♻ #12515 判断登录状态

67b6d167 · Liang Ding · 110d7da6 · 67b6d167 · 67b6d167 · 67b6d167
Commit 67b6d167 authored Oct 05, 2018 by Liang Ding
10 changed files
--- a/src/main/java/org/b3log/solo/SoloServletListener.java
+++ b/src/main/java/org/b3log/solo/SoloServletListener.java
@@ -17,25 +17,24 @@
 */
 package org.b3log.solo;

-import org.apache.commons.lang.StringUtils;
 import org.b3log.latke.Keys;
 import org.b3log.latke.Latkes;
 import org.b3log.latke.event.EventManager;
 import org.b3log.latke.ioc.BeanManager;
 import org.b3log.latke.logging.Level;
 import org.b3log.latke.logging.Logger;
-import org.b3log.latke.model.User;
 import org.b3log.latke.plugin.PluginManager;
 import org.b3log.latke.plugin.ViewLoadEventHandler;
 import org.b3log.latke.repository.Transaction;
 import org.b3log.latke.repository.jdbc.JdbcRepository;
 import org.b3log.latke.servlet.AbstractServletListener;
-import org.b3log.latke.util.*;
+import org.b3log.latke.util.Requests;
+import org.b3log.latke.util.Stopwatchs;
+import org.b3log.latke.util.Strings;
 import org.b3log.solo.event.*;
 import org.b3log.solo.model.Option;
 import org.b3log.solo.model.Skin;
 import org.b3log.solo.repository.OptionRepository;
-import org.b3log.solo.repository.UserRepository;
 import org.b3log.solo.service.*;
 import org.b3log.solo.util.Skins;
 import org.b3log.solo.util.Solos;
@@ -43,7 +42,9 @@ import org.json.JSONObject;

 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletRequestEvent;
-import javax.servlet.http.*;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSessionEvent;
 import java.util.Set;

 /**

--- a/src/main/java/org/b3log/solo/processor/CommentProcessor.java
+++ b/src/main/java/org/b3log/solo/processor/CommentProcessor.java
@@ -136,7 +136,7 @@ public class CommentProcessor {
            return;
        }

-        if (!userQueryService.isLoggedIn(httpServletRequest, httpServletResponse)) {
+        if (!Solos.isLoggedIn(httpServletRequest, httpServletResponse)) {
            final String captcha = requestJSONObject.optString(CaptchaProcessor.CAPTCHA);
            if (CaptchaProcessor.invalidCaptcha(captcha)) {
                jsonObject.put(Keys.STATUS_CODE, false);
@@ -232,7 +232,7 @@ public class CommentProcessor {
            return;
        }

-        if (!userQueryService.isLoggedIn(httpServletRequest, httpServletResponse)) {
+        if (!Solos.isLoggedIn(httpServletRequest, httpServletResponse)) {
            final String captcha = requestJSONObject.optString(CaptchaProcessor.CAPTCHA);
            if (CaptchaProcessor.invalidCaptcha(captcha)) {
                jsonObject.put(Keys.STATUS_CODE, false);

--- a/src/main/java/org/b3log/solo/processor/console/AdminConsole.java
+++ b/src/main/java/org/b3log/solo/processor/console/AdminConsole.java
@@ -279,7 +279,7 @@ public class AdminConsole {
    @RequestProcessing(value = "/console/export/sql", method = HTTPRequestMethod.GET)
    public void exportSQL(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
            throws Exception {
-        if (!userQueryService.isAdminLoggedIn(request)) {
+        if (!Solos.isAdminLoggedIn(request)) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);

            return;
@@ -398,7 +398,7 @@ public class AdminConsole {
    @RequestProcessing(value = "/console/export/json", method = HTTPRequestMethod.GET)
    public void exportJSON(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
            throws Exception {
-        if (!userQueryService.isAdminLoggedIn(request)) {
+        if (!Solos.isAdminLoggedIn(request)) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);

            return;
@@ -448,7 +448,7 @@ public class AdminConsole {
    @RequestProcessing(value = "/console/export/hexo", method = HTTPRequestMethod.GET)
    public void exportHexo(final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context)
            throws Exception {
-        if (!userQueryService.isAdminLoggedIn(request)) {
+        if (!Solos.isAdminLoggedIn(request)) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);

            return;

--- a/src/main/java/org/b3log/solo/processor/console/ArticleConsole.java
+++ b/src/main/java/org/b3log/solo/processor/console/ArticleConsole.java
@@ -432,7 +432,7 @@ public class ArticleConsole {

        renderer.setJSONObject(ret);

-        if (!userQueryService.isAdminLoggedIn(request)) {
+        if (!Solos.isAdminLoggedIn(request)) {
            ret.put(Keys.MSG, langPropsService.get("forbiddenLabel"));
            ret.put(Keys.STATUS_CODE, false);

@@ -480,7 +480,7 @@ public class ArticleConsole {

        renderer.setJSONObject(ret);

