/*
* This file is part of anycook. The new internet cookbook
* Copyright (C) 2014 Jan Graßegger
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see [http://www.gnu.org/licenses/].
*/
package de.anycook.social.facebook;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.anycook.conf.Configuration;
import de.anycook.upload.UserUploader;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.scribe.builder.ServiceBuilder;
import org.scribe.builder.api.FacebookApi;
import org.scribe.model.Token;
import org.scribe.oauth.OAuthService;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.sql.SQLException;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
public class FacebookHandler {
private final static Logger LOGGER = LogManager.getLogger(FacebookHandler.class);
public final static String APP_ID = Configuration.getInstance().getFacebookAppId();
private final static String APP_SECRET = Configuration.getInstance().getFacebookAppSecret();
private OAuthService service;
public FacebookHandler() {
service = new ServiceBuilder().provider(FacebookApi.class)
.apiKey(APP_ID).apiSecret(APP_SECRET)
.callback("http://test.anycook.de/anycook/NewFacebookUser").build();
}
public String getAuthURL() {
Token requestToken = service.getRequestToken();
return service.getAuthorizationUrl(requestToken);
}
@SuppressWarnings("unchecked")
public static String publishtoWall(long facebookID, String accessToken, String message,
String header)
throws IOException {
StringBuilder out = new StringBuilder();
StringBuilder data = new StringBuilder();
data.append("access_token=").append(URLEncoder.encode(accessToken, "UTF-8"));
data.append("&message=").append(URLEncoder.encode(message, "UTF-8"));
data.append("&name=").append(URLEncoder.encode(header, "UTF-8"));
URL url = new URL("https://api.facebook.com/" + facebookID + "/feed");
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
try (OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream())) {
wr.write(data.toString());
wr.flush();
try (BufferedReader rd = new BufferedReader(
new InputStreamReader(conn.getInputStream()))) {
String line;
while ((line = rd.readLine()) != null) {
out.append(line);
}
}
}
return out.toString();
}
public static String getPermissions(String accessToken, long facebookID) throws IOException {
StringBuilder out = new StringBuilder();
String data = "?access_token=" + accessToken;
URL url = new URL("https://api.facebook.com/" + facebookID + "/permissions" + data);
URLConnection conn = url.openConnection();
//conn.setDoOutput(true);
//OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
//wr.write(data);
//wr.flush();
try (BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()))) {
String line;
while ((line = rd.readLine()) != null) {
out.append(line);
}
}
return out.toString();
}
public static FacebookRequest decode(String input) throws IOException {
String[] split = input.split("\\.");
String sig = decodeBase64(split[0]);
String data = decodeBase64(split[1]);
if (verifySigSHA256(sig, split[1])) {
LOGGER.debug(data);
ObjectMapper mapper = new ObjectMapper();
return mapper.readValue(data, FacebookRequest.class);
}
throw new IOException("failed to parse fb request");
}
public static String getUsersOAuthToken(long facebook_id) throws IOException {
URL url = new URL("https://graph.facebook.com/anycook.oauth/access_token?" +
"client_id=" + APP_ID + "&" +
"client_secret=" + APP_SECRET + "&" +
"grant_type=client_credentials");
URLConnection urlconnection = url.openConnection();
BufferedReader
rd =
new BufferedReader(new InputStreamReader(urlconnection.getInputStream()));
String response = rd.readLine();
return response.split("=")[1];
}
public static boolean verifySigSHA256(String sig, String payload) {
try {
Mac mac = Mac.getInstance("HmacSHA256");
SecretKeySpec secret = new SecretKeySpec(APP_SECRET.getBytes(), "HmacSHA256");
mac.init(secret);
byte[] digest = mac.doFinal(payload.getBytes());
String expected_sig = new String(digest);
if (sig.equals(expected_sig)) {
return true;
}
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
LOGGER.error(e, e);
}
LOGGER.error("signatures are not the same!");
return false;
}
public static boolean verifySigMD5(String sig, String payload) {
String tocheck = payload + APP_SECRET;
String expected_sig = null;
try {
expected_sig = DigestUtils.md5Hex(tocheck.getBytes("UTF-8"));
} catch (UnsupportedEncodingException e) {
LOGGER.error(e);
}
if (sig.equals(expected_sig)) {
return true;
}
LOGGER.error("signatures are not the same!");
return false;
}
private static String decodeBase64(String input) {
return new String(new Base64(true).decode(input));
}
public static String getFacebookImagePath(Long facebook_id) {
return "https://graph.facebook.com/" + facebook_id + "/picture";
}
public static String saveImage(long facebook_id) throws SQLException, IOException {
UserUploader up = new UserUploader();
String imageName = up.saveFBURLImage(getFacebookImagePath(facebook_id));
LOGGER.info("uploaded new FB image");
return imageName;
}
@JsonInclude(JsonInclude.Include.NON_NULL)
public static class FacebookRequest {
public String algorithm;
public String code;
public long expires;
public long issued_at;
public String oauth_token;
public Map<String, String> registration;
public Map<String, String> registration_metadata;
public Map<String, String> user;
public String user_id;
}
}