use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.
the class AccessTokenFilter method doFilter.
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
DataAccessor dataAccessor = DataAccessorFactory.getDataAccessor();
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
String requestUri = request.getRequestURI();
String userAgent = request.getHeader("user-agent");
String accessTokenId = request.getParameter(RequestParameter.ACCESS_TOKEN.getName());
accessTokenId = accessTokenId == null ? null : accessTokenId.trim();
AccessToken accessToken;
if (requestUri.equals("/remote_api") || (userAgent != null && userAgent.equals("Amazon CloudFront"))) {
accessToken = null;
} else if (autoGenerate) {
// Used by gamma, default & api modules.
String accessTokenCookie = getCookieValue(RequestCookie.ACCESS_TOKEN.getName(), request);
if ((accessTokenId == null || accessTokenId.isEmpty()) && (accessTokenCookie == null || accessTokenCookie.isEmpty())) {
accessToken = AccessTokenDataUtil.newUserAccessToken(request);
} else {
accessToken = accessTokenId != null && !accessTokenId.isEmpty() ? dataAccessor.getAccessToken(accessTokenId) : dataAccessor.getAccessToken(accessTokenCookie);
if (accessToken == null || accessToken.isExpired()) {
accessToken = AccessTokenDataUtil.newUserAccessToken(request);
} else if (accessToken.getExpiry().getTime() < new Date().getTime() + AccessTokenDataUtil.MIN_EXPIRY_MILLIS) {
accessToken.setExpiry(new Date(new Date().getTime() + AccessTokenDataUtil.MAX_EXPIRY_MILLIS));
accessToken = dataAccessor.createOrUpdateAccessToken(accessToken);
}
}
if (!accessToken.getId().equals(accessTokenCookie)) {
accessTokenId = accessToken.getId();
setCookieValue(RequestCookie.ACCESS_TOKEN.getName(), accessTokenId, 30, response);
}
} else if (isWorker) {
// Used by worker module.
accessTokenId = dataAccessor.getAppProperty(AppProperty.WORKER_ACCESS_TOKEN_ID).getValue();
accessToken = dataAccessor.getAccessToken(accessTokenId);
} else if (requestUri.equals("/user/accesstoken")) {
// Used by gamma-android & android module.
accessToken = AccessTokenDataUtil.newUserAccessToken(request);
dispatchResponse(response, new UserAccessTokenApi.Response(accessToken.getId(), accessToken.getExpiry()));
return;
} else {
// TODO: Consider only header. Ignore accessToken from request param.
if (accessTokenId == null || accessTokenId.isEmpty()) {
accessTokenId = request.getHeader(RequestHeader.ACCESS_TOKEN.getName());
accessTokenId = accessTokenId == null ? null : accessTokenId.trim();
}
if (accessTokenId == null || accessTokenId.isEmpty()) {
dispatchResponse(response, new InvalidArgumentException("Access Token is missing."));
return;
} else if ((accessToken = dataAccessor.getAccessToken(accessTokenId)) == null) {
dispatchResponse(response, new InvalidArgumentException("Access Token is invalid."));
return;
} else if (accessToken.isExpired()) {
dispatchResponse(response, new InsufficientAccessException("Access Token is expired."));
return;
} else if (accessToken.getExpiry().getTime() < new Date().getTime() + AccessTokenDataUtil.MIN_EXPIRY_MILLIS) {
accessToken.setExpiry(new Date(new Date().getTime() + AccessTokenDataUtil.MAX_EXPIRY_MILLIS));
accessToken = dataAccessor.createOrUpdateAccessToken(accessToken);
}
}
threadLocalAccessToken.set(accessToken);
chain.doFilter(request, response);
threadLocalAccessToken.remove();
}
use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.
the class UserDataUtil method getCurrentUser.
public static UserData getCurrentUser() {
AccessToken accessToken = AccessTokenFilter.getAccessToken();
Long userId = accessToken.getUserId();
if (userId.equals(0L) || accessToken.isExpired()) {
UserData userData = new UserData(0L);
userData.setAuthor(new AuthorData());
userData.setFirstName("Guest");
userData.setLastName("User");
userData.setState(UserState.GUEST);
return userData;
} else {
return createUserData(DataAccessorFactory.getDataAccessor().getUser(accessToken.getUserId()));
}
}
use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.
the class PratilipiDataUtil method hasAccessToReadPratilipiContent.
public static boolean hasAccessToReadPratilipiContent(Pratilipi pratilipi) {
// Case 1: Any user can read PUBLISHED content.
if (pratilipi.getState() == PratilipiState.PUBLISHED)
return true;
// Case 2: Nobody can read DELETED content.
if (pratilipi.getState() == PratilipiState.DELETED)
return false;
// Case 3: User with PRATILIPI_READ_CONTENT access can read any content in any state.
AccessToken accessToken = AccessTokenFilter.getAccessToken();
if (UserAccessUtil.hasUserAccess(accessToken.getUserId(), pratilipi.getLanguage(), AccessType.PRATILIPI_READ_CONTENT))
return true;
// Case 4: User can read content, in any state, linked with his/her own Author profile.
DataAccessor dataAccessor = DataAccessorFactory.getDataAccessor();
Author author = dataAccessor.getAuthor(pratilipi.getAuthorId());
if (author != null && accessToken.getUserId().equals(author.getUserId()))
return true;
return false;
}
use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.
the class PratilipiDataUtil method hasAccessToAddPratilipiData.
public static boolean hasAccessToAddPratilipiData(PratilipiData pratilipiData) {
Author author = pratilipiData.getAuthorId() == null ? null : DataAccessorFactory.getDataAccessor().getAuthor(pratilipiData.getAuthorId());
// Case 1: Content pieces can be added against ACTIVE Author profiles only.
if (author != null && author.getState() != AuthorState.ACTIVE)
return false;
// Case 2: User with PRATILIPI_ADD access can add Pratilipi against any Author profile.
AccessToken accessToken = AccessTokenFilter.getAccessToken();
if (UserAccessUtil.hasUserAccess(accessToken.getUserId(), pratilipiData.getLanguage(), AccessType.PRATILIPI_ADD))
return true;
// Case 3: User can add Pratilipi against his/her own Author profile.
if (author != null && accessToken.getUserId().equals(author.getUserId()))
return true;
return false;
}
use of com.pratilipi.data.type.AccessToken in project pratilipi by Pratilipi.
the class PratilipiDataUtil method hasAccessToReadPratilipiMetaData.
public static boolean hasAccessToReadPratilipiMetaData(Pratilipi pratilipi) {
AccessToken accessToken = AccessTokenFilter.getAccessToken();
if (UserAccessUtil.hasUserAccess(accessToken.getUserId(), pratilipi.getLanguage(), AccessType.PRATILIPI_READ_META))
return true;
Author author = pratilipi.getAuthorId() == null ? null : DataAccessorFactory.getDataAccessor().getAuthor(pratilipi.getAuthorId());
if (author != null && author.getUserId() != null && author.getUserId().equals(accessToken.getUserId()))
return true;
return false;
}
Aggregations