===================================================================--- src/mai

1. ===================================================================
2. --- src/main/java/ru/org/linux/auth/KingdomOfLorController.java (revision dcef3f47fbaf8978d9688110c639a7fb4ab7d844)
3. +++ src/main/java/ru/org/linux/auth/KingdomOfLorController.java (revision dcef3f47fbaf8978d9688110c639a7fb4ab7d844)
4. @@ -0,0 +1,72 @@
5. +/*
6. + * Copyright 1998-2016 Linux.org.ru
7. + *    Licensed under the Apache License, Version 2.0 (the "License");
8. + *    you may not use this file except in compliance with the License.
9. + *    You may obtain a copy of the License at
10. + *
11. + *        http://www.apache.org/licenses/LICENSE-2.0
12. + *
13. + *    Unless required by applicable law or agreed to in writing, software
14. + *    distributed under the License is distributed on an "AS IS" BASIS,
15. + *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16. + *    See the License for the specific language governing permissions and
17. + *    limitations under the License.
18. + */
19. +
20. +package ru.org.linux.auth;
21. +
22. +import org.springframework.beans.factory.annotation.Autowired;
23. +import org.springframework.security.crypto.password.PasswordEncoder;
24. +import org.springframework.web.bind.annotation.*;
25. +import ru.org.linux.site.PublicApi;
26. +import ru.org.linux.site.Template;
27. +import ru.org.linux.user.User;
28. +import ru.org.linux.user.UserService;
29. +
30. +import javax.servlet.http.HttpServletRequest;
31. +import javax.servlet.http.HttpServletResponse;
32. +
33. +@RestController
34. +public class KingdomOfLorController {
35. +
36. +    private PasswordEncoder passwordEncoder = new PasswordEncoderImpl();
37. +
38. +    @Autowired
39. +    private UserService userService;
40. +
41. +    @RequestMapping(value="/api/get-kol-token",method = RequestMethod.GET)
42. +    public String onGetAccessToken(HttpServletRequest request,HttpServletResponse response) throws Exception{
43. +        Template tmpl = Template.getTemplate(request);
44. +
45. +        if (!tmpl.isSessionAuthorized()) {
46. +            throw new AccessViolationException("not authorized");
47. +        }
48. +
49. +        response.setHeader("Cache-control", "no-cache");
50. +
51. +        User user = tmpl.getCurrentUser();
52. +
53. +        String secret = getUserSecret(user);
54. +
55. +
56. +        return passwordEncoder.encode(secret);
57. +    }
58. +
59. +    @RequestMapping(value = "/api/check-kol-token",method = RequestMethod.GET)
60. +    @PublicApi
61. +    public String onCheckKolToken(@RequestParam String login,@RequestParam String token) throws Exception{
62. +        User user = userService.getUser(login);
63. +
64. +        String secret = getUserSecret(user);
65. +
66. +        if(passwordEncoder.matches(secret,token)){
67. +            return "ok";
68. +        }else{
69. +            throw new AccessViolationException("bad token");
70. +        }
71. +    }
72. +
73. +    private String getUserSecret(User user){
74. +        return String.valueOf(user.getScore())+"_"+user.getPassword();
75. +    }
76. +}