🎨 #12527

62c17b5d · Liang Ding · d8f875ff · 62c17b5d · 62c17b5d · 62c17b5d
Commit 62c17b5d authored Sep 25, 2018 by Liang Ding
6 changed files
--- a/src/main/java/org/b3log/solo/processor/console/AdminConsole.java
+++ b/src/main/java/org/b3log/solo/processor/console/AdminConsole.java
@@ -38,6 +38,7 @@ import org.b3log.latke.service.LangPropsService;
 import org.b3log.latke.service.ServiceException;
 import org.b3log.latke.servlet.HTTPRequestContext;
 import org.b3log.latke.servlet.HTTPRequestMethod;
+import org.b3log.latke.servlet.annotation.Before;
 import org.b3log.latke.servlet.annotation.RequestProcessing;
 import org.b3log.latke.servlet.annotation.RequestProcessor;
 import org.b3log.latke.servlet.renderer.freemarker.AbstractFreeMarkerRenderer;
@@ -48,6 +49,7 @@ import org.b3log.solo.model.Common;
 import org.b3log.solo.model.Option;
 import org.b3log.solo.model.Skin;
 import org.b3log.solo.model.UserExt;
+import org.b3log.solo.processor.console.common.ConsoleAuthAdvice;
 import org.b3log.solo.processor.renderer.ConsoleRenderer;
 import org.b3log.solo.processor.util.Filler;
 import org.b3log.solo.service.ExportService;
@@ -73,10 +75,11 @@ import java.util.*;
 * Admin console render processing.
 *
 * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.7.0.4, Aug 8, 2018
+ * @version 1.7.0.5, Sep 25, 2018
 * @since 0.4.1
 */
 @RequestProcessor
+@Before(adviceClass = ConsoleAuthAdvice.class)
 public class AdminConsole {

    /**
@@ -141,26 +144,18 @@ public class AdminConsole {
    @RequestProcessing(value = "/admin-index.do", method = HTTPRequestMethod.GET)
    public void showAdminIndex(final HttpServletRequest request, final HTTPRequestContext context) {
        final AbstractFreeMarkerRenderer renderer = new ConsoleRenderer();
-
        context.setRenderer(renderer);
        final String templateName = "admin-index.ftl";
-
        renderer.setTemplateName(templateName);
-
        final Map<String, String> langs = langPropsService.getAll(Latkes.getLocale());
        final Map<String, Object> dataModel = renderer.getDataModel();
-
        dataModel.putAll(langs);
-
        final JSONObject currentUser = userQueryService.getCurrentUser(request);
        final String userName = currentUser.optString(User.USER_NAME);
        dataModel.put(User.USER_NAME, userName);
-
        final String roleName = currentUser.optString(User.USER_ROLE);
        dataModel.put(User.USER_ROLE, roleName);
-
        final String email = currentUser.optString(User.USER_EMAIL);
-
        final String userAvatar = currentUser.optString(UserExt.USER_AVATAR);
        if (StringUtils.isNotBlank(userAvatar)) {
            dataModel.put(Common.GRAVATAR, userAvatar);
@@ -171,7 +166,6 @@ public class AdminConsole {

        try {
            final JSONObject preference = preferenceQueryService.getPreference();
-
            dataModel.put(Option.ID_C_LOCALE_STRING, preference.getString(Option.ID_C_LOCALE_STRING));
            dataModel.put(Option.ID_C_BLOG_TITLE, preference.getString(Option.ID_C_BLOG_TITLE));
            dataModel.put(Option.ID_C_BLOG_SUBTITLE, preference.getString(Option.ID_C_BLOG_SUBTITLE));
@@ -183,7 +177,6 @@ public class AdminConsole {
            dataModel.put(Option.ID_C_LOCALE_STRING, preference.getString(Option.ID_C_LOCALE_STRING));
            dataModel.put(Option.ID_C_EDITOR_TYPE, preference.getString(Option.ID_C_EDITOR_TYPE));
            dataModel.put(Skin.SKIN_DIR_NAME, preference.getString(Skin.SKIN_DIR_NAME));
-
            Keys.fillRuntime(dataModel);
            filler.fillMinified(dataModel);
        } catch (final Exception e) {

