/* * Juick * Copyright (C) 2008-2011, Ugnich Anton * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ package com.juick.server; import com.juick.User; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.RowMapper; import org.springframework.jdbc.support.GeneratedKeyHolder; import org.springframework.jdbc.support.KeyHolder; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.*; import java.util.logging.Level; import java.util.logging.Logger; /** * * @author Ugnich Anton */ public class UserQueries { static final String ABCDEF = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; private static final Logger LOGGER = Logger.getLogger(UserQueries.class.getName()); static class UserMapper implements RowMapper { @Override public User mapRow(ResultSet rs, int rowNum) throws SQLException { User user = new User(); user.UID = rs.getInt("id"); user.UName = rs.getString("nick"); user.Banned = rs.getBoolean("banned"); return user; } } public static String getSignUpHashByJID(JdbcTemplate sql, String jid) { String hash = sql.queryForObject("SELECT loginhash FROM jids WHERE jid=? AND user_id IS NULL", String.class, jid); if (hash == null) { hash = UUID.randomUUID().toString(); sql.update("INSERT INTO jids(jid,loginhash) VALUES (?,?)", jid, hash); } return hash; } public static int createUser(JdbcTemplate sql, String username, String password) { KeyHolder holder = new GeneratedKeyHolder(); sql.update(con -> { PreparedStatement stmt = con.prepareStatement("INSERT INTO users(nick,passw) VALUES (?,?)", Statement.RETURN_GENERATED_KEYS); stmt.setString(1, username); stmt.setString(2, password); return stmt; }, holder); int uid = holder.getKey().intValue(); sql.update("INSERT INTO useroptions(user_id) VALUES (?)", uid); sql.update("INSERT INTO subscr_users(user_id,suser_id) VALUES (2,?)", uid); return uid; } public static User getUserByUID(JdbcTemplate sql, int uid) { return sql.queryForObject("SELECT id, nick,banned FROM users WHERE id=?", new Object[] {uid}, new UserMapper()); } public static User getUserByName(JdbcTemplate sql, String username) { return sql.queryForObject("SELECT id,nick,banned FROM users WHERE nick=?", new Object[] {username}, new UserMapper()); } public static User getUserByJID(JdbcTemplate sql, String jid) { return sql.queryForObject("SELECT id,nick,banned FROM users WHERE id=(SELECT user_id FROM jids WHERE jid=?)", new Object[] {jid}, new UserMapper()); } public static List getUsersByName(JdbcTemplate sql, List unames) { return sql.query("SELECT id,nick,banned FROM users WHERE id=(SELECT user_id FROM jids WHERE jid=?)", new UserMapper(), unames.toArray()); } public static List getUsersByID(JdbcTemplate sql, List uids) { return sql.query("SELECT id,nick,banned FROM users WHERE id IN (" + Utils.convertArrayInt2String(uids) + ")", new UserMapper(), uids.toArray()); } public static boolean fillUsersByID(JdbcTemplate sql, List users) { boolean ret = false; String uids = ""; final int usersSize = users.size(); for (int i = 0; i < usersSize; i++) { if (i > 0) { uids += ","; } uids += users.get(i).UID; } sql.query("SELECT id,nick,banned FROM users WHERE id IN (" + uids + ")", (rs, num) -> { User u = users.get(num); u.UName = rs.getString(2); return u; }); return true; } public static List getUsersByJID(JdbcTemplate sql, List jids) { return sql.query("SELECT users.id,users.nick,jids.jid FROM users " + "INNER JOIN jids ON jids.user_id=users.id " + "WHERE jids.jid IN (" + Utils.convertArrayString2String(jids) + ")", (rs, rowNum) -> { com.juick.User user = new com.juick.User(); user.UID = rs.getInt(1); user.UName = rs.getString(2); user.JID = rs.getString(3); return user; }); } public static String getJIDbyUID(JdbcTemplate sql, int uid) { return sql.queryForObject("SELECT jid FROM jids WHERE user_id=? AND active=1", String.class, uid); } public static int getUIDbyJID(JdbcTemplate sql, String jid) { return sql.queryForObject("SELECT user_id FROM jids WHERE jid=?", Integer.class, jid); } public static int getUIDbyName(JdbcTemplate sql, String uname) { return sql.queryForObject("SELECT id FROM users WHERE nick=?", Integer.class, uname); } public static int getUIDbyHash(JdbcTemplate sql, String hash) { return