate(); ret = true; } catch (SQLException e) { System.err.println(e); } finally { Utils.finishSQL(null, stmt); } return ret; } }