🎨 #12527

src/main/java/org/b3log/solo/processor/console/AdminConsole.java

@@ -38,6 +38,7 @@ import org.b3log.latke.service.LangPropsService;
 import org.b3log.latke.service.ServiceException;
 import org.b3log.latke.servlet.HTTPRequestContext;
 import org.b3log.latke.servlet.HTTPRequestMethod;
+import org.b3log.latke.servlet.annotation.Before;
 import org.b3log.latke.servlet.annotation.RequestProcessing;
 import org.b3log.latke.servlet.annotation.RequestProcessor;
 import org.b3log.latke.servlet.renderer.freemarker.AbstractFreeMarkerRenderer;
@@ -48,6 +49,7 @@ import org.b3log.solo.model.Common;
 import org.b3log.solo.model.Option;
 import org.b3log.solo.model.Skin;
 import org.b3log.solo.model.UserExt;
+import org.b3log.solo.processor.console.common.ConsoleAuthAdvice;
 import org.b3log.solo.processor.renderer.ConsoleRenderer;
 import org.b3log.solo.processor.util.Filler;
 import org.b3log.solo.service.ExportService;
@@ -73,10 +75,11 @@ import java.util.*;
  * Admin console render processing.
  *
  * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.7.0.4, Aug 8, 2018
+ * @version 1.7.0.5, Sep 25, 2018
  * @since 0.4.1
  */
 @RequestProcessor
+@Before(adviceClass = ConsoleAuthAdvice.class)
 public class AdminConsole {
 
     /**
@@ -141,26 +144,18 @@ public class AdminConsole {
     @RequestProcessing(value = "/admin-index.do", method = HTTPRequestMethod.GET)
     public void showAdminIndex(final HttpServletRequest request, final HTTPRequestContext context) {
         final AbstractFreeMarkerRenderer renderer = new ConsoleRenderer();
-
         context.setRenderer(renderer);
         final String templateName = "admin-index.ftl";
-
         renderer.setTemplateName(templateName);
-
         final Map<String, String> langs = langPropsService.getAll(Latkes.getLocale());
         final Map<String, Object> dataModel = renderer.getDataModel();
-
         dataModel.putAll(langs);
-
         final JSONObject currentUser = userQueryService.getCurrentUser(request);
         final String userName = currentUser.optString(User.USER_NAME);
         dataModel.put(User.USER_NAME, userName);
-
         final String roleName = currentUser.optString(User.USER_ROLE);
         dataModel.put(User.USER_ROLE, roleName);
-
         final String email = currentUser.optString(User.USER_EMAIL);
-
         final String userAvatar = currentUser.optString(UserExt.USER_AVATAR);
         if (StringUtils.isNotBlank(userAvatar)) {
             dataModel.put(Common.GRAVATAR, userAvatar);
@@ -171,7 +166,6 @@ public class AdminConsole {
 
         try {
             final JSONObject preference = preferenceQueryService.getPreference();
-
             dataModel.put(Option.ID_C_LOCALE_STRING, preference.getString(Option.ID_C_LOCALE_STRING));
             dataModel.put(Option.ID_C_BLOG_TITLE, preference.getString(Option.ID_C_BLOG_TITLE));
             dataModel.put(Option.ID_C_BLOG_SUBTITLE, preference.getString(Option.ID_C_BLOG_SUBTITLE));
@@ -183,7 +177,6 @@ public class AdminConsole {
             dataModel.put(Option.ID_C_LOCALE_STRING, preference.getString(Option.ID_C_LOCALE_STRING));
             dataModel.put(Option.ID_C_EDITOR_TYPE, preference.getString(Option.ID_C_EDITOR_TYPE));
             dataModel.put(Skin.SKIN_DIR_NAME, preference.getString(Skin.SKIN_DIR_NAME));
-
             Keys.fillRuntime(dataModel);
             filler.fillMinified(dataModel);
         } catch (final Exception e) {