-        if (!userQueryService.isAdminLoggedIn(request)) {
+        if (!Solos.isAdminLoggedIn(request)) {
            ret.put(Keys.MSG, langPropsService.get("forbiddenLabel"));
            ret.put(Keys.STATUS_CODE, false);


--- a/src/main/java/org/b3log/solo/processor/console/ConsoleAdminAuthAdvice.java
+++ b/src/main/java/org/b3log/solo/processor/console/ConsoleAdminAuthAdvice.java
@@ -18,12 +18,11 @@
 package org.b3log.solo.processor.console;

 import org.b3log.latke.Keys;
-import org.b3log.latke.ioc.Inject;
 import org.b3log.latke.ioc.Singleton;
 import org.b3log.latke.servlet.HTTPRequestContext;
 import org.b3log.latke.servlet.advice.BeforeRequestProcessAdvice;
 import org.b3log.latke.servlet.advice.RequestProcessAdviceException;
-import org.b3log.solo.service.UserQueryService;
+import org.b3log.solo.util.Solos;
 import org.json.JSONObject;

 import javax.servlet.http.HttpServletRequest;
@@ -34,22 +33,16 @@ import java.util.Map;
 * The common auth check before advice for admin console.
 *
 * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.0.1.2, Oct 4, 2018
+ * @version 1.0.1.3, Oct 5, 2018
 * @since 2.9.5
 */
 @Singleton
 public class ConsoleAdminAuthAdvice extends BeforeRequestProcessAdvice {

-    /**
-     * User query service.
-     */
-    @Inject
-    private UserQueryService userQueryService;
-
    @Override
    public void doAdvice(final HTTPRequestContext context, final Map<String, Object> args) throws RequestProcessAdviceException {
        final HttpServletRequest request = context.getRequest();
-        if (!userQueryService.isAdminLoggedIn(request)) {
+        if (!Solos.isAdminLoggedIn(request)) {
            final JSONObject exception401 = new JSONObject();
            exception401.put(Keys.MSG, "Unauthorized to request [" + request.getRequestURI() + "]");
            exception401.put(Keys.STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);

--- a/src/main/java/org/b3log/solo/processor/console/ConsoleAuthAdvice.java
+++ b/src/main/java/org/b3log/solo/processor/console/ConsoleAuthAdvice.java
@@ -18,14 +18,12 @@
 package org.b3log.solo.processor.console;

 import org.b3log.latke.Keys;
-import org.b3log.latke.ioc.Inject;
 import org.b3log.latke.ioc.Singleton;
 import org.b3log.latke.model.Role;
 import org.b3log.latke.model.User;
 import org.b3log.latke.servlet.HTTPRequestContext;
 import org.b3log.latke.servlet.advice.BeforeRequestProcessAdvice;
 import org.b3log.latke.servlet.advice.RequestProcessAdviceException;
-import org.b3log.solo.service.UserQueryService;
 import org.b3log.solo.util.Solos;
 import org.json.JSONObject;

@@ -43,17 +41,11 @@ import java.util.Map;
 @Singleton
 public class ConsoleAuthAdvice extends BeforeRequestProcessAdvice {

-    /**
-     * User query service.
-     */
-    @Inject
-    private UserQueryService userQueryService;
-
    @Override
    public void doAdvice(final HTTPRequestContext context, final Map<String, Object> args) throws RequestProcessAdviceException {
        final HttpServletRequest request = context.getRequest();
        final HttpServletResponse response = context.getResponse();
-        if (!userQueryService.isLoggedIn(request, response)) {
+        if (!Solos.isLoggedIn(request, response)) {
            final JSONObject exception401 = new JSONObject();
            exception401.put(Keys.MSG, "Unauthorized to request [" + request.getRequestURI() + "]");
            exception401.put(Keys.STATUS_CODE, HttpServletResponse.SC_UNAUTHORIZED);

--- a/src/main/java/org/b3log/solo/processor/console/UserConsole.java
+++ b/src/main/java/org/b3log/solo/processor/console/UserConsole.java
@@ -38,6 +38,7 @@ import org.b3log.solo.model.Option;
 import org.b3log.solo.service.PreferenceQueryService;
 import org.b3log.solo.service.UserMgmtService;
 import org.b3log.solo.service.UserQueryService;
+import org.b3log.solo.util.Solos;
 import org.json.JSONArray;
 import org.json.JSONObject;

@@ -162,7 +163,7 @@ public class UserConsole {
        renderer.setJSONObject(ret);

        try {
-            if (userQueryService.isAdminLoggedIn(request)) { // if the administrator register a new user, treats the new user as a normal user
+            if (Solos.isAdminLoggedIn(request)) { // if the administrator register a new user, treats the new user as a normal user
                // (defaultRole) who could post article
                requestJSONObject.put(User.USER_ROLE, Role.DEFAULT_ROLE);
            } else {

--- a/src/main/java/org/b3log/solo/service/CommentQueryService.java
+++ b/src/main/java/org/b3log/solo/service/CommentQueryService.java
@@ -101,7 +101,7 @@ public class CommentQueryService {
            return false;
        }

-        if (userQueryService.isAdminLoggedIn(request)) {
+        if (Solos.isAdminLoggedIn(request)) {
            return true;
        }