sql.queryForObject("SELECT user_id FROM logins WHERE hash=?", Integer.class, hash); } public static com.juick.User getUserByHash(JdbcTemplate sql, String hash) { User user = sql.queryForObject("SELECT logins.user_id,users.nick, users.banned FROM logins " + "INNER JOIN users ON logins.user_id=users.id WHERE logins.hash=?", new UserMapper(), hash); user.AuthHash = hash; return user; } public static String getHashByUID(JdbcTemplate sql, int uid) { String hash = sql.queryForObject("SELECT hash FROM logins WHERE user_id=?", String.class, uid); if (hash == null) { hash = generateHash(16); final String finalHash = hash; sql.update(con -> { PreparedStatement stmt = con.prepareStatement("INSERT INTO logins(user_id,hash) VALUES (?,?)"); stmt.setInt(1, uid); stmt.setString(2, finalHash); return stmt; }); } return hash; } public static String generateHash(int len) { Random rnd = new Random(); StringBuilder sb = new StringBuilder(len); for (int i = 0; i < len; i++) { sb.append(ABCDEF.charAt(rnd.nextInt(ABCDEF.length()))); } return sb.toString(); } public static boolean checkUserNameValid(String uname) { return uname != null && uname.length() >= 2 && uname.length() <= 16 && uname.matches("[a-zA-Z0-9\\-]+"); } public static int checkPassword(Connection sql, String username, String password) { int uid = 0; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT id,passw FROM users WHERE nick=?"); stmt.setString(1, username); rs = stmt.executeQuery(); if (rs.first()) { if (password.equals(rs.getString(2))) { uid = rs.getInt(1); } else { uid = -1; } } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(rs, stmt); } return uid; } public static int getUserOptionInt(Connection sql, int uid, String option, int defaultValue) { int ret = defaultValue; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT " + option + " FROM useroptions WHERE user_id=?"); stmt.setInt(1, uid); rs = stmt.executeQuery(); if (rs.first()) { ret = rs.getInt(1); } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(rs, stmt); } return ret; } public static void setUserOptionInt(Connection sql, int uid, String option, int value) { PreparedStatement stmt = null; try { stmt = sql.prepareStatement("UPDATE useroptions SET " + option + "=? WHERE user_id=?"); stmt.setInt(1, value); stmt.setInt(2, uid); stmt.executeUpdate(); } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(null, stmt); } } public static boolean getCanMedia(Connection sql, int uid) { boolean ret = false; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT users.lastphoto-UNIX_TIMESTAMP() FROM users WHERE id=?"); stmt.setInt(1, uid); rs = stmt.executeQuery(); if (rs.first()) { ret = rs.getInt(1) < 3600; } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(rs, stmt); } return ret; } public static boolean isInWL(Connection sql, int uid, int check) { boolean ret = false; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT 1 FROM wl_users WHERE user_id=? AND wl_user_id=?"); stmt.setInt(1, uid); stmt.setInt(2, check); rs = stmt.executeQuery(); if (rs.first()) { ret = rs.getInt(1) == 1; } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(rs, stmt); } return ret; } public static boolean isInBL(Connection sql, int uid, int check) { boolean ret = false; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT 1 FROM bl_users WHERE user_id=? AND bl_user_id=?"); stmt.setInt(1, uid); stmt.setInt(2, check); rs = stmt.executeQuery(); if (rs.first()) { ret = rs.getInt(1) == 1; } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(rs, stmt); } return ret; } public static boolean isInBLAny(JdbcTemplate sql, int uid, int uid2) { List res = sql.queryForList("SELECT 1 FROM bl_users " + "WHERE (user_id=? AND bl_user_id=?) " + "OR (user_id=? AND bl_user_id=?)", Integer.class, new Object[] {uid, uid2, uid2, uid}); return res.get(0) == 1; } public static List checkBL(Connection sql, int visitor, List uids) { List ret = new ArrayList<>(); PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT user_id FROM bl_users WHERE bl_user_id=? and user_id IN (" + Utils.convertArrayInt2String(uids) + ")"); stmt.setInt(1, visitor); rs = stmt.executeQuery(); rs.beforeFirst(); while (rs.next()) { ret.add(rs.getInt(1)); } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(rs, stmt); } return ret; } public static boolean isSubscribed(Connection sql, int uid, int check) { boolean ret = false; PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT 1 FROM subscr_users WHERE suser_id=? AND user_id=?"); stmt.setInt(1, uid); stmt.setInt(2, check); rs = stmt.executeQuery(); if (rs.first()) { ret = rs.getInt(1) == 1; } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(rs, stmt); } return ret; } public static List getUserRead(JdbcTemplate sql, int uid) { return sql.queryForList("SELECT user_id FROM subscr_users WHERE suser_id=?", Integer.class, uid); } public static List getUserReadLeastPopular(Connection sql, int uid, int cnt) { List users = new ArrayList<>(cnt); PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT users.id,users.nick FROM (subscr_users INNER JOIN users_subscr ON (subscr_users.suser_id=? AND subscr_users.user_id=users_subscr.user_id)) INNER JOIN users ON subscr_users.user_id=users.id ORDER BY cnt LIMIT ?"); stmt.setInt(1, uid); stmt.setInt(2, cnt); rs = stmt.executeQuery(); rs.beforeFirst(); while (rs.next()) { com.juick.User u = new com.juick.User(); u.UID = rs.getInt(1); u.UName = rs.getString(2); users.add(u); } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(rs, stmt); } return users; } public static List getUserReaders(JdbcTemplate sql, int uid) { return sql.queryForList("SELECT suser_id FROM subscr_users WHERE user_id=?", Integer.class, uid); } public static List getUserBLUsers(Connection sql, int uid) { List users = new ArrayList<>(); PreparedStatement stmt = null; ResultSet rs = null; try { stmt = sql.prepareStatement("SELECT users.id,users.nick FROM users INNER JOIN bl_users ON(bl_users.bl_user_id=users.id) WHERE bl_users.user_id=? ORDER BY users.nick"); stmt.setInt(1, uid); rs = stmt.executeQuery(); rs.beforeFirst(); while (rs.next()) { com.juick.User u = new com.juick.User(); u.UID = rs.getInt(1); u.UName = rs.getString(2); users.add(u); } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } finally { Utils.finishSQL(rs, stmt); } return users; } public static boolean linkTwitterAccount(Connection sql, User user, String accessToken, String accessTokenSecret, String screenName) { try { PreparedStatement stmt = sql.prepareStatement("INSERT INTO twitter(user_id,access_token,access_token_secret,uname) " + "VALUES (?,?,?,?)" + " ON DUPLICATE KEY UPDATE access_token=?,access_token_secret=?,uname=?"); stmt.setInt(1, user.UID); stmt.setString(2, accessToken); stmt.setString(3, accessTokenSecret); stmt.setString(4, screenName); stmt.setString(5, accessToken); stmt.setString(6, accessTokenSecret); stmt.setString(7, screenName); if (stmt.execute()) { PreparedStatement stmt2 = sql.prepareStatement("INSERT INTO subscr_users(user_id,suser_id,jid) " + "VALUES (?,1741,'juick\\@twitter.juick.com')"); stmt2.setInt(1, user.UID); return stmt2.execute(); } } catch (SQLException e) { LOGGER.log(Level.SEVERE, "sql exception", e); } return false; } public static int getStatsIRead(Connection sql, int uid) { return SQLHelpers.getInt(sql, "SELECT COUNT(*) FROM subscr_users WHERE suser_id=?", uid, 0); } public static int getStatsMyReaders(Connection sql, int uid) { return SQLHelpers.getInt(sql, "SELECT COUNT(*) FROM subscr_users WHERE user_id=?", uid, 0); } public static int getStatsMessages(Connection sql, int uid) { return SQLHelpers.getInt(sql, "SELECT COUNT(*) FROM messages WHERE user_id=?", uid, 0); } public static int getStatsReplies(Connection sql, int uid) { return SQLHelpers.getInt(sql, "SELECT COUNT(*) FROM replies WHERE user_id=?", uid, 0); } public enum ActiveStatus { Inactive, Active } public static boolean setActiveStatusForJID(JdbcTemplate sql, String JID, ActiveStatus jidStatus) { User user = getUserByJID(sql, JID); if (user != null) { return sql.update(con -> { PreparedStatement preparedStatement = con.prepareStatement( "UPDATE jids SET active=? WHERE user_id=? AND jid=?"); int newStatus = jidStatus == ActiveStatus.Active ? 1 : 0; preparedStatement.setInt(1, newStatus); preparedStatement.setInt(2, user.UID); preparedStatement.setString(3, JID); return preparedStatement; }) >= 0; } return false; } }