--- a/src/main/java/org/b3log/solo/processor/console/ArticleConsole.java
+++ b/src/main/java/org/b3log/solo/processor/console/ArticleConsole.java
@@ -28,6 +28,7 @@ import org.b3log.latke.service.LangPropsService;
 import org.b3log.latke.service.ServiceException;
 import org.b3log.latke.servlet.HTTPRequestContext;
 import org.b3log.latke.servlet.HTTPRequestMethod;
+import org.b3log.latke.servlet.annotation.Before;
 import org.b3log.latke.servlet.annotation.RequestProcessing;
 import org.b3log.latke.servlet.annotation.RequestProcessor;
 import org.b3log.latke.servlet.renderer.JSONRenderer;
@@ -35,6 +36,7 @@ import org.b3log.latke.util.Requests;
 import org.b3log.latke.util.Strings;
 import org.b3log.solo.model.Article;
 import org.b3log.solo.model.Common;
+import org.b3log.solo.processor.console.common.ConsoleAuthAdvice;
 import org.b3log.solo.service.ArticleMgmtService;
 import org.b3log.solo.service.ArticleQueryService;
 import org.b3log.solo.service.UserQueryService;
@@ -53,10 +55,11 @@ import java.util.stream.Collectors;
 * Article console request processing.
 *
 * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.1.1.2, Sep 20, 2018
+ * @version 1.1.1.3, Sep 25, 2018
 * @since 0.4.0
 */
 @RequestProcessor
+@Before(adviceClass = ConsoleAuthAdvice.class)
 public class ArticleConsole {

    /**
@@ -108,16 +111,9 @@ public class ArticleConsole {
     * @param request  the specified http servlet request
     * @param response the specified http servlet response
     * @param context  the specified http request context
-     * @throws Exception exception
     */
    @RequestProcessing(value = "/console/thumbs", method = HTTPRequestMethod.GET)
-    public void getArticleThumbs(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void getArticleThumbs(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context) {
        final JSONRenderer renderer = new JSONRenderer();
        context.setRenderer(renderer);
        final JSONObject result = new JSONObject();
@@ -151,13 +147,10 @@ public class ArticleConsole {
     *                 }
     * @param response the specified http servlet response
     * @param context  the specified http request context
-     * @throws Exception exception
     */
    @RequestProcessing(value = "/console/markdown/2html", method = HTTPRequestMethod.POST)
-    public void markdown2HTML(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
-            throws Exception {
+    public void markdown2HTML(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context) {
        final JSONRenderer renderer = new JSONRenderer();
-
        context.setRenderer(renderer);
        final JSONObject result = new JSONObject();
        renderer.setJSONObject(result);
@@ -170,11 +163,6 @@ public class ArticleConsole {
            return;
        }

-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
        try {
            String html = Emotions.convert(markdownText);
            html = Markdowns.toHTML(html);
@@ -218,16 +206,9 @@ public class ArticleConsole {
     * @param request  the specified http servlet request
     * @param response the specified http servlet response
     * @param context  the specified http request context
-     * @throws Exception exception
     */
    @RequestProcessing(value = "/console/article/*", method = HTTPRequestMethod.GET)
-    public void getArticle(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void getArticle(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context) {
        final JSONRenderer renderer = new JSONRenderer();
        context.setRenderer(renderer);

@@ -279,17 +260,10 @@ public class ArticleConsole {
     * @param request  the specified http servlet request
     * @param response the specified http servlet response
     * @param context  the specified http request context
-     * @throws Exception exception
     */
    @RequestProcessing(value = "/console/articles/status/*/*/*/*"/* Requests.PAGINATION_PATH_PATTERN */,
            method = HTTPRequestMethod.GET)
-    public void getArticles(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void getArticles(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context) {
        final JSONRenderer renderer = new JSONRenderer();
        context.setRenderer(renderer);

