No get requests for API endpoints.

2026-02-11 22:18:27 -06:00 · 2018-01-23 09:44:29 -06:00
parent 3400a0c377
commit afdcc577ea
4 changed files with 52 additions and 56 deletions
--- a/src/main/java/com/cloudcraftgaming/discal/web/handler/DashboardHandler.java
+++ b/src/main/java/com/cloudcraftgaming/discal/web/handler/DashboardHandler.java
@@ -201,6 +201,43 @@ public class DashboardHandler {
 						g.getChannels().add(new WebChannel().fromChannel(c, g.getSettings()));
 					}
 				}
+			} else if (request.queryParams().contains("branding")) {
+				//Update bot nickname...
+				Map m = DiscordAccountHandler.getHandler().getAccount(request.session().id());
+				WebGuild g = (WebGuild) m.get("selected");
+
+				if (g.isManageServer()) {
+					g.setSettings(DatabaseManager.getManager().getSettings(Long.valueOf(g.getId())));
+
+					if (g.getSettings().isPatronGuild()) {
+						if (request.queryParams().contains("value")) {
+							g.getSettings().setBranded(true);
+						} else {
+							g.getSettings().setBranded(false);
+						}
+
+						DatabaseManager.getManager().updateSettings(g.getSettings());
+					}
+				}
+			} else if (request.queryParams().contains("simple-ann")) {
+				//Update simple announcements...
+				Map m = DiscordAccountHandler.getHandler().getAccount(request.session().id());
+				WebGuild g = (WebGuild) m.get("selected");
+
+				//Guess this one never checked for perms so...
+
+				g.setSettings(DatabaseManager.getManager().getSettings(Long.valueOf(g.getId())));
+
+				if (request.queryParams().contains("value")) {
+					g.getSettings().setSimpleAnnouncements(true);
+				} else {
+					g.getSettings().setSimpleAnnouncements(false);
+				}
+
+				DatabaseManager.getManager().updateSettings(g.getSettings());
+
+				response.redirect("/dashboard/guild/announcements", 301);
+				return response.body();
 			}

 			//Finally redirect back to the dashboard
@@ -291,44 +328,6 @@ public class DashboardHandler {
 		return response.body();
 	}

-	public static String handleSettingsUpdateGet(Request request, Response response) {
-		try {
-			if (request.queryParams().contains("branding")) {
-				//Update bot nickname...
-				Map m = DiscordAccountHandler.getHandler().getAccount(request.session().id());
-				WebGuild g = (WebGuild) m.get("selected");
-
-				if (g.isManageServer()) {
-					g.setSettings(DatabaseManager.getManager().getSettings(Long.valueOf(g.getId())));
-					g.getSettings().setBranded(request.queryParams("branding").equalsIgnoreCase("true"));
-
-					DatabaseManager.getManager().updateSettings(g.getSettings());
-				}
-			} else if (request.queryParams().contains("simple-ann")) {
-				//Update simple announcements...
-				Map m = DiscordAccountHandler.getHandler().getAccount(request.session().id());
-				WebGuild g = (WebGuild) m.get("selected");
-
-				//Guess this one never checked for perms so...
-
-				g.setSettings(DatabaseManager.getManager().getSettings(Long.valueOf(g.getId())));
-				g.getSettings().setSimpleAnnouncements(Boolean.valueOf(request.queryParams("simple-ann")));
-
-				DatabaseManager.getManager().updateSettings(g.getSettings());
-
-				response.redirect("/dashboard/guild/announcements", 301);
-				return response.body();
-			}
-
-			//Finally redirect back to the dashboard
-			response.redirect("/dashboard/guild", 301);
-		} catch (Exception e) {
-			ExceptionHandler.sendException(null, "[WEB] Settings update failed!", e, DashboardHandler.class);
-			halt(500, "Internal Server Exception");
-		}
-		return response.body();
-	}
-
 	public static String handleCalendarCreate(Request request, Response response) {
 		try {
 			String name = request.queryParams("cal-name");
--- a/src/main/java/com/cloudcraftgaming/discal/web/utils/SparkUtils.java
+++ b/src/main/java/com/cloudcraftgaming/discal/web/utils/SparkUtils.java
@@ -29,12 +29,10 @@ public class SparkUtils {