--- a/src/main/java/org/b3log/solo/service/UserQueryService.java
+++ b/src/main/java/org/b3log/solo/service/UserQueryService.java
@@ -23,22 +23,17 @@ import org.b3log.latke.ioc.Inject;
 import org.b3log.latke.logging.Level;
 import org.b3log.latke.logging.Logger;
 import org.b3log.latke.model.Pagination;
-import org.b3log.latke.model.Role;
 import org.b3log.latke.model.User;
 import org.b3log.latke.repository.Query;
 import org.b3log.latke.repository.RepositoryException;
 import org.b3log.latke.service.ServiceException;
 import org.b3log.latke.service.annotation.Service;
 import org.b3log.latke.util.Paginator;
-import org.b3log.latke.util.Sessions;
 import org.b3log.latke.util.URLs;
 import org.b3log.solo.repository.UserRepository;
-import org.b3log.solo.util.Solos;
 import org.json.JSONArray;
 import org.json.JSONObject;

-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.util.List;

 /**
@@ -68,34 +63,6 @@ public class UserQueryService {
    @Inject
    private UserMgmtService userMgmtService;

-    /**
-     * Checks whether the current request is made by a logged in user
-     * (including default user and administrator lists in <i>users</i>).
-     *
-     * @param request  the specified request
-     * @param response the specified response
-     * @return {@code true} if the current request is made by logged in user, returns {@code false} otherwise
-     */
-    public boolean isLoggedIn(final HttpServletRequest request, final HttpServletResponse response) {
-        return null != Solos.getCurrentUser(request, response);
-    }
-
-    /**
-     * Checks whether the current request is made by logged in administrator.
-     *
-     * @param request the specified request
-     * @return {@code true} if the current request is made by logged in
-     * administrator, returns {@code false} otherwise
-     */
-    public boolean isAdminLoggedIn(final HttpServletRequest request) {
-        final JSONObject user = Sessions.currentUser(request);
-        if (null == user) {
-            return false;
-        }
-
-        return Role.ADMIN_ROLE.equals(user.optString(User.USER_ROLE));
-    }
-
    /**
     * Gets the administrator.
     *
@@ -166,8 +133,7 @@ public class UserQueryService {
        final int windowSize = requestJSONObject.optInt(Pagination.PAGINATION_WINDOW_SIZE);
        final Query query = new Query().setCurrentPageNum(currentPageNum).setPageSize(pageSize);

-        JSONObject result = null;
-
+        JSONObject result;
        try {
            result = userRepository.get(query);
        } catch (final RepositoryException e) {
@@ -177,17 +143,12 @@ public class UserQueryService {
        }

        final int pageCount = result.optJSONObject(Pagination.PAGINATION).optInt(Pagination.PAGINATION_PAGE_COUNT);
-
        final JSONObject pagination = new JSONObject();
-
        ret.put(Pagination.PAGINATION, pagination);
        final List<Integer> pageNums = Paginator.paginate(currentPageNum, pageSize, pageCount, windowSize);
-
        pagination.put(Pagination.PAGINATION_PAGE_COUNT, pageCount);
        pagination.put(Pagination.PAGINATION_PAGE_NUMS, pageNums);
-
        final JSONArray users = result.optJSONArray(Keys.RESULTS);
-
        ret.put(User.USERS, users);

        return ret;

--- a/src/main/java/org/b3log/solo/util/Solos.java
+++ b/src/main/java/org/b3log/solo/util/Solos.java
@@ -125,6 +125,34 @@ public final class Solos {
        MOBILE_SKIN = mobileSkin;
    }

+    /**
+     * Checks whether the current request is made by a logged in user
+     * (including default user and administrator lists in <i>users</i>).
+     *
+     * @param request  the specified request
+     * @param response the specified response
+     * @return {@code true} if the current request is made by logged in user, returns {@code false} otherwise
+     */
+    public static boolean isLoggedIn(final HttpServletRequest request, final HttpServletResponse response) {
+        return null != Solos.getCurrentUser(request, response);
+    }
+
+    /**
+     * Checks whether the current request is made by logged in administrator.
+     *
+     * @param request the specified request
+     * @return {@code true} if the current request is made by logged in
+     * administrator, returns {@code false} otherwise
+     */
+    public static boolean isAdminLoggedIn(final HttpServletRequest request) {
+        final JSONObject user = Sessions.currentUser(request);
+        if (null == user) {
+            return false;
+        }
+
+        return Role.ADMIN_ROLE.equals(user.optString(User.USER_ROLE));
+    }
+
    /**
     * Checks whether need password to view the specified article with the specified request.
     * <p>
@@ -134,8 +162,8 @@ public final class Solos {
     * The blogger itself dose not need view password never.
     * </p>
     *
-     * @param request  the specified request
-     * @param article  the specified article
+     * @param request the specified request
+     * @param article the specified article
     * @return {@code true} if need, returns {@code false} otherwise
     */
    public static boolean needViewPwd(final HttpServletRequest request, final JSONObject article) {