src/main/java/org/b3log/solo/processor/console/ArticleConsole.java

@@ -28,6 +28,7 @@ import org.b3log.latke.service.LangPropsService;
 import org.b3log.latke.service.ServiceException;
 import org.b3log.latke.servlet.HTTPRequestContext;
 import org.b3log.latke.servlet.HTTPRequestMethod;
+import org.b3log.latke.servlet.annotation.Before;
 import org.b3log.latke.servlet.annotation.RequestProcessing;
 import org.b3log.latke.servlet.annotation.RequestProcessor;
 import org.b3log.latke.servlet.renderer.JSONRenderer;
@@ -35,6 +36,7 @@ import org.b3log.latke.util.Requests;
 import org.b3log.latke.util.Strings;
 import org.b3log.solo.model.Article;
 import org.b3log.solo.model.Common;
+import org.b3log.solo.processor.console.common.ConsoleAuthAdvice;
 import org.b3log.solo.service.ArticleMgmtService;
 import org.b3log.solo.service.ArticleQueryService;
 import org.b3log.solo.service.UserQueryService;
@@ -53,10 +55,11 @@ import java.util.stream.Collectors;
  * Article console request processing.
  *
  * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.1.1.2, Sep 20, 2018
+ * @version 1.1.1.3, Sep 25, 2018
  * @since 0.4.0
  */
 @RequestProcessor
+@Before(adviceClass = ConsoleAuthAdvice.class)
 public class ArticleConsole {
 
     /**
@@ -108,16 +111,9 @@ public class ArticleConsole {
      * @param request  the specified http servlet request
      * @param response the specified http servlet response
      * @param context  the specified http request context
-     * @throws Exception exception
      */
     @RequestProcessing(value = "/console/thumbs", method = HTTPRequestMethod.GET)
-    public void getArticleThumbs(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void getArticleThumbs(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context) {
         final JSONRenderer renderer = new JSONRenderer();
         context.setRenderer(renderer);
         final JSONObject result = new JSONObject();
@@ -151,13 +147,10 @@ public class ArticleConsole {
      *                 }
      * @param response the specified http servlet response
      * @param context  the specified http request context
-     * @throws Exception exception
      */
     @RequestProcessing(value = "/console/markdown/2html", method = HTTPRequestMethod.POST)
-    public void markdown2HTML(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
-            throws Exception {
+    public void markdown2HTML(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context) {
         final JSONRenderer renderer = new JSONRenderer();
-
         context.setRenderer(renderer);
         final JSONObject result = new JSONObject();
         renderer.setJSONObject(result);
@@ -170,11 +163,6 @@ public class ArticleConsole {
             return;
         }
 
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
         try {
             String html = Emotions.convert(markdownText);
             html = Markdowns.toHTML(html);
@@ -218,16 +206,9 @@ public class ArticleConsole {
      * @param request  the specified http servlet request
      * @param response the specified http servlet response
      * @param context  the specified http request context
-     * @throws Exception exception
      */
     @RequestProcessing(value = "/console/article/*", method = HTTPRequestMethod.GET)
-    public void getArticle(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void getArticle(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context) {
         final JSONRenderer renderer = new JSONRenderer();
         context.setRenderer(renderer);
 
@@ -279,17 +260,10 @@ public class ArticleConsole {
      * @param request  the specified http servlet request
      * @param response the specified http servlet response
      * @param context  the specified http request context
-     * @throws Exception exception
      */
     @RequestProcessing(value = "/console/articles/status/*/*/*/*"/* Requests.PAGINATION_PATH_PATTERN */,
             method = HTTPRequestMethod.GET)
-    public void getArticles(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void getArticles(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context) {
         final JSONRenderer renderer = new JSONRenderer();
         context.setRenderer(renderer);
 