 			//Register the API Endpoints
 			before("/api/*", (request, response) -> {
-				/*
 				if (!request.requestMethod().equalsIgnoreCase("POST")) {
 					System.out.println("Denied '" + request.requestMethod() + "' access from: " + request.ip());
 					halt(405, "Method not allowed");
 				}
-				*/
 				//Check authorization
 				if (request.headers().contains("Authorization") && !request.headers("Authorization").equals("API_KEY")) {
 					//TODO: Actually check auth!!! < Just lazy right now
@@ -88,7 +86,6 @@ public class SparkUtils {
 						post("/announcement", DashboardHandler::handleAnnouncementUpdate);
 						post("/calendar", DashboardHandler::handleCalendarUpdate);
 						post("/settings", DashboardHandler::handleSettingsUpdate);
-						get("/settings", DashboardHandler::handleSettingsUpdateGet);
 					});
 					path("/delete", () -> {
 						post("/calendar", DashboardHandler::deleteCalendar);
--- a/src/main/resources/web/public/pages/dashboard/components/announcements.html
+++ b/src/main/resources/web/public/pages/dashboard/components/announcements.html
@@ -90,13 +90,13 @@
 						<!--Announcement Settings-->
 						<div th:if="${settings} == announcements">
 							<h6>Announcement Settings</h6>
-							<form method="post" enctype="application/x-www-form-urlencoded"
-							      action="/api/v1/dashboard/update/settings" style="text-align: left">
-								<label> Use Simple Announcements
+							<form method="post" action="/api/v1/dashboard/update/settings" style="text-align: left;">
+								<input type="hidden" name="simple-ann" value="simple-ann">
+								<label>Use Simple Announcements
 									<br>
-									<input type="checkbox" name="simple-ann"
+									<input type="checkbox" name="value"
 									       th:checked="${selected.settings.simpleAnnouncements} == true"
-									       onclick="useSimpleAnnouncements(this.checked)">
+									       onchange="this.form.submit()">
 								</label>
 							</form>
 							<br>
@@ -109,10 +109,11 @@
 								<div>
 									<p style="float: left" th:text="${ann.announcementId}"></p>
 									<button type="button" data-toggle="modal"
-									        th:data-target="'#modal-' + ${ann.announcementId}">Edit
+									        th:data-target="'#modal-' + ${ann.announcementId}" style="float: right">Edit
 									</button>
-									<form method="post" action="/api/v1/dashboard/delete/announcement">
-										<input type="hidden" name="id" th:value="${ann.announcemntId}">
+									<form method="post" action="/api/v1/dashboard/delete/announcement"
+									      style="float: right">
+										<input type="hidden" name="id" th:value="${ann.announcementId}">
 										<button class="danger" type="submit">Delete</button>
 									</form>

@@ -202,11 +203,11 @@
 													<button type="button" data-dismiss="modal">Close</button>
 												</div>
 											</div>
-
 										</div>
 									</div>
 								</div>
 								<br>
+								<br>
 							</th:block>
 							<br>
 							<br>
@@ -284,7 +285,6 @@
 				<h1>YOU ARE NOT LOGGED IN!</h1>
 				<p>Please login to continue.</p>
 			</div>
-		</div>
 	</body>

 	<footer id="footer">
--- a/src/main/resources/web/public/pages/dashboard/guild.html
+++ b/src/main/resources/web/public/pages/dashboard/guild.html
@@ -135,14 +135,14 @@
 							</form>
 							<br>
 							<br>
-							<form method="post" enctype="application/x-www-form-urlencoded"
-							      action="/api/v1/dashboard/update/settings" style="text-align: left">
+							<form method="post" action="/api/v1/dashboard/update/settings" style="text-align: left;">
+								<input type="hidden" name="branding" value="branding">
 								<label>Enable Server Branding (Patron Only)
 									<br>
-									<input type="checkbox" name="branding"
-									       th:disabled="${selected.settings.patronGuild != true}"
+									<input type="checkbox" name="value"
+									       th:disabled="${selected.settings.patronGuild} != true"
 									       th:checked="${selected.settings.branded} == true"
-									       onclick="enableBranding(this.checked)">
+									       onchange="this.form.submit()">
 								</label>
 							</form>
 							<br>