@@ -353,16 +327,10 @@ public class ArticleConsole {
     * @param request   the specified http servlet request
     * @param response  the specified http servlet response
     * @param articleId the specified article id
-     * @throws Exception exception
     */
    @RequestProcessing(value = "/console/article/{articleId}", method = HTTPRequestMethod.DELETE)
    public void removeArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response,
-                              final String articleId) throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+                              final String articleId) {
        final JSONRenderer renderer = new JSONRenderer();
        context.setRenderer(renderer);
        final JSONObject ret = new JSONObject();
@@ -405,16 +373,9 @@ public class ArticleConsole {
     * @param context  the specified http request context
     * @param request  the specified http servlet request
     * @param response the specified http servlet response
-     * @throws Exception exception
     */
    @RequestProcessing(value = "/console/article/unpublish/*", method = HTTPRequestMethod.PUT)
-    public void cancelPublishArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void cancelPublishArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response) {
        final JSONRenderer renderer = new JSONRenderer();
        context.setRenderer(renderer);
        final JSONObject ret = new JSONObject();
@@ -459,16 +420,9 @@ public class ArticleConsole {
     * @param context  the specified http request context
     * @param request  the specified http servlet request
     * @param response the specified http servlet response
-     * @throws Exception exception
     */
    @RequestProcessing(value = "/console/article/canceltop/*", method = HTTPRequestMethod.PUT)
-    public void cancelTopArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void cancelTopArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response) {
        final JSONRenderer renderer = new JSONRenderer();
        context.setRenderer(renderer);
        final JSONObject ret = new JSONObject();
@@ -514,16 +468,9 @@ public class ArticleConsole {
     * @param context  the specified http request context
     * @param request  the specified http servlet request
     * @param response the specified http servlet response
-     * @throws Exception exception
     */
    @RequestProcessing(value = "/console/article/puttop/*", method = HTTPRequestMethod.PUT)
-    public void putTopArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void putTopArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response) {
        final JSONRenderer renderer = new JSONRenderer();
        context.setRenderer(renderer);
        final JSONObject ret = new JSONObject();
@@ -590,11 +537,6 @@ public class ArticleConsole {
    @RequestProcessing(value = "/console/article/", method = HTTPRequestMethod.PUT)
    public void updateArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response,
                              final JSONObject requestJSONObject) throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
        final JSONRenderer renderer = new JSONRenderer();
        context.setRenderer(renderer);
        final JSONObject ret = new JSONObject();
@@ -660,11 +602,6 @@ public class ArticleConsole {
    @RequestProcessing(value = "/console/article/", method = HTTPRequestMethod.POST)
    public void addArticle(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context,
                           final JSONObject requestJSONObject) throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
        final JSONRenderer renderer = new JSONRenderer();
        context.setRenderer(renderer);
        final JSONObject ret = new JSONObject();

--- a/src/main/java/org/b3log/solo/processor/console/PluginConsole.java
+++ b/src/main/java/org/b3log/solo/processor/console/PluginConsole.java
@@ -31,7 +31,7 @@ import org.b3log.latke.servlet.annotation.RequestProcessing;
 import org.b3log.latke.servlet.annotation.RequestProcessor;
 import org.b3log.latke.servlet.renderer.JSONRenderer;
 import org.b3log.latke.util.Requests;
-import org.b3log.solo.processor.console.common.ProcessAuthAdvice;
+import org.b3log.solo.processor.console.common.ConsoleAuthAdvice;
 import org.b3log.solo.processor.renderer.ConsoleRenderer;
 import org.b3log.solo.service.PluginMgmtService;
 import org.b3log.solo.service.PluginQueryService;
@@ -45,12 +45,12 @@ import java.util.Map;
 * Plugin console request processing.
 *
 * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @author <a href="mailto:wmainlove@gmail.com">Love Yao</a>
+ * @author <a href="https://hacpai.com/member/mainlove">Love Yao</a>
 * @version 1.1.0.2, Sep 20, 2018
 * @since 0.4.0
 */
 @RequestProcessor
-@Before(adviceClass = ProcessAuthAdvice.class)
+@Before(adviceClass = ConsoleAuthAdvice.class)
 public class PluginConsole {

    /**

--- a/src/main/java/org/b3log/solo/processor/console/common/ProcessAuthAdvice.java
+++ b/src/main/java/org/b3log/solo/processor/console/common/ProcessAuthAdvice.java
@@ -17,47 +17,50 @@
 */
 package org.b3log.solo.processor.console.common;

+import org.b3log.latke.Keys;
 import org.b3log.latke.ioc.LatkeBeanManager;
 import org.b3log.latke.ioc.Lifecycle;
 import org.b3log.latke.ioc.inject.Named;
 import org.b3log.latke.ioc.inject.Singleton;
-import org.b3log.latke.logging.Level;
 import org.b3log.latke.logging.Logger;
 import org.b3log.latke.servlet.HTTPRequestContext;
 import org.b3log.latke.servlet.advice.BeforeRequestProcessAdvice;
+import org.b3log.latke.servlet.advice.RequestProcessAdviceException;
 import org.b3log.solo.service.UserQueryService;
+import org.json.JSONObject;