@@ -353,16 +327,10 @@ public class ArticleConsole {
      * @param request   the specified http servlet request
      * @param response  the specified http servlet response
      * @param articleId the specified article id
-     * @throws Exception exception
      */
     @RequestProcessing(value = "/console/article/{articleId}", method = HTTPRequestMethod.DELETE)
     public void removeArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response,
-                              final String articleId) throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+                              final String articleId) {
         final JSONRenderer renderer = new JSONRenderer();
         context.setRenderer(renderer);
         final JSONObject ret = new JSONObject();
@@ -405,16 +373,9 @@ public class ArticleConsole {
      * @param context  the specified http request context
      * @param request  the specified http servlet request
      * @param response the specified http servlet response
-     * @throws Exception exception
      */
     @RequestProcessing(value = "/console/article/unpublish/*", method = HTTPRequestMethod.PUT)
-    public void cancelPublishArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void cancelPublishArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response) {
         final JSONRenderer renderer = new JSONRenderer();
         context.setRenderer(renderer);
         final JSONObject ret = new JSONObject();
@@ -459,16 +420,9 @@ public class ArticleConsole {
      * @param context  the specified http request context
      * @param request  the specified http servlet request
      * @param response the specified http servlet response
-     * @throws Exception exception
      */
     @RequestProcessing(value = "/console/article/canceltop/*", method = HTTPRequestMethod.PUT)
-    public void cancelTopArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void cancelTopArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response) {
         final JSONRenderer renderer = new JSONRenderer();
         context.setRenderer(renderer);
         final JSONObject ret = new JSONObject();
@@ -514,16 +468,9 @@ public class ArticleConsole {
      * @param context  the specified http request context
      * @param request  the specified http servlet request
      * @param response the specified http servlet response
-     * @throws Exception exception
      */
     @RequestProcessing(value = "/console/article/puttop/*", method = HTTPRequestMethod.PUT)
-    public void putTopArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response)
-            throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
+    public void putTopArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response) {
         final JSONRenderer renderer = new JSONRenderer();
         context.setRenderer(renderer);
         final JSONObject ret = new JSONObject();
@@ -590,11 +537,6 @@ public class ArticleConsole {
     @RequestProcessing(value = "/console/article/", method = HTTPRequestMethod.PUT)
     public void updateArticle(final HTTPRequestContext context, final HttpServletRequest request, final HttpServletResponse response,
                               final JSONObject requestJSONObject) throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
         final JSONRenderer renderer = new JSONRenderer();
         context.setRenderer(renderer);
         final JSONObject ret = new JSONObject();
@@ -660,11 +602,6 @@ public class ArticleConsole {
     @RequestProcessing(value = "/console/article/", method = HTTPRequestMethod.POST)
     public void addArticle(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context,
                            final JSONObject requestJSONObject) throws Exception {
-        if (!userQueryService.isLoggedIn(request, response)) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            return;
-        }
-
         final JSONRenderer renderer = new JSONRenderer();
         context.setRenderer(renderer);
         final JSONObject ret = new JSONObject();

src/main/java/org/b3log/solo/processor/console/PluginConsole.java

@@ -31,7 +31,7 @@ import org.b3log.latke.servlet.annotation.RequestProcessing;
 import org.b3log.latke.servlet.annotation.RequestProcessor;
 import org.b3log.latke.servlet.renderer.JSONRenderer;
 import org.b3log.latke.util.Requests;
-import org.b3log.solo.processor.console.common.ProcessAuthAdvice;
+import org.b3log.solo.processor.console.common.ConsoleAuthAdvice;
 import org.b3log.solo.processor.renderer.ConsoleRenderer;
 import org.b3log.solo.service.PluginMgmtService;
 import org.b3log.solo.service.PluginQueryService;
@@ -45,12 +45,12 @@ import java.util.Map;
  * Plugin console request processing.
  *
  * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @author <a href="mailto:wmainlove@gmail.com">Love Yao</a>
+ * @author <a href="https://hacpai.com/member/mainlove">Love Yao</a>
  * @version 1.1.0.2, Sep 20, 2018
  * @since 0.4.0
  */
 @RequestProcessor
-@Before(adviceClass = ProcessAuthAdvice.class)
+@Before(adviceClass = ConsoleAuthAdvice.class)
 public class PluginConsole {
 
     /**

src/main/java/org/b3log/solo/processor/console/common/ProcessAuthAdvice.java → src/main/java/org/b3log/solo/processor/console/common/ConsoleAuthAdvice.java

@@ -17,47 +17,50 @@
  */
 package org.b3log.solo.processor.console.common;
 
+import org.b3log.latke.Keys;
 import org.b3log.latke.ioc.LatkeBeanManager;
 import org.b3log.latke.ioc.Lifecycle;
 import org.b3log.latke.ioc.inject.Named;
 import org.b3log.latke.ioc.inject.Singleton;
-import org.b3log.latke.logging.Level;
 import org.b3log.latke.logging.Logger;
 import org.b3log.latke.servlet.HTTPRequestContext;
 import org.b3log.latke.servlet.advice.BeforeRequestProcessAdvice;
+import org.b3log.latke.servlet.advice.RequestProcessAdviceException;
 import org.b3log.solo.service.UserQueryService;
+import org.json.JSONObject;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
 import java.util.Map;
 
