UserResolver.java
/*
* BSD 2-Clause License
*
* Copyright (c) 2022, [Aleksandra Serba, Marcin Czerniak, Bartosz Wawrzyniak, Adrian Antkowiak]
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package dev.vernite.vernite.user;
import java.util.Date;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpStatus;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
import org.springframework.web.server.ResponseStatusException;
import dev.vernite.vernite.user.auth.AuthController;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.validation.constraints.NotNull;
@Component
public class UserResolver implements HandlerMethodArgumentResolver {
@Autowired
private UserSessionRepository userSessionRepository;
@Override
public Object resolveArgument(MethodParameter parameter, @Nullable ModelAndViewContainer mavContainer,
NativeWebRequest webRequest, @Nullable WebDataBinderFactory binderFactory) throws Exception {
HttpServletRequest req = webRequest.getNativeRequest(HttpServletRequest.class);
if (req != null && req.getCookies() != null) {
for (Cookie c : req.getCookies()) {
if (c.getName().equals(AuthController.COOKIE_NAME)) {
Optional<UserSession> session = userSessionRepository.findBySession(c.getValue());
if (!session.isPresent()) {
break;
}
UserSession us = session.get();
boolean dirty = false;
long now = System.currentTimeMillis();
if (us.getLastUsed() == null || now - us.getLastUsed().getTime() >= 60_000) {
us.setLastUsed(new Date(now));
dirty = true;
}
String ip = req.getHeader("X-Forwarded-For");
if (ip == null) {
ip = req.getRemoteAddr();
}
if (!ip.equals(us.getIp())) {
us.setIp(ip);
dirty = true;
}
if (dirty) {
userSessionRepository.save(us);
}
if (us.getUser().isDeleted() && parameter.hasParameterAnnotation(NotNull.class)) {
throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "user deleted");
}
req.setAttribute("userID", us.getId());
return us.getUser();
}
}
}
if (parameter.hasParameterAnnotation(NotNull.class)) {
throw new AuthException();
} else {
return null;
}
}
@Override
public boolean supportsParameter(MethodParameter parameter) {
return parameter.getParameterType() == User.class;
}
}