Archives/Athou_commafeed
1
0
Fork 1
mirror of https://github.com/Athou/commafeed.git synced 2026-03-21 21:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

security revamp

Browse Source
This commit is contained in:
Athou
2014-08-08 21:57:16 +02:00
parent 9d070bd33c
commit c56c213da7
17 changed files with 209 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/com/commafeed/frontend/resource/ServerREST.java
View File

@@ -1,6 +1,5 @@
package com.commafeed.frontend.resource;
import io.dropwizard.auth.Auth;
import io.dropwizard.hibernate.UnitOfWork;
import javax.ws.rs.Consumes;
@@ -20,6 +19,7 @@ import com.commafeed.backend.HttpGetter.HttpResult;
import com.commafeed.backend.feed.FeedUtils;
import com.commafeed.backend.model.User;
import com.commafeed.backend.service.ApplicationPropertiesService;
import com.commafeed.frontend.auth.SecurityCheck;
import com.commafeed.frontend.model.ServerInfo;
import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
@@ -39,7 +39,7 @@ public class ServerREST {
@GET
@UnitOfWork
@ApiOperation(value = "Get server infos", notes = "Get server infos", response = ServerInfo.class)
public Response get(@Auth User user) {
public Response get(@SecurityCheck User user) {
ServerInfo infos = new ServerInfo();
infos.setAnnouncement(config.getApplicationSettings().getAnnouncement());
infos.setVersion(applicationPropertiesService.getVersion());
@@ -52,7 +52,7 @@ public class ServerREST {
@UnitOfWork
@ApiOperation(value = "proxy image")
@Produces("image/png")
public Response get(@Auth User user, @QueryParam("u") String url) {
public Response get(@SecurityCheck User user, @QueryParam("u") String url) {
if (!config.getApplicationSettings().isImageProxyEnabled()) {
return Response.status(Status.FORBIDDEN).build();
}