+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
 import java.util.Map;

 /**
 * The common auth check before advice for admin console.
 *
- * @author <a href="mailto:wmainlove@gmail.com">Love Yao</a>
 * @author <a href="http://88250.b3log.org">Liang Ding</a>
 * @version 1.0.1.1, Sep 25, 2018
+ * @since 2.9.5
 */
 @Named
 @Singleton
-public class ProcessAuthAdvice extends BeforeRequestProcessAdvice {
+public class ConsoleAuthAdvice extends BeforeRequestProcessAdvice {

    /**
     * Logger.
     */
-    private static final Logger LOGGER = Logger.getLogger(ProcessAuthAdvice.class);
+    private static final Logger LOGGER = Logger.getLogger(ConsoleAuthAdvice.class);

    @Override
-    public void doAdvice(final HTTPRequestContext context, final Map<String, Object> args) {
+    public void doAdvice(final HTTPRequestContext context, final Map<String, Object> args) throws RequestProcessAdviceException {
        final LatkeBeanManager beanManager = Lifecycle.getBeanManager();
        final UserQueryService userQueryService = beanManager.getReference(UserQueryService.class);

-        if (!userQueryService.isAdminLoggedIn(context.getRequest())) {
-            try {
-                context.getResponse().sendError(HttpServletResponse.SC_FORBIDDEN);
-            } catch (final IOException e) {
-                LOGGER.log(Level.ERROR, "Response sends error failed", e);
-            }
+        final HttpServletRequest request = context.getRequest();
+        if (!userQueryService.isLoggedIn(request, context.getResponse())) {
+            final JSONObject exception401 = new JSONObject();
+            exception401.put(Keys.MSG, "Unauthorized to request [" + request.getRequestURI() + "]");
+            exception401.put(Keys.STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
+
+            throw new RequestProcessAdviceException(exception401);
        }
    }
 }
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -46,27 +46,6 @@
        <url-pattern>/*</url-pattern>
    </filter-mapping>

-    <filter>
-        <filter-name>AuthFilter</filter-name>
-        <filter-class>org.b3log.solo.filter.AuthFilter</filter-class>
-    </filter>
-    <filter-mapping>
-        <filter-name>AuthFilter</filter-name>
-        <url-pattern>/admin-index.do</url-pattern>
-        <url-pattern>/admin-main.do</url-pattern>
-        <url-pattern>/admin-article.do</url-pattern>
-        <url-pattern>/admin-article-list.do</url-pattern>
-        <url-pattern>/admin-comment-list.do</url-pattern>
-        <url-pattern>/admin-link-list.do</url-pattern>
-        <url-pattern>/admin-preference.do</url-pattern>
-        <url-pattern>/admin-page-list.do</url-pattern>
-        <url-pattern>/admin-others.do</url-pattern>
-        <url-pattern>/admin-draft-list.do</url-pattern>
-        <url-pattern>/admin-user-list.do</url-pattern>
-        <url-pattern>/admin-plugin-list.do</url-pattern>
-        <url-pattern>/admin-about.do</url-pattern>
-        <url-pattern>/fix/*</url-pattern>
-    </filter-mapping>
    <filter>
        <filter-name>PermalinkFilter</filter-name>
        <filter-class>org.b3log.solo.filter.PermalinkFilter</filter-class>

--- a/src/test/resources/admin-about.ftl
+++ b/src/test/resources/admin-about.ftl
@@ -81,7 +81,7 @@
                    <ul>
                        <li><a target="_blank" href="http://88250.b3log.org">D</a></li>
                        <li><a target="_blank" href="http://vanessa.b3log.org">V</a></li>
-                        <li><a target="_blank" href="mailto:wmainlove@gmail.com">mainlove</a></li>
+                        <li><a target="_blank" href="https://hacpai.com/member/mainlove">mainlove</a></li>
                        <li><a target="_blank" href="http://people.apache.org/%7Edongxu">DX</a></li>
                        <li><a target="_blank" href="http://mizhichashao.com">大叔</a></li>
                        <li><a target="_blank" href="http://www.jiangzezhou.com">javen.jiang</a></li>