 /**
  * The common auth check before advice for admin console.
  *
- * @author <a href="mailto:wmainlove@gmail.com">Love Yao</a>
  * @author <a href="http://88250.b3log.org">Liang Ding</a>
  * @version 1.0.1.1, Sep 25, 2018
+ * @since 2.9.5
  */
 @Named
 @Singleton
-public class ProcessAuthAdvice extends BeforeRequestProcessAdvice {
+public class ConsoleAuthAdvice extends BeforeRequestProcessAdvice {
 
     /**
      * Logger.
      */
-    private static final Logger LOGGER = Logger.getLogger(ProcessAuthAdvice.class);
+    private static final Logger LOGGER = Logger.getLogger(ConsoleAuthAdvice.class);
 
     @Override
-    public void doAdvice(final HTTPRequestContext context, final Map<String, Object> args) {
+    public void doAdvice(final HTTPRequestContext context, final Map<String, Object> args) throws RequestProcessAdviceException {
         final LatkeBeanManager beanManager = Lifecycle.getBeanManager();
         final UserQueryService userQueryService = beanManager.getReference(UserQueryService.class);
 
-        if (!userQueryService.isAdminLoggedIn(context.getRequest())) {
-            try {
-                context.getResponse().sendError(HttpServletResponse.SC_FORBIDDEN);
-            } catch (final IOException e) {
-                LOGGER.log(Level.ERROR, "Response sends error failed", e);
-            }
+        final HttpServletRequest request = context.getRequest();
+        if (!userQueryService.isLoggedIn(request, context.getResponse())) {
+            final JSONObject exception401 = new JSONObject();
+            exception401.put(Keys.MSG, "Unauthorized to request [" + request.getRequestURI() + "]");
+            exception401.put(Keys.STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);
+
+            throw new RequestProcessAdviceException(exception401);
         }
     }
 }

src/main/webapp/WEB-INF/web.xml

@@ -46,27 +46,6 @@
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 
-    <filter>
-        <filter-name>AuthFilter</filter-name>
-        <filter-class>org.b3log.solo.filter.AuthFilter</filter-class>
-    </filter>
-    <filter-mapping>
-        <filter-name>AuthFilter</filter-name>
-        <url-pattern>/admin-index.do</url-pattern>
-        <url-pattern>/admin-main.do</url-pattern>
-        <url-pattern>/admin-article.do</url-pattern>
-        <url-pattern>/admin-article-list.do</url-pattern>
-        <url-pattern>/admin-comment-list.do</url-pattern>
-        <url-pattern>/admin-link-list.do</url-pattern>
-        <url-pattern>/admin-preference.do</url-pattern>
-        <url-pattern>/admin-page-list.do</url-pattern>
-        <url-pattern>/admin-others.do</url-pattern>
-        <url-pattern>/admin-draft-list.do</url-pattern>
-        <url-pattern>/admin-user-list.do</url-pattern>
-        <url-pattern>/admin-plugin-list.do</url-pattern>
-        <url-pattern>/admin-about.do</url-pattern>
-        <url-pattern>/fix/*</url-pattern>
-    </filter-mapping>
     <filter>
         <filter-name>PermalinkFilter</filter-name>
         <filter-class>org.b3log.solo.filter.PermalinkFilter</filter-class>

src/test/resources/admin-about.ftl

@@ -81,7 +81,7 @@
                     <ul>
                         <li><a target="_blank" href="http://88250.b3log.org">D</a></li>
                         <li><a target="_blank" href="http://vanessa.b3log.org">V</a></li>
-                        <li><a target="_blank" href="mailto:wmainlove@gmail.com">mainlove</a></li>
+                        <li><a target="_blank" href="https://hacpai.com/member/mainlove">mainlove</a></li>
                         <li><a target="_blank" href="http://people.apache.org/%7Edongxu">DX</a></li>
                         <li><a target="_blank" href="http://mizhichashao.com">大叔</a></li>
                         <li><a target="_blank" href="http://www.jiangzezhou.com">javen.jiang</a></li>